From rcooper at dwford.com Sat Mar 1 00:54:47 2008 From: rcooper at dwford.com (Rick Cooper) Date: Sat Mar 1 00:55:27 2008 Subject: [Maybe OT] - RFC compliance checking at session In-Reply-To: <223f97700802291421r2e0871a2reaad563b398d4832@mail.gmail.com> References: <3D9C92F3075F5144B46AA2C590F48E2A7A73CF@commssrv01.computerservicecentre.com><115b01c87b11$356d86d0$0301a8c0@SAHOMELT><47C86FB2.2060207@sendit.nodak.edu><116f01c87b1b$2dba0bc0$0301a8c0@SAHOMELT> <223f97700802291421r2e0871a2reaad563b398d4832@mail.gmail.com> Message-ID: <119601c87b36$d92bb5b0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Glenn Steen > Sent: Friday, February 29, 2008 5:21 PM > To: MailScanner discussion > Subject: Re: [Maybe OT] - RFC compliance checking at session > [...] > > will violate. But if I can validate any part of the helo, > I will accept the > > message. But sans RDNS, heloing as BILLS_ROOM.local is > getting the door > > slammed for sure. You give a proper helo, have something > like proper DNS and > > even if you are a host on comcast's dynamic pool you will > get past the helo, > > probably won't get very far past it but you will get past it. > > > Mostly truee for 1123 too... > Since I get a good effect from the strict part, I don't do the rdns > valitation... When the srtictness checks stop being effective I might > start looking at it, but by then... there might be a new RFC > outdating > both 2821 and 1123 (and 821, which is already superseded) that > actually tell us that we MUST validate the domain.... No, wait, that > ust be another beverage-induced fever-dream;-D. > The whole chain of supersession get's tiresome in and of it's self. I would swear that I had read a 821 superssion that changed the wording of the MUST not refuse to SHOULD not refuse.... But I hadn't the time to look it up. Anyway you look at it local policy MUST always win. God wouldn't it be nice to go back to the days when that hoax about just reading an email and getting a virus was still just a hoax (thank you Bill Gates)? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Sat Mar 1 08:14:55 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Mar 1 08:15:38 2008 Subject: [Maybe OT] - RFC compliance checking at session In-Reply-To: <119601c87b36$d92bb5b0$0301a8c0@SAHOMELT> References: <3D9C92F3075F5144B46AA2C590F48E2A7A73CF@commssrv01.computerservicecentre.com><115b01c87b11$356d86d0$0301a8c0@SAHOMELT><47C86FB2.2060207@sendit.nodak.edu><116f01c87b1b$2dba0bc0$0301a8c0@SAHOMELT> <223f97700802291421r2e0871a2reaad563b398d4832@mail.gmail.com> <119601c87b36$d92bb5b0$0301a8c0@SAHOMELT> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B800@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rick Cooper > Sent: 01 March 2008 00:55 > To: 'MailScanner discussion' > Subject: RE: [Maybe OT] - RFC compliance checking at session > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Glenn Steen > > Sent: Friday, February 29, 2008 5:21 PM > > To: MailScanner discussion > > Subject: Re: [Maybe OT] - RFC compliance checking at session > > > [...] > > > will violate. But if I can validate any part of the helo, > > I will accept the > > > message. But sans RDNS, heloing as BILLS_ROOM.local is > > getting the door > > > slammed for sure. You give a proper helo, have something > > like proper DNS and > > > even if you are a host on comcast's dynamic pool you will > > get past the helo, > > > probably won't get very far past it but you will get past it. > > > > > Mostly truee for 1123 too... > > Since I get a good effect from the strict part, I don't do the rdns > > valitation... When the srtictness checks stop being effective I > might > > start looking at it, but by then... there might be a new RFC > > outdating > > both 2821 and 1123 (and 821, which is already superseded) that > > actually tell us that we MUST validate the domain.... No, wait, that > > ust be another beverage-induced fever-dream;-D. > > > > > The whole chain of supersession get's tiresome in and of it's self. I > would > swear that I had read a 821 superssion that changed the wording of the > MUST > not refuse to SHOULD not refuse.... But I hadn't the time to look it > up. > Anyway you look at it local policy MUST always win. God wouldn't it be > nice > to go back to the days when that hoax about just reading an email and > getting a virus was still just a hoax (thank you Bill Gates)? > > Rick > What do ppl tend to do about MTA's that don't seem to understand temporary reject codes (such as 450) for stuff like greylisting? We've one client that uses our spam filtering and it seems to be only 1 that complains that people seem unable to email them. The one rejection email that I've had sent through (only 1 ever been sent despite repeated requests for NDRs to work out why the email isn't getting through) indicated that their ISP tried once to deliver email and then bounced it right back to sender if it got any form of response from our server. As far as I understand that's in direct contradiction of the RFCs. I thought if it was a 5XX or the like then it should return to sender but a 4XX code should always be retried at least a few times for a period of upto 5 days. I really like greylisting as it cuts down our server load by a factor of 2 or more and makes it possible not to need more servers, but it's getting the boss to understand that we can't keep just adding exception after exception for people and their bad ISP's as we don't know where they will be mailing from beforehand... Jason From gerard at seibercom.net Sat Mar 1 14:15:08 2008 From: gerard at seibercom.net (Gerard) Date: Sat Mar 1 14:15:59 2008 Subject: [Maybe OT] - RFC compliance checking at session In-Reply-To: <47C884F8.20806@vanderkooij.org> References: <3D9C92F3075F5144B46AA2C590F48E2A7A73CF@commssrv01.computerservicecentre.com> <47C884F8.20806@vanderkooij.org> Message-ID: <20080301091508.0a9bbc0f@scorpio> On Fri, 29 Feb 2008 23:19:36 +0100 Hugo van der Kooij wrote: > | So what do you guys think? Am I just being particularly awkward on a > | Friday afternoon and should I spend my time re-working our config to > | work around an organisation who is blatantly ignorant of common mail > | server practise, or just tell my user that the sending organisation > | needs to get their act together? > > If they are aware the setup is not working well I would not spend > another milisecond on it. It's not your problem. Maybe I have just totally misread this entire post; however it seems to me that the acceptance or rejection of a message must be done at the MTA level. Using Postfix, I can set various flags to either accept or reject messages based on what ever criteria I want. I don't see how I could use mailscanner in that environment since I would have to accept the message and then send it onto mailscanner. There is no way I could legitimately reject the message after that point in time. Then again, maybe I have just misunderstood this entire thread. Sorry! -- Gerard gerard@seibercom.net The generation of random numbers is too important to be left to chance. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080301/666ecb2c/signature.bin From mgaudreault at reference.qc.ca Sat Mar 1 14:49:22 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sat Mar 1 14:50:00 2008 Subject: Queue problem In-Reply-To: <223f97700802291546m50b3108cr2a407a7ff9487465@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk> <223f97700802291546m50b3108cr2a407a7ff9487465@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451F6@jupiter.reference.local> Hi Glenn In MailScanner.conf: Was that: Spam List = SBL+XBL spamcop.net NJABL CBL In spam.lists.conf: spamhaus.org sbl.spamhaus.org. spamhaus-XBL xbl.spamhaus.org. spamhaus-PBL pbl.spamhaus.org. spamhaus-ZEN zen.spamhaus.org. SBL+XBL sbl-xbl.spamhaus.org. spamcop.net bl.spamcop.net. NJABL dnsbl.njabl.org. ORDB-RBL relays.ordb.org. MAPS-RBL blackholes.mail-abuse.org. MAPS-DUL dialups.mail-abuse.org. MAPS-RSS relays.mail-abuse.org. MAPS-RBL+ rbl-plus.mail-abuse.ja.net. RFC-IGNORANT-DSN dsn.rfc-ignorant.org. RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. Easynet-DNSBL blackholes.easynet.nl. Easynet-Proxies proxies.blackholes.easynet.nl. Easynet-Dynablock dynablock.easynet.nl. SORBS-DNSBL dnsbl.sorbs.net. SORBS-HTTP http.dnsbl.sorbs.net. SORBS-SOCKS socks.dnsbl.sorbs.net. SORBS-MISC misc.dnsbl.sorbs.net. SORBS-SMTP smtp.dnsbl.sorbs.net. SORBS-WEB web.dnsbl.sorbs.net. SORBS-SPAM spam.dnsbl.sorbs.net. SORBS-BLOCK block.dnsbl.sorbs.net. SORBS-ZOMBIE zombie.dnsbl.sorbs.net. SORBS-DUL dul.dnsbl.sorbs.net. SORBS-RHSBL rhsbl.sorbs.net. SORBS-BADCONF badconf.rhsbl.sorbs.net. SORBS-NOMAIL nomail.rhsbl.sorbs.net. CBL cbl.abuseat.org. DSBL list.dsbl.org. Now: Spam List = And I let SA check the lists like Denis Beauchemin said earlier on the list How can I check SA lists ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: February 29, 2008 6:46 PM To: MailScanner discussion Subject: Re: Queue problem On 29/02/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > Maxime Gaudreault wrote: > > > > Hi > > > > The hold queue is actually at 415 emails > > > > Load Average: 0.11 0.25 0.53 > > > > htop show many of these process: > > > > MailScanner: checking with SpamAssassin > > > > MailScanner: checking with Spam Lists > > > > CPU is 3% > > > > Mem is 25% > > > > I would start checking your DNS setup. How long does it take for various > random "dig" commands to produce results? MailScanner should spend a > very small %-age of its time saying "checking with Spam Lists". If you > can see several of them in that state, then that's likely a DNS lookup > problem. > Or having a dead one in the list perhaps? What does your list look like Maxime? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mgaudreault at reference.qc.ca Sat Mar 1 14:51:43 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sat Mar 1 14:51:54 2008 Subject: Queue problem In-Reply-To: <47C88BFA.4030906@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> Hi Jule Dig results comes within 41-108 msec Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: February 29, 2008 5:50 PM To: MailScanner discussion Subject: Re: Queue problem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maxime Gaudreault wrote: > > Hi > > The hold queue is actually at 415 emails > > Load Average: 0.11 0.25 0.53 > > htop show many of these process: > > MailScanner: checking with SpamAssassin > > MailScanner: checking with Spam Lists > > CPU is 3% > > Mem is 25% > I would start checking your DNS setup. How long does it take for various random "dig" commands to produce results? MailScanner should spend a very small %-age of its time saying "checking with Spam Lists". If you can see several of them in that state, then that's likely a DNS lookup problem. > I don't understand > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Maxime Gaudreault > *Sent:* February 29, 2008 10:54 AM > *To:* MailScanner discussion > *Subject:* Queue problem > > Hi > > I have a problem with my anti-spam gateway. The queue is fulling up > very quickly (1600+ mails in queue). > > The server's load average is <1 (0.60 - 0.80) so I suppose this is not > a ressource problem. > > Then I have to change the port forwarding directly to my Imail server > to let the anti-spam's queue going down. > > I used many tweak to maximize the efficacity of the anti-spam > (mailscanner work directory in ram, dns cache server, increasing > memory). I only got 1 CPU but I suppose this is not the problem > because when the queue is full, the load average is under 1. > > Any idea ? > > PS: Sorry for my bad english > > PPS: Sorry if you received my message twice > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.0 (Build 2158) Comment: Use Thunderbird Enigmail to verify this message Charset: windows-1252 wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT eFc95lOZub+5/sADM2GStSY= =9oag -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikea at mikea.ath.cx Sat Mar 1 15:29:09 2008 From: mikea at mikea.ath.cx (mikea) Date: Sat Mar 1 15:29:46 2008 Subject: [Maybe OT] - RFC compliance checking at session In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B800@server02.bhl.local> References: <223f97700802291421r2e0871a2reaad563b398d4832@mail.gmail.com> <119601c87b36$d92bb5b0$0301a8c0@SAHOMELT> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B800@server02.bhl.local> Message-ID: <20080301152909.GB7572@mikea.ath.cx> On Sat, Mar 01, 2008 at 08:14:55AM +0000, Jason Ede wrote: > What do ppl tend to do about MTA's that don't seem to understand > temporary reject codes (such as 450) for stuff like greylisting? > We've one client that uses our spam filtering and it seems to be > only 1 that complains that people seem unable to email them. The one > rejection email that I've had sent through (only 1 ever been sent > despite repeated requests for NDRs to work out why the email isn't > getting through) indicated that their ISP tried once to deliver > email and then bounced it right back to sender if it got any form of > response from our server. As far as I understand that's in direct > contradiction of the RFCs. I thought if it was a 5XX or the like > then it should return to sender but a 4XX code should always be > retried at least a few times for a period of upto 5 days. > > I really like greylisting as it cuts down our server load by a > factor of 2 or more and makes it possible not to need more servers, > but it's getting the boss to understand that we can't keep just > adding exception after exception for people and their bad ISP's as > we don't know where they will be mailing from beforehand... I (reluctantly) exempt the sending IPs from greylisting. Similarly, I've had to exclude some senders from greet-pause screening, because they're needed, even though they connect-and-blast. I hate it, but the mail is mission-related and the addressees tell me they need it. I've had to mark some senders and some receivers as "don't use TLS", too, because they don't do TLS correctly. Some of them are companies that do commercial mail screening, and it's very interesting that our TLS won't interoperate with theirs but will work with 99.995% of the world. Summary: processing mail is a job full of exception-handling. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From mgaudreault at reference.qc.ca Sat Mar 1 15:53:32 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sat Mar 1 15:54:09 2008 Subject: Problem after update Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> I updated MailScanner to 4.66.5. When I start MS I get these errors: pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/check_mailscanner Starting MailScanner...Variable "$FIELD_NAME" is not imported at /opt/MailScanner/lib/MailScanner/Message.pm line 6906. Variable "$FIELD_NAME" is not imported at /opt/MailScanner/lib/MailScanner/Message.pm line 6909. Global symbol "$FIELD_NAME" requires explicit package name at /opt/MailScanner/lib/MailScanner/Message.pm line 6906. Global symbol "$FIELD_NAME" requires explicit package name at /opt/MailScanner/lib/MailScanner/Message.pm line 6909. Compilation failed in require at /opt/MailScanner/bin/MailScanner line 79. BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner line 79. Failed. Any fix ? Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080301/4cfc568f/attachment.html From hostmaster at uuism.net Sat Mar 1 16:41:08 2008 From: hostmaster at uuism.net (Jim Hermann) Date: Sat Mar 1 16:40:13 2008 Subject: FW: Another attack to fight off In-Reply-To: <47C88F89.8050309@ecs.soton.ac.uk> References: <47C6BBD8.61A4.0000.0@caspercollege.edu> <47C7310E.3020004@ecs.soton.ac.uk> , <608FC9263D077744B6AA7457C9D005F827E63C0E07@MBX72.ad2.softcom.biz> <47C88F89.8050309@ecs.soton.ac.uk> Message-ID: > -----Original Message----- > From: Julian Field [mailto:MailScanner@ecs.soton.ac.uk] > Sent: Friday, February 29, 2008 05:05 PM > To: MailScanner discussion > Subject: Re: FW: Another attack to fight off > > Jim Hermann wrote: > > I use this setting: > > > > Incoming Queue Dir = > /home/virtual/FILESYSTEMTEMPLATE/services/sendmail/mqueue > /home/virtual/site*/fst/var/spool/mqueue > > > > It collects email from 200 different directories. > > > > Jim > > > Just for the list's reference, this is an init.d script problem, as it > doesn't directly support multiple incoming queues. So it has trouble > starting up the incoming sendmail process. INQDIR is calculated in > /etc/sysconfig/MailScanner and used to set the -OQueueDirectory= > command-line option in /etc/init.d/MailScanner. It is read > straight out > of MailScanner.conf. So if MailScanner.conf's setting refers to a text > file listing directory names, the init.d script tries to start up > sendmail with the QueueDirectory option set to a text file, > so it shouts > and screams about it :-( > > MailScanner itself is working just fine. Ideally a fancier > init.d script > would find the text file and make nasty noises that it won't > be able to > start up the incoming sendmail without modification. > > Jules That explains the difference. I don't use the standard MailScanner /etc/init.d/MailScanner script. I have custom scripts for starting MailScanner and sendmail. Jim From MailScanner at ecs.soton.ac.uk Sat Mar 1 17:03:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 1 17:04:01 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> Message-ID: <47C98C54.1080705@ecs.soton.ac.uk> In which case your DNS lookups should be okay. That's a perfectly reasonable figure in my experience. Run "MailScanner --debug --debug-sa". It will produce loads of output. However, at some point in the SpamAssassin output, it will pause for a second or two. You want to catch it there, then resume it and then immediately stop it again, as the bits you are interested in are the lines of output printed out immediately *after* the pause. This can take a few goes to catch, though someone did post a nice command the other day to prepend each line of output with the current time, so you could see easily when (and how long) the pauses were. Can someone repost that please? If I can find it, I'll work out how to build it into the MailScanner debug output directly. It will help diagnose this sort of problem a lot. This output should tell you where the pauses are, and therefore what operations are taking too long. Maxime Gaudreault wrote: > Hi Jule > > Dig results comes within 41-108 msec > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: February 29, 2008 5:50 PM > To: MailScanner discussion > Subject: Re: Queue problem > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Maxime Gaudreault wrote: > >> Hi >> >> The hold queue is actually at 415 emails >> >> Load Average: 0.11 0.25 0.53 >> >> htop show many of these process: >> >> MailScanner: checking with SpamAssassin >> >> MailScanner: checking with Spam Lists >> >> CPU is 3% >> >> Mem is 25% >> >> > I would start checking your DNS setup. How long does it take for various > random "dig" commands to produce results? MailScanner should spend a > very small %-age of its time saying "checking with Spam Lists". If you > can see several of them in that state, then that's likely a DNS lookup > problem. > > >> I don't understand >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> *From:* mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >> *Maxime Gaudreault >> *Sent:* February 29, 2008 10:54 AM >> *To:* MailScanner discussion >> *Subject:* Queue problem >> >> Hi >> >> I have a problem with my anti-spam gateway. The queue is fulling up >> very quickly (1600+ mails in queue). >> >> The server's load average is <1 (0.60 - 0.80) so I suppose this is not >> a ressource problem. >> >> Then I have to change the port forwarding directly to my Imail server >> to let the anti-spam's queue going down. >> >> I used many tweak to maximize the efficacity of the anti-spam >> (mailscanner work directory in ram, dns cache server, increasing >> memory). I only got 1 CPU but I suppose this is not the problem >> because when the queue is full, the load average is under 1. >> >> Any idea ? >> >> PS: Sorry for my bad english >> >> PPS: Sorry if you received my message twice >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.0 (Build 2158) > Comment: Use Thunderbird Enigmail to verify this message > Charset: windows-1252 > > wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT > eFc95lOZub+5/sADM2GStSY= > =9oag > -----END PGP SIGNATURE----- > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Sat Mar 1 17:15:59 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sat Mar 1 17:16:36 2008 Subject: Queue problem In-Reply-To: <47C98C54.1080705@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> I don't understand when to stop, start again etc.. (i don't speak english very well) However, I can redirect the output to a log file. Can I send it to you ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: March 1, 2008 12:03 PM To: MailScanner discussion Subject: Re: Queue problem In which case your DNS lookups should be okay. That's a perfectly reasonable figure in my experience. Run "MailScanner --debug --debug-sa". It will produce loads of output. However, at some point in the SpamAssassin output, it will pause for a second or two. You want to catch it there, then resume it and then immediately stop it again, as the bits you are interested in are the lines of output printed out immediately *after* the pause. This can take a few goes to catch, though someone did post a nice command the other day to prepend each line of output with the current time, so you could see easily when (and how long) the pauses were. Can someone repost that please? If I can find it, I'll work out how to build it into the MailScanner debug output directly. It will help diagnose this sort of problem a lot. This output should tell you where the pauses are, and therefore what operations are taking too long. Maxime Gaudreault wrote: > Hi Jule > > Dig results comes within 41-108 msec > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: February 29, 2008 5:50 PM > To: MailScanner discussion > Subject: Re: Queue problem > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Maxime Gaudreault wrote: > >> Hi >> >> The hold queue is actually at 415 emails >> >> Load Average: 0.11 0.25 0.53 >> >> htop show many of these process: >> >> MailScanner: checking with SpamAssassin >> >> MailScanner: checking with Spam Lists >> >> CPU is 3% >> >> Mem is 25% >> >> > I would start checking your DNS setup. How long does it take for various > random "dig" commands to produce results? MailScanner should spend a > very small %-age of its time saying "checking with Spam Lists". If you > can see several of them in that state, then that's likely a DNS lookup > problem. > > >> I don't understand >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> *From:* mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >> *Maxime Gaudreault >> *Sent:* February 29, 2008 10:54 AM >> *To:* MailScanner discussion >> *Subject:* Queue problem >> >> Hi >> >> I have a problem with my anti-spam gateway. The queue is fulling up >> very quickly (1600+ mails in queue). >> >> The server's load average is <1 (0.60 - 0.80) so I suppose this is not >> a ressource problem. >> >> Then I have to change the port forwarding directly to my Imail server >> to let the anti-spam's queue going down. >> >> I used many tweak to maximize the efficacity of the anti-spam >> (mailscanner work directory in ram, dns cache server, increasing >> memory). I only got 1 CPU but I suppose this is not the problem >> because when the queue is full, the load average is under 1. >> >> Any idea ? >> >> PS: Sorry for my bad english >> >> PPS: Sorry if you received my message twice >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.0 (Build 2158) > Comment: Use Thunderbird Enigmail to verify this message > Charset: windows-1252 > > wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT > eFc95lOZub+5/sADM2GStSY= > =9oag > -----END PGP SIGNATURE----- > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Sat Mar 1 17:41:36 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 1 17:42:10 2008 Subject: Problem after update In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> Message-ID: <625385e30803010941x4080d4a4uc7261406ed96a3a6@mail.gmail.com> On Sat, Mar 1, 2008 at 4:53 PM, Maxime Gaudreault wrote: > > I updated MailScanner to 4.66.5. When I start MS I get these errors: > > pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/check_mailscanner > > Starting MailScanner...Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. Check the versions of perl modules MailTools and IO. -- /peter From J.Ede at birchenallhowden.co.uk Sat Mar 1 18:02:41 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Mar 1 18:04:02 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> Maxine, If you do that you'll need to make sure the output is time stamped so that it can be seen whats taking the time. I seem to remember there is a method on the list a short time back. Jason > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault > Sent: 01 March 2008 17:16 > To: MailScanner discussion > Subject: RE: Queue problem > > I don't understand when to stop, start again etc.. (i don't speak > english very well) > > However, I can redirect the output to a log file. Can I send it to you > ? > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: March 1, 2008 12:03 PM > To: MailScanner discussion > Subject: Re: Queue problem > > In which case your DNS lookups should be okay. That's a perfectly > reasonable figure in my experience. > > Run "MailScanner --debug --debug-sa". It will produce loads of output. > However, at some point in the SpamAssassin output, it will pause for a > second or two. You want to catch it there, then resume it and then > immediately stop it again, as the bits you are interested in are the > lines of output printed out immediately *after* the pause. > > This can take a few goes to catch, though someone did post a nice > command the other day to prepend each line of output with the current > time, so you could see easily when (and how long) the pauses were. Can > someone repost that please? If I can find it, I'll work out how to > build > it into the MailScanner debug output directly. It will help diagnose > this sort of problem a lot. > > This output should tell you where the pauses are, and therefore what > operations are taking too long. > > Maxime Gaudreault wrote: > > Hi Jule > > > > Dig results comes within 41-108 msec > > > > Maxime Gaudreault > > Technicien > > > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : mgaudreault@reference.qc.ca > > Site Internet : http://www.reference.qc.ca/ > > > > > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > > Sent: February 29, 2008 5:50 PM > > To: MailScanner discussion > > Subject: Re: Queue problem > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > Maxime Gaudreault wrote: > > > >> Hi > >> > >> The hold queue is actually at 415 emails > >> > >> Load Average: 0.11 0.25 0.53 > >> > >> htop show many of these process: > >> > >> MailScanner: checking with SpamAssassin > >> > >> MailScanner: checking with Spam Lists > >> > >> CPU is 3% > >> > >> Mem is 25% > >> > >> > > I would start checking your DNS setup. How long does it take for > various > > random "dig" commands to produce results? MailScanner should spend a > > very small %-age of its time saying "checking with Spam Lists". If > you > > can see several of them in that state, then that's likely a DNS > lookup > > problem. > > > > > >> I don't understand > >> > >> *Maxime Gaudreault* > >> > >> Technicien > >> > >> _ _ > >> > >> R?f?rence Syst?mes inc. > >> > >> T?l. : 418.650.0997 > >> > >> T?l?c. : 418.650.9668 > >> > >> Courriel : _mgaudreault_@reference.qc.ca > >> > >> > >> Site Internet : http://www.reference.qc.ca/ > >> > >> *From:* mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > >> *Maxime Gaudreault > >> *Sent:* February 29, 2008 10:54 AM > >> *To:* MailScanner discussion > >> *Subject:* Queue problem > >> > >> Hi > >> > >> I have a problem with my anti-spam gateway. The queue is fulling up > >> very quickly (1600+ mails in queue). > >> > >> The server's load average is <1 (0.60 - 0.80) so I suppose this is > not > >> a ressource problem. > >> > >> Then I have to change the port forwarding directly to my Imail > server > >> to let the anti-spam's queue going down. > >> > >> I used many tweak to maximize the efficacity of the anti-spam > >> (mailscanner work directory in ram, dns cache server, increasing > >> memory). I only got 1 CPU but I suppose this is not the problem > >> because when the queue is full, the load average is under 1. > >> > >> Any idea ? > >> > >> PS: Sorry for my bad english > >> > >> PPS: Sorry if you received my message twice > >> > >> *Maxime Gaudreault* > >> > >> Technicien > >> > >> _ _ > >> > >> R?f?rence Syst?mes inc. > >> > >> T?l. : 418.650.0997 > >> > >> T?l?c. : 418.650.9668 > >> > >> Courriel : _mgaudreault_@reference.qc.ca > >> > >> > >> Site Internet : http://www.reference.qc.ca/ > >> > >> > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration > help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.0 (Build 2158) > > Comment: Use Thunderbird Enigmail to verify this message > > Charset: windows-1252 > > > > wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT > > eFc95lOZub+5/sADM2GStSY= > > =9oag > > -----END PGP SIGNATURE----- > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Mar 1 18:16:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 1 18:17:35 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> Message-ID: <47C99D8F.3040901@ecs.soton.ac.uk> I have found the relevant "awk" command and modified MailScanner so that when the "--debug-sa" option is used, all debug output will have the current time stuck on the front of every line. This makes looking for pauses a *lot* easier. Don't send me output from --debug-sa as it is useless without knowing where the pauses are. The next release will help you a lot with this problem. Maxime Gaudreault wrote: > I don't understand when to stop, start again etc.. (i don't speak english very well) > > However, I can redirect the output to a log file. Can I send it to you ? > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: March 1, 2008 12:03 PM > To: MailScanner discussion > Subject: Re: Queue problem > > In which case your DNS lookups should be okay. That's a perfectly > reasonable figure in my experience. > > Run "MailScanner --debug --debug-sa". It will produce loads of output. > However, at some point in the SpamAssassin output, it will pause for a > second or two. You want to catch it there, then resume it and then > immediately stop it again, as the bits you are interested in are the > lines of output printed out immediately *after* the pause. > > This can take a few goes to catch, though someone did post a nice > command the other day to prepend each line of output with the current > time, so you could see easily when (and how long) the pauses were. Can > someone repost that please? If I can find it, I'll work out how to build > it into the MailScanner debug output directly. It will help diagnose > this sort of problem a lot. > > This output should tell you where the pauses are, and therefore what > operations are taking too long. > > Maxime Gaudreault wrote: > >> Hi Jule >> >> Dig results comes within 41-108 msec >> >> Maxime Gaudreault >> Technicien >> >> R?f?rence Syst?mes inc. >> T?l. : 418.650.0997 >> T?l?c. : 418.650.9668 >> Courriel : mgaudreault@reference.qc.ca >> Site Internet : http://www.reference.qc.ca/ >> >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: February 29, 2008 5:50 PM >> To: MailScanner discussion >> Subject: Re: Queue problem >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Maxime Gaudreault wrote: >> >> >>> Hi >>> >>> The hold queue is actually at 415 emails >>> >>> Load Average: 0.11 0.25 0.53 >>> >>> htop show many of these process: >>> >>> MailScanner: checking with SpamAssassin >>> >>> MailScanner: checking with Spam Lists >>> >>> CPU is 3% >>> >>> Mem is 25% >>> >>> >>> >> I would start checking your DNS setup. How long does it take for various >> random "dig" commands to produce results? MailScanner should spend a >> very small %-age of its time saying "checking with Spam Lists". If you >> can see several of them in that state, then that's likely a DNS lookup >> problem. >> >> >> >>> I don't understand >>> >>> *Maxime Gaudreault* >>> >>> Technicien >>> >>> _ _ >>> >>> R?f?rence Syst?mes inc. >>> >>> T?l. : 418.650.0997 >>> >>> T?l?c. : 418.650.9668 >>> >>> Courriel : _mgaudreault_@reference.qc.ca >>> >>> >>> Site Internet : http://www.reference.qc.ca/ >>> >>> *From:* mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>> *Maxime Gaudreault >>> *Sent:* February 29, 2008 10:54 AM >>> *To:* MailScanner discussion >>> *Subject:* Queue problem >>> >>> Hi >>> >>> I have a problem with my anti-spam gateway. The queue is fulling up >>> very quickly (1600+ mails in queue). >>> >>> The server's load average is <1 (0.60 - 0.80) so I suppose this is not >>> a ressource problem. >>> >>> Then I have to change the port forwarding directly to my Imail server >>> to let the anti-spam's queue going down. >>> >>> I used many tweak to maximize the efficacity of the anti-spam >>> (mailscanner work directory in ram, dns cache server, increasing >>> memory). I only got 1 CPU but I suppose this is not the problem >>> because when the queue is full, the load average is under 1. >>> >>> Any idea ? >>> >>> PS: Sorry for my bad english >>> >>> PPS: Sorry if you received my message twice >>> >>> *Maxime Gaudreault* >>> >>> Technicien >>> >>> _ _ >>> >>> R?f?rence Syst?mes inc. >>> >>> T?l. : 418.650.0997 >>> >>> T?l?c. : 418.650.9668 >>> >>> Courriel : _mgaudreault_@reference.qc.ca >>> >>> >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.0 (Build 2158) >> Comment: Use Thunderbird Enigmail to verify this message >> Charset: windows-1252 >> >> wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT >> eFc95lOZub+5/sADM2GStSY= >> =9oag >> -----END PGP SIGNATURE----- >> >> >> > > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 1 18:17:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 1 18:17:52 2008 Subject: Problem after update In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> Message-ID: <47C99DBD.5090306@ecs.soton.ac.uk> Did you run the ./install.sh to install it? Maxime Gaudreault wrote: > > I updated MailScanner to 4.66.5. When I start MS I get these errors: > > > > pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/check_mailscanner > > Starting MailScanner...Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > Compilation failed in require at /opt/MailScanner/bin/MailScanner line 79. > > BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner > line 79. > > Failed. > > > > Any fix ? > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 1 18:37:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 1 18:38:02 2008 Subject: Queue problem In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> Message-ID: <47C9A25E.3050507@ecs.soton.ac.uk> MailScanner --debug --debug-sa 2>&1 | awk '{printf"%s %s\n", strftime("%T"), $0}' | tee /tmp/mstest.log all on 1 long line. I have just built this functionality into MailScanner itself, so that in future "MailScanner --debug --debug-sa" will do this automatically for you. But don't worry, it starts by doing a test run of the command to see if it works, that "awk" is found and the version of awk installed supports the "strftime" function (not all do). It then only does the output change if the trial command produced the output I was expecting and not any errors that would be caused by awk not being found or strftime not doing what I expected. If the test fails, it prints out a little message telling you that it tried, and what you might do to improve your system so that it does work. This will be in the next release. Current release schedule is a new beta probably tomorrow (Sunday) some time, followed by a stable release a day or two later. Best regards, Jules. Jason Ede wrote: > Maxine, > > If you do that you'll need to make sure the output is time stamped so that it can be seen whats taking the time. I seem to remember there is a method on the list a short time back. > > Jason > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault >> Sent: 01 March 2008 17:16 >> To: MailScanner discussion >> Subject: RE: Queue problem >> >> I don't understand when to stop, start again etc.. (i don't speak >> english very well) >> >> However, I can redirect the output to a log file. Can I send it to you >> ? >> >> Maxime Gaudreault >> Technicien >> >> R?f?rence Syst?mes inc. >> T?l. : 418.650.0997 >> T?l?c. : 418.650.9668 >> Courriel : mgaudreault@reference.qc.ca >> Site Internet : http://www.reference.qc.ca/ >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: March 1, 2008 12:03 PM >> To: MailScanner discussion >> Subject: Re: Queue problem >> >> In which case your DNS lookups should be okay. That's a perfectly >> reasonable figure in my experience. >> >> Run "MailScanner --debug --debug-sa". It will produce loads of output. >> However, at some point in the SpamAssassin output, it will pause for a >> second or two. You want to catch it there, then resume it and then >> immediately stop it again, as the bits you are interested in are the >> lines of output printed out immediately *after* the pause. >> >> This can take a few goes to catch, though someone did post a nice >> command the other day to prepend each line of output with the current >> time, so you could see easily when (and how long) the pauses were. Can >> someone repost that please? If I can find it, I'll work out how to >> build >> it into the MailScanner debug output directly. It will help diagnose >> this sort of problem a lot. >> >> This output should tell you where the pauses are, and therefore what >> operations are taking too long. >> >> Maxime Gaudreault wrote: >> >>> Hi Jule >>> >>> Dig results comes within 41-108 msec >>> >>> Maxime Gaudreault >>> Technicien >>> >>> R?f?rence Syst?mes inc. >>> T?l. : 418.650.0997 >>> T?l?c. : 418.650.9668 >>> Courriel : mgaudreault@reference.qc.ca >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> >>> Sent: February 29, 2008 5:50 PM >>> To: MailScanner discussion >>> Subject: Re: Queue problem >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Maxime Gaudreault wrote: >>> >>> >>>> Hi >>>> >>>> The hold queue is actually at 415 emails >>>> >>>> Load Average: 0.11 0.25 0.53 >>>> >>>> htop show many of these process: >>>> >>>> MailScanner: checking with SpamAssassin >>>> >>>> MailScanner: checking with Spam Lists >>>> >>>> CPU is 3% >>>> >>>> Mem is 25% >>>> >>>> >>>> >>> I would start checking your DNS setup. How long does it take for >>> >> various >> >>> random "dig" commands to produce results? MailScanner should spend a >>> very small %-age of its time saying "checking with Spam Lists". If >>> >> you >> >>> can see several of them in that state, then that's likely a DNS >>> >> lookup >> >>> problem. >>> >>> >>> >>>> I don't understand >>>> >>>> *Maxime Gaudreault* >>>> >>>> Technicien >>>> >>>> _ _ >>>> >>>> R?f?rence Syst?mes inc. >>>> >>>> T?l. : 418.650.0997 >>>> >>>> T?l?c. : 418.650.9668 >>>> >>>> Courriel : _mgaudreault_@reference.qc.ca >>>> >>>> >>>> Site Internet : http://www.reference.qc.ca/ >>>> >>>> *From:* mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>>> *Maxime Gaudreault >>>> *Sent:* February 29, 2008 10:54 AM >>>> *To:* MailScanner discussion >>>> *Subject:* Queue problem >>>> >>>> Hi >>>> >>>> I have a problem with my anti-spam gateway. The queue is fulling up >>>> very quickly (1600+ mails in queue). >>>> >>>> The server's load average is <1 (0.60 - 0.80) so I suppose this is >>>> >> not >> >>>> a ressource problem. >>>> >>>> Then I have to change the port forwarding directly to my Imail >>>> >> server >> >>>> to let the anti-spam's queue going down. >>>> >>>> I used many tweak to maximize the efficacity of the anti-spam >>>> (mailscanner work directory in ram, dns cache server, increasing >>>> memory). I only got 1 CPU but I suppose this is not the problem >>>> because when the queue is full, the load average is under 1. >>>> >>>> Any idea ? >>>> >>>> PS: Sorry for my bad english >>>> >>>> PPS: Sorry if you received my message twice >>>> >>>> *Maxime Gaudreault* >>>> >>>> Technicien >>>> >>>> _ _ >>>> >>>> R?f?rence Syst?mes inc. >>>> >>>> T?l. : 418.650.0997 >>>> >>>> T?l?c. : 418.650.9668 >>>> >>>> Courriel : _mgaudreault_@reference.qc.ca >>>> >>>> >>>> Site Internet : http://www.reference.qc.ca/ >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration >>> >> help? >> >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> PGP public key: http://www.jules.fm/julesfm.asc >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.8.0 (Build 2158) >>> Comment: Use Thunderbird Enigmail to verify this message >>> Charset: windows-1252 >>> >>> wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT >>> eFc95lOZub+5/sADM2GStSY= >>> =9oag >>> -----END PGP SIGNATURE----- >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ljosnet at gmail.com Sat Mar 1 19:43:36 2008 From: ljosnet at gmail.com (emm1) Date: Sat Mar 1 19:44:11 2008 Subject: Problem after update In-Reply-To: <47C99DBD.5090306@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> <47C99DBD.5090306@ecs.soton.ac.uk> Message-ID: <910ee2ac0803011143wad9ed28pd081973060aa5d78@mail.gmail.com> Jesus, this is happening to me on FreeBSD as well. :( On Sat, Mar 1, 2008 at 6:17 PM, Julian Field wrote: > Did you run the ./install.sh to install it? > > > Maxime Gaudreault wrote: > > > > I updated MailScanner to 4.66.5. When I start MS I get these errors: > > > > > > > > pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/check_mailscanner > > > > Starting MailScanner...Variable "$FIELD_NAME" is not imported at > > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > > > Variable "$FIELD_NAME" is not imported at > > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > > > Global symbol "$FIELD_NAME" requires explicit package name at > > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > > > Global symbol "$FIELD_NAME" requires explicit package name at > > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > > > Compilation failed in require at /opt/MailScanner/bin/MailScanner line 79. > > > > BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner > > line 79. > > > > Failed. > > > > > > > > Any fix ? > > > > > > > > *Maxime Gaudreault* > > > > Technicien > > > > _ _ > > > > R?f?rence Syst?mes inc. > > > > T?l. : 418.650.0997 > > > > T?l?c. : 418.650.9668 > > > > Courriel : _mgaudreault_@reference.qc.ca > > > > > > Site Internet : http://www.reference.qc.ca/ > > > > > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From mgaudreault at reference.qc.ca Sat Mar 1 20:55:48 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sat Mar 1 20:56:31 2008 Subject: Problem after update In-Reply-To: <47C99DBD.5090306@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> <47C99DBD.5090306@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451FB@jupiter.reference.local> Yes But I fixed it by downloading libmailtools-perl 1.77 debian package Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: March 1, 2008 1:18 PM To: MailScanner discussion Subject: Re: Problem after update Did you run the ./install.sh to install it? Maxime Gaudreault wrote: > > I updated MailScanner to 4.66.5. When I start MS I get these errors: > > > > pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/check_mailscanner > > Starting MailScanner...Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > Variable "$FIELD_NAME" is not imported at > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6906. > > Global symbol "$FIELD_NAME" requires explicit package name at > /opt/MailScanner/lib/MailScanner/Message.pm line 6909. > > Compilation failed in require at /opt/MailScanner/bin/MailScanner line 79. > > BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner > line 79. > > Failed. > > > > Any fix ? > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mgaudreault at reference.qc.ca Sun Mar 2 00:50:44 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Mar 2 00:51:27 2008 Subject: Off topic... Postfix question Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Hi Does anyone knows how to make postfix prevent mass spam attack ? For exemple: accept a max of * connection / minutes from the same server. Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080301/58f644fb/attachment-0001.html From lauasanf at wilderness.homeip.net Sun Mar 2 01:24:02 2008 From: lauasanf at wilderness.homeip.net (Drew Sanford) Date: Sun Mar 2 01:24:48 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Message-ID: <47CA01B2.60007@wilderness.homeip.net> Maxime Gaudreault wrote: > Hi > > > > Does anyone knows how to make postfix prevent mass spam attack ? > > > > For exemple: accept a max of * connection / minutes from the same server. > I'm not sure if this can be configured to specific servers. I think as fine grained as it gets is the input rate control in main.cf. From chris at bluecobras.com Sun Mar 2 01:48:29 2008 From: chris at bluecobras.com (Chris Hammond) Date: Sun Mar 2 01:49:11 2008 Subject: Off topic... Postfix question In-Reply-To: <47CA01B2.60007@wilderness.homeip.net> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Message-ID: <47CA076D.109@bluecobras.com> Look at Policy Daemon for Postfix. I think it will do what you are looking for. Chris Drew Sanford wrote: > Maxime Gaudreault wrote: >> Hi >> >> >> >> Does anyone knows how to make postfix prevent mass spam attack ? >> >> >> >> For exemple: accept a max of * connection / minutes from the same >> server. >> > > I'm not sure if this can be configured to specific servers. I think as > fine grained as it gets is the input rate control in main.cf. From alex at nkpanama.com Sun Mar 2 01:57:24 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Mar 2 01:58:48 2008 Subject: Off topic... Postfix question In-Reply-To: <47CA076D.109@bluecobras.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> <47CA076D.109@bluecobras.com> Message-ID: <47EE055C-B1BA-48DE-BF15-20B0A47E1ED5@nkpanama.com> How about something in iptables? I've seen some interesting scripts. As always, Google is your friend: http://www.google.com/search?q=iptables+%22connections+per+minute%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a The first item looks promising. On Mar 1, 2008, at 8:48 PM, Chris Hammond wrote: >>> Does anyone knows how to make postfix prevent mass spam attack ? >>> >>> >>> For exemple: accept a max of * connection / minutes from the same >>> server. >>> > From mgaudreault at reference.qc.ca Sun Mar 2 02:22:36 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Mar 2 02:23:16 2008 Subject: Off topic... Postfix question In-Reply-To: <47EE055C-B1BA-48DE-BF15-20B0A47E1ED5@nkpanama.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local><47CA076D.109@bluecobras.com> <47EE055C-B1BA-48DE-BF15-20B0A47E1ED5@nkpanama.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85451FE@jupiter.reference.local> Yes I already try with iptables/hashlimit but I didn't succeed yet. I was looking for something else.. just in case Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Neuman Sent: March 1, 2008 8:57 PM To: MailScanner discussion Subject: Re: Off topic... Postfix question How about something in iptables? I've seen some interesting scripts. As always, Google is your friend: http://www.google.com/search?q=iptables+%22connections+per+minute%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a The first item looks promising. On Mar 1, 2008, at 8:48 PM, Chris Hammond wrote: >>> Does anyone knows how to make postfix prevent mass spam attack ? >>> >>> >>> For exemple: accept a max of * connection / minutes from the same >>> server. >>> > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at sequestered.net Sun Mar 2 06:16:17 2008 From: lists at sequestered.net (Jay Chandler) Date: Sun Mar 2 06:16:55 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FE@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local><47CA076D.109@bluecobras.com> <47EE055C-B1BA-48DE-BF15-20B0A47E1ED5@nkpanama.com> <6DD6B2C8A11BFC4092A148347F6126B85451FE@jupiter.reference.local> Message-ID: <47CA4631.8070607@sequestered.net> Maxime Gaudreault wrote: > Yes I already try with iptables/hashlimit but I didn't succeed yet. I was looking for something else.. just in case > > Maxime Gaudreault > Technicien > > What does the anvil daemon report in your logs? There should be a way to filter based upon its reports... -- Jay Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Sysadmins unavailable because they are in a meeting talking about why they are unavailable so much From thorsten.schocke at morlott.de Sun Mar 2 07:08:07 2008 From: thorsten.schocke at morlott.de (Thorsten Schocke) Date: Sun Mar 2 07:08:57 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Message-ID: <47CA5257.7050803@morlott.de> Hello, maybe you're looking for some anvil features: simultaneous connects from the same IP smtpd_client_connection_count_limit (amount) #beware that there might be very dumb implementations for smtp (e.g. javamail seems queueless) throwing away the message when this limit drops any on-top connection (amount+1) from the same host IP. mails over time smtpd_client_connection_rate_limit (amount) and making exceptions for this smtpd_client_event_limit_exceptions (list of type $mynetworks) all features are listed in http://www.postfix.org/postconf.5.html cheers Thorsten Maxime Gaudreault schrieb: > > Hi > > > > Does anyone knows how to make postfix prevent mass spam attack ? > > > > For exemple: accept a max of * connection / minutes from the same server. > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > From hvdkooij at vanderkooij.org Sun Mar 2 10:27:19 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 2 10:28:38 2008 Subject: MailScanner scripts: SEC events + Scores Message-ID: <47CA8107.8050506@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I wrote some scripts for MailScanner. ~ 1. SEC rules to parse postfix events and make them visible in MailWatch ~ 2. Report the Bayesian scores in the log You can find them on http://hugo.vanderkooij.org/email/mailscanner.htm I had them around for a while but forgot to publish them somewhere. (But someone was smart enough to ask for one of them.) feel free to use them in the spirit of the GPL. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHyoDxBvzDRVjxmYERAuElAJ9QvPGodknk8aO+YAO7T/lgyoJoJwCeOiPl Nx6TYI3ajVw5YczhRx9DKUQ= =upOH -----END PGP SIGNATURE----- From ms-list at alexb.ch Sun Mar 2 10:30:06 2008 From: ms-list at alexb.ch (Alex Broens) Date: Sun Mar 2 10:30:45 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Message-ID: <47CA81AE.6070907@alexb.ch> On 3/2/2008 1:50 AM, Maxime Gaudreault wrote: > Hi > > > > Does anyone knows how to make postfix prevent mass spam attack ? > > > > For exemple: accept a max of * connection / minutes from the same server. easy: look into: anvil_rate_time_unit smtpd_client_connection_count_limit smtpd_client_connection_rate_limit smtpd_client_message_rate_limit settings in the Postfix docs. Alex From hvdkooij at vanderkooij.org Sun Mar 2 11:44:26 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 2 11:45:23 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> Message-ID: <47CA931A.9020005@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maxime Gaudreault wrote: | Does anyone knows how to make postfix prevent mass spam attack ? You need to read all about it on http://www.opensource.apple.com/darwinsource/Current/postfix-174/postfix/proto/TUNING_README.html I think the best place to learn a lot in a short while on the matter at hand. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHypG2BvzDRVjxmYERAjBrAKCIXDLq1j2xOZdjxdGu0VR0CrRRhQCffq82 mzAwhnM/4ZQWGBqQTjrQ8Bo= =tAUQ -----END PGP SIGNATURE----- From Denis.Beauchemin at USherbrooke.ca Sun Mar 2 12:14:00 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Sun Mar 2 12:14:34 2008 Subject: Queue problem In-Reply-To: <47C9A25E.3050507@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> Message-ID: <47CA9A08.4020709@USherbrooke.ca> Julian Field a ?crit : > MailScanner --debug --debug-sa 2>&1 | awk '{printf"%s %s\n", > strftime("%T"), $0}' | tee /tmp/mstest.log > all on 1 long line. > > I have just built this functionality into MailScanner itself, so that > in future "MailScanner --debug --debug-sa" will do this automatically > for you. > > But don't worry, it starts by doing a test run of the command to see > if it works, that "awk" is found and the version of awk installed > supports the "strftime" function (not all do). It then only does the > output change if the trial command produced the output I was expecting > and not any errors that would be caused by awk not being found or > strftime not doing what I expected. If the test fails, it prints out a > little message telling you that it tried, and what you might do to > improve your system so that it does work. > > Julian, If you don't want to rely on awk, the following code may be more portable: MailScanner --debug --debug-sa 2>&1 | while true; do read line; echo "$(date +%T) $line"; done You could also replace $(...) with `...` Denis From Denis.Beauchemin at USherbrooke.ca Sun Mar 2 12:33:15 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Sun Mar 2 12:33:49 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85451F6@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk> <223f97700802291546m50b3108cr2a407a7ff9487465@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85451F6@jupiter.reference.local> Message-ID: <47CA9E8B.1030500@USherbrooke.ca> Maxime Gaudreault a ?crit : > Hi Glenn > > In MailScanner.conf: > Was that: > Spam List = SBL+XBL spamcop.net NJABL CBL > > > In spam.lists.conf: > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. > spamcop.net bl.spamcop.net. > NJABL dnsbl.njabl.org. > ORDB-RBL relays.ordb.org. > MAPS-RBL blackholes.mail-abuse.org. > MAPS-DUL dialups.mail-abuse.org. > MAPS-RSS relays.mail-abuse.org. > MAPS-RBL+ rbl-plus.mail-abuse.ja.net. > RFC-IGNORANT-DSN dsn.rfc-ignorant.org. > RFC-IGNORANT-POSTMASTER postmaster.rfc-ignorant.org. > RFC-IGNORANT-ABUSE abuse.rfc-ignorant.org. > RFC-IGNORANT-WHOIS whois.rfc-ignorant.org. > RFC-IGNORANT-IPWHOIS ipwhois.rfc-ignorant.org. > RFC-IGNORANT-BOGUSMX bogusmx.rfc-ignorant.org. > Easynet-DNSBL blackholes.easynet.nl. > Easynet-Proxies proxies.blackholes.easynet.nl. > Easynet-Dynablock dynablock.easynet.nl. > SORBS-DNSBL dnsbl.sorbs.net. > SORBS-HTTP http.dnsbl.sorbs.net. > SORBS-SOCKS socks.dnsbl.sorbs.net. > SORBS-MISC misc.dnsbl.sorbs.net. > SORBS-SMTP smtp.dnsbl.sorbs.net. > SORBS-WEB web.dnsbl.sorbs.net. > SORBS-SPAM spam.dnsbl.sorbs.net. > SORBS-BLOCK block.dnsbl.sorbs.net. > SORBS-ZOMBIE zombie.dnsbl.sorbs.net. > SORBS-DUL dul.dnsbl.sorbs.net. > SORBS-RHSBL rhsbl.sorbs.net. > SORBS-BADCONF badconf.rhsbl.sorbs.net. > SORBS-NOMAIL nomail.rhsbl.sorbs.net. > CBL cbl.abuseat.org. > DSBL list.dsbl.org. > > Now: > Spam List = > > And I let SA check the lists like Denis Beauchemin said earlier on the list > > How can I check SA lists ? > > Maxime, If you have "Log Spam = yes" you will have lines like this one in your maillog: Mar 2 00:03:27 smtpe3 MailScanner[2465]: Message m22531o7030798 from a.b.c.d (some-where) to usherbrooke.ca is est un polluriel, SpamAssassin (not cached, score=10.751, requis 4.5, BAYES_99 3.50, DOS_OE_TO_MX 2.75, FORGED_OUTLOOK_TAGS 0.00, L_DRUGS12 1.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PSBL 1.00) The RCVD_IN_PSBL says it was found on PSBL; you should have similar hits for CBL or the other lists you used to use in MS (I can't show you any because I block them in my incoming MTA). Denis From ricky.boone at gmail.com Sun Mar 2 18:24:13 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Sun Mar 2 18:24:59 2008 Subject: MailScanner scripts: SEC events + Scores In-Reply-To: <47CA8107.8050506@vanderkooij.org> References: <47CA8107.8050506@vanderkooij.org> Message-ID: <47CAF0CD.6060207@gmail.com> Hugo van der Kooij wrote: > I wrote some scripts for MailScanner. > ~ 1. SEC rules to parse postfix events and make them visible in MailWatch > ~ 2. Report the Bayesian scores in the log > > You can find them on http://hugo.vanderkooij.org/email/mailscanner.htm > I had them around for a while but forgot to publish them somewhere. (But > someone was smart enough to ask for one of them.) > > feel free to use them in the spirit of the GPL. Wow, these are great! I'll be sure to keep an eye on this page. Thanks, Hugo! From MailScanner at ecs.soton.ac.uk Sun Mar 2 20:35:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 2 20:36:20 2008 Subject: Beta 4.67.5 Message-ID: <47CB0F76.6080706@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new beta, version 4.67.5. This is hopefully the last beta before the next stable release in a couple of days. However, I can't release the stable release until enough people have tried the beta and said it's okay. So please help me by testing it out. If all goes well, I'll release the stable version on Tuesday or Wednesday. Sorry I missed the start of the month, but there were things going on, such as the Symantec Scan Engine support which desperately needed fixing. Cheers folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHyw+OEfZZRxQVtlQRAhVwAJ0UIbDl5Tu7H0dhslCs+jvoOftFngCdELuh OMrtbXI7LOo+UT/zog7/Jc4= =1DtX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Sun Mar 2 20:41:52 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Mar 2 20:42:32 2008 Subject: Beta 4.67.5 In-Reply-To: <47CB0F76.6080706@ecs.soton.ac.uk> References: <47CB0F76.6080706@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545200@jupiter.reference.local> Will it work with libmailtools-perl 2.02 ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: March 2, 2008 3:35 PM To: MailScanner discussion; MailScanner beta testers Subject: Beta 4.67.5 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new beta, version 4.67.5. This is hopefully the last beta before the next stable release in a couple of days. However, I can't release the stable release until enough people have tried the beta and said it's okay. So please help me by testing it out. If all goes well, I'll release the stable version on Tuesday or Wednesday. Sorry I missed the start of the month, but there were things going on, such as the Symantec Scan Engine support which desperately needed fixing. Cheers folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHyw+OEfZZRxQVtlQRAhVwAJ0UIbDl5Tu7H0dhslCs+jvoOftFngCdELuh OMrtbXI7LOo+UT/zog7/Jc4= =1DtX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Mar 2 21:47:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 2 21:48:15 2008 Subject: Beta 4.67.5 In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545200@jupiter.reference.local> References: <47CB0F76.6080706@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B8545200@jupiter.reference.local> Message-ID: <47CB2072.7000209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It works with the versions of the tools I distribute. I suggest you download it and look at the contents of the distribution. Maxime Gaudreault wrote: > Will it work with libmailtools-perl 2.02 ? > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: March 2, 2008 3:35 PM > To: MailScanner discussion; MailScanner beta testers > Subject: Beta 4.67.5 > > > * PGP Signed by an unmatched address: 03/02/08 at 20:35:26 > > I have just released a new beta, version 4.67.5. > This is hopefully the last beta before the next stable release in a > couple of days. However, I can't release the stable release until enough > people have tried the beta and said it's okay. > > So please help me by testing it out. > > If all goes well, I'll release the stable version on Tuesday or > Wednesday. Sorry I missed the start of the month, but there were things > going on, such as the Symantec Scan Engine support which desperately > needed fixing. > > Cheers folks! > > Jules > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHyyB0EfZZRxQVtlQRAsgXAKCH5fuvcD9J6t3/mn/sL4WAdVH52QCgla7O QXJ0xAcadCxkENt6GIH30w8= =afLM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sun Mar 2 23:03:17 2008 From: devonharding at gmail.com (Devon Harding) Date: Sun Mar 2 23:03:51 2008 Subject: Move MailScanner Message-ID: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> What is the easiest way to move my FC4 MailScanner setup to a new box running FC8? Any backup and restore procedure in place yet? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080302/674a49b1/attachment.html From mgaudreault at reference.qc.ca Sun Mar 2 23:09:29 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Sun Mar 2 23:10:09 2008 Subject: Move MailScanner In-Reply-To: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> Excellent question ! I was wondering that too Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: March 2, 2008 6:03 PM To: MailScanner discussion Subject: Move MailScanner What is the easiest way to move my FC4 MailScanner setup to a new box running FC8? Any backup and restore procedure in place yet? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080302/9154391e/attachment.html From mikew at crucis.net Sun Mar 2 23:42:25 2008 From: mikew at crucis.net (Mike Watson) Date: Sun Mar 2 23:43:18 2008 Subject: Move MailScanner In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> Message-ID: <47CB3B61.7050905@crucis.net> I just rebuilt mine from scratch and moved the e-mail accounts over. Other than my issue with f-prot not working, it was pretty much cookie cutter. Mike W -- "Lose not thy airspeed, lest the ground rises up and smites thee." -- William Kershner Maxime Gaudreault wrote: > > Excellent question ! > > > > I was wondering that too > > > > *Maxime Gaudreault* > > Technicien > > _ _ > > R?f?rence Syst?mes inc. > > T?l. : 418.650.0997 > > T?l?c. : 418.650.9668 > > Courriel : _mgaudreault_@reference.qc.ca > > > Site Internet : http://www.reference.qc.ca/ > > > > > > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Devon Harding > *Sent:* March 2, 2008 6:03 PM > *To:* MailScanner discussion > *Subject:* Move MailScanner > > > > What is the easiest way to move my FC4 MailScanner setup to a new box > running FC8? Any backup and restore procedure in place yet? > > -Devon > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner@CYGNI* > , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From mikew at crucis.net Mon Mar 3 00:16:28 2008 From: mikew at crucis.net (Mike Watson) Date: Mon Mar 3 00:17:21 2008 Subject: Move MailScanner In-Reply-To: <47CB3B61.7050905@crucis.net> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> <47CB3B61.7050905@crucis.net> Message-ID: <47CB435C.8080508@crucis.net> Some more info on f-prot being recognized but not working. Some points. 1. If I remove clamav and just leave f-prot, the eicar test passes through undetected. 2. F-prot is found by Mailscanner and logged as such in maillog. 3. I removed f-prot 4.6.8 completely and re-installed from newly downloaded .rpm. Same symptoms, recognized but apparently not being executed. 4. F-prot works manually when executed from the command line and detected an embedded eicar string. I've had my MS.conf and spammassass..conf files checked by a third party on a CentOS system and the configs work properly on that system. I downloaded F-Prot-6 but F-prot 6 and F-prot 4 are mutually incompatible. I found that out the hard way and I'm fixing that now. Any further thoughts from anyone? Mike W -- "Lose not thy airspeed, lest the ground rises up and smites thee." -- William Kershner Mike Watson wrote: > I just rebuilt mine from scratch and moved the e-mail accounts over. > Other than my issue with f-prot not working, it was pretty much cookie > cutter. > > Mike W > > -- > > "Lose not thy airspeed, lest the ground rises up and smites thee." > -- William Kershner > > > > > Maxime Gaudreault wrote: >> >> Excellent question ! >> >> >> >> I was wondering that too >> >> >> >> *Maxime Gaudreault* >> >> Technicien >> >> _ _ >> >> R?f?rence Syst?mes inc. >> >> T?l. : 418.650.0997 >> >> T?l?c. : 418.650.9668 >> >> Courriel : _mgaudreault_@reference.qc.ca >> >> >> Site Internet : http://www.reference.qc.ca/ >> >> >> >> >> >> *From:* mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >> *Devon Harding >> *Sent:* March 2, 2008 6:03 PM >> *To:* MailScanner discussion >> *Subject:* Move MailScanner >> >> >> >> What is the easiest way to move my FC4 MailScanner setup to a new box >> running FC8? Any backup and restore procedure in place yet? >> >> -Devon >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner@CYGNI* >> , and is >> believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From mikew at crucis.net Mon Mar 3 00:32:28 2008 From: mikew at crucis.net (Mike Watson) Date: Mon Mar 3 00:33:22 2008 Subject: Move MailScanner In-Reply-To: <47CB435C.8080508@crucis.net> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> <47CB3B61.7050905@crucis.net> <47CB435C.8080508@crucis.net> Message-ID: <47CB471C.80801@crucis.net> Oops! Sorry for highjacking a thread! I thought I was replying to one of mine. Apologies! Mike W -- "Lose not thy airspeed, lest the ground rises up and smites thee." -- William Kershner Mike Watson wrote: > Some more info on f-prot being recognized but not working. Some points. > > 1. If I remove clamav and just leave f-prot, the eicar test passes > through undetected. > 2. F-prot is found by Mailscanner and logged as such in maillog. > 3. I removed f-prot 4.6.8 completely and re-installed from newly > downloaded .rpm. Same symptoms, recognized but apparently not being > executed. > 4. F-prot works manually when executed from the command line and > detected an embedded eicar string. > > I've had my MS.conf and spammassass..conf files checked by a third > party on a CentOS system and the configs work properly on that system. > > I downloaded F-Prot-6 but F-prot 6 and F-prot 4 are mutually > incompatible. I found that out the hard way and I'm fixing that now. > > Any further thoughts from anyone? > > Mike W > > -- > > "Lose not thy airspeed, lest the ground rises up and smites thee." > -- William Kershner > > > > > Mike Watson wrote: >> I just rebuilt mine from scratch and moved the e-mail accounts over. >> Other than my issue with f-prot not working, it was pretty much >> cookie cutter. >> >> Mike W >> >> -- >> >> "Lose not thy airspeed, lest the ground rises up and smites thee." >> -- William Kershner >> >> >> >> >> Maxime Gaudreault wrote: >>> >>> Excellent question ! >>> >>> >>> >>> I was wondering that too >>> >>> >>> >>> *Maxime Gaudreault* >>> >>> Technicien >>> >>> _ _ >>> >>> R?f?rence Syst?mes inc. >>> >>> T?l. : 418.650.0997 >>> >>> T?l?c. : 418.650.9668 >>> >>> Courriel : _mgaudreault_@reference.qc.ca >>> >>> >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >>> >>> >>> *From:* mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>> *Devon Harding >>> *Sent:* March 2, 2008 6:03 PM >>> *To:* MailScanner discussion >>> *Subject:* Move MailScanner >>> >>> >>> >>> What is the easiest way to move my FC4 MailScanner setup to a new >>> box running FC8? Any backup and restore procedure in place yet? >>> >>> -Devon >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *MailScanner@CYGNI* >>> , and is >>> believed to be clean. >> > -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From gmatt at nerc.ac.uk Mon Mar 3 09:27:30 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Mar 3 09:29:03 2008 Subject: small bug in 4.66.5 - log entries missing In-Reply-To: References: <47C2DBB6.1060405@nerc.ac.uk> <47C2E121.6000301@nerc.ac.uk> <3eb901c878a7$a74bbf90$f5e33eb0$@com> <003801c878b5$8e92acd0$abb80670$@com> <47C4856A.3000104@ecs.soton.ac.uk> <47C6F386.3080509@nerc.ac.uk> <47C70B6F.6070701@ecs.soton.ac.uk> <47C7EEC1.4000709@nerc.ac.uk> Message-ID: <47CBC482.1080006@nerc.ac.uk> I'm not the only one experiencing this problem with log entries, there was another example on the MailWatch mailing list which I forwarded to Julian - dont know if he got it tho. G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From MailScanner at ecs.soton.ac.uk Mon Mar 3 09:29:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 3 09:29:50 2008 Subject: Move MailScanner In-Reply-To: <47CB435C.8080508@crucis.net> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8545201@jupiter.reference.local> <47CB3B61.7050905@crucis.net> <47CB435C.8080508@crucis.net> Message-ID: <47CBC4E3.2040700@ecs.soton.ac.uk> Why not just use F-Prot 6 and tell MailScanner you're using F-Prot-6? Mike Watson wrote: > Some more info on f-prot being recognized but not working. Some points. > > 1. If I remove clamav and just leave f-prot, the eicar test passes > through undetected. > 2. F-prot is found by Mailscanner and logged as such in maillog. > 3. I removed f-prot 4.6.8 completely and re-installed from newly > downloaded .rpm. Same symptoms, recognized but apparently not being > executed. > 4. F-prot works manually when executed from the command line and > detected an embedded eicar string. > > I've had my MS.conf and spammassass..conf files checked by a third > party on a CentOS system and the configs work properly on that system. > > I downloaded F-Prot-6 but F-prot 6 and F-prot 4 are mutually > incompatible. I found that out the hard way and I'm fixing that now. > > Any further thoughts from anyone? > > Mike W > > -- > > "Lose not thy airspeed, lest the ground rises up and smites thee." > -- William Kershner > > > > > Mike Watson wrote: >> I just rebuilt mine from scratch and moved the e-mail accounts over. >> Other than my issue with f-prot not working, it was pretty much >> cookie cutter. >> >> Mike W >> >> -- >> >> "Lose not thy airspeed, lest the ground rises up and smites thee." >> -- William Kershner >> >> >> >> >> Maxime Gaudreault wrote: >>> >>> Excellent question ! >>> >>> >>> >>> I was wondering that too >>> >>> >>> >>> *Maxime Gaudreault* >>> >>> Technicien >>> >>> _ _ >>> >>> R?f?rence Syst?mes inc. >>> >>> T?l. : 418.650.0997 >>> >>> T?l?c. : 418.650.9668 >>> >>> Courriel : _mgaudreault_@reference.qc.ca >>> >>> >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >>> >>> >>> *From:* mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>> *Devon Harding >>> *Sent:* March 2, 2008 6:03 PM >>> *To:* MailScanner discussion >>> *Subject:* Move MailScanner >>> >>> >>> >>> What is the easiest way to move my FC4 MailScanner setup to a new >>> box running FC8? Any backup and restore procedure in place yet? >>> >>> -Devon >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *MailScanner@CYGNI* >>> , and is >>> believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Phil.Udel at SalemCorp.com Mon Mar 3 15:26:19 2008 From: Phil.Udel at SalemCorp.com (Phil Udel) Date: Mon Mar 3 15:27:07 2008 Subject: Mail PTR Records Message-ID: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> I have been thinking that I might try to reject mail that does not have a Ptr. Example: "Non-existent CNAMEReports CNAME of 178.128/25.240.39.12.in-addr.arpa. 12.39.240.178 has no reverse DNS entry; some mail servers may not accept your mail" If I stop it at the sendmail.mc with a FEATURE(`require_rdns')dnl then I will not have any way to track what I might need to allow. If I use the SA RDNS_NONE and RDNS_DYNAMIC then I waste CPU but get nice reporting. What would you guys suggest, any other pitfalls? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080303/76b1fc43/attachment.html From webmaster at ew3d.com Mon Mar 3 15:47:42 2008 From: webmaster at ew3d.com (John Hinton) Date: Mon Mar 3 15:48:20 2008 Subject: Mail PTR Records In-Reply-To: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> Message-ID: <47CC1D9E.9070305@ew3d.com> Phil Udel wrote: > > I have been thinking that I might try to reject mail that does not > have a Ptr. > > Example: > > ?Non-existent CNAMEReports CNAME of 178.128/25.240.39.12.in-addr.arpa. > 12.39.240.178 has no reverse DNS entry; some mail servers may not > accept your mail? > > If I stop it at the sendmail.mc with a FEATURE(`require_rdns')dnl then > I will not have any way to track what I might need to allow. > > If I use the SA RDNS_NONE and RDNS_DYNAMIC then I waste CPU but get > nice reporting. > > What would you guys suggest, any other pitfalls? > I do this at the sendmail level. It does show in my logs. Almost all of the big ISPs block at this level, so if anyone does not have PTR setup, they are unable to mail to a huge portion of the internet... I would not personally allow it past sendmail due to the extra loads. I always try to reject as early as possible on the most obvious items. Bad recipient, no rev dns and spamhaus. John Hinton From MailScanner at ecs.soton.ac.uk Mon Mar 3 16:13:00 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 3 16:13:51 2008 Subject: Beta 4.67.5 In-Reply-To: <47CB0F76.6080706@ecs.soton.ac.uk> References: <47CB0F76.6080706@ecs.soton.ac.uk> Message-ID: <47CC238C.3090202@ecs.soton.ac.uk> Is it working okay for people? If there aren't any complaints, I'll release it as a stable release tomorrow. Jules. Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released a new beta, version 4.67.5. > This is hopefully the last beta before the next stable release in a > couple of days. However, I can't release the stable release until enough > people have tried the beta and said it's okay. > > So please help me by testing it out. > > If all goes well, I'll release the stable version on Tuesday or > Wednesday. Sorry I missed the start of the month, but there were things > going on, such as the Symantec Scan Engine support which desperately > needed fixing. > > Cheers folks! > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFHyw+OEfZZRxQVtlQRAhVwAJ0UIbDl5Tu7H0dhslCs+jvoOftFngCdELuh > OMrtbXI7LOo+UT/zog7/Jc4= > =1DtX > -----END PGP SIGNATURE----- > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Mon Mar 3 16:27:50 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Mar 3 16:28:39 2008 Subject: Beta 4.67.5 In-Reply-To: <47CC238C.3090202@ecs.soton.ac.uk> Message-ID: <2f53c467965c9f4eb10bc4703cee9803@solidstatelogic.com> Jules Been running OK for most of the day - got a separate issue with this months Sophos update but don't think it's anything to do with MS...I'll do some digging later.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 03 March 2008 16:13 > To: MailScanner Beta-testers > Cc: MailScanner discussion > Subject: Re: Beta 4.67.5 > > Is it working okay for people? > If there aren't any complaints, I'll release it as a stable release > tomorrow. > > Jules. > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I have just released a new beta, version 4.67.5. > > This is hopefully the last beta before the next stable release in a > > couple of days. However, I can't release the stable release until enough > > people have tried the beta and said it's okay. > > > > So please help me by testing it out. > > > > If all goes well, I'll release the stable version on Tuesday or > > Wednesday. Sorry I missed the start of the month, but there were things > > going on, such as the Symantec Scan Engine support which desperately > > needed fixing. > > > > Cheers folks! > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.1 (Build 2523) > > Comment: Use Thunderbird Enigmail to verify this message > > Charset: ISO-8859-1 > > > > wj8DBQFHyw+OEfZZRxQVtlQRAhVwAJ0UIbDl5Tu7H0dhslCs+jvoOftFngCdELuh > > OMrtbXI7LOo+UT/zog7/Jc4= > > =1DtX > > -----END PGP SIGNATURE----- > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From m.sapsed at bangor.ac.uk Mon Mar 3 17:06:39 2008 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Mon Mar 3 17:03:25 2008 Subject: Fwd: Sophos Error message In-Reply-To: <47C44254.4080300@ecs.soton.ac.uk> References: <47BEFF53.20E8.005B.0@harper-adams.ac.uk> <47C2FD0E.20E8.005B.0@harper-adams.ac.uk> <47C44254.4080300@ecs.soton.ac.uk> Message-ID: <47CC301F.6040603@bangor.ac.uk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I failed to get to the bottom of this one and re-cloned the machine, as > it was faster to do :-) > Check your /etc/ld.so.conf and hose /opt/sophos-av, > /usr/local/lib/libsav*, /etc/sav* for starters, then reinstall the > latest version of version 6. > Make sure you haven't got any sav processes running. > service sav-protect stop > service sav-web stop > service sav-rms stop > chkconfig --del sav-web > chkconfig --del sav-protect > chkconfig --del sav-rms > Delete all /usr/local/Sophos* files. Do an "ldconfig" to flush the lib > cache. Delete /usr/local/bin/savscanm and /usr/bin/savscan. > > Once you've deleted all the old one and reinstalled the new one, try > "savscan" on a file or two first to see if that works. If it does, then > rebuild perl-SAVI as well. See down the bottom > > Howard Robinson wrote: >> Hello again >> I am still having problems with the error below. >> I have had a good look at the web and it seems that it would be better to uninstall Sophos then start again. >> Is there a recommended way of doing this with out it having a knock on effect with MailScanner? >> >> >> >>>>> "Howard Robinson" 22/02/2008 16:59 >>> >>>>> >> Dear list >> I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's routine /usr/sbin/Sophos.install >> >> It appeared to run through okay but seemed fast! >> Anyway on restarting MailScanner I get the following in the Maillog and emails refused to move in or out. >> >> "SophosSAVI ERROR:: getting version: One of the files in a split-virus data set could not be located (557)" >> >> Any ideas >> I had a quick look at WIKI but nothing appeared to be relevant . >> >> In the end I had to rem out sophos from list of virus scanners used to get email flowing again. Two others are still there and so we are not unprotected but I like Sophos and usually it updates ok >> >> Any help appreciated. We've got the same problem using solaris.sparc.tar.Z (V4.27) and rolled back to 4.26 to make it go away. I'm guessing from Howard's tar file that he's also using a pre-V6 version. I suspect that something subtle has changed between 4.26 and 4.27 on Unix, which is tripping up SAVI? Anyone else still using V4 on *ix? Regards, Martin -- Martin Sapsed Microcomputer Support Manager IT Services "Who do you say that I am?" Bangor University Jesus of Nazareth -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the Bangor University. Bangor University does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the Bangor University Finance Office. www.bangor.ac.uk From FStein at thehill.org Mon Mar 3 17:03:11 2008 From: FStein at thehill.org (Stein, Mr. Fred) Date: Mon Mar 3 17:05:00 2008 Subject: Beta 4.67.5 In-Reply-To: <47CC238C.3090202@ecs.soton.ac.uk> References: <47CB0F76.6080706@ecs.soton.ac.uk> <47CC238C.3090202@ecs.soton.ac.uk> Message-ID: -----Original Message----- From: mailscanner-beta-bounces@lists.mailscanner.info [mailto:mailscanner-beta-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, March 03, 2008 11:13 AM To: MailScanner Beta-testers Cc: MailScanner discussion Subject: Re: Beta 4.67.5 Is it working okay for people? If there aren't any complaints, I'll release it as a stable release tomorrow. Jules. Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released a new beta, version 4.67.5. > This is hopefully the last beta before the next stable release in a > couple of days. However, I can't release the stable release until enough > people have tried the beta and said it's okay. > > So please help me by testing it out. > > If all goes well, I'll release the stable version on Tuesday or > Wednesday. Sorry I missed the start of the month, but there were things > going on, such as the Symantec Scan Engine support which desperately > needed fixing. > > Cheers folks! > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFHyw+OEfZZRxQVtlQRAhVwAJ0UIbDl5Tu7H0dhslCs+jvoOftFngCdELuh > OMrtbXI7LOo+UT/zog7/Jc4= > =1DtX > -----END PGP SIGNATURE----- > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner-Beta mailing list mailscanner-beta@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner-beta Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Jules, It has worked well here since yesterday. Fred Stein Network Administrator The Hill School 717 E. High Street Pottstown, PA 19464 fstein@thehill.org www.thehill.org From m.sapsed at bangor.ac.uk Mon Mar 3 17:15:59 2008 From: m.sapsed at bangor.ac.uk (Martin Sapsed) Date: Mon Mar 3 17:11:24 2008 Subject: Fwd: Sophos Error message In-Reply-To: <47CC301F.6040603@bangor.ac.uk> References: <47BEFF53.20E8.005B.0@harper-adams.ac.uk> <47C2FD0E.20E8.005B.0@harper-adams.ac.uk> <47C44254.4080300@ecs.soton.ac.uk> <47CC301F.6040603@bangor.ac.uk> Message-ID: <47CC324F.6080708@bangor.ac.uk> Isn't it bad form replying to your own messages?? Martin Sapsed wrote: > We've got the same problem using solaris.sparc.tar.Z (V4.27) and rolled > back to 4.26 to make it go away. I'm guessing from Howard's tar file > that he's also using a pre-V6 version. > > I suspect that something subtle has changed between 4.26 and 4.27 on > Unix, which is tripping up SAVI? > > Anyone else still using V4 on *ix? Just noticed this in the release notes for 4.27 - might this have anything to do with it? * Additional threat data file The threat data contains an additional threat data file, sus01.vdb. This file contains data about suspicious files. If you install using install.sh, this file is installed automatically as part of the threat data. However, if you use your own installation procedure (for example, if you use SAV Interface), you must ensure that you install the file to the same location as the rest of the threat data. (The default location is /usr/local/sav.) In future, threat data may include additional threat data files (including suspicious threat data). Therefore, Sophos recommends that custom installation is changed to treat all files of the form [a-z]*[0-9]*.vdb as threat data and install them appropriately. Ah-hah! The sus01.vdb file is in /usr/local/Sophos/lib along with the rest of the .vdb's but isn't symlinked across to the ide folder which is created with a date stamp. Looks like the bit of sophos-autoupdate which currently symlinks vdl*.vdb needs amending to suit the options above? Unfortunately I never got around to learning perl or I'd suggest something... Regards, Martin -- Martin Sapsed Microcomputer Support Manager IT Services "Who do you say that I am?" Bangor University Jesus of Nazareth -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the Bangor University. Bangor University does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the Bangor University Finance Office. www.bangor.ac.uk From Neal at Morgan-Systems.com Mon Mar 3 17:16:13 2008 From: Neal at Morgan-Systems.com (Neal Morgan) Date: Mon Mar 3 17:19:02 2008 Subject: Clamav Ping Timeout During Update Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> Greetings: My Mailscanner has been reporting timeouts when clamav updates its database. I see entries like this in syslog: 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: Clamd::ERROR:: CLAM PING TIMED OUT! :: . If I review the clamav log, it seems that the timeout always occurs within several seconds of the "database reloaded" entry: Mon Mar 3 08:30:21 2008 -> SelfCheck: Database modification detected. Forcing reload. Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 signatures) I wouldn't care too much about this, except any messages passing through MailScanner during that same several second period get marked as virus infected with "Denial of Service" as the virus report. I am running Mailscanner on 5 servers, all Debian etch, all using the package maintainer's clamav and all using MailScanner-4.66.5-3 built from source. All 5 are experiencing the same issue. Any suggestions? Best Regards, Neal Morgan From martinh at solidstatelogic.com Mon Mar 3 17:31:56 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Mar 3 17:32:32 2008 Subject: Fwd: Sophos Error message In-Reply-To: <47CC301F.6040603@bangor.ac.uk> Message-ID: Martin Add me to that list - tried 4.27 this morning as the CD arrived to prompt me and it's definitely broke something.. Mar 3 13:55:58 towers MailScanner[93195]: SophosSAVI ERROR:: getting version: O ne of the files in a split-virus data set could not be located (557) I think they doing something more fancy now. Looking at the perl module info Paul henson's not updated to module since May 2005 -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Martin Sapsed > Sent: 03 March 2008 17:07 > To: MailScanner discussion > Subject: Re: Fwd: Sophos Error message > > Julian Field wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I failed to get to the bottom of this one and re-cloned the machine, as > > it was faster to do :-) > > Check your /etc/ld.so.conf and hose /opt/sophos-av, > > /usr/local/lib/libsav*, /etc/sav* for starters, then reinstall the > > latest version of version 6. > > Make sure you haven't got any sav processes running. > > service sav-protect stop > > service sav-web stop > > service sav-rms stop > > chkconfig --del sav-web > > chkconfig --del sav-protect > > chkconfig --del sav-rms > > Delete all /usr/local/Sophos* files. Do an "ldconfig" to flush the lib > > cache. Delete /usr/local/bin/savscanm and /usr/bin/savscan. > > > > Once you've deleted all the old one and reinstalled the new one, try > > "savscan" on a file or two first to see if that works. If it does, then > > rebuild perl-SAVI as well. > > See down the bottom > > > > > Howard Robinson wrote: > >> Hello again > >> I am still having problems with the error below. > >> I have had a good look at the web and it seems that it would be better > to uninstall Sophos then start again. > >> Is there a recommended way of doing this with out it having a knock on > effect with MailScanner? > >> > >> > >> > >>>>> "Howard Robinson" 22/02/2008 16:59 >>> > >>>>> > >> Dear list > >> I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's > routine /usr/sbin/Sophos.install > >> > >> It appeared to run through okay but seemed fast! > >> Anyway on restarting MailScanner I get the following in the Maillog and > emails refused to move in or out. > >> > >> "SophosSAVI ERROR:: getting version: One of the files in a split-virus > data set could not be located (557)" > >> > >> Any ideas > >> I had a quick look at WIKI but nothing appeared to be relevant . > >> > >> In the end I had to rem out sophos from list of virus scanners used to > get email flowing again. Two others are still there and so we are not > unprotected but I like Sophos and usually it updates ok > >> > >> Any help appreciated. > > We've got the same problem using solaris.sparc.tar.Z (V4.27) and rolled > back to 4.26 to make it go away. I'm guessing from Howard's tar file > that he's also using a pre-V6 version. > > I suspect that something subtle has changed between 4.26 and 4.27 on > Unix, which is tripping up SAVI? > > Anyone else still using V4 on *ix? > > Regards, > > Martin > > -- > Martin Sapsed > Microcomputer Support Manager > IT Services "Who do you say that I am?" > Bangor University Jesus of Nazareth > > > -- > Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, > gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig > gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y > neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar > unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, > rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a > gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i > hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn > Prifysgol Bangor. Nid yw Prifysgol Bangor yn gwarantu > bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu > 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn > nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract > rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa > Cyllid Prifysgol Bangor. www.bangor.ac.uk > > This email and any attachments may contain confidential material and > is solely for the use of the intended recipient(s). If you have > received this email in error, please notify the sender immediately > and delete this email. If you are not the intended recipient(s), you > must not use, retain or disclose any information contained in this > email. Any views or opinions are solely those of the sender and do > not necessarily represent those of the Bangor University. > Bangor University does not guarantee that this email or > any attachments are free from viruses or 100% secure. Unless > expressly stated in the body of the text of the email, this email is > not intended to form a binding contract - a list of authorised > signatories is available from the Bangor University Finance > Office. www.bangor.ac.uk > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Mar 3 17:53:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 3 17:53:44 2008 Subject: Fwd: Sophos Error message In-Reply-To: <47CC324F.6080708@bangor.ac.uk> References: <47BEFF53.20E8.005B.0@harper-adams.ac.uk> <47C2FD0E.20E8.005B.0@harper-adams.ac.uk> <47C44254.4080300@ecs.soton.ac.uk> <47CC301F.6040603@bangor.ac.uk> <47CC324F.6080708@bangor.ac.uk> Message-ID: <47CC3B03.2010101@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Sapsed wrote: > Isn't it bad form replying to your own messages?? > > Martin Sapsed wrote: >> We've got the same problem using solaris.sparc.tar.Z (V4.27) and >> rolled back to 4.26 to make it go away. I'm guessing from Howard's >> tar file that he's also using a pre-V6 version. >> >> I suspect that something subtle has changed between 4.26 and 4.27 on >> Unix, which is tripping up SAVI? >> >> Anyone else still using V4 on *ix? > > Just noticed this in the release notes for 4.27 - might this have > anything to do with it? > > * Additional threat data file > > The threat data contains an additional threat data file, sus01.vdb. > This > file contains data about suspicious files. > > If you install using install.sh, this file is installed > automatically as > part of the threat data. However, if you use your own installation > procedure > (for example, if you use SAV Interface), you must ensure that you > install > the file to the same location as the rest of the threat data. (The > default > location is /usr/local/sav.) > > In future, threat data may include additional threat data files > (including > suspicious threat data). Therefore, Sophos recommends that custom > installation is changed to treat all files of the form > [a-z]*[0-9]*.vdb as > threat data and install them appropriately. > > Ah-hah! > > The sus01.vdb file is in /usr/local/Sophos/lib along with the rest of > the .vdb's but isn't symlinked across to the ide folder which is > created with a date stamp. Looks like the bit of sophos-autoupdate > which currently symlinks vdl*.vdb needs amending to suit the options > above? Unfortunately I never got around to learning perl or I'd > suggest something... > > Regards, > > Martin > I have improved sophos-autoupdate so that it links across the sus files as well as the vdl files. It will be in the next release (due tomorrow). Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzDsFEfZZRxQVtlQRAlC3AKDjSjrbSB4jszA9GPrvtTRvwm8tfgCeK88s S/n/vbLMtAQqKsY0t0xH4Vc= =XI2y -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 3 17:56:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 3 17:56:57 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> Message-ID: <47CC3BE1.6030104@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neal Morgan wrote: > Greetings: > > My Mailscanner has been reporting timeouts when clamav updates its > database. I see entries like this in syslog: > > 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: > Clamd::ERROR:: CLAM PING TIMED OUT! :: . > > > If I review the clamav log, it seems that the timeout always occurs > within several seconds of the "database reloaded" entry: > > Mon Mar 3 08:30:21 2008 -> SelfCheck: Database modification detected. > Forcing reload. > Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav > Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 > signatures) > The ping timeout is set to 90 seconds. This should be way more than is needed for a database reload. You are welcome to try increasing it, look for the setting of the variable "PingTimeOut" in SweepViruses.pm. > > I wouldn't care too much about this, except any messages passing through > MailScanner during that same several second period get marked as virus > infected with "Denial of Service" as the virus report. > > I am running Mailscanner on 5 servers, all Debian etch, all using the > package maintainer's clamav and all using MailScanner-4.66.5-3 built > from source. All 5 are experiencing the same issue. > > Any suggestions? > > > > Best Regards, > > Neal Morgan > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzDvjEfZZRxQVtlQRArzVAKCDduYI28R1BbHstzAN7mLPomLl9wCfYKYD 9vA90EYZaf/xrjjJtDSdPkE= =Jspj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikew at crucis.net Mon Mar 3 18:43:32 2008 From: mikew at crucis.net (Mike Watson) Date: Mon Mar 3 18:44:36 2008 Subject: Move MailScanner In-Reply-To: <47CBC4E3.2040700@ecs.soton.ac.uk> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> <47CB435C.8080508@crucis.net> <47CBC4E3.2040700@ecs.soton.ac.uk> Message-ID: <200803031243.32733.mikew@cygni.crucis.net> I'm working on that. More later. Mike W On Monday 03 March 2008 03:29:07 am Julian Field wrote: > Why not just use F-Prot 6 and tell MailScanner you're using F-Prot-6? > > Mike Watson wrote: > > Some more info on f-prot being recognized but not working. Some points. > > > > 1. If I remove clamav and just leave f-prot, the eicar test passes > > through undetected. > > 2. F-prot is found by Mailscanner and logged as such in maillog. > > 3. I removed f-prot 4.6.8 completely and re-installed from newly > > downloaded .rpm. Same symptoms, recognized but apparently not being > > executed. > > 4. F-prot works manually when executed from the command line and > > detected an embedded eicar string. > > > > I've had my MS.conf and spammassass..conf files checked by a third > > party on a CentOS system and the configs work properly on that system. > > > > I downloaded F-Prot-6 but F-prot 6 and F-prot 4 are mutually > > incompatible. I found that out the hard way and I'm fixing that now. > > > > Any further thoughts from anyone? > > > > Mike W > > > > -- > > > > "Lose not thy airspeed, lest the ground rises up and smites thee." > > -- William Kershner > > > > Mike Watson wrote: > >> I just rebuilt mine from scratch and moved the e-mail accounts over. > >> Other than my issue with f-prot not working, it was pretty much > >> cookie cutter. > >> > >> Mike W > >> > >> -- > >> > >> "Lose not thy airspeed, lest the ground rises up and smites thee." > >> -- William Kershner > >> > >> Maxime Gaudreault wrote: > >>> Excellent question ! > >>> > >>> > >>> > >>> I was wondering that too > >>> > >>> > >>> > >>> *Maxime Gaudreault* > >>> > >>> Technicien > >>> > >>> _ _ > >>> > >>> R?f?rence Syst?mes inc. > >>> > >>> T?l. : 418.650.0997 > >>> > >>> T?l?c. : 418.650.9668 > >>> > >>> Courriel : _mgaudreault_@reference.qc.ca > >>> > >>> > >>> Site Internet : http://www.reference.qc.ca/ > >>> > >>> > >>> > >>> > >>> > >>> *From:* mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > >>> *Devon Harding > >>> *Sent:* March 2, 2008 6:03 PM > >>> *To:* MailScanner discussion > >>> *Subject:* Move MailScanner > >>> > >>> > >>> > >>> What is the easiest way to move my FC4 MailScanner setup to a new > >>> box running FC8? Any backup and restore procedure in place yet? > >>> > >>> -Devon > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by *MailScanner@CYGNI* > >>> , and is > >>> believed to be clean. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From naolson at gmail.com Mon Mar 3 19:15:21 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Mar 3 19:15:56 2008 Subject: Mail PTR Records In-Reply-To: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> Message-ID: <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> It's not RFC-compliant. Nate From mikea at mikea.ath.cx Mon Mar 3 19:39:24 2008 From: mikea at mikea.ath.cx (mikea) Date: Mon Mar 3 19:40:05 2008 Subject: Mail PTR Records In-Reply-To: <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> Message-ID: <20080303193924.GA13680@mikea.ath.cx> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: > It's not RFC-compliant. As has been mentioned elsethread, a number of techniques which are increasingly necessary for survival are not RFC-compliant. Many RFCs were written when the Internet was kinder, gentler, and MUCH less dangerous than it is now. They have not changed, though the 'Net certainly has. Blind adherence to them in the face of evidence that that adherence opens windows of vulnerability is not necessarily dood or wise. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From mkettler at evi-inc.com Mon Mar 3 19:54:37 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 19:55:28 2008 Subject: Mail PTR Records In-Reply-To: <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> Message-ID: <47CC577D.7000207@evi-inc.com> Nathan Olson wrote: > It's not RFC-compliant. Please point out the RFC and section it violates. AFAIK, there's no section that prohibits refusing mail due to lack of PTR records for the IP address. I've been proved wrong before, but I'm extraordinarily skeptical that there's any such restrictions in the RFCs.. I can find no mention of such a restriction in RFC 821, 2821 or 1123. On the contrary, RFC 1912 section 2.1 directly tells you that that not having a PTR record could lead to services refusing to talk to your hosts. Also, RFC 1912 states that all IP address should have have a PTR record associated with them in the in-addr.arpa space. So, the documentation I can find in the RFCs suggests that blocking connections from hosts which lack PTR records is legal and should be expected. From mgaudreault at reference.qc.ca Mon Mar 3 19:55:08 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Mon Mar 3 19:55:52 2008 Subject: Off topic... Postfix question In-Reply-To: <47CA81AE.6070907@alexb.ch> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> <47CA81AE.6070907@alexb.ch> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545241@jupiter.reference.local> How do you evaluate what is a good setting for smtpd_client_*_rate_limit / anvil_rate_time_unit ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alex Broens Sent: March 2, 2008 5:30 AM To: MailScanner discussion Subject: Re: Off topic... Postfix question On 3/2/2008 1:50 AM, Maxime Gaudreault wrote: > Hi > > > > Does anyone knows how to make postfix prevent mass spam attack ? > > > > For exemple: accept a max of * connection / minutes from the same server. easy: look into: anvil_rate_time_unit smtpd_client_connection_count_limit smtpd_client_connection_rate_limit smtpd_client_message_rate_limit settings in the Postfix docs. Alex -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From naolson at gmail.com Mon Mar 3 19:56:43 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Mar 3 19:57:17 2008 Subject: Mail PTR Records In-Reply-To: <20080303193924.GA13680@mikea.ath.cx> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> Message-ID: <8f54b4330803031156t49b338bbp6fa5242e29c5a830@mail.gmail.com> I intentionally didn't mention my stance on the issue. I just stated fact. Nate From mkettler at evi-inc.com Mon Mar 3 20:06:40 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 20:07:18 2008 Subject: Mail PTR Records In-Reply-To: <20080303193924.GA13680@mikea.ath.cx> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> Message-ID: <47CC5A50.3080209@evi-inc.com> mikea wrote: > On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >> It's not RFC-compliant. > > As has been mentioned elsethread, a number of techniques which are > increasingly necessary for survival are not RFC-compliant. > > Many RFCs were written when the Internet was kinder, gentler, and MUCH > less dangerous than it is now. They have not changed, though the 'Net > certainly has. Blind adherence to them in the face of evidence that > that adherence opens windows of vulnerability is not necessarily dood > or wise. Well, that alone isn't a good reason to blindly toss RFC's aside. Some requirements of the RFCs are there for damn good reasons. However, in this case I suspect the activity isn't even a violation of an RFC, and not having a PTR record clearly violates their recommendations (albeit not their requirements). In general, it's really easy to claim something isn't complaint with the RFCs without any evidence to support it. We should all take such suggestions (including those generated by me) as unsubstantiated opinions until proven otherwise.. From peter at farrows.org Mon Mar 3 21:01:39 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 3 21:02:26 2008 Subject: Mail PTR Records In-Reply-To: <47CC5A50.3080209@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> Message-ID: <47CC6733.6010200@farrows.org> Matt Kettler wrote: > mikea wrote: >> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>> It's not RFC-compliant. >> >> As has been mentioned elsethread, a number of techniques which are >> increasingly necessary for survival are not RFC-compliant. >> Many RFCs were written when the Internet was kinder, gentler, and MUCH >> less dangerous than it is now. They have not changed, though the 'Net >> certainly has. Blind adherence to them in the face of evidence that >> that adherence opens windows of vulnerability is not necessarily dood >> or wise. > > Well, that alone isn't a good reason to blindly toss RFC's aside. Some > requirements of the RFCs are there for damn good reasons. > > However, in this case I suspect the activity isn't even a violation of > an RFC, and not having a PTR record clearly violates their > recommendations (albeit not their requirements). > > In general, it's really easy to claim something isn't complaint with > the RFCs without any evidence to support it. We should all take such > suggestions (including those generated by me) as unsubstantiated > opinions until proven otherwise.. > > > > > Its very good practice to have ptr records for your mail servers that should match the forward look up. All reputable ISPs that I have dealt with adhere to this, so its entirely reasonable to throw back mail from relays without valid reverse DNS. I run my own ISP, I process a few million mails per week, and I don't accept mail from machines with duff reverse lookup or no reverse lookup on any of my relays, and I get no complaints from my client base...just happy spam free mailboxes... This all comes down to what is best in practice, if the sender relay doesn't have reverse DNS then I think its perfectly reasonable to throw the mail back....I wouldn't get hung up on it just send it back, transfer the problem back to the sender...Its their issue not yours. Nominet won't let you send pgp signed domain control emails to their automaton unless the reverse DNS matches the forward DNS exactly... P. From richard.frovarp at sendit.nodak.edu Mon Mar 3 21:03:52 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Mar 3 21:04:28 2008 Subject: Mail PTR Records In-Reply-To: <20080303193924.GA13680@mikea.ath.cx> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> Message-ID: <47CC67B8.2050508@sendit.nodak.edu> mikea wrote: > On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: > >> It's not RFC-compliant. >> > > As has been mentioned elsethread, a number of techniques which are > increasingly necessary for survival are not RFC-compliant. > > Many RFCs were written when the Internet was kinder, gentler, and MUCH > less dangerous than it is now. They have not changed, though the 'Net > certainly has. Blind adherence to them in the face of evidence that > that adherence opens windows of vulnerability is not necessarily dood > or wise. > > The issue is you'll see people break the RFC's because they are upset someone else broke another part of the RFC's. Becomes a bit hypocritical. From mkettler at evi-inc.com Mon Mar 3 21:06:39 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 21:07:32 2008 Subject: Mail PTR Records In-Reply-To: <8f54b4330803031156t49b338bbp6fa5242e29c5a830@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <8f54b4330803031156t49b338bbp6fa5242e29c5a830@mail.gmail.com> Message-ID: <47CC685F.4010103@evi-inc.com> Nathan Olson wrote: > I intentionally didn't mention my stance on the issue. Agreed. I think we all realize that there are times the RFC requirements aren't appropriate. Hopefully we all realize that such deviations should only be made after careful consideration of why the original requirement exists. > I just stated fact. Well, you stated your belief that something is fact, but that's a separate part of this thread.. From webmaster at ew3d.com Mon Mar 3 21:28:53 2008 From: webmaster at ew3d.com (John Hinton) Date: Mon Mar 3 21:29:32 2008 Subject: Mail PTR Records In-Reply-To: <47CC67B8.2050508@sendit.nodak.edu> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> Message-ID: <47CC6D95.7070406@ew3d.com> Richard Frovarp wrote: > mikea wrote: >> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >> >>> It's not RFC-compliant. >>> >> >> As has been mentioned elsethread, a number of techniques which are >> increasingly necessary for survival are not RFC-compliant. >> Many RFCs were written when the Internet was kinder, gentler, and MUCH >> less dangerous than it is now. They have not changed, though the 'Net >> certainly has. Blind adherence to them in the face of evidence that >> that adherence opens windows of vulnerability is not necessarily dood >> or wise. >> >> > The issue is you'll see people break the RFC's because they are upset > someone else broke another part of the RFC's. Becomes a bit hypocritical. I think this thread is a dead horse. Do you reject any email to any address for which you should receive email? If so, what does that? Perhaps you may be running spamhaus.zen at the smtp level? This is not RFC compliant. Do you reject mail if it exceeds 100 GB? I know of no size limits allowed within the RFCs. Is there a RFC that allows one to change the subject line of incoming email, like adding SPAM to the front of it? The bottom line is most of the huge ISPs, AOL, Comcast, Verizon, and on and on and on, all reject if there is no reverse DNS. Call it what you want, but if someone doesn't have a legit PTR, they have what amounts to being a broken email system by today's standards. Therefore, rejecting based on no PTR has become a standard. Just like having to receive html email due to Micro$oft has become a standard. OK... I'm through beating this dead horse. John Hinton From peter at farrows.org Mon Mar 3 21:30:20 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 3 21:30:53 2008 Subject: Mail PTR Records In-Reply-To: <47CC5A50.3080209@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> Message-ID: <47CC6DEC.1030906@farrows.org> Matt Kettler wrote: > mikea wrote: >> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>> It's not RFC-compliant. >> >> As has been mentioned elsethread, a number of techniques which are >> increasingly necessary for survival are not RFC-compliant. >> Many RFCs were written when the Internet was kinder, gentler, and MUCH >> less dangerous than it is now. They have not changed, though the 'Net >> certainly has. Blind adherence to them in the face of evidence that >> that adherence opens windows of vulnerability is not necessarily dood >> or wise. > > Well, that alone isn't a good reason to blindly toss RFC's aside. Some > requirements of the RFCs are there for damn good reasons. > > However, in this case I suspect the activity isn't even a violation of > an RFC, and not having a PTR record clearly violates their > recommendations (albeit not their requirements). > > In general, it's really easy to claim something isn't complaint with > the RFCs without any evidence to support it. We should all take such > suggestions (including those generated by me) as unsubstantiated > opinions until proven otherwise.. > > > > > http://tools.ietf.org/html/rfc1912 Its an RFC to have a matching forward and revserse DNS lookup, so not having one or a mismatched one is a violation of RFC1912 To quote, verbatim, "Every Internet-reachable host should have a name. The consequences of this are becoming more and more obvious. Many services available on the Internet will not talk to you if you aren't correctly registered in the DNS. Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain." So you can legitimately bounce the email if the sending host has bad forward/reverse DNS... Regards Pete From mark at msapiro.net Mon Mar 3 21:33:24 2008 From: mark at msapiro.net (Mark Sapiro) Date: Mon Mar 3 21:34:08 2008 Subject: Beta 4.67.5 In-Reply-To: <200803031203.m23C2dBh020560@safir.blacknight.ie> Message-ID: Julian Field wrote: > >I have just released a new beta, version 4.67.5. >This is hopefully the last beta before the next stable release in a >couple of days. However, I can't release the stable release until enough >people have tried the beta and said it's okay. > >So please help me by testing it out. I have just installed Beta 4.67.5. I have also changed Max Children from 1 to 5 because I'm unable to tell from the change log whether there is anything in 4.67.5 vs. 4.67.4 that might affect my message duplication issue. I will be watching for duplicates and any other problems and will report. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From richard.frovarp at sendit.nodak.edu Mon Mar 3 21:52:07 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Mon Mar 3 21:52:43 2008 Subject: Mail PTR Records In-Reply-To: <47CC6DEC.1030906@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> Message-ID: <47CC7307.8000109@sendit.nodak.edu> Peter Farrow wrote: > Matt Kettler wrote: >> mikea wrote: >>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>> It's not RFC-compliant. >>> >>> As has been mentioned elsethread, a number of techniques which are >>> increasingly necessary for survival are not RFC-compliant. >>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>> less dangerous than it is now. They have not changed, though the 'Net >>> certainly has. Blind adherence to them in the face of evidence that >>> that adherence opens windows of vulnerability is not necessarily dood >>> or wise. >> >> Well, that alone isn't a good reason to blindly toss RFC's aside. >> Some requirements of the RFCs are there for damn good reasons. >> >> However, in this case I suspect the activity isn't even a violation >> of an RFC, and not having a PTR record clearly violates their >> recommendations (albeit not their requirements). >> >> In general, it's really easy to claim something isn't complaint with >> the RFCs without any evidence to support it. We should all take such >> suggestions (including those generated by me) as unsubstantiated >> opinions until proven otherwise.. >> >> >> >> >> > http://tools.ietf.org/html/rfc1912 > > Its an RFC to have a matching forward and revserse DNS lookup, so not > having one or a mismatched one is a violation of RFC1912 > > To quote, verbatim, > > "Every Internet-reachable host should have a name. The consequences of > this are becoming more and more obvious. Many services available on > the Internet will not talk to you if you aren't correctly registered > in the DNS. Make sure your PTR and A records match. For every IP > address, there should be a matching PTR record in the in-addr.arpa > domain." > > So you can legitimately bounce the email if the sending host has bad > forward/reverse DNS... > > Regards > > Pete > What does "should" mean? should vs shall vs must isn't always the same thing. From mkettler at evi-inc.com Mon Mar 3 22:01:14 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 22:02:14 2008 Subject: Mail PTR Records In-Reply-To: <47CC6DEC.1030906@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> Message-ID: <47CC752A.2010205@evi-inc.com> Peter Farrow wrote: > Matt Kettler wrote: >> mikea wrote: >>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>> It's not RFC-compliant. >>> >>> As has been mentioned elsethread, a number of techniques which are >>> increasingly necessary for survival are not RFC-compliant. >>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>> less dangerous than it is now. They have not changed, though the 'Net >>> certainly has. Blind adherence to them in the face of evidence that >>> that adherence opens windows of vulnerability is not necessarily dood >>> or wise. >> >> Well, that alone isn't a good reason to blindly toss RFC's aside. Some >> requirements of the RFCs are there for damn good reasons. >> >> However, in this case I suspect the activity isn't even a violation of >> an RFC, and not having a PTR record clearly violates their >> recommendations (albeit not their requirements). >> >> In general, it's really easy to claim something isn't complaint with >> the RFCs without any evidence to support it. We should all take such >> suggestions (including those generated by me) as unsubstantiated >> opinions until proven otherwise.. >> >> >> >> >> > http://tools.ietf.org/html/rfc1912 > > Its an RFC to have a matching forward and revserse DNS lookup, so not > having one or a mismatched one is a violation of RFC1912 Note: it's against RFC 1912's recommendations. That RFC, as quoted below, doesn't require you to have PTR records. 1912 is an informational RFC, so it's not possible to violate it. It doesn't define any standards, so there are no standards in it to be broken. However, it is the best argument that blocking based on lack of PTR is legitimate. It certainly takes a lot of wind out of the sails of anyone claiming such activity is non-compliant without being able to point to where a RFC prohibits it. I reference the very same RFC in Message-ID: <47CC577D.7000207@evi-inc.com>. Please read that post as well (it's really easy to reply to one post in a thread without reading the whole thread). > > To quote, verbatim, > > "Every Internet-reachable host should have a name. The consequences of > this are becoming more and more obvious. Many services available on the > Internet will not talk to you if you aren't correctly registered in the > DNS. Make sure your PTR and A records match. For every IP address, there > should be a matching PTR record in the in-addr.arpa domain." > > So you can legitimately bounce the email if the sending host has bad > forward/reverse DNS... Agreed, this would imply that. From MailScanner at ecs.soton.ac.uk Mon Mar 3 22:22:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 3 22:23:45 2008 Subject: Beta 4.67.5 In-Reply-To: References: Message-ID: <47CC7A40.4030401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > Julian Field wrote: > >> I have just released a new beta, version 4.67.5. >> This is hopefully the last beta before the next stable release in a >> couple of days. However, I can't release the stable release until enough >> people have tried the beta and said it's okay. >> >> So please help me by testing it out. >> > > > I have just installed Beta 4.67.5. I have also changed Max Children > from 1 to 5 because I'm unable to tell from the change log whether > there is anything in 4.67.5 vs. 4.67.4 that might affect my message > duplication issue. > Unlikely. I still haven't got to the bottom of that one, sorry. > I will be watching for duplicates and any other problems and will > report. > Thanks. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzHpCEfZZRxQVtlQRAtJlAJ0Wuu0DGVtEMgnJKXmyBOe518HoYQCguUfF aLoY1aVD6QPP6OHyHZJpKzA= =rwOJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Mar 3 22:30:21 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 22:31:13 2008 Subject: Mail PTR Records In-Reply-To: <47CC7307.8000109@sendit.nodak.edu> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> <47CC7307.8000109@sendit.nodak.edu> Message-ID: <47CC7BFD.7090300@evi-inc.com> Richard Frovarp wrote: > Peter Farrow wrote: >> Matt Kettler wrote: >>> mikea wrote: >>>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>>> It's not RFC-compliant. >>>> >>>> As has been mentioned elsethread, a number of techniques which are >>>> increasingly necessary for survival are not RFC-compliant. >>>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>>> less dangerous than it is now. They have not changed, though the 'Net >>>> certainly has. Blind adherence to them in the face of evidence that >>>> that adherence opens windows of vulnerability is not necessarily dood >>>> or wise. >>> >>> Well, that alone isn't a good reason to blindly toss RFC's aside. >>> Some requirements of the RFCs are there for damn good reasons. >>> >>> However, in this case I suspect the activity isn't even a violation >>> of an RFC, and not having a PTR record clearly violates their >>> recommendations (albeit not their requirements). >>> >>> In general, it's really easy to claim something isn't complaint with >>> the RFCs without any evidence to support it. We should all take such >>> suggestions (including those generated by me) as unsubstantiated >>> opinions until proven otherwise.. >>> >>> >>> >>> >>> >> http://tools.ietf.org/html/rfc1912 >> >> Its an RFC to have a matching forward and revserse DNS lookup, so not >> having one or a mismatched one is a violation of RFC1912 >> >> To quote, verbatim, >> >> "Every Internet-reachable host should have a name. The consequences of >> this are becoming more and more obvious. Many services available on >> the Internet will not talk to you if you aren't correctly registered >> in the DNS. Make sure your PTR and A records match. For every IP >> address, there should be a matching PTR record in the in-addr.arpa >> domain." >> >> So you can legitimately bounce the email if the sending host has bad >> forward/reverse DNS... >> >> Regards >> >> Pete >> > What does "should" mean? should vs shall vs must isn't always the same > thing. Agreed, should is not the same as must. There's an RFC that specifies exactly how should and must are to be interpreted in RFC documents. There is no RFC standard for "shall". http://www.ietf.org/rfc/rfc2119.txt -------------- 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course. -------------- From rcooper at dwford.com Mon Mar 3 22:31:30 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 3 22:32:15 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> Message-ID: <17ee01c87d7e$53df6600$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Neal Morgan > Sent: Monday, March 03, 2008 12:16 PM > To: mailscanner@lists.mailscanner.info > Subject: Clamav Ping Timeout During Update > > Greetings: > > My Mailscanner has been reporting timeouts when clamav updates its > database. I see entries like this in syslog: > > 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: > Clamd::ERROR:: CLAM PING TIMED OUT! :: . > > > If I review the clamav log, it seems that the timeout always occurs > within several seconds of the "database reloaded" entry: > > Mon Mar 3 08:30:21 2008 -> SelfCheck: Database modification > detected. > Forcing reload. > Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav > Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 > signatures) > > > I wouldn't care too much about this, except any messages > passing through > MailScanner during that same several second period get > marked as virus > infected with "Denial of Service" as the virus report. > > I am running Mailscanner on 5 servers, all Debian etch, all using the > package maintainer's clamav and all using MailScanner-4.66.5-3 built > from source. All 5 are experiencing the same issue. > Are you running clamavmodule as well as clamd (accidentally or otherwise)? If you are turn one off, you don't want ClamAVModule and clamd both. MailScanner --lint should tell you if it's calling both. If not using the perl module you should not be tracking the clam databases within MailScanner as they have no meaning at all. Look for "Monitors for ClamAV Updates" in MailScanner.conf and get remove the information relating to the databases. It would be a question for Julian as to why MailScanner would be watching those files if clamavmodule is not in use. Also, the Clamd ping timeout is 90 seconds, that is a long, long time. I cannot imagine why it would take that much time to connect. Using TCP or Unix sockets? Anything odd in the clamd logs? This should only happen if you can connect to clamd but it fails to return anything at all within the 90 seconds (even jibberish) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Mar 3 22:33:30 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 3 22:34:04 2008 Subject: Mail PTR Records In-Reply-To: <47CC6D95.7070406@ew3d.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> Message-ID: <47CC7CBA.8090302@evi-inc.com> John Hinton wrote: > Richard Frovarp wrote: >> mikea wrote: >>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>> >>>> It's not RFC-compliant. >>>> >>> >>> As has been mentioned elsethread, a number of techniques which are >>> increasingly necessary for survival are not RFC-compliant. >>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>> less dangerous than it is now. They have not changed, though the 'Net >>> certainly has. Blind adherence to them in the face of evidence that >>> that adherence opens windows of vulnerability is not necessarily dood >>> or wise. >>> >>> >> The issue is you'll see people break the RFC's because they are upset >> someone else broke another part of the RFC's. Becomes a bit hypocritical. > I think this thread is a dead horse. Do you reject any email to any > address for which you should receive email? If so, what does that? > Perhaps you may be running spamhaus.zen at the smtp level? This is not > RFC compliant. Is it non compliant? There's nothing in the RFCs that prohibit blocking such email. Just because a RFC doesn't explicitly tell you you can, doesn't mean you MUST NOT. I see nowhere that any RFC says you must always accept email for a valid recipient. I see nowhere that says you must not refuse email from hosts of your choosing. RFC 2821 states: " From the Internet side, the gateway SHOULD accept all valid address formats in SMTP commands and in RFC 822 headers, and all valid RFC 822 messages." However, that's a SHOULD, not a MUST. It is not a standards violation to deviate from it. > Do you reject mail if it exceeds 100 GB? I know of no > size limits allowed within the RFCs. I know of nowhere where such limits are disallowed. Therefore, by default, they are acceptable. There's certainly examples in the RFC's of tempfailing mail due to lack of available storage. RFC 821 creates the 452 code explicitly for this purpose. I see nowhere that would prohibit a system from enforcing a size limit on email, either by 4xx or 5xx error code. Can you find one? > Is there a RFC that allows one to > change the subject line of incoming email, like adding SPAM to the front > of it? RFC 2821 states that relay SMTP systems do not modify the message other than adding trace headers, however not all SMTP systems are relays. Gateways are allowed to modify. Normally gateways deal with clients, not server to server traffic. However, RFC 2821 explicitly addresses firewalls that rewrite headers in server to server transfers and says these should be considered gateways. > > The bottom line is most of the huge ISPs, AOL, Comcast, Verizon, and on > and on and on, all reject if there is no reverse DNS. Call it what you > want, but if someone doesn't have a legit PTR, they have what amounts to > being a broken email system by today's standards. Therefore, rejecting > based on no PTR has become a standard. Just like having to receive html > email due to Micro$oft has become a standard. Personally, I have yet to see anyone, anywhere point out how this violates an RFC. I've found one informational RFC that suggests this practice is common and should be expected. (RFC 1912) > > OK... I'm through beating this dead horse. > > John Hinton From rcooper at dwford.com Mon Mar 3 22:34:47 2008 From: rcooper at dwford.com (Rick Cooper) Date: Mon Mar 3 22:35:00 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <47CC3BE1.6030104@ecs.soton.ac.uk> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net> <47CC3BE1.6030104@ecs.soton.ac.uk> Message-ID: <17ef01c87d7e$c93a6da0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Monday, March 03, 2008 12:57 PM > To: MailScanner discussion > Subject: Re: Clamav Ping Timeout During Update > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Neal Morgan wrote: > > Greetings: > > > > My Mailscanner has been reporting timeouts when clamav updates its > > database. I see entries like this in syslog: > > > > 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: > > Clamd::ERROR:: CLAM PING TIMED OUT! :: . > > > > > > If I review the clamav log, it seems that the timeout always occurs > > within several seconds of the "database reloaded" entry: > > > > Mon Mar 3 08:30:21 2008 -> SelfCheck: Database > modification detected. > > Forcing reload. > > Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav > > Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 > > signatures) > > > The ping timeout is set to 90 seconds. This should be way > more than is > needed for a database reload. You are welcome to try > increasing it, look > for the setting of the variable "PingTimeOut" in SweepViruses.pm. > > > I would think MailScanner wouldn't even bother to monitor the database files if not using ClamAVModule as clamd handles reloading upon updates and MailScanner shouldn't care because it's not going to load them anyway. It kind of makes me wonder if he is running both clamd and clamavmodule Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Mar 3 22:44:03 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 3 22:44:48 2008 Subject: Mail PTR Records In-Reply-To: <47CC7307.8000109@sendit.nodak.edu> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> <47CC7307.8000109@sendit.nodak.edu> Message-ID: <47CC7F33.2060500@farrows.org> Richard Frovarp wrote: > Peter Farrow wrote: >> Matt Kettler wrote: >>> mikea wrote: >>>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>>> It's not RFC-compliant. >>>> >>>> As has been mentioned elsethread, a number of techniques which are >>>> increasingly necessary for survival are not RFC-compliant. >>>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>>> less dangerous than it is now. They have not changed, though the 'Net >>>> certainly has. Blind adherence to them in the face of evidence that >>>> that adherence opens windows of vulnerability is not necessarily dood >>>> or wise. >>> >>> Well, that alone isn't a good reason to blindly toss RFC's aside. >>> Some requirements of the RFCs are there for damn good reasons. >>> >>> However, in this case I suspect the activity isn't even a violation >>> of an RFC, and not having a PTR record clearly violates their >>> recommendations (albeit not their requirements). >>> >>> In general, it's really easy to claim something isn't complaint with >>> the RFCs without any evidence to support it. We should all take such >>> suggestions (including those generated by me) as unsubstantiated >>> opinions until proven otherwise.. >>> >>> >>> >>> >>> >> http://tools.ietf.org/html/rfc1912 >> >> Its an RFC to have a matching forward and revserse DNS lookup, so not >> having one or a mismatched one is a violation of RFC1912 >> >> To quote, verbatim, >> >> "Every Internet-reachable host should have a name. The consequences >> of this are becoming more and more obvious. Many services available >> on the Internet will not talk to you if you aren't correctly >> registered in the DNS. Make sure your PTR and A records match. For >> every IP address, there should be a matching PTR record in the >> in-addr.arpa domain." >> >> So you can legitimately bounce the email if the sending host has bad >> forward/reverse DNS... >> >> Regards >> >> Pete >> > What does "should" mean? should vs shall vs must isn't always the same > thing. The meaning is blindingly obvious to me... From peter at farrows.org Mon Mar 3 22:51:55 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 3 22:52:03 2008 Subject: Mail PTR Records In-Reply-To: <47CC7BFD.7090300@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> <47CC7307.8000109@sendit.nodak.edu> <47CC7BFD.7090300@evi-inc.com> Message-ID: <47CC810B.5010302@farrows.org> Matt Kettler wrote: > Richard Frovarp wrote: >> Peter Farrow wrote: >>> Matt Kettler wrote: >>>> mikea wrote: >>>>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>>>> It's not RFC-compliant. >>>>> >>>>> As has been mentioned elsethread, a number of techniques which are >>>>> increasingly necessary for survival are not RFC-compliant. >>>>> Many RFCs were written when the Internet was kinder, gentler, and >>>>> MUCH >>>>> less dangerous than it is now. They have not changed, though the 'Net >>>>> certainly has. Blind adherence to them in the face of evidence >>>>> that that adherence opens windows of vulnerability is not >>>>> necessarily dood >>>>> or wise. >>>> >>>> Well, that alone isn't a good reason to blindly toss RFC's aside. >>>> Some requirements of the RFCs are there for damn good reasons. >>>> >>>> However, in this case I suspect the activity isn't even a violation >>>> of an RFC, and not having a PTR record clearly violates their >>>> recommendations (albeit not their requirements). >>>> >>>> In general, it's really easy to claim something isn't complaint >>>> with the RFCs without any evidence to support it. We should all >>>> take such suggestions (including those generated by me) as >>>> unsubstantiated opinions until proven otherwise.. >>>> >>>> >>>> >>>> >>>> >>> http://tools.ietf.org/html/rfc1912 >>> >>> Its an RFC to have a matching forward and revserse DNS lookup, so >>> not having one or a mismatched one is a violation of RFC1912 >>> >>> To quote, verbatim, >>> >>> "Every Internet-reachable host should have a name. The consequences >>> of this are becoming more and more obvious. Many services available >>> on the Internet will not talk to you if you aren't correctly >>> registered in the DNS. Make sure your PTR and A records match. For >>> every IP address, there should be a matching PTR record in the >>> in-addr.arpa domain." >>> >>> So you can legitimately bounce the email if the sending host has bad >>> forward/reverse DNS... >>> >>> Regards >>> >>> Pete >>> >> What does "should" mean? should vs shall vs must isn't always the >> same thing. > > Agreed, should is not the same as must. > > There's an RFC that specifies exactly how should and must are to be > interpreted in RFC documents. There is no RFC standard for "shall". > > http://www.ietf.org/rfc/rfc2119.txt > > > -------------- > 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there > may exist valid reasons in particular circumstances to ignore a > particular item, but the full implications must be understood and > carefully weighed before choosing a different course. > -------------- > > > > brilliant. Didn't know about this RFC but I already knew what "should" means... For those still in any doubt you mind find this page useful, http://www.englishpage.com/modals/should.html If you're still having trouble, this may be more appropriate http://www.bbc.co.uk/cbeebies/metoo/colour/ ;-) From peter at farrows.org Mon Mar 3 22:58:56 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 3 22:59:03 2008 Subject: Mail PTR Records In-Reply-To: <47CC7CBA.8090302@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> Message-ID: <47CC82B0.1030908@farrows.org> Matt Kettler wrote: > John Hinton wrote: >> Richard Frovarp wrote: >>> mikea wrote: >>>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>> >>>>> It's not RFC-compliant. >>>>> >>>> >>>> As has been mentioned elsethread, a number of techniques which are >>>> increasingly necessary for survival are not RFC-compliant. >>>> Many RFCs were written when the Internet was kinder, gentler, and MUCH >>>> less dangerous than it is now. They have not changed, though the 'Net >>>> certainly has. Blind adherence to them in the face of evidence that >>>> that adherence opens windows of vulnerability is not necessarily dood >>>> or wise. >>>> >>>> >>> The issue is you'll see people break the RFC's because they are >>> upset someone else broke another part of the RFC's. Becomes a bit >>> hypocritical. >> I think this thread is a dead horse. Do you reject any email to any >> address for which you should receive email? If so, what does that? >> Perhaps you may be running spamhaus.zen at the smtp level? This is >> not RFC compliant. > > Is it non compliant? There's nothing in the RFCs that prohibit > blocking such email. Just because a RFC doesn't explicitly tell you > you can, doesn't mean you MUST NOT. > > I see nowhere that any RFC says you must always accept email for a > valid recipient. I see nowhere that says you must not refuse email > from hosts of your choosing. > > RFC 2821 states: > " From the Internet side, the gateway SHOULD accept all valid address > formats in SMTP commands and in RFC 822 headers, and all valid RFC > 822 messages." > > However, that's a SHOULD, not a MUST. It is not a standards violation > to deviate from it. > > >> Do you reject mail if it exceeds 100 GB? I know of no size limits >> allowed within the RFCs. > > I know of nowhere where such limits are disallowed. Therefore, by > default, they are acceptable. Ah yes but you can legitimately reject big messages http://www.ietf.org/rfc/rfc1870.txt > > There's certainly examples in the RFC's of tempfailing mail due to > lack of available storage. RFC 821 creates the 452 code explicitly for > this purpose. > > I see nowhere that would prohibit a system from enforcing a size limit > on email, either by 4xx or 5xx error code. Can you find one? > > >> Is there a RFC that allows one to change the subject line of incoming >> email, like adding SPAM to the front of it? > > RFC 2821 states that relay SMTP systems do not modify the message > other than adding trace headers, however not all SMTP systems are > relays. Gateways are allowed to modify. Normally gateways deal with > clients, not server to server traffic. > > However, RFC 2821 explicitly addresses firewalls that rewrite headers > in server to server transfers and says these should be considered > gateways. > >> >> The bottom line is most of the huge ISPs, AOL, Comcast, Verizon, and >> on and on and on, all reject if there is no reverse DNS. Call it what >> you want, but if someone doesn't have a legit PTR, they have what >> amounts to being a broken email system by today's standards. >> Therefore, rejecting based on no PTR has become a standard. Just like >> having to receive html email due to Micro$oft has become a standard. > > Personally, I have yet to see anyone, anywhere point out how this > violates an RFC. I've found one informational RFC that suggests this > practice is common and should be expected. (RFC 1912) > >> >> OK... I'm through beating this dead horse. >> >> John Hinton > You s From sandrews at andrewscompanies.com Mon Mar 3 23:17:51 2008 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Mar 3 23:18:55 2008 Subject: Mail PTR Records References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> Message-ID: <1964AAFBC212F742958F9275BF63DBB06B4942@winchester.andrewscompanies.com> so is not relaying. ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Nathan Olson Sent: Mon 3/3/2008 2:15 PM To: MailScanner discussion Subject: Re: Mail PTR Records It's not RFC-compliant. Nate -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 3457 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080303/f5f3881a/attachment.bin From naolson at gmail.com Mon Mar 3 23:20:53 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Mar 3 23:21:55 2008 Subject: Mail PTR Records In-Reply-To: <47CC82B0.1030908@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> Message-ID: <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> RFC 2821 4.1.4 Order of Commands The SMTP client MUST, if possible, ensure that the domain parameter to the EHLO command is a valid principal host name (not a CNAME or MX name) for its host. If this is not possible (e.g., when the client's address is dynamically assigned and the client does not have an obvious name), an address literal SHOULD be substituted for the domain name and supplemental information provided that will assist in identifying the client. An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only. From naolson at gmail.com Mon Mar 3 23:20:53 2008 From: naolson at gmail.com (Nathan Olson) Date: Mon Mar 3 23:22:01 2008 Subject: Mail PTR Records In-Reply-To: <47CC82B0.1030908@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> Message-ID: <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> RFC 2821 4.1.4 Order of Commands The SMTP client MUST, if possible, ensure that the domain parameter to the EHLO command is a valid principal host name (not a CNAME or MX name) for its host. If this is not possible (e.g., when the client's address is dynamically assigned and the client does not have an obvious name), an address literal SHOULD be substituted for the domain name and supplemental information provided that will assist in identifying the client. An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only. From v at vladville.com Tue Mar 4 02:44:48 2008 From: v at vladville.com (Vlad Mazek) Date: Tue Mar 4 02:45:23 2008 Subject: Move MailScanner In-Reply-To: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> References: <2baac6140803021503uc820b0fi372be2c12c87f424@mail.gmail.com> Message-ID: I know you didn't ask, but I'm compelled to wonder why not move it to a distribution that will be supported for about 5 years, CentOS? :) In terms of backup, go to the new machine and install your AV, spamassassin, etc, move over your passwords, users, mailboxes, etc. Install stock MailScanner and all its dependancies. Then from the original system tar czvf mailscanner-backup.tgz /etc/MailScanner /usr/lib/MailScanner At the bare minimum you should move /etc/MailScanner but if you modified your /etc/init.d/MailScanner or any custom functions in /usr/lib/MailScanner/MailScanner/CustomFunctions/ you gotta pack those too. -Vlad On 3/2/08, Devon Harding wrote: > > What is the easiest way to move my FC4 MailScanner setup to a new box > running FC8? Any backup and restore procedure in place yet? > > -Devon > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080303/2e6fac1e/attachment.html From Richard.Frovarp at sendit.nodak.edu Tue Mar 4 04:52:56 2008 From: Richard.Frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Mar 4 04:53:40 2008 Subject: Mail PTR Records In-Reply-To: <47CC810B.5010302@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC5A50.3080209@evi-inc.com> <47CC6DEC.1030906@farrows.org> <47CC7307.8000109@sendit.nodak.edu> <47CC7BFD.7090300@evi-inc.com> <47CC810B.5010302@farrows.org> Message-ID: <47CCD5A8.9060500@sendit.nodak.edu> Peter Farrow wrote: > Matt Kettler wrote: >> Richard Frovarp wrote: >>> Peter Farrow wrote: >>>> Matt Kettler wrote: >>>>> mikea wrote: >>>>>> On Mon, Mar 03, 2008 at 01:15:21PM -0600, Nathan Olson wrote: >>>>>>> It's not RFC-compliant. >>>>>> >>>>>> As has been mentioned elsethread, a number of techniques which >>>>>> are increasingly necessary for survival are not RFC-compliant. >>>>>> Many RFCs were written when the Internet was kinder, gentler, and >>>>>> MUCH >>>>>> less dangerous than it is now. They have not changed, though the >>>>>> 'Net >>>>>> certainly has. Blind adherence to them in the face of evidence >>>>>> that that adherence opens windows of vulnerability is not >>>>>> necessarily dood >>>>>> or wise. >>>>> >>>>> Well, that alone isn't a good reason to blindly toss RFC's aside. >>>>> Some requirements of the RFCs are there for damn good reasons. >>>>> >>>>> However, in this case I suspect the activity isn't even a >>>>> violation of an RFC, and not having a PTR record clearly violates >>>>> their recommendations (albeit not their requirements). >>>>> >>>>> In general, it's really easy to claim something isn't complaint >>>>> with the RFCs without any evidence to support it. We should all >>>>> take such suggestions (including those generated by me) as >>>>> unsubstantiated opinions until proven otherwise.. >>>>> >>>>> >>>>> >>>>> >>>>> >>>> http://tools.ietf.org/html/rfc1912 >>>> >>>> Its an RFC to have a matching forward and revserse DNS lookup, so >>>> not having one or a mismatched one is a violation of RFC1912 >>>> >>>> To quote, verbatim, >>>> >>>> "Every Internet-reachable host should have a name. The consequences >>>> of this are becoming more and more obvious. Many services available >>>> on the Internet will not talk to you if you aren't correctly >>>> registered in the DNS. Make sure your PTR and A records match. For >>>> every IP address, there should be a matching PTR record in the >>>> in-addr.arpa domain." >>>> >>>> So you can legitimately bounce the email if the sending host has >>>> bad forward/reverse DNS... >>>> >>>> Regards >>>> >>>> Pete >>>> >>> What does "should" mean? should vs shall vs must isn't always the >>> same thing. >> >> Agreed, should is not the same as must. >> >> There's an RFC that specifies exactly how should and must are to be >> interpreted in RFC documents. There is no RFC standard for "shall". >> >> http://www.ietf.org/rfc/rfc2119.txt >> >> >> -------------- >> 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there >> may exist valid reasons in particular circumstances to ignore a >> particular item, but the full implications must be understood and >> carefully weighed before choosing a different course. >> -------------- >> >> >> >> > brilliant. Didn't know about this RFC but I already knew what > "should" means... > > For those still in any doubt you mind find this page useful, > > http://www.englishpage.com/modals/should.html > > If you're still having trouble, this may be more appropriate > > http://www.bbc.co.uk/cbeebies/metoo/colour/ > > ;-) > From your site is should: a recommendation, advice, obligation, or expectation? Does shall represent: a suggestion, promise, predestination, or inevitability? I could interpret should as something I must do (obligation) and shall as something I could do (suggestion). This would most likely be opposite of expectations and most US legal documents, but correct according to the usage of the words. Legal documents and specifications must explicitly spell out the exact meanings of such words for these reasons. Which is why we have an RFC spelling out the meanings of such words. From hvdkooij at vanderkooij.org Tue Mar 4 06:37:45 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 4 06:39:00 2008 Subject: Off topic... Postfix question In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545241@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451FD@jupiter.reference.local> <47CA81AE.6070907@alexb.ch> <6DD6B2C8A11BFC4092A148347F6126B8545241@jupiter.reference.local> Message-ID: <47CCEE39.40505@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maxime Gaudreault wrote: | How do you evaluate what is a good setting for smtpd_client_*_rate_limit / anvil_rate_time_unit ? Babysit your logs. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHzO44BvzDRVjxmYERAl1qAKCvqWUZj8dars35dO9wJQdkD+/+LgCdFjr0 2KSS2BJ/sz+YcBKUrm3ohqA= =1eRh -----END PGP SIGNATURE----- From telecaadmin at gmail.com Tue Mar 4 10:17:37 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Tue Mar 4 10:18:11 2008 Subject: Email Statistics In-Reply-To: <47C6E4AB.7060802@USherbrooke.ca> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> Message-ID: <47CD21C1.8090400@gmail.com> >> I have been looking at my stats, I was curious what other people get >> >> Current doing about 100,000 emails a month with a 77% Spam hit. Those are my numbers from the last 24 hours. We're doing a least 100,000+ mails per day 48,000+ blocked per day 310 "is spam" from MailScanner/SpamAssassin per day Cheers, Ronny From MailScanner at ecs.soton.ac.uk Tue Mar 4 11:20:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 4 11:21:47 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released Message-ID: <47CD3098.8000300@ecs.soton.ac.uk> Morning all! I have just released the latest stable release of MailScanner, 4.67.6. There are quite a lot of changes, it's been a couple of months since my last confession^H^H^H^H^H^H^Hrelease, here are the important ones: - Added support for the ESET virus scanner. - Added support for BitDefender 7.5. - Implemented file MIME type checking, as reported by the "file -i" command. - Added working support for the Symantec Scan Engine. - --debug-sa output greatly improved to make debugging SpamAssassin problems easier. - Checks made on %org-name% to ensure there are no illegal characters. You can all download it as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Added support for the ESET virus scanner, from www.eset.com. Support written by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in MailScanner.conf and check you have installed it in the expected location or change /etc/MailScanner/virus.scanners.conf. 2 "MailScanner --lint" now checks to ensure unrar is installed and executable. 2 Esets autoupdater now accurately reports status results. 3 Implemented file MIME type checking, as reported by the "file -i" command. This includees 3 new settings, which all work just like their non-MIME brothers: "Log Permitted File MIME Types", "Allow File MIME Types" and "Deny File MIME Types". The main use is via the filetype.rules.conf file, where a new optional field may be added just after the regular expression field (just after the 2nd field in each line). If this field is added, then the "file -i" command is run on every batch of messages and the output checked against the MIME types specified in the newly inserted 3rd field (out of fields 1-5 on each line of filetype.rules.conf files). 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. 4 --debug now tells you when it's waiting for its batch of messages, and how big the batch is. 4 "Use TNEF = replace" behaviour changed to add attachments with their original potentially very long filenames instead of a sanitised one. 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to scud@etailengine.com f or that one. 4 Improvement to the phishing net to allow all the links that look like this: Name of my Blog - http://site.blogspot.com/ 4 Installation order of Perl module changed to install File::Spec before ExtUtil s::MakeMaker, which should help the Solaris folks. 5 Made warning about %org-name% containing illegal characters a lot more obvious when running "MailScanner --debug" as well as "MailScanner --lint". 5 Any mail headers inserted with spaces in them will have spaces replaced with hyphens. 5 When "MailScanner --debug --debug-sa" is run, the start of every line of SpamAssassin debugging output now has the current time stuck on the front of it. This makes looking for pauses a whole lot easier. 6 Improvements to the init.d scripts for the RPM distributions. While waiting for the MailScanner processes to die of natural causes, they periodically send them another kill signal as there are a few cases in which the kill signals are ignored. This should result in far more reliable restarting. 6 "sophos-autoupdate" improved to handle new "suspicious" threat data files whose names start with "sus". * Fixes * 4 Improved definition of "Scan Messages" when using Postfix, to attempt to avoid occasional double delivery of unscanned messages on heavily loaded servers. 5 Maliciously crafted attachment filenames could circumvent the 'very-long- filename' rule in filename.rules.conf. Fixed. 5 Fix to include "ClamAVModule" in log outputs from it. 5 Symantec Scan Engine support problems now fixed. Set the path in MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that value, it expects to see the Linux command-line scanner in the file /opt/SYMCScan/ssecls/ssecls. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Tue Mar 4 11:35:44 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Mar 4 11:36:25 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD3098.8000300@ecs.soton.ac.uk> Message-ID: <5f4b4dc7e2d98145bad244716c23d837@solidstatelogic.com> Jules Something's screwy with the dates of the files - showing 12:08pm today which hasn't happened yet :=( -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 04 March 2008 11:21 > To: MailScanner discussion; MailScanner-Announce mailing list list > Subject: MailScanner ANNOUNCE: stable 4.67.6 released > > Morning all! > > I have just released the latest stable release of MailScanner, 4.67.6. > > There are quite a lot of changes, it's been a couple of months since my > last confession^H^H^H^H^H^H^Hrelease, here are the important ones: > - Added support for the ESET virus scanner. > - Added support for BitDefender 7.5. > - Implemented file MIME type checking, as reported by the "file -i" > command. > - Added working support for the Symantec Scan Engine. > - --debug-sa output greatly improved to make debugging SpamAssassin > problems easier. > - Checks made on %org-name% to ensure there are no illegal characters. > > You can all download it as usual from www.mailscanner.info. > > The full Change Log is this: > * New Features and Improvements * > 1 Added support for the ESET virus scanner, from www.eset.com. Support > written > by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in > MailScanner.conf and check you have installed it in the expected > location or > change /etc/MailScanner/virus.scanners.conf. > 2 "MailScanner --lint" now checks to ensure unrar is installed and > executable. > 2 Esets autoupdater now accurately reports status results. > 3 Implemented file MIME type checking, as reported by the "file -i" > command. > This includees 3 new settings, which all work just like their non-MIME > brothers: "Log Permitted File MIME Types", "Allow File MIME Types" and > "Deny > File MIME Types". > The main use is via the filetype.rules.conf file, where a new optional > field > may be added just after the regular expression field (just after the 2nd > field in each line). If this field is added, then the "file -i" command > is > run on every batch of messages and the output checked against the MIME > types > specified in the newly inserted 3rd field (out of fields 1-5 on each > line of > filetype.rules.conf files). > 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. > 4 --debug now tells you when it's waiting for its batch of messages, and > how > big the batch is. > 4 "Use TNEF = replace" behaviour changed to add attachments with their > original > potentially very long filenames instead of a sanitised one. > 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to > scud@etailengine.com f > or that one. > 4 Improvement to the phishing net to allow all the links that look like > this: > Name of my Blog - http://site.blogspot.com/ > 4 Installation order of Perl module changed to install File::Spec before > ExtUtil > s::MakeMaker, which should help the Solaris folks. > 5 Made warning about %org-name% containing illegal characters a lot more > obvious when running "MailScanner --debug" as well as "MailScanner > --lint". > 5 Any mail headers inserted with spaces in them will have spaces > replaced with > hyphens. > 5 When "MailScanner --debug --debug-sa" is run, the start of every line of > SpamAssassin debugging output now has the current time stuck on the > front > of it. This makes looking for pauses a whole lot easier. > 6 Improvements to the init.d scripts for the RPM distributions. While > waiting > for the MailScanner processes to die of natural causes, they > periodically > send them another kill signal as there are a few cases in which the kill > signals are ignored. This should result in far more reliable restarting. > 6 "sophos-autoupdate" improved to handle new "suspicious" threat data > files > whose names start with "sus". > > * Fixes * > 4 Improved definition of "Scan Messages" when using Postfix, to attempt to > avoid occasional double delivery of unscanned messages on heavily loaded > servers. > 5 Maliciously crafted attachment filenames could circumvent the 'very- > long- > filename' rule in filename.rules.conf. Fixed. > 5 Fix to include "ClamAVModule" in log outputs from it. > 5 Symantec Scan Engine support problems now fixed. Set the path in > MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that > value, > it expects to see the Linux command-line scanner in the file > /opt/SYMCScan/ssecls/ssecls. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From peter at farrows.org Tue Mar 4 11:38:54 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 4 11:39:39 2008 Subject: Email Statistics In-Reply-To: <47CD21C1.8090400@gmail.com> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> Message-ID: <47CD34CE.50305@farrows.org> Ronny T. Lampert wrote: >>> I have been looking at my stats, I was curious what other people get >>> >>> Current doing about 100,000 emails a month with a 77% Spam hit. > > Those are my numbers from the last 24 hours. > > We're doing a least > > 100,000+ mails per day > 48,000+ blocked per day > 310 "is spam" from MailScanner/SpamAssassin per day > > Cheers, > Ronny > Until I started doing extra checks at the sendmail MTA level, we were processing 300,000++ per day and Mailscanner, 94% of which was spam. Now having implemented loads of stuff in sendmail only about 40% is spam that gets process via MailScanner.. P. From MailScanner at ecs.soton.ac.uk Tue Mar 4 11:58:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 4 11:59:07 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <5f4b4dc7e2d98145bad244716c23d837@solidstatelogic.com> References: <5f4b4dc7e2d98145bad244716c23d837@solidstatelogic.com> Message-ID: <47CD395E.7020203@ecs.soton.ac.uk> They all show 11:20 on the web server. Martin.Hepworth wrote: > Jules > > Something's screwy with the dates of the files - showing 12:08pm today which hasn't happened yet :=( > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 04 March 2008 11:21 >> To: MailScanner discussion; MailScanner-Announce mailing list list >> Subject: MailScanner ANNOUNCE: stable 4.67.6 released >> >> Morning all! >> >> I have just released the latest stable release of MailScanner, 4.67.6. >> >> There are quite a lot of changes, it's been a couple of months since my >> last confession^H^H^H^H^H^H^Hrelease, here are the important ones: >> - Added support for the ESET virus scanner. >> - Added support for BitDefender 7.5. >> - Implemented file MIME type checking, as reported by the "file -i" >> command. >> - Added working support for the Symantec Scan Engine. >> - --debug-sa output greatly improved to make debugging SpamAssassin >> problems easier. >> - Checks made on %org-name% to ensure there are no illegal characters. >> >> You can all download it as usual from www.mailscanner.info. >> >> The full Change Log is this: >> * New Features and Improvements * >> 1 Added support for the ESET virus scanner, from www.eset.com. Support >> written >> by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in >> MailScanner.conf and check you have installed it in the expected >> location or >> change /etc/MailScanner/virus.scanners.conf. >> 2 "MailScanner --lint" now checks to ensure unrar is installed and >> executable. >> 2 Esets autoupdater now accurately reports status results. >> 3 Implemented file MIME type checking, as reported by the "file -i" >> command. >> This includees 3 new settings, which all work just like their non-MIME >> brothers: "Log Permitted File MIME Types", "Allow File MIME Types" and >> "Deny >> File MIME Types". >> The main use is via the filetype.rules.conf file, where a new optional >> field >> may be added just after the regular expression field (just after the 2nd >> field in each line). If this field is added, then the "file -i" command >> is >> run on every batch of messages and the output checked against the MIME >> types >> specified in the newly inserted 3rd field (out of fields 1-5 on each >> line of >> filetype.rules.conf files). >> 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. >> 4 --debug now tells you when it's waiting for its batch of messages, and >> how >> big the batch is. >> 4 "Use TNEF = replace" behaviour changed to add attachments with their >> original >> potentially very long filenames instead of a sanitised one. >> 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to >> scud@etailengine.com f >> or that one. >> 4 Improvement to the phishing net to allow all the links that look like >> this: >> Name of my Blog - http://site.blogspot.com/ >> 4 Installation order of Perl module changed to install File::Spec before >> ExtUtil >> s::MakeMaker, which should help the Solaris folks. >> 5 Made warning about %org-name% containing illegal characters a lot more >> obvious when running "MailScanner --debug" as well as "MailScanner >> --lint". >> 5 Any mail headers inserted with spaces in them will have spaces >> replaced with >> hyphens. >> 5 When "MailScanner --debug --debug-sa" is run, the start of every line of >> SpamAssassin debugging output now has the current time stuck on the >> front >> of it. This makes looking for pauses a whole lot easier. >> 6 Improvements to the init.d scripts for the RPM distributions. While >> waiting >> for the MailScanner processes to die of natural causes, they >> periodically >> send them another kill signal as there are a few cases in which the kill >> signals are ignored. This should result in far more reliable restarting. >> 6 "sophos-autoupdate" improved to handle new "suspicious" threat data >> files >> whose names start with "sus". >> >> * Fixes * >> 4 Improved definition of "Scan Messages" when using Postfix, to attempt to >> avoid occasional double delivery of unscanned messages on heavily loaded >> servers. >> 5 Maliciously crafted attachment filenames could circumvent the 'very- >> long- >> filename' rule in filename.rules.conf. Fixed. >> 5 Fix to include "ClamAVModule" in log outputs from it. >> 5 Symantec Scan Engine support problems now fixed. Set the path in >> MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that >> value, >> it expects to see the Linux command-line scanner in the file >> /opt/SYMCScan/ssecls/ssecls. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rob at kettle.org.uk Tue Mar 4 13:01:40 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Tue Mar 4 13:02:26 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CD3098.8000300@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> Message-ID: <47CD4834.8090106@kettle.org.uk> Hi, just upgraded to the new release but when ever I start MailScanner I get a job MailScanner: Extracting Attachments that kicks in and uses 70+% CPU constantly and no mail gets processed. any help would be appreciated. thanks Rob From sailer at bnl.gov Tue Mar 4 14:19:18 2008 From: sailer at bnl.gov (Tim Sailer) Date: Tue Mar 4 14:19:57 2008 Subject: Email Statistics In-Reply-To: <47CD21C1.8090400@gmail.com> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> Message-ID: <20080304141918.GA2896@bnl.gov> On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: >>> I have been looking at my stats, I was curious what other people get >>> >>> Current doing about 100,000 emails a month with a 77% Spam hit. > > Those are my numbers from the last 24 hours. > > We're doing a least > > 100,000+ mails per day > 48,000+ blocked per day > 310 "is spam" from MailScanner/SpamAssassin per day Ugh. So far today from *one* of my two mail systems (the least busy): Msgs handled successfully 25,839 Messages rejected 266,311 Rejection rate 91.16% Of the 25k not outright rejected, only about 11% are non-spam. This is at 09:00 today. Tim From uxbod at splatnix.net Tue Mar 4 13:38:30 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 4 15:01:49 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD395E.7020203@ecs.soton.ac.uk> Message-ID: <31103245.991204637910947.JavaMail.root@office.splatnix.net> Do you set TZ in your environment variable ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: > They all show 11:20 on the web server. > > Martin.Hepworth wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Tue Mar 4 13:37:59 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 4 15:01:49 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD395E.7020203@ecs.soton.ac.uk> Message-ID: <2799670.961204637879709.JavaMail.root@office.splatnix.net> Same problem here Jules. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Julian Field" wrote: > They all show 11:20 on the web server. > > Martin.Hepworth wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Mar 4 15:15:44 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 4 15:16:38 2008 Subject: Mail PTR Records In-Reply-To: <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> Message-ID: <47CD67A0.7070203@evi-inc.com> What does this have to do with the topic of discussion? We're not talking about validation of HELO/EHLO parameters. We're talking about verifying that the IP the connection originates from has a PTR record. The below portion of 2821 is irrelevant here, as it pertains to the parameter to HELO/EHLO only. Nathan Olson wrote: > RFC 2821 > > 4.1.4 Order of Commands > > The SMTP client MUST, if possible, ensure that the domain parameter > to the EHLO command is a valid principal host name (not a CNAME or MX > name) for its host. If this is not possible (e.g., when the client's > address is dynamically assigned and the client does not have an > obvious name), an address literal SHOULD be substituted for the > domain name and supplemental information provided that will assist in > identifying the client. > > An SMTP server MAY verify that the domain name parameter in the EHLO > command actually corresponds to the IP address of the client. > However, the server MUST NOT refuse to accept a message for this > reason if the verification fails: the information about verification > failure is for logging and tracing only. From martinh at solidstatelogic.com Tue Mar 4 15:54:42 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Mar 4 15:55:27 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD395E.7020203@ecs.soton.ac.uk> Message-ID: Jules It's the files inside the tar.gz that show an hour ahead... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 04 March 2008 11:58 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released > > They all show 11:20 on the web server. > > Martin.Hepworth wrote: > > Jules > > > > Something's screwy with the dates of the files - showing 12:08pm today > which hasn't happened yet :=( > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Julian Field > >> Sent: 04 March 2008 11:21 > >> To: MailScanner discussion; MailScanner-Announce mailing list list > >> Subject: MailScanner ANNOUNCE: stable 4.67.6 released > >> > >> Morning all! > >> > >> I have just released the latest stable release of MailScanner, 4.67.6. > >> > >> There are quite a lot of changes, it's been a couple of months since my > >> last confession^H^H^H^H^H^H^Hrelease, here are the important ones: > >> - Added support for the ESET virus scanner. > >> - Added support for BitDefender 7.5. > >> - Implemented file MIME type checking, as reported by the "file -i" > >> command. > >> - Added working support for the Symantec Scan Engine. > >> - --debug-sa output greatly improved to make debugging SpamAssassin > >> problems easier. > >> - Checks made on %org-name% to ensure there are no illegal > characters. > >> > >> You can all download it as usual from www.mailscanner.info. > >> > >> The full Change Log is this: > >> * New Features and Improvements * > >> 1 Added support for the ESET virus scanner, from www.eset.com. Support > >> written > >> by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in > >> MailScanner.conf and check you have installed it in the expected > >> location or > >> change /etc/MailScanner/virus.scanners.conf. > >> 2 "MailScanner --lint" now checks to ensure unrar is installed and > >> executable. > >> 2 Esets autoupdater now accurately reports status results. > >> 3 Implemented file MIME type checking, as reported by the "file -i" > >> command. > >> This includees 3 new settings, which all work just like their non- > MIME > >> brothers: "Log Permitted File MIME Types", "Allow File MIME Types" > and > >> "Deny > >> File MIME Types". > >> The main use is via the filetype.rules.conf file, where a new > optional > >> field > >> may be added just after the regular expression field (just after the > 2nd > >> field in each line). If this field is added, then the "file -i" > command > >> is > >> run on every batch of messages and the output checked against the > MIME > >> types > >> specified in the newly inserted 3rd field (out of fields 1-5 on each > >> line of > >> filetype.rules.conf files). > >> 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. > >> 4 --debug now tells you when it's waiting for its batch of messages, > and > >> how > >> big the batch is. > >> 4 "Use TNEF = replace" behaviour changed to add attachments with their > >> original > >> potentially very long filenames instead of a sanitised one. > >> 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to > >> scud@etailengine.com f > >> or that one. > >> 4 Improvement to the phishing net to allow all the links that look like > >> this: > >> Name of my Blog - http://site.blogspot.com/ > >> 4 Installation order of Perl module changed to install File::Spec > before > >> ExtUtil > >> s::MakeMaker, which should help the Solaris folks. > >> 5 Made warning about %org-name% containing illegal characters a lot > more > >> obvious when running "MailScanner --debug" as well as "MailScanner > >> --lint". > >> 5 Any mail headers inserted with spaces in them will have spaces > >> replaced with > >> hyphens. > >> 5 When "MailScanner --debug --debug-sa" is run, the start of every line > of > >> SpamAssassin debugging output now has the current time stuck on the > >> front > >> of it. This makes looking for pauses a whole lot easier. > >> 6 Improvements to the init.d scripts for the RPM distributions. While > >> waiting > >> for the MailScanner processes to die of natural causes, they > >> periodically > >> send them another kill signal as there are a few cases in which the > kill > >> signals are ignored. This should result in far more reliable > restarting. > >> 6 "sophos-autoupdate" improved to handle new "suspicious" threat data > >> files > >> whose names start with "sus". > >> > >> * Fixes * > >> 4 Improved definition of "Scan Messages" when using Postfix, to attempt > to > >> avoid occasional double delivery of unscanned messages on heavily > loaded > >> servers. > >> 5 Maliciously crafted attachment filenames could circumvent the 'very- > >> long- > >> filename' rule in filename.rules.conf. Fixed. > >> 5 Fix to include "ClamAVModule" in log outputs from it. > >> 5 Symantec Scan Engine support problems now fixed. Set the path in > >> MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that > >> value, > >> it expects to see the Linux command-line scanner in the file > >> /opt/SYMCScan/ssecls/ssecls. > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From naolson at gmail.com Tue Mar 4 16:06:39 2008 From: naolson at gmail.com (Nathan Olson) Date: Tue Mar 4 16:07:14 2008 Subject: Mail PTR Records In-Reply-To: <47CD67A0.7070203@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> Message-ID: <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com> It looks like require_rdns works at the check_relay level, which is at connection time, so you are correct. If the connection proceeds to HELO/EHLO, then refusal based on lack of a PTR record is forbidden. I was incorrect. Nate From mkettler at evi-inc.com Tue Mar 4 16:07:11 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 4 16:08:37 2008 Subject: [ot] Res@ausics.net, please don't write me off-list... Message-ID: <47CD73AF.6020708@evi-inc.com> You won't accept replies from my site due to a blanket block of QWest IPs. (reason: 550 5.1.1 ... rejected ; QWEST-INET-8) (for reference, my mailserver is 63.148.72.241, which is hosted in QWest IP space.) If you won't accept my replies, please don't send me email. ;-) Of course, if you fix your blacklisting, feel free to email me all you like. From mkettler at evi-inc.com Tue Mar 4 16:38:15 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 4 16:39:19 2008 Subject: Mail PTR Records In-Reply-To: <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com> Message-ID: <47CD7AF7.70307@evi-inc.com> Nathan Olson wrote: > It looks like require_rdns works at the check_relay level, > which is at connection time, so you are correct. If the > connection proceeds to HELO/EHLO, then refusal based on > lack of a PTR record is forbidden. I'd say that even that isn't forbidden. You must not prohibit email based on DNS lookup validation of the HELO/EHLO content (unless the content is syntactically invalid, as this would cause your server to violate RFCs when generating Received: headers quoting it. See RFC 1123 section 5.2.5). However, AFAIK, there's nothing saying you can't block for other reasons at the end of the HELO/EHLO command. They've only prohibited DNS lookup validation as a reason, not the HELO/EHLO transaction as a point in time. Ideally you should handle all blocking at the earliest possible stage, as this conserves resources and saves time. But AFAIK, that's a should, not a must. > I was incorrect. From peter at farrows.org Tue Mar 4 16:43:46 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 4 16:44:41 2008 Subject: Mail PTR Records In-Reply-To: <47CD7AF7.70307@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com> <47CD7AF7.70307@evi-inc.com> Message-ID: <47CD7C42.10404@farrows.org> Since, with almost 100% accuracy spammers sending to my system use a bad helo, I block this as well, interestingly the fall out from this is zero even though it breaks the rules (it is very effective in stopping spam), real email systems actually get this right, the bigger problem is reverse lookup issues. Quite reputable companies can't get this right... P. Matt Kettler wrote: > Nathan Olson wrote: >> It looks like require_rdns works at the check_relay level, >> which is at connection time, so you are correct. If the >> connection proceeds to HELO/EHLO, then refusal based on >> lack of a PTR record is forbidden. > > I'd say that even that isn't forbidden. You must not prohibit email > based on DNS lookup validation of the HELO/EHLO content (unless the > content is syntactically invalid, as this would cause your server to > violate RFCs when generating Received: headers quoting it. See RFC > 1123 section 5.2.5). > > However, AFAIK, there's nothing saying you can't block for other > reasons at the end of the HELO/EHLO command. They've only prohibited > DNS lookup validation as a reason, not the HELO/EHLO transaction as a > point in time. > > Ideally you should handle all blocking at the earliest possible stage, > as this conserves resources and saves time. But AFAIK, that's a > should, not a must. > > >> I was incorrect. From martinh at solidstatelogic.com Tue Mar 4 17:42:32 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Mar 4 17:43:16 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD3098.8000300@ecs.soton.ac.uk> Message-ID: <253bc28d84c1564097519bacb595a884@solidstatelogic.com> Jules The fix for the SOphos issue works well here, 4.27 installed and working.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 04 March 2008 11:21 > To: MailScanner discussion; MailScanner-Announce mailing list list > Subject: MailScanner ANNOUNCE: stable 4.67.6 released > > Morning all! > > I have just released the latest stable release of MailScanner, 4.67.6. > > There are quite a lot of changes, it's been a couple of months since my > last confession^H^H^H^H^H^H^Hrelease, here are the important ones: > - Added support for the ESET virus scanner. > - Added support for BitDefender 7.5. > - Implemented file MIME type checking, as reported by the "file -i" > command. > - Added working support for the Symantec Scan Engine. > - --debug-sa output greatly improved to make debugging SpamAssassin > problems easier. > - Checks made on %org-name% to ensure there are no illegal characters. > > You can all download it as usual from www.mailscanner.info. > > The full Change Log is this: > * New Features and Improvements * > 1 Added support for the ESET virus scanner, from www.eset.com. Support > written > by Phil (UxBoD). Many thanks! Just use "Virus Scanners = esets" in > MailScanner.conf and check you have installed it in the expected > location or > change /etc/MailScanner/virus.scanners.conf. > 2 "MailScanner --lint" now checks to ensure unrar is installed and > executable. > 2 Esets autoupdater now accurately reports status results. > 3 Implemented file MIME type checking, as reported by the "file -i" > command. > This includees 3 new settings, which all work just like their non-MIME > brothers: "Log Permitted File MIME Types", "Allow File MIME Types" and > "Deny > File MIME Types". > The main use is via the filetype.rules.conf file, where a new optional > field > may be added just after the regular expression field (just after the 2nd > field in each line). If this field is added, then the "file -i" command > is > run on every batch of messages and the output checked against the MIME > types > specified in the newly inserted 3rd field (out of fields 1-5 on each > line of > filetype.rules.conf files). > 4 Added compatibility for BitDefender 7.5 to bitdefender-wrapper. > 4 --debug now tells you when it's waiting for its batch of messages, and > how > big the batch is. > 4 "Use TNEF = replace" behaviour changed to add attachments with their > original > potentially very long filenames instead of a sanitised one. > 4 Linux RPM install.sh fixed for Fedora Core 8. Thanks to > scud@etailengine.com f > or that one. > 4 Improvement to the phishing net to allow all the links that look like > this: > Name of my Blog - http://site.blogspot.com/ > 4 Installation order of Perl module changed to install File::Spec before > ExtUtil > s::MakeMaker, which should help the Solaris folks. > 5 Made warning about %org-name% containing illegal characters a lot more > obvious when running "MailScanner --debug" as well as "MailScanner > --lint". > 5 Any mail headers inserted with spaces in them will have spaces > replaced with > hyphens. > 5 When "MailScanner --debug --debug-sa" is run, the start of every line of > SpamAssassin debugging output now has the current time stuck on the > front > of it. This makes looking for pauses a whole lot easier. > 6 Improvements to the init.d scripts for the RPM distributions. While > waiting > for the MailScanner processes to die of natural causes, they > periodically > send them another kill signal as there are a few cases in which the kill > signals are ignored. This should result in far more reliable restarting. > 6 "sophos-autoupdate" improved to handle new "suspicious" threat data > files > whose names start with "sus". > > * Fixes * > 4 Improved definition of "Scan Messages" when using Postfix, to attempt to > avoid occasional double delivery of unscanned messages on heavily loaded > servers. > 5 Maliciously crafted attachment filenames could circumvent the 'very- > long- > filename' rule in filename.rules.conf. Fixed. > 5 Fix to include "ClamAVModule" in log outputs from it. > 5 Symantec Scan Engine support problems now fixed. Set the path in > MailScanner's virus.scanners.conf to "/opt/SYMCScan". If set to that > value, > it expects to see the Linux command-line scanner in the file > /opt/SYMCScan/ssecls/ssecls. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From steve.swaney at fsl.com Tue Mar 4 18:01:45 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 4 18:04:28 2008 Subject: off topic - Email Statistics In-Reply-To: <20080304141918.GA2896@bnl.gov> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> <20080304141918.GA2896@bnl.gov> Message-ID: <0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Tim Sailer > Sent: Tuesday, March 04, 2008 9:19 AM > To: MailScanner discussion > Subject: Re: Email Statistics > > On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: > >>> I have been looking at my stats, I was curious what other people > get > >>> > >>> Current doing about 100,000 emails a month with a 77% Spam hit. > > > > Those are my numbers from the last 24 hours. > > > > We're doing a least > > > > 100,000+ mails per day > > 48,000+ blocked per day > > 310 "is spam" from MailScanner/SpamAssassin per day > > Ugh. So far today from *one* of my two mail systems (the least busy): > > Msgs handled successfully 25,839 Messages rejected > 266,311 Rejection rate 91.16% > > Of the 25k not outright rejected, only about 11% are non-spam. > > This is at 09:00 today. > > Tim I just had to throw these current stats in. This is a client's system that has been under a denial of service attack (Joe Job) for the last six months: Statistic mailscan2 Delivery Attempts 15,141,706 Accepted messages 119,224 % Accepted messages 0.79% Messages rejected by BarricadeMX 15,022,482 % Messages rejected by BarricadeMX 99.21% Connections per second 36.58 Connections per hour 131,672 Connections per day 3,160,138 Max Simultaneous Connections 802 Load Average less than 2.0 Process Age (seconds) 413,983 Process Age (days) 4.79 Their system is a single CPU / Dual Core Intel(R) Xeon(TM) CPU 3.20GHz w/ 2 GB of memory handling 3,160,138 connection attempts a day. BarricadeMX is running in front of our custom version of MailScanner. They don't even notice the attack any more Please contact me off list if you ever have a DDOS problem. We have a very quick to install solution. Steve Steve Swaney steve@fsl.com www.fsl.com From brose at med.wayne.edu Tue Mar 4 18:10:33 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 4 18:11:21 2008 Subject: OT: MailWatch Question In-Reply-To: <47CD7C42.10404@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com><47CD7AF7.70307@evi-inc.com> <47CD7C42.10404@farrows.org> Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu> I've used Mailwatch for quite a while for login but not for whitelist/blacklist but wanted to take a look at that function. Does mailwatch support the regex rules or combo rules (eg From: /[\@\.]doman.com$/ and From: 111.222.333.444 yes) If not, then is it possible for MailScanner to check both a ruleset and a mailwatch database to get the best of both worlds? Thanks -=Bobby From mkettler at evi-inc.com Tue Mar 4 18:15:33 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 4 18:16:20 2008 Subject: Mail PTR Records In-Reply-To: <47CD7C42.10404@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com> <47CD7AF7.70307@evi-inc.com> <47CD7C42.10404@farrows.org> Message-ID: <47CD91C5.6080303@evi-inc.com> Peter Farrow wrote: > Since, with almost 100% accuracy spammers sending to my system use a bad > helo, I block this as well, interestingly the fall out from this is zero > even though it breaks the rules (it is very effective in stopping spam), > real email systems actually get this right, the bigger problem is > reverse lookup issues. Actually, depending on what you do, it might not be against the rules. It's perfectly within the rules to 5xx email if the helo doesn't conform to syntax (and note a dotted quad IP does fit within that syntax). See RFC 1123 section 5.2.5 for gory details. It's only trying to DNS lookup of the EHLO parameter that's explicitly prohibited when used as a reason for reject (but you can do it as an informational mechanism). > Quite reputable companies can't get this right... There are lots of things several quite reputable companies can't get right. I've seen numerous examples of not getting things right: -DSN handling (ie: sending DSNs to the return path, not the from) -reverse DNS (ie: having a PTR record) -sane blacklisting (ie: not blanket blacklisting 30 million people at a shot because you got 3 spam emails.) -sane retry interval on 4xx errors. (ie: not trying every 10 seconds) -Sane retry duration (ie: not giving up after 10 minutes of 4xx errors) -Retrying at all (ie: not treating 4xx as 5xx) -sane content filtering (at least one major commercial spam filtering service will junk your email if it contains the word blacklist.) -Generating HELO/EHLO in a valid format (as above) -Generating HELO/EHLO before MAIL FROM, or at all (yes, there are some that will try MAIL FROM before HELLO, then retry with only after it fails. At least one major US ISP I used wasn't generating any at all for a 1 month period in the last 3 years.). But I digress... From steve at fsl.com Tue Mar 4 18:31:11 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Mar 4 18:31:53 2008 Subject: OT: MailWatch Question In-Reply-To: <610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu> <47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com> <47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com><47CD7AF7.70307@evi-inc.com> <47CD7C42.10404@farrows.org> <610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47CD956F.1050905@fsl.com> Rose, Bobby wrote: > > I've used Mailwatch for quite a while for login but not for > whitelist/blacklist but wanted to take a look at that function. Does > mailwatch support the regex rules or combo rules (eg From: > /[\@\.]doman.com$/ and From: 111.222.333.444 yes) If not, then is it > possible for MailScanner to check both a ruleset and a mailwatch > database to get the best of both worlds? > > Thanks > -=Bobby > > Bobby, MailWatch only works for perfect matches (no wild cards) on a single email address. Check the archives for Julian's reasons why this must be. You might consider setting up rule sets for the message that need wild card entries. For example a rules set for Spam Checks = that exempts the wild card entries. Than you could use MailWatch's checks for the "must perfectly match" entries and have a back door for wildcards. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From mikew at crucis.net Tue Mar 4 19:00:49 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 19:01:26 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD3098.8000300@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> Message-ID: <47CD9C61.1070104@crucis.net> I'm a non-guru, so please let me know when I've made a mistake. I've been unable to get MailScanner to use any anti-virus except for ClamAV. With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. I got compile failure in two modules. perl-Archive-Zip and Perl-Storable. Install.sh continued and appeared to install MailScanner. However, at runtime I get the following error: [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 80. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. [ OK ] I downloaded perl-Archive-Zip from the Fedora site, re-ran the install script and still have the same errors. Running install.sh -nodeps makes no change. So, I uninstalled 4.67 and re-ran the 4.65 install script and now it fails as well. Obviously I now have a perl conflict but I'm unsure with which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the Fedora site, the install.sh script still trying to compile a new version. Anyone point me toward fixing this other than backing out perl and starting all over again? Mike W From Neal at Morgan-Systems.com Tue Mar 4 19:16:54 2008 From: Neal at Morgan-Systems.com (Neal Morgan) Date: Tue Mar 4 19:17:55 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <17ef01c87d7e$c93a6da0$0301a8c0@SAHOMELT> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net><47CC3BE1.6030104@ecs.soton.ac.uk> <17ef01c87d7e$c93a6da0$0301a8c0@SAHOMELT> Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A141@server-16.MorganSys.net> Rick Cooper wrote: > > Julian Field wrote: > > > > Neal Morgan wrote: > > > Greetings: > > > > > > My Mailscanner has been reporting timeouts when clamav updates its > > > database. I see entries like this in syslog: > > > > > > 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: > > > Clamd::ERROR:: CLAM PING TIMED OUT! :: . > > > > > > > > > If I review the clamav log, it seems that the timeout always occurs > > > within several seconds of the "database reloaded" entry: > > > > > > Mon Mar 3 08:30:21 2008 -> SelfCheck: Database > > modification detected. > > > Forcing reload. > > > Mon Mar 3 08:30:21 2008 -> Reading databases from /var/lib/clamav > > > Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 > > > signatures) > > > > > The ping timeout is set to 90 seconds. This should be way > > more than is > > needed for a database reload. You are welcome to try > > increasing it, look > > for the setting of the variable "PingTimeOut" in SweepViruses.pm. > > > > > > >I would think MailScanner wouldn't even bother to monitor the database files >if not using ClamAVModule as clamd handles reloading upon updates and >MailScanner shouldn't care because it's not going to load them anyway. It >kind of makes me wonder if he is running both clamd and clamavmodule > >Rick > > Thanks Julian and Rick for your responses. I am running clamd, and when I run the lint test MailScanner correctly finds it. I am not referencing clamavmodule. (Lint confirms this as well). I did have the "Monitors for ClamAV Updates" configured in MailScanner.conf (upgrade_MailScanner_conf complained about them on my last upgrade, so I updated the line to point to the proper locations). Rick, per your suggestion, I have taken this setting out. I am using Unix sockets. To be sure MailScanner isn't trying TCP/IP, I took the port number out leaving only the path to the socket. One thing that might be of interest, my clamd does create a socket and pid file, but doesn't create a lock file (that I can find). Could this have an impact? As far as other messages in the clamav.log file, the only other ones I find are 1) self check, and 2) the occasional "file not found." Those seem to correspond with MailScanner reporting "not spam (too large)". Anyway, I am still left with the behavior that I get the ping timeout messages within 1 to 3 seconds of the time clamav.log reports "Database correctly reloaded". Weird. I agree that 90 seconds is more than enough. Changing this has no effect on the problem. If others running clamd aren't getting these "MailScanner[4899]: ClamD Timed Out During PING Check!" and " MailScanner[3841]: Clamd::ERROR:: CLAM PING TIMED OUT! :: ." messages, then it must be something I have mis-configured. ...I just have no idea what that is. Any other suggestions? Many thanks, Neal Morgan From mgaudreault at reference.qc.ca Tue Mar 4 19:38:56 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Tue Mar 4 19:39:36 2008 Subject: Queue problem In-Reply-To: <47C9A25E.3050507@ecs.soton.ac.uk> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> Here's what I got: 14:34:56 [3558] dbg: eval: stock info total: 0 14:34:56 [3558] dbg: rules: running rawbody tests; score so far=1.292 14:34:56 [3558] dbg: rules: compiled rawbody tests 14:34:56 [3558] dbg: rules: running full tests; score so far=1.292 14:34:56 [3558] dbg: rules: compiled full tests 14:34:56 [3558] dbg: info: entering helper-app run mode 14:35:06 [3558] dbg: info: leaving helper-app run mode 14:35:06 [3558] dbg: razor2: razor2 check timed out after 10 seconds 14:35:06 [3558] dbg: razor2: results: spam? 0 14:35:06 [3558] dbg: razor2: results: engine 8, highest cf score: 0 14:35:06 [3558] dbg: razor2: results: engine 4, highest cf score: 0 14:35:06 [3558] dbg: util: current PATH is: /sbin:/bin:/usr/sbin:/usr/bin 14:35:06 [3558] dbg: pyzor: pyzor is not available: no pyzor executable found 14:35:06 [3558] dbg: pyzor: no pyzor found, disabling Pyzor 14:35:16 [3644] dbg: rules: running rawbody tests; score so far=-2.599 14:35:16 [3644] dbg: rules: ran eval rule __MIME_BASE64 ======> got hit (1) 14:35:16 [3644] dbg: rules: running full tests; score so far=-2.599 14:35:16 [3644] dbg: info: entering helper-app run mode 14:35:27 [3644] dbg: info: leaving helper-app run mode 14:35:27 [3644] dbg: razor2: part=0 engine=4 contested=0 confidence=0 14:35:27 [3644] dbg: razor2: part=1 engine=4 contested=0 confidence=0 14:35:27 [3644] dbg: razor2: part=1 engine=8 contested=0 confidence=0 14:35:27 [3644] dbg: razor2: results: spam? 0 10 secs delay What is that ? helper-app run mode ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: March 1, 2008 1:37 PM To: MailScanner discussion Subject: Re: Queue problem MailScanner --debug --debug-sa 2>&1 | awk '{printf"%s %s\n", strftime("%T"), $0}' | tee /tmp/mstest.log all on 1 long line. I have just built this functionality into MailScanner itself, so that in future "MailScanner --debug --debug-sa" will do this automatically for you. But don't worry, it starts by doing a test run of the command to see if it works, that "awk" is found and the version of awk installed supports the "strftime" function (not all do). It then only does the output change if the trial command produced the output I was expecting and not any errors that would be caused by awk not being found or strftime not doing what I expected. If the test fails, it prints out a little message telling you that it tried, and what you might do to improve your system so that it does work. This will be in the next release. Current release schedule is a new beta probably tomorrow (Sunday) some time, followed by a stable release a day or two later. Best regards, Jules. Jason Ede wrote: > Maxine, > > If you do that you'll need to make sure the output is time stamped so that it can be seen whats taking the time. I seem to remember there is a method on the list a short time back. > > Jason > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Maxime Gaudreault >> Sent: 01 March 2008 17:16 >> To: MailScanner discussion >> Subject: RE: Queue problem >> >> I don't understand when to stop, start again etc.. (i don't speak >> english very well) >> >> However, I can redirect the output to a log file. Can I send it to you >> ? >> >> Maxime Gaudreault >> Technicien >> >> R?f?rence Syst?mes inc. >> T?l. : 418.650.0997 >> T?l?c. : 418.650.9668 >> Courriel : mgaudreault@reference.qc.ca >> Site Internet : http://www.reference.qc.ca/ >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: March 1, 2008 12:03 PM >> To: MailScanner discussion >> Subject: Re: Queue problem >> >> In which case your DNS lookups should be okay. That's a perfectly >> reasonable figure in my experience. >> >> Run "MailScanner --debug --debug-sa". It will produce loads of output. >> However, at some point in the SpamAssassin output, it will pause for a >> second or two. You want to catch it there, then resume it and then >> immediately stop it again, as the bits you are interested in are the >> lines of output printed out immediately *after* the pause. >> >> This can take a few goes to catch, though someone did post a nice >> command the other day to prepend each line of output with the current >> time, so you could see easily when (and how long) the pauses were. Can >> someone repost that please? If I can find it, I'll work out how to >> build >> it into the MailScanner debug output directly. It will help diagnose >> this sort of problem a lot. >> >> This output should tell you where the pauses are, and therefore what >> operations are taking too long. >> >> Maxime Gaudreault wrote: >> >>> Hi Jule >>> >>> Dig results comes within 41-108 msec >>> >>> Maxime Gaudreault >>> Technicien >>> >>> R?f?rence Syst?mes inc. >>> T?l. : 418.650.0997 >>> T?l?c. : 418.650.9668 >>> Courriel : mgaudreault@reference.qc.ca >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> >>> Sent: February 29, 2008 5:50 PM >>> To: MailScanner discussion >>> Subject: Re: Queue problem >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Maxime Gaudreault wrote: >>> >>> >>>> Hi >>>> >>>> The hold queue is actually at 415 emails >>>> >>>> Load Average: 0.11 0.25 0.53 >>>> >>>> htop show many of these process: >>>> >>>> MailScanner: checking with SpamAssassin >>>> >>>> MailScanner: checking with Spam Lists >>>> >>>> CPU is 3% >>>> >>>> Mem is 25% >>>> >>>> >>>> >>> I would start checking your DNS setup. How long does it take for >>> >> various >> >>> random "dig" commands to produce results? MailScanner should spend a >>> very small %-age of its time saying "checking with Spam Lists". If >>> >> you >> >>> can see several of them in that state, then that's likely a DNS >>> >> lookup >> >>> problem. >>> >>> >>> >>>> I don't understand >>>> >>>> *Maxime Gaudreault* >>>> >>>> Technicien >>>> >>>> _ _ >>>> >>>> R?f?rence Syst?mes inc. >>>> >>>> T?l. : 418.650.0997 >>>> >>>> T?l?c. : 418.650.9668 >>>> >>>> Courriel : _mgaudreault_@reference.qc.ca >>>> >>>> >>>> Site Internet : http://www.reference.qc.ca/ >>>> >>>> *From:* mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >>>> *Maxime Gaudreault >>>> *Sent:* February 29, 2008 10:54 AM >>>> *To:* MailScanner discussion >>>> *Subject:* Queue problem >>>> >>>> Hi >>>> >>>> I have a problem with my anti-spam gateway. The queue is fulling up >>>> very quickly (1600+ mails in queue). >>>> >>>> The server's load average is <1 (0.60 - 0.80) so I suppose this is >>>> >> not >> >>>> a ressource problem. >>>> >>>> Then I have to change the port forwarding directly to my Imail >>>> >> server >> >>>> to let the anti-spam's queue going down. >>>> >>>> I used many tweak to maximize the efficacity of the anti-spam >>>> (mailscanner work directory in ram, dns cache server, increasing >>>> memory). I only got 1 CPU but I suppose this is not the problem >>>> because when the queue is full, the load average is under 1. >>>> >>>> Any idea ? >>>> >>>> PS: Sorry for my bad english >>>> >>>> PPS: Sorry if you received my message twice >>>> >>>> *Maxime Gaudreault* >>>> >>>> Technicien >>>> >>>> _ _ >>>> >>>> R?f?rence Syst?mes inc. >>>> >>>> T?l. : 418.650.0997 >>>> >>>> T?l?c. : 418.650.9668 >>>> >>>> Courriel : _mgaudreault_@reference.qc.ca >>>> >>>> >>>> Site Internet : http://www.reference.qc.ca/ >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration >>> >> help? >> >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> PGP public key: http://www.jules.fm/julesfm.asc >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.8.0 (Build 2158) >>> Comment: Use Thunderbird Enigmail to verify this message >>> Charset: windows-1252 >>> >>> wj8DBQFHyIwcEfZZRxQVtlQRAuPxAKD9kZyTPfF/rfAZwnYgYtTJ7wBQtACgn2PT >>> eFc95lOZub+5/sADM2GStSY= >>> =9oag >>> -----END PGP SIGNATURE----- >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Mar 4 19:57:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 4 19:58:50 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD9C61.1070104@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> Message-ID: <47CDA9C4.30503@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike W wrote: > I'm a non-guru, so please let me know when I've made a mistake. > > I've been unable to get MailScanner to use any anti-virus except for ClamAV. > > With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > > I got compile failure in two modules. perl-Archive-Zip and > Perl-Storable. Install.sh continued and appeared to install > MailScanner. However, at runtime I get the following error: > > [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Waiting for MailScanner to die gracefully dead. > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > Compilation failed in require at /usr/sbin/MailScanner line 80. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > [ OK ] > > I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > script and still have the same errors. Running install.sh -nodeps makes > no change. > Run the following 2 commands and post their entire output here: MailScanner --debug MailScanner --lint The first command, if there is no mail in the queue, will eventually reach a point where it says it is building a batch of messages and will go no further, at which point you need to thump Ctrl-C to quit it. MailScanner --lint will run to completion. I think you will get an error message (or more) immediately from both of the commands, and we need to see all the error output. You may well have a library missing. Do you have both of these RPMs installed libz libz-devel If not, then install both of them. Compress-Zlib won't work without them. > Anyone point me toward fixing this other than backing out perl and > starting all over again? > Don't do that :-( Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzanHEfZZRxQVtlQRAihgAKDZYAxEIUx9uKsKUqc5Y4m4P2+bCACgyWLM eooBTnoaRGU21RCJhyd1xBk= =6vMc -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Tue Mar 4 20:00:44 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Mar 4 20:01:51 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11F9@server02.bhl.local> Reinstall the perl module Scalar:Utils I think. Browse back through the list as this has come up before. -----Original Message----- From: Mike W Sent: 04 March 2008 19:39 To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released I'm a non-guru, so please let me know when I've made a mistake. I've been unable to get MailScanner to use any anti-virus except for ClamAV. With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. I got compile failure in two modules. perl-Archive-Zip and Perl-Storable. Install.sh continued and appeared to install MailScanner. However, at runtime I get the following error: [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 80. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. [ OK ] I downloaded perl-Archive-Zip from the Fedora site, re-ran the install script and still have the same errors. Running install.sh -nodeps makes no change. So, I uninstalled 4.67 and re-ran the 4.65 install script and now it fails as well. Obviously I now have a perl conflict but I'm unsure with which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the Fedora site, the install.sh script still trying to compile a new version. Anyone point me toward fixing this other than backing out perl and starting all over again? Mike W -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From shuttlebox at gmail.com Tue Mar 4 20:05:11 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 4 20:05:45 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local> <47C88BFA.4030906@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> Message-ID: <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> On Tue, Mar 4, 2008 at 8:38 PM, Maxime Gaudreault wrote: > Here's what I got: > > 14:35:06 [3558] dbg: razor2: razor2 check timed out after 10 seconds > 14:35:06 [3558] dbg: pyzor: no pyzor found, disabling Pyzor > > What is that ? helper-app run mode ? Your Razor doesn't work and you don't have Pyzor yet you load the plugin for it. Fix Razor manually and disable the Pyzor plugin in the .pre files. -- /peter From mikew at crucis.net Tue Mar 4 20:13:20 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 20:14:01 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDA9C4.30503@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> Message-ID: <47CDAD60.1040906@crucis.net> I have neither libz libz-devel nor are they a part of Fedora. Are these a normal part of the distros? Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 and perl-Compress-Zlib-1.42-1. Julian Field wrote: > > > Mike W wrote: > > I'm a non-guru, so please let me know when I've made a mistake. > > > I've been unable to get MailScanner to use any anti-virus except for > ClamAV. > > > With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > > > I got compile failure in two modules. perl-Archive-Zip and > > Perl-Storable. Install.sh continued and appeared to install > > MailScanner. However, at runtime I get the following error: > > > [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart > > Shutting down MailScanner daemons: > > MailScanner: [FAILED] > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > Waiting for MailScanner to die gracefully dead. > > Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: is only avaliable with the XS version at > > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > > Compilation failed in require at > > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > > Compilation failed in require at > > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > > BEGIN failed--compilation aborted at > > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > > Compilation failed in require at /usr/sbin/MailScanner line 80. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > > [ OK ] > > > I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > > script and still have the same errors. Running install.sh -nodeps makes > > no change. > > Run the following 2 commands and post their entire output here: > MailScanner --debug > MailScanner --lint > The first command, if there is no mail in the queue, will eventually > reach a point where it says it is building a batch of messages and will > go no further, at which point you need to thump Ctrl-C to quit it. > MailScanner --lint will run to completion. > > I think you will get an error message (or more) immediately from both of > the commands, and we need to see all the error output. > > You may well have a library missing. Do you have both of these RPMs > installed > libz > libz-devel > If not, then install both of them. Compress-Zlib won't work without them. > > > Anyone point me toward fixing this other than backing out perl and > > starting all over again? > > Don't do that :-( > > Jules > From ray at ccux.com Tue Mar 4 20:16:02 2008 From: ray at ccux.com (Ray Curtis) Date: Tue Mar 4 20:17:23 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CD9C61.1070104@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> Message-ID: <47CDAE02.7020007@ccux.com> Mike W wrote: > I'm a non-guru, so please let me know when I've made a mistake. > > I've been unable to get MailScanner to use any anti-virus except for ClamAV. > > With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > > I got compile failure in two modules. perl-Archive-Zip and > Perl-Storable. Install.sh continued and appeared to install > MailScanner. However, at runtime I get the following error: > > [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Waiting for MailScanner to die gracefully dead. > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > Compilation failed in require at /usr/sbin/MailScanner line 80. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > [ OK ] > > I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > script and still have the same errors. Running install.sh -nodeps makes > no change. > > So, I uninstalled 4.67 and re-ran the 4.65 install script and now it > fails as well. Obviously I now have a perl conflict but I'm unsure with > which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the > Fedora site, the install.sh script still trying to compile a new version. > > Anyone point me toward fixing this other than backing out perl and > starting all over again? > > Mike W > I'm not an expert at this, but it appears to me that you have the wrong copy of both these rpms, maybe a newer copy since its Fedora. perl-Compress-Zlib perl-Archieve-Tar than the ones that come with the latest version of MailScanner. -- Ray Curtis mailto:ray@ccux.com http://www.ccux.com From rob at kettle.org.uk Tue Mar 4 20:20:52 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Tue Mar 4 20:21:26 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CD6442.2020700@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk> <47CD6442.2020700@ecs.soton.ac.uk> Message-ID: <47CDAF24.4060304@kettle.org.uk> Julian Field wrote: > Do a MailScanner --lint and a MailScanner --debug and check that they > produce nothing untoward. > What MTA are you using, and have you followed the appropriate > installation instructions on www.mailscanner.info? How did you install > it? What distribution, OS and version? What distribution of > MailScanner did you use? > > > Rob Kettle wrote: >> Hi, >> >> just upgraded to the new release but when ever I start MailScanner I get >> a job MailScanner: Extracting Attachments that kicks in and uses 70+% >> CPU constantly and no mail gets processed. >> >> any help would be appreciated. >> >> thanks >> Rob >> > > Jules > Hi, I was running 4.66.5 with no Issues. Also using Mailwatch. System is Centos 5.1. MTA is sendmail. Sendmail runs fine on it's own without MailScanner. Output from --lint is : Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-Kettle-MailScanner-From Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamavmodule, clamd =========================================================================== =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" If any of your virus scanners (clamavmodule,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. the --debug stops at subtests = and goes no futher Rob From mikew at crucis.net Tue Mar 4 20:24:57 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 20:25:33 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11F9@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11F9@server02.bhl.local> Message-ID: <47CDB019.3050807@crucis.net> Tried, but got error that said: Warning: Cannot install Scalar:Utils, don't know what it is. Jason Ede wrote: > Reinstall the perl module Scalar:Utils I think. Browse back through the list as this has come up before. > > -----Original Message----- > From: Mike W > Sent: 04 March 2008 19:39 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released > > > I'm a non-guru, so please let me know when I've made a mistake. > > I've been unable to get MailScanner to use any anti-virus except for ClamAV. > > With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > > I got compile failure in two modules. perl-Archive-Zip and > Perl-Storable. Install.sh continued and appeared to install > MailScanner. However, at runtime I get the following error: > > [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > Waiting for MailScanner to die gracefully dead. > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > Compilation failed in require at /usr/sbin/MailScanner line 80. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > [ OK ] > > I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > script and still have the same errors. Running install.sh -nodeps makes > no change. > > So, I uninstalled 4.67 and re-ran the 4.65 install script and now it > fails as well. Obviously I now have a perl conflict but I'm unsure with > which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the > Fedora site, the install.sh script still trying to compile a new version. > > Anyone point me toward fixing this other than backing out perl and > starting all over again? > > Mike W > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From MailScanner at ecs.soton.ac.uk Tue Mar 4 20:26:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 4 20:27:41 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A141@server-16.MorganSys.net> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net><47CC3BE1.6030104@ecs.soton.ac.uk> <17ef01c87d7e$c93a6da0$0301a8c0@SAHOMELT> <7D1CC61717004141A57CA6CA1C8087EC18A141@server-16.MorganSys.net> Message-ID: <47CDB089.5020605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neal Morgan wrote: > Rick Cooper wrote: > > > > Julian Field wrote: > > > > > > Neal Morgan wrote: > > > > Greetings: > > > > > > > > My Mailscanner has been reporting timeouts when clamav updates > its > > > > database. I see entries like this in syslog: > > > > > > > > 2008-03-03 08:41:10.000 Server-05 MailScanner[20773]: > > > > Clamd::ERROR:: CLAM PING TIMED OUT! :: . > > > > > > > > > > > > If I review the clamav log, it seems that the timeout always > occurs > > > > within several seconds of the "database reloaded" entry: > > > > > > > > Mon Mar 3 08:30:21 2008 -> SelfCheck: Database > > > modification detected. > > > > Forcing reload. > > > > Mon Mar 3 08:30:21 2008 -> Reading databases from > /var/lib/clamav > > > > Mon Mar 3 08:41:09 2008 -> Database correctly reloaded (223704 > > > > signatures) > > > > > > > The ping timeout is set to 90 seconds. This should be way > > > more than is > > > needed for a database reload. You are welcome to try > > > increasing it, look > > > for the setting of the variable "PingTimeOut" in SweepViruses.pm. > > > > > > > > > > >I would think MailScanner wouldn't even bother to monitor the database > files > >if not using ClamAVModule as clamd handles reloading upon updates and > >MailScanner shouldn't care because it's not going to load them anyway. > It > >kind of makes me wonder if he is running both clamd and clamavmodule > > > >Rick > > > > > > Thanks Julian and Rick for your responses. I am running clamd, and when > I run the lint test MailScanner correctly finds it. I am not > referencing clamavmodule. (Lint confirms this as well). > > I did have the "Monitors for ClamAV Updates" configured in > MailScanner.conf (upgrade_MailScanner_conf complained about them on my > last upgrade, so I updated the line to point to the proper locations). > Rick, per your suggestion, I have taken this setting out. > That's equivalent to setting it to "/usr/local/share/clamav/*.cvd" which may or may not be what you want. Setting a conf setting to blank is not the same as leaving it out of the conf file altogether. This setting should only be checked, when MailScanner runs, if you actually mention "clamavmodule" in your "Virus Scanners =" setting. In that case, it cannot be blank. If you want to not check anything, then set it to point to some file whose timestamp won't change, such as your kernel or a program such as "/bin/true" or something like that. > I am using Unix sockets. To be sure MailScanner isn't trying TCP/IP, I > took the port number out leaving only the path to the socket. One thing > that might be of interest, my clamd does create a socket and pid file, > but doesn't create a lock file (that I can find). Could this have an > impact? > > As far as other messages in the clamav.log file, the only other ones I > find are 1) self check, and 2) the occasional "file not found." Those > seem to correspond with MailScanner reporting "not spam (too large)". > > Anyway, I am still left with the behavior that I get the ping timeout > messages within 1 to 3 seconds of the time clamav.log reports "Database > correctly reloaded". Weird. > > I agree that 90 seconds is more than enough. Changing this has no > effect on the problem. > > If others running clamd aren't getting these > "MailScanner[4899]: ClamD Timed Out During PING Check!" > and " MailScanner[3841]: Clamd::ERROR:: CLAM PING TIMED OUT! :: > ." messages, then it must be something I have mis-configured. ...I just > have no idea what that is. > > Any other suggestions? > > > Many thanks, > > Neal Morgan > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzbCMEfZZRxQVtlQRAgNYAJsHeDbrhZJv/ZnuakMLYLPwaBdSNACffsWn cyt0bk4U8Fk4Ol6QRSVozds= =JKcI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Tue Mar 4 20:36:05 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Tue Mar 4 20:36:45 2008 Subject: Queue problem In-Reply-To: <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85452D1@jupiter.reference.local> I noticed that I do not have this time out everytime for razor. Sometime it works without time out Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: March 4, 2008 3:05 PM To: MailScanner discussion Subject: Re: Queue problem On Tue, Mar 4, 2008 at 8:38 PM, Maxime Gaudreault wrote: > Here's what I got: > > 14:35:06 [3558] dbg: razor2: razor2 check timed out after 10 seconds > 14:35:06 [3558] dbg: pyzor: no pyzor found, disabling Pyzor > > What is that ? helper-app run mode ? Your Razor doesn't work and you don't have Pyzor yet you load the plugin for it. Fix Razor manually and disable the Pyzor plugin in the .pre files. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikew at crucis.net Tue Mar 4 20:37:02 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 20:37:40 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDA9C4.30503@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> Message-ID: <47CDB2EE.9080501@crucis.net> Julian Field wrote: > > > Mike W wrote: > > I'm a non-guru, so please let me know when I've made a mistake. > > > I've been unable to get MailScanner to use any anti-virus except for > ClamAV. > > > With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > > > I got compile failure in two modules. perl-Archive-Zip and > > Perl-Storable. Install.sh continued and appeared to install > > MailScanner. However, at runtime I get the following error: > > > [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart > > Shutting down MailScanner daemons: > > MailScanner: [FAILED] > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > Waiting for MailScanner to die gracefully dead. > > Starting MailScanner daemons: > > incoming sendmail: [ OK ] > > outgoing sendmail: [ OK ] > > MailScanner: is only avaliable with the XS version at > > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > > Compilation failed in require at > > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > > BEGIN failed--compilation aborted at > > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > > Compilation failed in require at > > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > > BEGIN failed--compilation aborted at > > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > > Compilation failed in require at /usr/sbin/MailScanner line 80. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > > [ OK ] > > > I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > > script and still have the same errors. Running install.sh -nodeps makes > > no change. > > Run the following 2 commands and post their entire output here: > MailScanner --debug > MailScanner --lint > The first command, if there is no mail in the queue, will eventually > reach a point where it says it is building a batch of messages and will > go no further, at which point you need to thump Ctrl-C to quit it. > MailScanner --lint will run to completion. > > I think you will get an error message (or more) immediately from both of > the commands, and we need to see all the error output. > > You may well have a library missing. Do you have both of these RPMs > installed > libz > libz-devel > If not, then install both of them. Compress-Zlib won't work without them. > > > Anyone point me toward fixing this other than backing out perl and > > starting all over again? > > Don't do that :-( > > Jules > Here's the output of MailScanner --lint [root@cygni mailscanner]# MailScanner --lint is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 80. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. And here's the output of MailScanner --debug [root@cygni mailscanner]# MailScanner --debug is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 80. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. I've found an old version of libz and libz-devel version 1.2.0.7. Is that too old? It's the only one I've found for Fedora so far. Mike W From mikew at crucis.net Tue Mar 4 20:43:10 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 20:43:45 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDAD60.1040906@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> Message-ID: <47CDB45E.3010602@crucis.net> See below... Mike W wrote: > I have neither > > libz > libz-devel > Correction, I have zlib and zlib-devel installed. My mistake. > nor are they a part of Fedora. Are these a normal part of the distros? > Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 > and perl-Compress-Zlib-1.42-1. > > Julian Field wrote: > >> Mike W wrote: >> >>> I'm a non-guru, so please let me know when I've made a mistake. >>> >>> I've been unable to get MailScanner to use any anti-virus except for >>> >> ClamAV. >> >> >>> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. >>> >>> I got compile failure in two modules. perl-Archive-Zip and >>> Perl-Storable. Install.sh continued and appeared to install >>> MailScanner. However, at runtime I get the following error: >>> >>> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart >>> Shutting down MailScanner daemons: >>> MailScanner: [FAILED] >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> Waiting for MailScanner to die gracefully dead. >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: is only avaliable with the XS version at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. >>> Compilation failed in require at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> Compilation failed in require at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> BEGIN failed--compilation aborted at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> Compilation failed in require at /usr/sbin/MailScanner line 80. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. >>> [ OK ] >>> >>> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install >>> script and still have the same errors. Running install.sh -nodeps makes >>> no change. >>> >> Run the following 2 commands and post their entire output here: >> MailScanner --debug >> MailScanner --lint >> The first command, if there is no mail in the queue, will eventually >> reach a point where it says it is building a batch of messages and will >> go no further, at which point you need to thump Ctrl-C to quit it. >> MailScanner --lint will run to completion. >> >> I think you will get an error message (or more) immediately from both of >> the commands, and we need to see all the error output. >> >> You may well have a library missing. Do you have both of these RPMs >> installed >> libz >> libz-devel >> If not, then install both of them. Compress-Zlib won't work without them. >> >> >>> Anyone point me toward fixing this other than backing out perl and >>> starting all over again? >>> >> Don't do that :-( >> >> Jules >> >> > > From richard.frovarp at sendit.nodak.edu Tue Mar 4 20:44:49 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Tue Mar 4 20:45:27 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDAD60.1040906@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> Message-ID: <47CDB4C1.5010300@sendit.nodak.edu> Mike W wrote: > I have neither > > libz > libz-devel > > nor are they a part of Fedora. Are these a normal part of the distros? > Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 > and perl-Compress-Zlib-1.42-1. > zlib and zlib-devel From bpirie at rma.edu Tue Mar 4 20:46:26 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Mar 4 20:46:13 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDAD60.1040906@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> Message-ID: <47CDB522.7080600@rma.edu> For fedora, try zlib zlib-devel And for future reference, "yum search" and "yum provides" and other yum options can provide a means of locating necessary packages based on files/libraries needed. Brendan Mike W wrote: > I have neither > > libz > libz-devel > > nor are they a part of Fedora. Are these a normal part of the distros? > Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 > and perl-Compress-Zlib-1.42-1. > > Julian Field wrote: >> >> Mike W wrote: >>> I'm a non-guru, so please let me know when I've made a mistake. >>> I've been unable to get MailScanner to use any anti-virus except for >> ClamAV. >> >>> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. >>> I got compile failure in two modules. perl-Archive-Zip and >>> Perl-Storable. Install.sh continued and appeared to install >>> MailScanner. However, at runtime I get the following error: >>> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart >>> Shutting down MailScanner daemons: >>> MailScanner: [FAILED] >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> Waiting for MailScanner to die gracefully dead. >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: is only avaliable with the XS version at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. >>> Compilation failed in require at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> Compilation failed in require at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> BEGIN failed--compilation aborted at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> Compilation failed in require at /usr/sbin/MailScanner line 80. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. >>> [ OK ] >>> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install >>> script and still have the same errors. Running install.sh -nodeps makes >>> no change. >> Run the following 2 commands and post their entire output here: >> MailScanner --debug >> MailScanner --lint >> The first command, if there is no mail in the queue, will eventually >> reach a point where it says it is building a batch of messages and will >> go no further, at which point you need to thump Ctrl-C to quit it. >> MailScanner --lint will run to completion. >> >> I think you will get an error message (or more) immediately from both of >> the commands, and we need to see all the error output. >> >> You may well have a library missing. Do you have both of these RPMs >> installed >> libz >> libz-devel >> If not, then install both of them. Compress-Zlib won't work without them. >> >>> Anyone point me toward fixing this other than backing out perl and >>> starting all over again? >> Don't do that :-( >> >> Jules >> > From mikew at crucis.net Tue Mar 4 20:56:53 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 20:57:30 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDAE02.7020007@ccux.com> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDAE02.7020007@ccux.com> Message-ID: <47CDB795.2080803@crucis.net> Ray Curtis wrote: > Mike W wrote: >> I'm a non-guru, so please let me know when I've made a mistake. >> >> I've been unable to get MailScanner to use any anti-virus except for >> ClamAV. >> >> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. >> >> I got compile failure in two modules. perl-Archive-Zip and >> Perl-Storable. Install.sh continued and appeared to install >> MailScanner. However, at runtime I get the following error: >> >> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart >> Shutting down MailScanner daemons: >> MailScanner: [FAILED] >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> Waiting for MailScanner to die gracefully dead. >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: is only avaliable with the XS version at >> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 >> BEGIN failed--compilation aborted at >> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. >> Compilation failed in require at >> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >> BEGIN failed--compilation aborted at >> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >> Compilation failed in require at >> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >> BEGIN failed--compilation aborted at >> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >> Compilation failed in require at /usr/sbin/MailScanner line 80. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. >> [ OK ] >> >> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install >> script and still have the same errors. Running install.sh -nodeps makes >> no change. >> >> So, I uninstalled 4.67 and re-ran the 4.65 install script and now it >> fails as well. Obviously I now have a perl conflict but I'm unsure with >> which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the >> Fedora site, the install.sh script still trying to compile a new >> version. >> >> Anyone point me toward fixing this other than backing out perl and >> starting all over again? >> >> Mike W >> > > I'm not an expert at this, but it appears to me that you have the wrong > copy of both these rpms, maybe a newer copy since its Fedora. > > perl-Compress-Zlib > perl-Archieve-Tar > > than the ones that come with the latest version of MailScanner. > > That could be. Here is an excerpt from the install.sh log that seems to hint at that. # Failed test 'use Archive::Zip;' # at t/00.load.t line 5. # Tried to use 'Archive::Zip'. # Error: is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 # BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. # Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. # BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. # Compilation failed in require at (eval 2) line 2. # BEGIN failed--compilation aborted at (eval 2) line 2. # Failed test 'use Archive::Zip::MemberRead;' # at t/00.load.t line 6. # Tried to use 'Archive::Zip::MemberRead'. # Error: Bareword "COMPRESSION_STORED" not allowed while "strict subs" in use at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip/MemberRead.pm line 107. # Compilation failed in require at (eval 11) line 2. # BEGIN failed--compilation aborted at (eval 11) line 2. Use of uninitialized value in concatenation (.) or string at t/00.load.t line 7. # Testing Archive::Zip , Perl 5.008008, /usr/bin/perl # Looks like you failed 2 tests of 2. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30. is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/test.t line 11. BEGIN failed--compilation aborted at t/test.t line 11. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30. is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testex.t line 11. BEGIN failed--compilation aborted at t/testex.t line 11. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30. is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testMemberRead.t line 10. BEGIN failed--compilation aborted at t/testMemberRead.t line 10. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30. is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testTree.t line 11. BEGIN failed--compilation aborted at t/testTree.t line 11. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30. is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.16/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testUpdate.t line 11. BEGIN failed--compilation aborted at t/testUpdate.t line 11. Failed 6/7 test programs. 2/10 subtests failed. make: *** [test_dynamic] Error 9 error: Bad exit status from /var/tmp/rpm-tmp.94052 (%build) Bad exit status from /var/tmp/rpm-tmp.94052 (%build) From peter at farrows.org Tue Mar 4 20:56:46 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 4 20:57:31 2008 Subject: off topic - Email Statistics In-Reply-To: <0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> <20080304141918.GA2896@bnl.gov> <0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> Message-ID: <47CDB78E.20702@farrows.org> Stephen Swaney wrote: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Tim Sailer >> Sent: Tuesday, March 04, 2008 9:19 AM >> To: MailScanner discussion >> Subject: Re: Email Statistics >> >> On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: >> >>>>> I have been looking at my stats, I was curious what other people >>>>> >> get >> >>>>> Current doing about 100,000 emails a month with a 77% Spam hit. >>>>> >>> Those are my numbers from the last 24 hours. >>> >>> We're doing a least >>> >>> 100,000+ mails per day >>> 48,000+ blocked per day >>> 310 "is spam" from MailScanner/SpamAssassin per day >>> >> Ugh. So far today from *one* of my two mail systems (the least busy): >> >> Msgs handled successfully 25,839 Messages rejected >> 266,311 Rejection rate 91.16% >> >> Of the 25k not outright rejected, only about 11% are non-spam. >> >> This is at 09:00 today. >> >> Tim >> > > I just had to throw these current stats in. This is a client's system that > has been under a denial of service attack (Joe Job) for the last six months: > > Statistic mailscan2 > Delivery Attempts 15,141,706 > Accepted messages 119,224 > % Accepted messages 0.79% > Messages rejected by BarricadeMX 15,022,482 > % Messages rejected by BarricadeMX 99.21% > Connections per second 36.58 > Connections per hour 131,672 > Connections per day 3,160,138 > Max Simultaneous Connections 802 > Load Average less than 2.0 > Process Age (seconds) 413,983 > Process Age (days) 4.79 > > Their system is a single CPU / Dual Core Intel(R) Xeon(TM) CPU 3.20GHz w/ 2 > GB of memory handling 3,160,138 connection attempts a day. BarricadeMX is > running in front of our custom version of MailScanner. They don't even > notice the attack any more Please contact me off list if you ever have a > DDOS problem. We have a very quick to install solution. > > Steve > > Steve Swaney > steve@fsl.com > www.fsl.com > > I didn't know that adverts were allowed on the Mailing list. This is basically spam in itself. From J.Ede at birchenallhowden.co.uk Tue Mar 4 21:09:16 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Mar 4 21:11:17 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FB@server02.bhl.local> >From last time it came up... >perl -MCPAN -e shell >force install Scalar::Util > -----Original Message----- From: Jason Ede Sent: 04 March 2008 20:21 To: MailScanner discussion Subject: RE: MailScanner ANNOUNCE: stable 4.67.6 released Reinstall the perl module Scalar:Utils I think. Browse back through the list as this has come up before. -----Original Message----- From: Mike W Sent: 04 March 2008 19:39 To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released I'm a non-guru, so please let me know when I've made a mistake. I've been unable to get MailScanner to use any anti-virus except for ClamAV. With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. I got compile failure in two modules. perl-Archive-Zip and Perl-Storable. Install.sh continued and appeared to install MailScanner. However, at runtime I get the following error: [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming sendmail: [ OK ] outgoing sendmail: [ OK ] Waiting for MailScanner to die gracefully dead. Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: is only avaliable with the XS version at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. Compilation failed in require at /usr/lib/MailScanner/MailScanner/Message.pm line 48. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Message.pm line 48. Compilation failed in require at /usr/sbin/MailScanner line 80. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. [ OK ] I downloaded perl-Archive-Zip from the Fedora site, re-ran the install script and still have the same errors. Running install.sh -nodeps makes no change. So, I uninstalled 4.67 and re-ran the 4.65 install script and now it fails as well. Obviously I now have a perl conflict but I'm unsure with which module. Even with the latest per-Archive-Zip-1.16.1.2.1 from the Fedora site, the install.sh script still trying to compile a new version. Anyone point me toward fixing this other than backing out perl and starting all over again? Mike W -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mark at msapiro.net Tue Mar 4 21:10:42 2008 From: mark at msapiro.net (Mark Sapiro) Date: Tue Mar 4 21:11:23 2008 Subject: Beta 4.67.5 In-Reply-To: <47CC7A40.4030401@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > >Mark Sapiro wrote: >> >> I have just installed Beta 4.67.5. I have also changed Max Children >> from 1 to 5 because I'm unable to tell from the change log whether >> there is anything in 4.67.5 vs. 4.67.4 that might affect my message >> duplication issue. >> >Unlikely. I still haven't got to the bottom of that one, sorry. >> I will be watching for duplicates and any other problems and will >> report. I posted this earlier from a non-member address. Sorry if it results in a duplicate to the list. I did observe a couple of duplications with 4.67.5 and Max Children = 5 so I set Max Children back to 1. I have now installed 4.67.6 with Max Children = 1. Other than the two duplications with Max Children = 5, I have seen no problems with 4.67.5 or 4.67.6. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From rcooper at dwford.com Tue Mar 4 21:13:19 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 4 21:13:58 2008 Subject: Clamav Ping Timeout During Update In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A141@server-16.MorganSys.net> References: <7D1CC61717004141A57CA6CA1C8087EC18A136@server-16.MorganSys.net><47CC3BE1.6030104@ecs.soton.ac.uk><17ef01c87d7e$c93a6da0$0301a8c0@SAHOMELT> <7D1CC61717004141A57CA6CA1C8087EC18A141@server-16.MorganSys.net> Message-ID: <1b1701c87e3c$92db1cf0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Neal Morgan > Sent: Tuesday, March 04, 2008 2:17 PM > To: MailScanner discussion > Subject: RE: Clamav Ping Timeout During Update > [...] > > Thanks Julian and Rick for your responses. I am running > clamd, and when > I run the lint test MailScanner correctly finds it. I am not > referencing clamavmodule. (Lint confirms this as well). > > I did have the "Monitors for ClamAV Updates" configured in > MailScanner.conf (upgrade_MailScanner_conf complained about > them on my > last upgrade, so I updated the line to point to the proper > locations). > Rick, per your suggestion, I have taken this setting out. > > I am using Unix sockets. To be sure MailScanner isn't > trying TCP/IP, I > took the port number out leaving only the path to the > socket. One thing > that might be of interest, my clamd does create a socket and > pid file, > but doesn't create a lock file (that I can find). Could this have an > impact? > > As far as other messages in the clamav.log file, the only > other ones I > find are 1) self check, and 2) the occasional "file not > found." Those > seem to correspond with MailScanner reporting "not spam (too large)". > > Anyway, I am still left with the behavior that I get the ping timeout > messages within 1 to 3 seconds of the time clamav.log > reports "Database > correctly reloaded". Weird. > > I agree that 90 seconds is more than enough. Changing this has no > effect on the problem. > > If others running clamd aren't getting these > "MailScanner[4899]: ClamD Timed Out During PING Check!" > and " MailScanner[3841]: Clamd::ERROR:: CLAM PING TIMED OUT! :: > ." messages, then it must be something I have > mis-configured. ...I just > have no idea what that is. > Ok, I assume the lock file setting is blank (I think that is default) since you would get an error stating clamd doesn't appear to be running instead of the time out. The lock file isn't used in all installations. You have never actually stated what version of clamav you are running. A few versions back there was a real issues with the time the databases were taking to load. What version are you running currently? I have attached a script to do some testing with. The perl modules required are, I believe, nothing that isn't required to run MS. Run PingClamd.pl --help to get the options list. If you are running Unix Sockets you will have to set -s /path/to/socket and -d. The default timeout is 20 seconds. If you can open two terminal windows restart freshclam in one window and run PingClamd.pl in the other and see if you can cause the timeout there. If not then we probably have to look for something in MS, otherwise something in the OS. You can increase the timeout via the -t switch. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: PingClamd.pl Type: application/octet-stream Size: 5674 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080304/2c3570a1/PingClamd.obj From mgaudreault at reference.qc.ca Tue Mar 4 21:16:25 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Tue Mar 4 21:17:05 2008 Subject: Queue problem In-Reply-To: <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> I checked in the razor logs: /var/log/razor-agent.log Mar 04 16:08:38.140629 check[20110]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 04 16:08:38.153913 check[20110]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity Mar 04 16:08:38.155358 check[20110]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst Mar 04 16:08:38.155662 check[20110]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar 04 16:08:38.156001 check[20110]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 04 16:08:38.157371 check[20110]: [ 5] server discovery overdue by 200108 seconds Mar 04 16:08:38.157633 check[20110]: [ 5] Connecting to discovery.spamnet.com ... Mar 04 16:08:38.640861 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M Mar 04 16:08:38.641150 check[20110]: [ 4] discovery.spamnet.com << 12 Mar 04 16:08:38.851323 check[20110]: [ 4] discovery.spamnet.com >> 111 Mar 04 16:08:38.851809 check[20110]: [ 4] discovery.spamnet.com << 12 Mar 04 16:08:38.999376 check[20110]: [ 4] discovery.spamnet.com >> 91 Mar 04 16:08:38.999868 check[20110]: [ 5] no razorhome, not caching server info to disk Mar 04 16:08:39.000256 check[20110]: [ 5] no razorhome, not caching server info to disk Mar 04 16:08:39.006854 check[20110]: [ 5] disconnecting from server discovery.spamnet.com Mar 04 16:08:39.007095 check[20110]: [ 4] discovery.spamnet.com << 5 Mar 04 16:08:39.007266 check[20110]: [ 5] Connecting to c302.cloudmark.com ... Mar 04 16:08:48.313318 check[20110]: [ 4] c302.cloudmark.com >> 36 server greeting: sn=C&srl=5425&a=1&a=cg&ep4=7542-10^M Mar 04 16:08:48.313697 check[20110]: [ 4] c302.cloudmark.com << 25 Mar 04 16:08:48.313904 check[20110]: [ 4] c302.cloudmark.com << 14 Mar 04 16:08:48.541427 check[20110]: [ 4] c302.cloudmark.com >> 264 Mar 04 16:08:48.545907 check[20110]: [ 5] Updated to new server state srl 5425 for server c302.cloudmark.com Mar 04 16:08:48.546206 check[20110]: [ 5] no razorhome, not caching server info to disk Mar 04 16:08:48.546280 check[20110]: [ 5] srl was updated, forcing discovery ... Mar 04 16:08:48.546452 check[20110]: [ 5] server discovery overdue by 188232 seconds Mar 04 16:08:48.546622 check[20110]: [ 5] disconnecting from server c302.cloudmark.com Mar 04 16:08:48.546786 check[20110]: [ 4] c302.cloudmark.com << 5 Mar 04 16:08:48.546917 check[20110]: [ 5] Connecting to discovery.spamnet.com ... Mar 04 16:08:48.873911 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M Mar 04 16:08:48.874136 check[20110]: [ 4] discovery.spamnet.com << 12 MailScanner debug output: 16:08:38 [20110] dbg: rules: ran eval rule __MIME_QP ======> got hit (2) 16:08:38 [20110] dbg: rules: running full tests; score so far=17.316 16:08:38 [20110] dbg: info: entering helper-app run mode 16:08:49 [20110] dbg: info: leaving helper-app run mode 16:08:49 [20110] dbg: razor2: razor2 check timed out after 10 seconds 16:08:49 [20110] dbg: razor2: results: spam? 0 16:08:49 [20110] dbg: razor2: results: engine 8, highest cf score: 0 16:08:49 [20110] dbg: razor2: results: engine 4, highest cf score: 0 I understand there's been a delay while contacting c302.cloudmark.com but not at every tries. What could I do ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox Sent: March 4, 2008 3:05 PM To: MailScanner discussion Subject: Re: Queue problem On Tue, Mar 4, 2008 at 8:38 PM, Maxime Gaudreault wrote: > Here's what I got: > > 14:35:06 [3558] dbg: razor2: razor2 check timed out after 10 seconds > 14:35:06 [3558] dbg: pyzor: no pyzor found, disabling Pyzor > > What is that ? helper-app run mode ? Your Razor doesn't work and you don't have Pyzor yet you load the plugin for it. Fix Razor manually and disable the Pyzor plugin in the .pre files. -- /peter -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Mar 4 21:32:12 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 4 21:32:50 2008 Subject: Mail PTR Records In-Reply-To: <47CC577D.7000207@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> Message-ID: <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> On 03/03/2008, Matt Kettler wrote: > Nathan Olson wrote: > > It's not RFC-compliant. > > > Please point out the RFC and section it violates. > > AFAIK, there's no section that prohibits refusing mail due to lack of PTR > records for the IP address. It might be that Nathan interpretes the "address verification" bit as doing any form of DNS.... which actually might be the "spirit" of all that.... Hm.... Need sleep and time to think on this:-) > I've been proved wrong before, but I'm extraordinarily skeptical that there's > any such restrictions in the RFCs.. I can find no mention of such a restriction > in RFC 821, 2821 or 1123. :-) You're a big man, Matt. > > On the contrary, RFC 1912 section 2.1 directly tells you that that not having a > PTR record could lead to services refusing to talk to your hosts. > > Also, RFC 1912 states that all IP address should have have a PTR record > associated with them in the in-addr.arpa space. > > So, the documentation I can find in the RFCs suggests that blocking connections > from hosts which lack PTR records is legal and should be expected. > Interresting implications there...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dickenson at cfmc.com Tue Mar 4 21:33:43 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Tue Mar 4 21:34:23 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDB2EE.9080501@crucis.net> Message-ID: In fedora can you not say something like "yum install libz libz-devel"? -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Mike W > Reply-To: MailScanner discussion > Date: Tue, 04 Mar 2008 14:37:02 -0600 > To: MailScanner discussion > Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released > > > > Julian Field wrote: >> >> >> Mike W wrote: >>> I'm a non-guru, so please let me know when I've made a mistake. >> >>> I've been unable to get MailScanner to use any anti-virus except for >> ClamAV. >> >>> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. >> >>> I got compile failure in two modules. perl-Archive-Zip and >>> Perl-Storable. Install.sh continued and appeared to install >>> MailScanner. However, at runtime I get the following error: >> >>> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart >>> Shutting down MailScanner daemons: >>> MailScanner: [FAILED] >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> Waiting for MailScanner to die gracefully dead. >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: is only avaliable with the XS version at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. >>> Compilation failed in require at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> Compilation failed in require at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> BEGIN failed--compilation aborted at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> Compilation failed in require at /usr/sbin/MailScanner line 80. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. >>> [ OK ] >> >>> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install >>> script and still have the same errors. Running install.sh -nodeps makes >>> no change. >> >> Run the following 2 commands and post their entire output here: >> MailScanner --debug >> MailScanner --lint >> The first command, if there is no mail in the queue, will eventually >> reach a point where it says it is building a batch of messages and will >> go no further, at which point you need to thump Ctrl-C to quit it. >> MailScanner --lint will run to completion. >> >> I think you will get an error message (or more) immediately from both of >> the commands, and we need to see all the error output. >> >> You may well have a library missing. Do you have both of these RPMs >> installed >> libz >> libz-devel >> If not, then install both of them. Compress-Zlib won't work without them. >> >>> Anyone point me toward fixing this other than backing out perl and >>> starting all over again? >> >> Don't do that :-( >> >> Jules >> > Here's the output of MailScanner --lint > [root@cygni mailscanner]# MailScanner --lint > is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > Compilation failed in require at /usr/sbin/MailScanner line 80. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > > And here's the output of MailScanner --debug > [root@cygni mailscanner]# MailScanner --debug > is only avaliable with the XS version at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > Compilation failed in require at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > BEGIN failed--compilation aborted at > /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > Compilation failed in require at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Message.pm line 48. > Compilation failed in require at /usr/sbin/MailScanner line 80. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > > I've found an old version of libz and libz-devel version 1.2.0.7. Is > that too old? It's the only one I've found for Fedora so far. > > Mike W > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mikew at crucis.net Tue Mar 4 21:38:54 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 21:39:30 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDB4C1.5010300@sendit.nodak.edu> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> <47CDB4C1.5010300@sendit.nodak.edu> Message-ID: <47CDC16E.9030402@crucis.net> Richard Frovarp wrote: > Mike W wrote: >> I have neither >> >> libz >> libz-devel >> >> nor are they a part of Fedora. Are these a normal part of the >> distros? Are these perl modules? There is a >> perl-Archive-Zip-1.16-1.2.12 >> and perl-Compress-Zlib-1.42-1. >> > zlib and zlib-devel Those I have. mw From glenn.steen at gmail.com Tue Mar 4 21:48:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 4 21:49:23 2008 Subject: Mail PTR Records In-Reply-To: <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> Message-ID: <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> On 04/03/2008, Glenn Steen wrote: > On 03/03/2008, Matt Kettler wrote: > > Nathan Olson wrote: > > > It's not RFC-compliant. > > > > > > Please point out the RFC and section it violates. > > > > AFAIK, there's no section that prohibits refusing mail due to lack of PTR > > records for the IP address. > > It might be that Nathan interpretes the "address verification" bit as > doing any form of DNS.... which actually might be the "spirit" of all > that.... Hm.... Need sleep and time to think on this:-) > Ah, I see you all thought this through while I was out carousing in Copenhagen... > > > I've been proved wrong before, but I'm extraordinarily skeptical that there's > > any such restrictions in the RFCs.. I can find no mention of such a restriction > > in RFC 821, 2821 or 1123. > > :-) You're a big man, Matt. At some point in time, I think most people (like us:-) have had a .... humbling.... "RFC incident":) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikew at crucis.net Tue Mar 4 22:10:43 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 22:11:26 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FB@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FB@server02.bhl.local> Message-ID: <47CDC8E3.40304@crucis.net> Jason Ede wrote: > >From last time it came up... > > > >> perl -MCPAN -e shell >> force install Scalar::Util >> >> > > -----Original Message----- > From: Jason Ede > Sent: 04 March 2008 20:21 > To: MailScanner discussion > Subject: RE: MailScanner ANNOUNCE: stable 4.67.6 released > > > Reinstall the perl module Scalar:Utils I think. Browse back through the list as this has come up before. > > Jason, thank you! That removed the initial startup error. Now to run some tests and see if f-prot is being recognized. Mike W From ssilva at sgvwater.com Tue Mar 4 22:34:06 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 4 22:35:11 2008 Subject: off topic - Email Statistics In-Reply-To: <47CDB78E.20702@farrows.org> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> <20080304141918.GA2896@bnl.gov> <0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> <47CDB78E.20702@farrows.org> Message-ID: on 3-4-2008 12:56 PM Peter Farrow spake the following: > Stephen Swaney wrote: >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Tim Sailer >>> Sent: Tuesday, March 04, 2008 9:19 AM >>> To: MailScanner discussion >>> Subject: Re: Email Statistics >>> >>> On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: >>> >>>>>> I have been looking at my stats, I was curious what other people >>>>>> >>> get >>> >>>>>> Current doing about 100,000 emails a month with a 77% Spam hit. >>>>>> >>>> Those are my numbers from the last 24 hours. >>>> >>>> We're doing a least >>>> >>>> 100,000+ mails per day >>>> 48,000+ blocked per day >>>> 310 "is spam" from MailScanner/SpamAssassin per day >>>> >>> Ugh. So far today from *one* of my two mail systems (the least busy): >>> >>> Msgs handled successfully 25,839 Messages rejected >>> 266,311 Rejection rate 91.16% >>> >>> Of the 25k not outright rejected, only about 11% are non-spam. >>> >>> This is at 09:00 today. >>> >>> Tim >>> >> >> I just had to throw these current stats in. This is a client's system >> that >> has been under a denial of service attack (Joe Job) for the last six >> months: >> >> Statistic mailscan2 >> Delivery Attempts 15,141,706 >> Accepted messages 119,224 >> % Accepted messages 0.79% >> Messages rejected by BarricadeMX 15,022,482 >> % Messages rejected by BarricadeMX 99.21% >> Connections per second 36.58 >> Connections per hour 131,672 >> Connections per day 3,160,138 >> Max Simultaneous Connections 802 >> Load Average less than 2.0 >> Process Age (seconds) 413,983 >> Process Age (days) 4.79 >> >> Their system is a single CPU / Dual Core Intel(R) Xeon(TM) CPU 3.20GHz >> w/ 2 >> GB of memory handling 3,160,138 connection attempts a day. BarricadeMX is >> running in front of our custom version of MailScanner. They don't even >> notice the attack any more Please contact me off list if you ever have a >> DDOS problem. We have a very quick to install solution. >> Steve >> >> Steve Swaney >> steve@fsl.com >> www.fsl.com >> >> > I didn't know that adverts were allowed on the Mailing list. > > This is basically spam in itself. > > I do believe that FSL is one of the paying jobs that makes this list and MailScanner possible. And since Julian is an officer (CTO), I don't think it is that bad. It is infinitely better than the "male member enlarging" stuff hitting the egroupware list daily. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080304/fe6c7ab3/signature.bin From ssilva at sgvwater.com Tue Mar 4 22:30:13 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 4 22:35:27 2008 Subject: off topic - Email Statistics In-Reply-To: <351.892322260206$1204654568@news.gmane.org> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> <20080304141918.GA2896@bnl.gov> <351.892322260206$1204654568@news.gmane.org> Message-ID: on 3-4-2008 10:01 AM Stephen Swaney spake the following: > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Tim Sailer >> Sent: Tuesday, March 04, 2008 9:19 AM >> To: MailScanner discussion >> Subject: Re: Email Statistics >> >> On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: >>>>> I have been looking at my stats, I was curious what other people >> get >>>>> Current doing about 100,000 emails a month with a 77% Spam hit. >>> Those are my numbers from the last 24 hours. >>> >>> We're doing a least >>> >>> 100,000+ mails per day >>> 48,000+ blocked per day >>> 310 "is spam" from MailScanner/SpamAssassin per day >> Ugh. So far today from *one* of my two mail systems (the least busy): >> >> Msgs handled successfully 25,839 Messages rejected >> 266,311 Rejection rate 91.16% >> >> Of the 25k not outright rejected, only about 11% are non-spam. >> >> This is at 09:00 today. >> >> Tim > > I just had to throw these current stats in. This is a client's system that > has been under a denial of service attack (Joe Job) for the last six months: > > Statistic mailscan2 > Delivery Attempts 15,141,706 > Accepted messages 119,224 > % Accepted messages 0.79% > Messages rejected by BarricadeMX 15,022,482 > % Messages rejected by BarricadeMX 99.21% > Connections per second 36.58 > Connections per hour 131,672 > Connections per day 3,160,138 > Max Simultaneous Connections 802 > Load Average less than 2.0 > Process Age (seconds) 413,983 > Process Age (days) 4.79 > > Their system is a single CPU / Dual Core Intel(R) Xeon(TM) CPU 3.20GHz w/ 2 > GB of memory handling 3,160,138 connection attempts a day. BarricadeMX is > running in front of our custom version of MailScanner. They don't even > notice the attack any more Please contact me off list if you ever have a > DDOS problem. We have a very quick to install solution. > > Steve > Now you're just showing off!! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080304/79e9e5e9/signature.bin From peter at farrows.org Tue Mar 4 22:45:07 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 4 22:45:53 2008 Subject: Mail PTR Records In-Reply-To: <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> Message-ID: <47CDD0F3.6020504@farrows.org> Glenn Steen wrote: > On 03/03/2008, Matt Kettler wrote: > >> Nathan Olson wrote: >> > It's not RFC-compliant. >> >> >> Please point out the RFC and section it violates. >> >> AFAIK, there's no section that prohibits refusing mail due to lack of PTR >> records for the IP address. >> > It might be that Nathan interpretes the "address verification" bit as > doing any form of DNS.... which actually might be the "spirit" of all > that.... Hm.... Need sleep and time to think on this:-) > > >> I've been proved wrong before, but I'm extraordinarily skeptical that there's >> any such restrictions in the RFCs.. I can find no mention of such a restriction >> in RFC 821, 2821 or 1123. >> > :-) You're a big man, Matt. > > >> On the contrary, RFC 1912 section 2.1 directly tells you that that not having a >> PTR record could lead to services refusing to talk to your hosts. >> >> Also, RFC 1912 states that all IP address should have have a PTR record >> associated with them in the in-addr.arpa space. >> >> So, the documentation I can find in the RFCs suggests that blocking connections >> from hosts which lack PTR records is legal and should be expected. >> >> > Interresting implications there...:-) > > Cheers > Just bin the emails from ptr-A record mismatched hosts, then sell the ISP/user in question consultancy services to put it right... Simple economics, turn someone elses config problem into a revenue opportunity. If the sender is genuine they will want this fixed, if not, they are probably a spammer anyway. P. From Kevin_Miller at ci.juneau.ak.us Tue Mar 4 22:58:17 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Tue Mar 4 22:57:53 2008 Subject: off topic - Email Statistics In-Reply-To: <47CDB78E.20702@farrows.org> References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com><20080304141918.GA2896@bnl.gov><0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> <47CDB78E.20702@farrows.org> Message-ID: Peter Farrow wrote: > I didn't know that adverts were allowed on the Mailing list. > > This is basically spam in itself. Well, when you're the author of MailWatch (Steve Swaney) and have worked closely with Julian (the author of MailScanner) to produce a commercial offering incorporating those packages I guess you're entitled to a little self promotion. If Steve or Jules toot their own horn every now and again it's fine by me. Heck, if it was up to me they'd both be knighted instead of Bill Gates... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mikew at crucis.net Tue Mar 4 23:03:15 2008 From: mikew at crucis.net (Mike W) Date: Tue Mar 4 23:04:15 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: References: Message-ID: <47CDD533.5030502@crucis.net> Jim Dickenson wrote: > In fedora can you not say something like "yum install libz libz-devel"? > Thank you, all. I have MailScanner running after a forced install of Scalar::Utils. My original problem, f-prot being detected but not executed remains. I'm working on that. So, three days of scurrying to return to where I was. At least now MS, Spamassassin and ClamAV is working. During the last install of MS, perl-Archive-Zip failed as well as perl-Storable. Still don't know why. Mike W -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From ssilva at sgvwater.com Tue Mar 4 23:07:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 4 23:08:26 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> Message-ID: on 3-4-2008 1:16 PM Maxime Gaudreault spake the following: > I checked in the razor logs: > > /var/log/razor-agent.log > Mar 04 16:08:38.140629 check[20110]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log > Mar 04 16:08:38.153913 check[20110]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity > Mar 04 16:08:38.155358 check[20110]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst > Mar 04 16:08:38.155662 check[20110]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst > Mar 04 16:08:38.156001 check[20110]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst > Mar 04 16:08:38.157371 check[20110]: [ 5] server discovery overdue by 200108 seconds > Mar 04 16:08:38.157633 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > Mar 04 16:08:38.640861 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:38.641150 check[20110]: [ 4] discovery.spamnet.com << 12 > Mar 04 16:08:38.851323 check[20110]: [ 4] discovery.spamnet.com >> 111 > Mar 04 16:08:38.851809 check[20110]: [ 4] discovery.spamnet.com << 12 > Mar 04 16:08:38.999376 check[20110]: [ 4] discovery.spamnet.com >> 91 > Mar 04 16:08:38.999868 check[20110]: [ 5] no razorhome, not caching server info to disk > Mar 04 16:08:39.000256 check[20110]: [ 5] no razorhome, not caching server info to disk > Mar 04 16:08:39.006854 check[20110]: [ 5] disconnecting from server discovery.spamnet.com > Mar 04 16:08:39.007095 check[20110]: [ 4] discovery.spamnet.com << 5 > Mar 04 16:08:39.007266 check[20110]: [ 5] Connecting to c302.cloudmark.com ... > Mar 04 16:08:48.313318 check[20110]: [ 4] c302.cloudmark.com >> 36 server greeting: sn=C&srl=5425&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:48.313697 check[20110]: [ 4] c302.cloudmark.com << 25 > Mar 04 16:08:48.313904 check[20110]: [ 4] c302.cloudmark.com << 14 > Mar 04 16:08:48.541427 check[20110]: [ 4] c302.cloudmark.com >> 264 > Mar 04 16:08:48.545907 check[20110]: [ 5] Updated to new server state srl 5425 for server c302.cloudmark.com > Mar 04 16:08:48.546206 check[20110]: [ 5] no razorhome, not caching server info to disk > Mar 04 16:08:48.546280 check[20110]: [ 5] srl was updated, forcing discovery ... > Mar 04 16:08:48.546452 check[20110]: [ 5] server discovery overdue by 188232 seconds > Mar 04 16:08:48.546622 check[20110]: [ 5] disconnecting from server c302.cloudmark.com > Mar 04 16:08:48.546786 check[20110]: [ 4] c302.cloudmark.com << 5 > Mar 04 16:08:48.546917 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > Mar 04 16:08:48.873911 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:48.874136 check[20110]: [ 4] discovery.spamnet.com << 12 > > MailScanner debug output: > 16:08:38 [20110] dbg: rules: ran eval rule __MIME_QP ======> got hit (2) > 16:08:38 [20110] dbg: rules: running full tests; score so far=17.316 > 16:08:38 [20110] dbg: info: entering helper-app run mode > 16:08:49 [20110] dbg: info: leaving helper-app run mode > 16:08:49 [20110] dbg: razor2: razor2 check timed out after 10 seconds > 16:08:49 [20110] dbg: razor2: results: spam? 0 > 16:08:49 [20110] dbg: razor2: results: engine 8, highest cf score: 0 > 16:08:49 [20110] dbg: razor2: results: engine 4, highest cf score: 0 > > I understand there's been a delay while contacting c302.cloudmark.com but not at every tries. What could I do ? > Did you complete the razor install with razor-admin -create and razor-admin -register? Razor is having problems getting to its home directory, and not saving its discovery cache. So it looks like it is doing a server discover at every invocation. That is part of your timeout . -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080304/af1716ba/signature.bin From MailScanner at ecs.soton.ac.uk Tue Mar 4 23:13:17 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 4 23:14:06 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDAD60.1040906@crucis.net> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> Message-ID: <47CDD78D.5060606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, they are called "zlib" and "zlib-devel". Mike W wrote: > I have neither > > libz > libz-devel > > nor are they a part of Fedora. Are these a normal part of the distros? > Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 > and perl-Compress-Zlib-1.42-1. > > Julian Field wrote: > >> Mike W wrote: >> >>> I'm a non-guru, so please let me know when I've made a mistake. >>> >>> I've been unable to get MailScanner to use any anti-virus except for >>> >> ClamAV. >> >> >>> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. >>> >>> I got compile failure in two modules. perl-Archive-Zip and >>> Perl-Storable. Install.sh continued and appeared to install >>> MailScanner. However, at runtime I get the following error: >>> >>> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner restart >>> Shutting down MailScanner daemons: >>> MailScanner: [FAILED] >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> Waiting for MailScanner to die gracefully dead. >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: is only avaliable with the XS version at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. >>> Compilation failed in require at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> BEGIN failed--compilation aborted at >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. >>> Compilation failed in require at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> BEGIN failed--compilation aborted at >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. >>> Compilation failed in require at /usr/sbin/MailScanner line 80. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. >>> [ OK ] >>> >>> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install >>> script and still have the same errors. Running install.sh -nodeps makes >>> no change. >>> >> Run the following 2 commands and post their entire output here: >> MailScanner --debug >> MailScanner --lint >> The first command, if there is no mail in the queue, will eventually >> reach a point where it says it is building a batch of messages and will >> go no further, at which point you need to thump Ctrl-C to quit it. >> MailScanner --lint will run to completion. >> >> I think you will get an error message (or more) immediately from both of >> the commands, and we need to see all the error output. >> >> You may well have a library missing. Do you have both of these RPMs >> installed >> libz >> libz-devel >> If not, then install both of them. Compress-Zlib won't work without them. >> >> >>> Anyone point me toward fixing this other than backing out perl and >>> starting all over again? >>> >> Don't do that :-( >> >> Jules >> >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzdePEfZZRxQVtlQRAisYAKDLP651nGpfH06SEe2zB1mya1aR9ACg2e+t I5frXenUF8o/xBx14Vq7Wr4= =ZAbZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Tue Mar 4 23:20:02 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 4 23:21:03 2008 Subject: Mail PTR Records In-Reply-To: <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> Message-ID: <47CDD922.5060703@evi-inc.com> Glenn Steen wrote: > On 04/03/2008, Glenn Steen wrote: >> On 03/03/2008, Matt Kettler wrote: >> > Nathan Olson wrote: >> > > It's not RFC-compliant. >> > >> > >> > Please point out the RFC and section it violates. >> > >> > AFAIK, there's no section that prohibits refusing mail due to lack of PTR >> > records for the IP address. >> >> It might be that Nathan interpretes the "address verification" bit as >> doing any form of DNS.... which actually might be the "spirit" of all >> that.... Hm.... Need sleep and time to think on this:-) >> > Ah, I see you all thought this through while I was out carousing in > Copenhagen... Indeed, it boiled down to a mis-application of RFC 2821. > >> > I've been proved wrong before, but I'm extraordinarily skeptical that there's >> > any such restrictions in the RFCs.. I can find no mention of such a restriction >> > in RFC 821, 2821 or 1123. >> >> :-) You're a big man, Matt. > At some point in time, I think most people (like us:-) have had a .... > humbling.... "RFC incident":) I still prefer to think of myself as a bit of a child and not a "big man" (I have a distinctly impish nature at times). However I am a child that is reasonable and I generally learn well from past mistakes. I'm pretty much always willing to admit when I'm wrong or accept I might be wrong, but I'll fight tooth and nail to prove out the facts :-) How else will I ever find out the details and learn from them? So try not to confuse my tenacious pursuit of facts as a personal need to be right... Generally I don't care if I'm right or not, I just need to know what IS right, and I will fight to discover it. :-) (And I do greatly appreciate those who will indulge such pursuits...) From steve at fsl.com Tue Mar 4 23:40:48 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Mar 4 23:41:27 2008 Subject: off topic - Email Statistics In-Reply-To: References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com> <20080304141918.GA2896@bnl.gov> <351.892322260206$1204654568@news.gmane.org> Message-ID: <47CDDE00.3070100@fsl.com> Scott Silva wrote: > on 3-4-2008 10:01 AM Stephen Swaney spake the following: >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >>> bounces@lists.mailscanner.info] On Behalf Of Tim Sailer >>> Sent: Tuesday, March 04, 2008 9:19 AM >>> To: MailScanner discussion >>> Subject: Re: Email Statistics >>> >>> On Tue, Mar 04, 2008 at 11:17:37AM +0100, Ronny T. Lampert wrote: >>>>>> I have been looking at my stats, I was curious what other people >>> get >>>>>> Current doing about 100,000 emails a month with a 77% Spam hit. >>>> Those are my numbers from the last 24 hours. >>>> >>>> We're doing a least >>>> >>>> 100,000+ mails per day >>>> 48,000+ blocked per day >>>> 310 "is spam" from MailScanner/SpamAssassin per day >>> Ugh. So far today from *one* of my two mail systems (the least busy): >>> >>> Msgs handled successfully 25,839 Messages rejected >>> 266,311 Rejection rate 91.16% >>> >>> Of the 25k not outright rejected, only about 11% are non-spam. >>> >>> This is at 09:00 today. >>> >>> Tim >> >> I just had to throw these current stats in. This is a client's system >> that >> has been under a denial of service attack (Joe Job) for the last six >> months: >> >> Statistic mailscan2 >> Delivery Attempts 15,141,706 >> Accepted messages 119,224 >> % Accepted messages 0.79% >> Messages rejected by BarricadeMX 15,022,482 >> % Messages rejected by BarricadeMX 99.21% >> Connections per second 36.58 >> Connections per hour 131,672 >> Connections per day 3,160,138 >> Max Simultaneous Connections 802 >> Load Average less than 2.0 >> Process Age (seconds) 413,983 >> Process Age (days) 4.79 >> >> Their system is a single CPU / Dual Core Intel(R) Xeon(TM) CPU >> 3.20GHz w/ 2 >> GB of memory handling 3,160,138 connection attempts a day. >> BarricadeMX is >> running in front of our custom version of MailScanner. They don't even >> notice the attack any more Please contact me off list if you ever have a >> DDOS problem. We have a very quick to install solution. >> Steve >> > Now you're just showing off!! ;-P > > True. We are very happy with the performance but I was trying to make a serious point. If anybody on this list starts getting an email based Denial of Service attack we can help them quickly configure just about any decent single CPU system to handle the attack in a way that will keep real email for the domain flowing. The whole process takes about an hour including the download of the ISO and the configuration. Just contact support@fsl.com. And the price for this assistance for MailScanner users is $0. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From steve at fsl.com Tue Mar 4 23:43:14 2008 From: steve at fsl.com (Stephen Swaney) Date: Tue Mar 4 23:43:24 2008 Subject: off topic - Email Statistics In-Reply-To: References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com><20080304141918.GA2896@bnl.gov><0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> <47CDB78E.20702@farrows.org> Message-ID: <47CDDE92.8080204@fsl.com> Kevin Miller wrote: > Peter Farrow wrote: > > >> >> Well, when you're the author of MailWatch (Steve Swaney) and have worked >> closely with Julian (the author of MailScanner) to produce a commercial >> offering incorporating those packages I guess you're entitled to a >> little self promotion. >> >> I didn't know that adverts were allowed on the Mailing list. >> >> This is basically spam in itself. >> Good idea but let's knight Steve Freegard. He's the one that wrote MailWatch. I just pay the bills. Steve Steve Swaney steve@fsl.com www.fsl.com From brose at med.wayne.edu Wed Mar 5 00:22:25 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 5 00:23:15 2008 Subject: OT: MailWatch Question In-Reply-To: <47CD956F.1050905@fsl.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu><47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com><47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com><47CD7AF7.70307@evi-inc.com> <47CD7C42.10404@farrows.org><610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu> <47CD956F.1050905@fsl.com> Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA4F4@MED-CORE03-MS1.med.wayne.edu> Thanks. I'd read that in the mailscanner and mailwatch archives but my crazy logic considers wildcard and regex differently. Is it possible for MailScanner to process multiple ruleset or customfunctions in the same way it does it for actions, virus scanners, etc? What I'd like is to allow users have their own whitelists/blacklists but still have my global rules that consists IP & Email Address Regex FROM combos. -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney Sent: Tuesday, March 04, 2008 1:31 PM To: MailScanner discussion Subject: Re: OT: MailWatch Question Rose, Bobby wrote: > > I've used Mailwatch for quite a while for login but not for > whitelist/blacklist but wanted to take a look at that function. Does > mailwatch support the regex rules or combo rules (eg From: > /[\@\.]doman.com$/ and From: 111.222.333.444 yes) If not, then is it > possible for MailScanner to check both a ruleset and a mailwatch > database to get the best of both worlds? > > Thanks > -=Bobby > > Bobby, MailWatch only works for perfect matches (no wild cards) on a single email address. Check the archives for Julian's reasons why this must be. You might consider setting up rule sets for the message that need wild card entries. For example a rules set for Spam Checks = that exempts the wild card entries. Than you could use MailWatch's checks for the "must perfectly match" entries and have a back door for wildcards. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Mar 5 00:37:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 5 00:40:36 2008 Subject: off topic - Email Statistics In-Reply-To: References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com><20080304141918.GA2896@bnl.gov><0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> <47CDB78E.20702@farrows.org> Message-ID: on 3-4-2008 2:58 PM Kevin Miller spake the following: > Peter Farrow wrote: > >> I didn't know that adverts were allowed on the Mailing list. >> >> This is basically spam in itself. > > Well, when you're the author of MailWatch (Steve Swaney) and have worked > closely with Julian (the author of MailScanner) to produce a commercial > offering incorporating those packages I guess you're entitled to a > little self promotion. > > If Steve or Jules toot their own horn every now and again it's fine by > me. Heck, if it was up to me they'd both be knighted instead of Bill > Gates... > > ...Kevin I think the Queen meant to behead "ol' Bill", but couldn't move the sword fast enough! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080304/7791448f/signature.bin From mikew at crucis.net Wed Mar 5 01:24:41 2008 From: mikew at crucis.net (Mike Watson) Date: Wed Mar 5 01:25:38 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDD78D.5060606@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD9C61.1070104@crucis.net> <47CDA9C4.30503@ecs.soton.ac.uk> <47CDAD60.1040906@crucis.net> <47CDD78D.5060606@ecs.soton.ac.uk> Message-ID: <47CDF659.70406@crucis.net> Not to worry, I figured that out. Now, my MailScanner is using ClamAV, sees f-prot-4 and alternately f-prot-6 but doesn't execute either. I've downloaded AVG and will test later with than. Initially, MS is not seeing AVG. More later. Mike W -- "Lose not thy airspeed, lest the ground rises up and smites thee." -- William Kershner Julian Field wrote: > Sorry, they are called "zlib" and "zlib-devel". > > Mike W wrote: > > I have neither > > > libz > > libz-devel > > > nor are they a part of Fedora. Are these a normal part of the distros? > > Are these perl modules? There is a perl-Archive-Zip-1.16-1.2.12 > > and perl-Compress-Zlib-1.42-1. > > > Julian Field wrote: > > >> Mike W wrote: > >> > >>> I'm a non-guru, so please let me know when I've made a mistake. > >>> > >>> I've been unable to get MailScanner to use any anti-virus except for > >>> > >> ClamAV. > >> > >> > >>> With that in mind, I deleted MS 4.66.5-3 and downloaded 4.67.6. > >>> > >>> I got compile failure in two modules. perl-Archive-Zip and > >>> Perl-Storable. Install.sh continued and appeared to install > >>> MailScanner. However, at runtime I get the following error: > >>> > >>> [root@cygni MailScanner-4.67.6-1]# /etc/rc.d/init.d/MailScanner > restart > >>> Shutting down MailScanner daemons: > >>> MailScanner: [FAILED] > >>> incoming sendmail: [ OK ] > >>> outgoing sendmail: [ OK ] > >>> Waiting for MailScanner to die gracefully dead. > >>> Starting MailScanner daemons: > >>> incoming sendmail: [ OK ] > >>> outgoing sendmail: [ OK ] > >>> MailScanner: is only avaliable with the XS version at > >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9 > >>> BEGIN failed--compilation aborted at > >>> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9. > >>> Compilation failed in require at > >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > >>> BEGIN failed--compilation aborted at > >>> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11. > >>> Compilation failed in require at > >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. > >>> BEGIN failed--compilation aborted at > >>> /usr/lib/MailScanner/MailScanner/Message.pm line 48. > >>> Compilation failed in require at /usr/sbin/MailScanner line 80. > >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80. > >>> [ OK ] > >>> > >>> I downloaded perl-Archive-Zip from the Fedora site, re-ran the install > >>> script and still have the same errors. Running install.sh -nodeps > makes > >>> no change. > >>> > >> Run the following 2 commands and post their entire output here: > >> MailScanner --debug > >> MailScanner --lint > >> The first command, if there is no mail in the queue, will eventually > >> reach a point where it says it is building a batch of messages and will > >> go no further, at which point you need to thump Ctrl-C to quit it. > >> MailScanner --lint will run to completion. > >> > >> I think you will get an error message (or more) immediately from > both of > >> the commands, and we need to see all the error output. > >> > >> You may well have a library missing. Do you have both of these RPMs > >> installed > >> libz > >> libz-devel > >> If not, then install both of them. Compress-Zlib won't work without > them. > >> > >> > >>> Anyone point me toward fixing this other than backing out perl and > >>> starting all over again? > >>> > >> Don't do that :-( > >> > >> Jules > >> > >> > > > Jules > -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Wed Mar 5 08:06:26 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Mar 5 08:09:20 2008 Subject: OT: MailWatch Question In-Reply-To: <610C64469748E84DB6BDD5BD23F01A760CA4F4@MED-CORE03-MS1.med.wayne.edu> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <20080303193924.GA13680@mikea.ath.cx> <47CC67B8.2050508@sendit.nodak.edu><47CC6D95.7070406@ew3d.com> <47CC7CBA.8090302@evi-inc.com><47CC82B0.1030908@farrows.org> <8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com> <47CD67A0.7070203@evi-inc.com> <8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com><47CD7AF7.70307@evi-inc.com> <47CD7C42.10404@farrows.org><610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu> <47CD956F.1050905@fsl.com>, <610C64469748E84DB6BDD5BD23F01A760CA4F4@MED-CORE03-MS1.med.wayne.edu> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FD@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby [brose@med.wayne.edu] Sent: 05 March 2008 00:22 To: MailScanner discussion Subject: RE: OT: MailWatch Question Thanks. I'd read that in the mailscanner and mailwatch archives but my crazy logic considers wildcard and regex differently. Is it possible for MailScanner to process multiple ruleset or customfunctions in the same way it does it for actions, virus scanners, etc? What I'd like is to allow users have their own whitelists/blacklists but still have my global rules that consists IP & Email Address Regex FROM combos. -=B I tried getting both rulesets and custom functions working but never managed to get it to work satisfactorily. Again I wanted the same functionality that it sounds you're looking for. I've settled for having rulesets or functions. Jason From J.Ede at birchenallhowden.co.uk Wed Mar 5 08:08:34 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Mar 5 08:09:44 2008 Subject: MailScanner ANNOUNCE: stable 4.67.6 released In-Reply-To: <47CDC8E3.40304@crucis.net> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FB@server02.bhl.local>, <47CDC8E3.40304@crucis.net> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FE@server02.bhl.local> This might be one for the FAQ... I think though it is uniquely a fedora problem that happens to ship with a broken copy of Scalar::Util. Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike W [mikew@crucis.net] Sent: 04 March 2008 22:10 To: MailScanner discussion Subject: Re: MailScanner ANNOUNCE: stable 4.67.6 released Jason Ede wrote: > >From last time it came up... > > > >> perl -MCPAN -e shell >> force install Scalar::Util >> >> > > -----Original Message----- > From: Jason Ede > Sent: 04 March 2008 20:21 > To: MailScanner discussion > Subject: RE: MailScanner ANNOUNCE: stable 4.67.6 released > > > Reinstall the perl module Scalar:Utils I think. Browse back through the list as this has come up before. > > Jason, thank you! That removed the initial startup error. Now to run some tests and see if f-prot is being recognized. Mike W -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Mar 5 09:24:27 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 5 09:25:03 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> Message-ID: <223f97700803050124l6d22782as4e68b5e413cb647b@mail.gmail.com> On 05/03/2008, Scott Silva wrote: > on 3-4-2008 1:16 PM Maxime Gaudreault spake the following: > > > I checked in the razor logs: > > > > /var/log/razor-agent.log > > Mar 04 16:08:38.140629 check[20110]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log > > Mar 04 16:08:38.153913 check[20110]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity > > Mar 04 16:08:38.155358 check[20110]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst > > Mar 04 16:08:38.155662 check[20110]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst > > Mar 04 16:08:38.156001 check[20110]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst > > Mar 04 16:08:38.157371 check[20110]: [ 5] server discovery overdue by 200108 seconds > > Mar 04 16:08:38.157633 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > > Mar 04 16:08:38.640861 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > > Mar 04 16:08:38.641150 check[20110]: [ 4] discovery.spamnet.com << 12 > > Mar 04 16:08:38.851323 check[20110]: [ 4] discovery.spamnet.com >> 111 > > Mar 04 16:08:38.851809 check[20110]: [ 4] discovery.spamnet.com << 12 > > Mar 04 16:08:38.999376 check[20110]: [ 4] discovery.spamnet.com >> 91 > > Mar 04 16:08:38.999868 check[20110]: [ 5] no razorhome, not caching server info to disk > > Mar 04 16:08:39.000256 check[20110]: [ 5] no razorhome, not caching server info to disk > > Mar 04 16:08:39.006854 check[20110]: [ 5] disconnecting from server discovery.spamnet.com > > Mar 04 16:08:39.007095 check[20110]: [ 4] discovery.spamnet.com << 5 > > Mar 04 16:08:39.007266 check[20110]: [ 5] Connecting to c302.cloudmark.com ... > > Mar 04 16:08:48.313318 check[20110]: [ 4] c302.cloudmark.com >> 36 server greeting: sn=C&srl=5425&a=1&a=cg&ep4=7542-10^M > > Mar 04 16:08:48.313697 check[20110]: [ 4] c302.cloudmark.com << 25 > > Mar 04 16:08:48.313904 check[20110]: [ 4] c302.cloudmark.com << 14 > > Mar 04 16:08:48.541427 check[20110]: [ 4] c302.cloudmark.com >> 264 > > Mar 04 16:08:48.545907 check[20110]: [ 5] Updated to new server state srl 5425 for server c302.cloudmark.com > > Mar 04 16:08:48.546206 check[20110]: [ 5] no razorhome, not caching server info to disk > > Mar 04 16:08:48.546280 check[20110]: [ 5] srl was updated, forcing discovery ... > > Mar 04 16:08:48.546452 check[20110]: [ 5] server discovery overdue by 188232 seconds > > Mar 04 16:08:48.546622 check[20110]: [ 5] disconnecting from server c302.cloudmark.com > > Mar 04 16:08:48.546786 check[20110]: [ 4] c302.cloudmark.com << 5 > > Mar 04 16:08:48.546917 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > > Mar 04 16:08:48.873911 check[20110]: [ 4] discovery.spamnet.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > > Mar 04 16:08:48.874136 check[20110]: [ 4] discovery.spamnet.com << 12 > > > > MailScanner debug output: > > 16:08:38 [20110] dbg: rules: ran eval rule __MIME_QP ======> got hit (2) > > 16:08:38 [20110] dbg: rules: running full tests; score so far=17.316 > > 16:08:38 [20110] dbg: info: entering helper-app run mode > > 16:08:49 [20110] dbg: info: leaving helper-app run mode > > 16:08:49 [20110] dbg: razor2: razor2 check timed out after 10 seconds > > 16:08:49 [20110] dbg: razor2: results: spam? 0 > > 16:08:49 [20110] dbg: razor2: results: engine 8, highest cf score: 0 > > 16:08:49 [20110] dbg: razor2: results: engine 4, highest cf score: 0 > > > > I understand there's been a delay while contacting c302.cloudmark.com but not at every tries. What could I do ? > > > > Did you complete the razor install with razor-admin -create and razor-admin > -register? > Razor is having problems getting to its home directory, and not saving its > discovery cache. So it looks like it is doing a server discover at every > invocation. That is part of your timeout . > Ah... Spot on Scott... Might be taht it is the usual thing... Postfix home-dir isn't writable (and should NOT be), so either create&chown $HOME/.razor accordingly, or ... do as the wiki tells you, to handle this:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Wed Mar 5 14:41:05 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 5 14:41:53 2008 Subject: MailScanner 4.67.6 Issue In-Reply-To: <47CD3098.8000300@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA501@MED-CORE03-MS1.med.wayne.edu> I just enabled the rule deny - x-dosexec No DOS executables No DOS programs allowed and it's started flagging attachment that aren't x-dosexec. It claimed a tif, some pngs, jpegs and a couple txt files. But if I do a file -i on them, they report their correct filetypes. This is on CentOS 4.6. I've disabled that rule and the issue stopped. -=Bobby From MailScanner at ecs.soton.ac.uk Wed Mar 5 15:46:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 5 15:47:25 2008 Subject: MailScanner 4.67.6 Issue In-Reply-To: <610C64469748E84DB6BDD5BD23F01A760CA501@MED-CORE03-MS1.med.wayne.edu> References: <47CD3098.8000300@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A760CA501@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47CEC05F.3030007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'll take a look tonight at this one. Rose, Bobby wrote: > I just enabled the rule > > deny - x-dosexec No DOS executables > No DOS programs allowed > > and it's started flagging attachment that aren't x-dosexec. It claimed > a tif, some pngs, jpegs and a couple txt files. But if I do a file -i > on them, they report their correct filetypes. This is on CentOS 4.6. > I've disabled that rule and the issue stopped. > > -=Bobby > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHzsBgEfZZRxQVtlQRAlOuAJ97PEy0E51mn9bCU1qhS4SNT2vXnwCgjwU/ 42SW+D7UyBdqKnXp9tloCCM= =OJav -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Wed Mar 5 16:26:03 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Mar 5 16:26:43 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> I reinstalled razor2 v2.84 using razor-admin -create and razor-admin -register 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 11:19:54 [1345] dbg: rules: compiled full tests 11:19:54 [1345] dbg: info: entering helper-app run mode 11:20:04 [1345] dbg: info: leaving helper-app run mode 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds razor-agent.log: Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 05 11:19:54.378768 check[1345]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity Mar 05 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst Mar 05 11:19:54.379648 check[1345]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 Mar 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 Mar 05 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 Mar 05 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 for server c303.cloudmark.com Mar 05 11:19:57.544120 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest server discovery Mar 05 11:19:57.544427 check[1345]: [ 5] forcing discovery Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from server c303.cloudmark.com Mar 05 11:19:57.544857 check[1345]: [ 4] c303.cloudmark.com << 5 Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 Mar 05 11:19:57.632396 check[1345]: [ 4] discovery.razor.cloudmark.com >> 111 Mar 05 11:19:57.632831 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 Mar 05 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server discovery.razor.cloudmark.com Mar 05 11:19:57.648496 check[1345]: [ 4] discovery.razor.cloudmark.com << 5 Mar 05 11:19:57.648631 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... It still says no razorhome but look at /etc/razor/razor-agent.conf: debuglevel = 5 identity = identity ignorelist = 0 listfile_catalogue = /etc/razor/servers.catalogue.lst listfile_discovery = /etc/razor/servers.discovery.lst listfile_nomination = /etc/razor/servers.nomination.lst logfile = /var/log/razor-agent.log logic_method = 4 min_cf = ac razordiscovery = discovery.razor.cloudmark.com razorhome = /etc/razor rediscovery_wait = 172800 report_headers = 1 turn_off_discovery = 0 use_engines = 4,8 whitelist = razor-whitelist Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: March 4, 2008 6:08 PM To: mailscanner@lists.mailscanner.info Subject: Re: Queue problem on 3-4-2008 1:16 PM Maxime Gaudreault spake the following: > I checked in the razor logs: > > /var/log/razor-agent.log > Mar 04 16:08:38.140629 check[20110]: [ 2] [bootup] Logging initiated > LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 04 > 16:08:38.153913 check[20110]: [ 5] computed razorhome=, > conf=/etc/razor/razor-agent.conf, ident=identity Mar 04 > 16:08:38.155358 check[20110]: [ 5] read_file: 1 items read from > /etc/razor/servers.discovery.lst Mar 04 16:08:38.155662 check[20110]: > [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar 04 16:08:38.156001 check[20110]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 04 16:08:38.157371 check[20110]: [ 5] server discovery overdue by 200108 seconds Mar 04 16:08:38.157633 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > Mar 04 16:08:38.640861 check[20110]: [ 4] discovery.spamnet.com >> 35 > server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:38.641150 check[20110]: [ 4] discovery.spamnet.com << 12 > Mar 04 16:08:38.851323 check[20110]: [ 4] discovery.spamnet.com >> 111 > Mar 04 16:08:38.851809 check[20110]: [ 4] discovery.spamnet.com << 12 > Mar 04 16:08:38.999376 check[20110]: [ 4] discovery.spamnet.com >> 91 > Mar 04 16:08:38.999868 check[20110]: [ 5] no razorhome, not caching > server info to disk Mar 04 16:08:39.000256 check[20110]: [ 5] no > razorhome, not caching server info to disk Mar 04 16:08:39.006854 > check[20110]: [ 5] disconnecting from server discovery.spamnet.com Mar > 04 16:08:39.007095 check[20110]: [ 4] discovery.spamnet.com << 5 Mar 04 16:08:39.007266 check[20110]: [ 5] Connecting to c302.cloudmark.com ... > Mar 04 16:08:48.313318 check[20110]: [ 4] c302.cloudmark.com >> 36 > server greeting: sn=C&srl=5425&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:48.313697 check[20110]: [ 4] c302.cloudmark.com << 25 Mar > 04 16:08:48.313904 check[20110]: [ 4] c302.cloudmark.com << 14 Mar 04 > 16:08:48.541427 check[20110]: [ 4] c302.cloudmark.com >> 264 Mar 04 > 16:08:48.545907 check[20110]: [ 5] Updated to new server state srl > 5425 for server c302.cloudmark.com Mar 04 16:08:48.546206 > check[20110]: [ 5] no razorhome, not caching server info to disk Mar 04 16:08:48.546280 check[20110]: [ 5] srl was updated, forcing discovery ... > Mar 04 16:08:48.546452 check[20110]: [ 5] server discovery overdue by > 188232 seconds Mar 04 16:08:48.546622 check[20110]: [ 5] disconnecting > from server c302.cloudmark.com Mar 04 16:08:48.546786 check[20110]: [ > 4] c302.cloudmark.com << 5 Mar 04 16:08:48.546917 check[20110]: [ 5] Connecting to discovery.spamnet.com ... > Mar 04 16:08:48.873911 check[20110]: [ 4] discovery.spamnet.com >> 35 > server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 04 16:08:48.874136 check[20110]: [ 4] discovery.spamnet.com << 12 > > MailScanner debug output: > 16:08:38 [20110] dbg: rules: ran eval rule __MIME_QP ======> got hit > (2) > 16:08:38 [20110] dbg: rules: running full tests; score so far=17.316 > 16:08:38 [20110] dbg: info: entering helper-app run mode > 16:08:49 [20110] dbg: info: leaving helper-app run mode > 16:08:49 [20110] dbg: razor2: razor2 check timed out after 10 seconds > 16:08:49 [20110] dbg: razor2: results: spam? 0 > 16:08:49 [20110] dbg: razor2: results: engine 8, highest cf score: 0 > 16:08:49 [20110] dbg: razor2: results: engine 4, highest cf score: 0 > > I understand there's been a delay while contacting c302.cloudmark.com but not at every tries. What could I do ? > Did you complete the razor install with razor-admin -create and razor-admin -register? Razor is having problems getting to its home directory, and not saving its discovery cache. So it looks like it is doing a server discover at every invocation. That is part of your timeout . -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From Andreas.Doerfler at kempten.de Wed Mar 5 16:16:01 2008 From: Andreas.Doerfler at kempten.de (=?iso-8859-1?Q?D=F6rfler_Andreas?=) Date: Wed Mar 5 16:31:49 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CDAF24.4060304@kettle.org.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk><47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> Message-ID: hi rob, dunno if it helps, got the same problem and i had to install 4.67.6 twice. first installed the latest stable 4.66.5-3 and then 4.67.6-1 again. it works now. greetings andy > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Rob Kettle > Sent: Tuesday, March 04, 2008 9:21 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: MailScanner 4.67.6 Attachment Issue > > Julian Field wrote: > > Do a MailScanner --lint and a MailScanner --debug and check > that they > > produce nothing untoward. > > What MTA are you using, and have you followed the appropriate > > installation instructions on www.mailscanner.info? How did > you install > > it? What distribution, OS and version? What distribution of > > MailScanner did you use? > > > > > > Rob Kettle wrote: > >> Hi, > >> > >> just upgraded to the new release but when ever I start > MailScanner I > >> get a job MailScanner: Extracting Attachments that kicks > in and uses > >> 70+% CPU constantly and no mail gets processed. > >> > >> any help would be appreciated. > >> > >> thanks > >> Rob > >> > > > > Jules > > > Hi, I was running 4.66.5 with no Issues. Also using > Mailwatch. System is Centos 5.1. MTA is sendmail. Sendmail > runs fine on it's own without MailScanner. > > Output from --lint is : > > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.6) is correct. > > Unrar is not installed, it should be in /usr/bin/unrar. > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-Kettle-MailScanner-From > > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamavmodule, clamd > ============================================================== > ============= > ============================================================== > ============= > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > > If any of your virus scanners (clamavmodule,clamd) are not > listed there, you should check that they are installed > correctly and that MailScanner is finding them correctly via > its virus.scanners.conf. > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, line 1. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > line 93, line 1. > > the --debug stops at subtests = > and goes no futher > > Rob > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From Kevin_Miller at ci.juneau.ak.us Wed Mar 5 16:59:21 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 5 16:58:56 2008 Subject: off topic - Email Statistics In-Reply-To: References: <005d01c87a0d$93023ca0$6102a8c0@salemcorp.com> <47C6E4AB.7060802@USherbrooke.ca> <47CD21C1.8090400@gmail.com><20080304141918.GA2896@bnl.gov><0ab201c87e21$cf660790$6e3216b0$@swaney@fsl.com> <47CDB78E.20702@farrows.org> Message-ID: Scott Silva wrote: > on 3-4-2008 2:58 PM Kevin Miller spake the following: >> Peter Farrow wrote: >> >>> I didn't know that adverts were allowed on the Mailing list. >>> >>> This is basically spam in itself. >> >> Well, when you're the author of MailWatch (Steve Swaney) and have >> worked closely with Julian (the author of MailScanner) to produce a >> commercial offering incorporating those packages I guess you're >> entitled to a little self promotion. >> >> If Steve or Jules toot their own horn every now and again it's fine >> by me. Heck, if it was up to me they'd both be knighted instead of >> Bill Gates... >> >> ...Kevin > I think the Queen meant to behead "ol' Bill", but couldn't move the > sword fast enough! ;-P Ah. Guess the old gal just ain't as spry as she used to be. Maybe we can convince Prince Harry that Gates is actually Bin Laden in disquise now that he's not needed in Afghanistan any more. He could complete the job. ;-) Still think they outta give Jules & company the tap w/the broadsword... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From rob at kettle.org.uk Wed Mar 5 18:06:49 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Mar 5 18:07:34 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk><47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> Message-ID: <47CEE139.1060509@kettle.org.uk> hi, yup. I had to do pretty much that as the first upgrade install seemed to corrupt the .conf file somehow but not in any obvious way that I could see. rob D?rfler Andreas wrote: > hi rob, > > dunno if it helps, got the same problem and i had to install 4.67.6 twice. > first installed the latest stable 4.66.5-3 and then 4.67.6-1 again. > it works now. > > greetings > andy > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Rob Kettle >> Sent: Tuesday, March 04, 2008 9:21 PM >> To: mailscanner@lists.mailscanner.info >> Subject: Re: MailScanner 4.67.6 Attachment Issue >> >> Julian Field wrote: >> >>> Do a MailScanner --lint and a MailScanner --debug and check >>> >> that they >> >>> produce nothing untoward. >>> What MTA are you using, and have you followed the appropriate >>> installation instructions on www.mailscanner.info? How did >>> >> you install >> >>> it? What distribution, OS and version? What distribution of >>> MailScanner did you use? >>> >>> >>> Rob Kettle wrote: >>> >>>> Hi, >>>> >>>> just upgraded to the new release but when ever I start >>>> >> MailScanner I >> >>>> get a job MailScanner: Extracting Attachments that kicks >>>> >> in and uses >> >>>> 70+% CPU constantly and no mail gets processed. >>>> >>>> any help would be appreciated. >>>> >>>> thanks >>>> Rob >>>> >>>> >>> Jules >>> >>> >> Hi, I was running 4.66.5 with no Issues. Also using >> Mailwatch. System is Centos 5.1. MTA is sendmail. Sendmail >> runs fine on it's own without MailScanner. >> >> Output from --lint is : >> >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.67.6) is correct. >> >> Unrar is not installed, it should be in /usr/bin/unrar. >> This is required for RAR archives to be read to check >> filenames and filetypes. Virus scanning is not affected. >> >> >> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf >> ERROR: is not correct, it should match X-Kettle-MailScanner-From >> >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = >> /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamd" >> Found these virus scanners installed: clamavmodule, clamd >> ============================================================== >> ============= >> ============================================================== >> ============= >> Virus Scanner test reports: >> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >> >> If any of your virus scanners (clamavmodule,clamd) are not >> listed there, you should check that they are installed >> correctly and that MailScanner is finding them correctly via >> its virus.scanners.conf. >> commit ineffective with AutoCommit enabled at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm >> line 93, line 1. >> Commmit ineffective while AutoCommit is on at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm >> line 93, line 1. >> >> the --debug stops at subtests = >> and goes no futher >> >> Rob >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 5 18:10:49 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 5 18:11:44 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> Message-ID: on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > I reinstalled razor2 v2.84 using razor-admin -create and razor-admin -register > > 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 > 11:19:54 [1345] dbg: rules: compiled full tests > 11:19:54 [1345] dbg: info: entering helper-app run mode > 11:20:04 [1345] dbg: info: leaving helper-app run mode > 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds > > razor-agent.log: > > Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log > Mar 05 11:19:54.378768 check[1345]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity > Mar 05 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst > Mar 05 11:19:54.379648 check[1345]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst > Mar 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst > Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery > Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 > Mar 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 > Mar 05 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 > Mar 05 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 for server c303.cloudmark.com > Mar 05 11:19:57.544120 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... > Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest server discovery > Mar 05 11:19:57.544427 check[1345]: [ 5] forcing discovery > Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from server c303.cloudmark.com > Mar 05 11:19:57.544857 check[1345]: [ 4] c303.cloudmark.com << 5 > Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... > Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 > Mar 05 11:19:57.632396 check[1345]: [ 4] discovery.razor.cloudmark.com >> 111 > Mar 05 11:19:57.632831 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 > Mar 05 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 > Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server discovery.razor.cloudmark.com > Mar 05 11:19:57.648496 check[1345]: [ 4] discovery.razor.cloudmark.com << 5 > Mar 05 11:19:57.648631 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig > Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > > It still says no razorhome but look at /etc/razor/razor-agent.conf: > > debuglevel = 5 > identity = identity > ignorelist = 0 > listfile_catalogue = /etc/razor/servers.catalogue.lst > listfile_discovery = /etc/razor/servers.discovery.lst > listfile_nomination = /etc/razor/servers.nomination.lst > logfile = /var/log/razor-agent.log > logic_method = 4 > min_cf = ac > razordiscovery = discovery.razor.cloudmark.com > razorhome = /etc/razor > rediscovery_wait = 172800 > report_headers = 1 > turn_off_discovery = 0 > use_engines = 4,8 > whitelist = razor-whitelist > > > > Maxime Gaudreault > Technicien > OK. Maybe the /etc/razor directory doesn't have write access by whatever user calls razor. But it seems strange that razor can't write its cache, but can write to the logfile. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080305/a5ba4496/signature.bin From glenn.steen at gmail.com Wed Mar 5 18:39:29 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 5 18:40:06 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <47C98C54.1080705@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> Message-ID: <223f97700803051039x7d3e2601mb7247cf7c7f85d61@mail.gmail.com> On 05/03/2008, Maxime Gaudreault wrote: > I reinstalled razor2 v2.84 using razor-admin -create and razor-admin -register > > 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 > 11:19:54 [1345] dbg: rules: compiled full tests > 11:19:54 [1345] dbg: info: entering helper-app run mode > 11:20:04 [1345] dbg: info: leaving helper-app run mode > 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds > > razor-agent.log: > > Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated LogDebugLevel=5 to file:/var/log/razor-agent.log > Mar 05 11:19:54.378768 check[1345]: [ 5] computed razorhome=, conf=/etc/razor/razor-agent.conf, ident=identity > Mar 05 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from /etc/razor/servers.discovery.lst > Mar 05 11:19:54.379648 check[1345]: [ 5] read_file: 4 items read from /etc/razor/servers.nomination.lst > Mar 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst > Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery > Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 > Mar 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 > Mar 05 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 > Mar 05 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 for server c303.cloudmark.com > Mar 05 11:19:57.544120 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... > Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest server discovery > Mar 05 11:19:57.544427 check[1345]: [ 5] forcing discovery > Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from server c303.cloudmark.com > Mar 05 11:19:57.544857 check[1345]: [ 4] c303.cloudmark.com << 5 > Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... > Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 > Mar 05 11:19:57.632396 check[1345]: [ 4] discovery.razor.cloudmark.com >> 111 > Mar 05 11:19:57.632831 check[1345]: [ 4] discovery.razor.cloudmark.com << 12 > Mar 05 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 > Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server discovery.razor.cloudmark.com > Mar 05 11:19:57.648496 check[1345]: [ 4] discovery.razor.cloudmark.com << 5 > Mar 05 11:19:57.648631 check[1345]: [ 5] no razorhome, not caching server info to disk > Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig > Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > > It still says no razorhome but look at /etc/razor/razor-agent.conf: > > debuglevel = 5 > identity = identity > ignorelist = 0 > listfile_catalogue = /etc/razor/servers.catalogue.lst > listfile_discovery = /etc/razor/servers.discovery.lst > listfile_nomination = /etc/razor/servers.nomination.lst > logfile = /var/log/razor-agent.log > logic_method = 4 > min_cf = ac > razordiscovery = discovery.razor.cloudmark.com > razorhome = /etc/razor > rediscovery_wait = 172800 > report_headers = 1 > turn_off_discovery = 0 > use_engines = 4,8 > whitelist = razor-whitelist > > Is /etc/razor writable by your postfix user? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 5 18:48:00 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 5 18:48:35 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> Message-ID: <223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> On 05/03/2008, Scott Silva wrote: > on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > (snip) > > logfile = /var/log/razor-agent.log (snip) > > razorhome = /etc/razor (snip) > OK. Maybe the /etc/razor directory doesn't have write access by whatever user > calls razor. But it seems strange that razor can't write its cache, but can > write to the logfile. Different directories might have something to do with that... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mgaudreault at reference.qc.ca Wed Mar 5 18:48:55 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Mar 5 18:49:36 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> It doesn't work even with rwxrwxrwx for /etc/razor Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: March 5, 2008 1:11 PM To: mailscanner@lists.mailscanner.info Subject: Re: Queue problem on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > I reinstalled razor2 v2.84 using razor-admin -create and razor-admin > -register > > 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 > 11:19:54 [1345] dbg: rules: compiled full tests > 11:19:54 [1345] dbg: info: entering helper-app run mode > 11:20:04 [1345] dbg: info: leaving helper-app run mode > 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds > > razor-agent.log: > > Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated > LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 05 > 11:19:54.378768 check[1345]: [ 5] computed razorhome=, > conf=/etc/razor/razor-agent.conf, ident=identity Mar 05 > 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from > /etc/razor/servers.discovery.lst Mar 05 11:19:54.379648 check[1345]: [ > 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar > 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 > server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 Mar > 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 Mar 05 > 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 Mar 05 > 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 > for server c303.cloudmark.com Mar 05 11:19:57.544120 check[1345]: [ 5] > no razorhome, not caching server info to disk Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... > Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest > server discovery Mar 05 11:19:57.544427 check[1345]: [ 5] forcing > discovery Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from > server c303.cloudmark.com Mar 05 11:19:57.544857 check[1345]: [ 4] > c303.cloudmark.com << 5 Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... > Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com > >> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M > Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com > << 12 Mar 05 11:19:57.632396 check[1345]: [ 4] > discovery.razor.cloudmark.com >> 111 Mar 05 11:19:57.632831 > check[1345]: [ 4] discovery.razor.cloudmark.com << 12 Mar 05 > 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 > Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server > discovery.razor.cloudmark.com Mar 05 11:19:57.648496 check[1345]: [ 4] > discovery.razor.cloudmark.com << 5 Mar 05 11:19:57.648631 check[1345]: > [ 5] no razorhome, not caching server info to disk Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... > > It still says no razorhome but look at /etc/razor/razor-agent.conf: > > debuglevel = 5 > identity = identity > ignorelist = 0 > listfile_catalogue = /etc/razor/servers.catalogue.lst > listfile_discovery = /etc/razor/servers.discovery.lst > listfile_nomination = /etc/razor/servers.nomination.lst > logfile = /var/log/razor-agent.log > logic_method = 4 > min_cf = ac > razordiscovery = discovery.razor.cloudmark.com > razorhome = /etc/razor > rediscovery_wait = 172800 > report_headers = 1 > turn_off_discovery = 0 > use_engines = 4,8 > whitelist = razor-whitelist > > > > Maxime Gaudreault > Technicien > OK. Maybe the /etc/razor directory doesn't have write access by whatever user calls razor. But it seems strange that razor can't write its cache, but can write to the logfile. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From ssilva at sgvwater.com Wed Mar 5 19:13:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 5 19:14:46 2008 Subject: Queue problem In-Reply-To: <223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> Message-ID: on 3-5-2008 10:48 AM Glenn Steen spake the following: > On 05/03/2008, Scott Silva wrote: >> on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: >> > (snip) >> > logfile = /var/log/razor-agent.log > (snip) >> > razorhome = /etc/razor > (snip) >> OK. Maybe the /etc/razor directory doesn't have write access by whatever user >> calls razor. But it seems strange that razor can't write its cache, but can >> write to the logfile. > Different directories might have something to do with that... > > Cheers Yeah. I was looking at mine when I wrote it. Mine has the log in the razor home. Maybe it is time for me to update that so some log rotation takes place. I suppose a temporary solution would be to chmod 777 /etc/razor and see if the debug changes, although mine is at 755. But I'm running sendmail, so I don't have to deal with the "intricacies" of postfix. I can't remember what MTA the poster was running, or if it was even mentioned. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080305/30b745d8/signature.bin From MailScanner at ecs.soton.ac.uk Wed Mar 5 19:28:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 5 19:29:47 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CEE139.1060509@kettle.org.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk><47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> <47CEE139.1060509@kettle.org.uk> Message-ID: <47CEF46E.5030406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Kettle wrote: > hi, > > yup. I had to do pretty much that as the first upgrade install seemed > to corrupt the .conf file Which ".conf file" ? I haven't changed the upgrade_MailScanner_conf code for years, and it doesn't get run automatically anyway. I'm perplexed by these reports, they don't make any sense to me at all. > somehow but not in any obvious way that I could see. > > rob > > D?rfler Andreas wrote: >> hi rob, >> >> dunno if it helps, got the same problem and i had to install 4.67.6 >> twice. >> first installed the latest stable 4.66.5-3 and then 4.67.6-1 again. >> it works now. >> >> greetings >> andy >> >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob >>> Kettle >>> Sent: Tuesday, March 04, 2008 9:21 PM >>> To: mailscanner@lists.mailscanner.info >>> Subject: Re: MailScanner 4.67.6 Attachment Issue >>> >>> Julian Field wrote: >>> >>>> Do a MailScanner --lint and a MailScanner --debug and check >>> that they >>>> produce nothing untoward. >>>> What MTA are you using, and have you followed the appropriate >>>> installation instructions on www.mailscanner.info? How did >>> you install >>>> it? What distribution, OS and version? What distribution of >>>> MailScanner did you use? >>>> >>>> >>>> Rob Kettle wrote: >>>> >>>>> Hi, >>>>> >>>>> just upgraded to the new release but when ever I start >>> MailScanner I >>>>> get a job MailScanner: Extracting Attachments that kicks >>> in and uses >>>>> 70+% CPU constantly and no mail gets processed. >>>>> >>>>> any help would be appreciated. >>>>> >>>>> thanks >>>>> Rob >>>>> >>>>> >>>> Jules >>>> >>>> >>> Hi, I was running 4.66.5 with no Issues. Also using Mailwatch. >>> System is Centos 5.1. MTA is sendmail. Sendmail runs fine on it's >>> own without MailScanner. >>> >>> Output from --lint is : >>> >>> Trying to setlogsock(unix) >>> Checking version numbers... >>> Version number in MailScanner.conf (4.67.6) is correct. >>> >>> Unrar is not installed, it should be in /usr/bin/unrar. >>> This is required for RAR archives to be read to check filenames and >>> filetypes. Virus scanning is not affected. >>> >>> >>> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf >>> ERROR: is not correct, it should match X-Kettle-MailScanner-From >>> >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = >>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = clamd" >>> Found these virus scanners installed: clamavmodule, clamd >>> ============================================================== >>> ============= >>> ============================================================== >>> ============= >>> Virus Scanner test reports: >>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>> >>> If any of your virus scanners (clamavmodule,clamd) are not listed >>> there, you should check that they are installed correctly and that >>> MailScanner is finding them correctly via its virus.scanners.conf. >>> commit ineffective with AutoCommit enabled at >>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line >>> 93, line 1. >>> Commmit ineffective while AutoCommit is on at >>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line >>> 93, line 1. >>> >>> the --debug stops at subtests = >>> and goes no futher >>> >>> Rob >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzvR4EfZZRxQVtlQRAgfjAJ9LJFZbtwN4S1fraDJhWriqjTZGPgCg4U6J G/Ggria71ZEiRA9u8XylSWE= =czIw -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Wed Mar 5 19:31:30 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Mar 5 19:32:10 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local> <4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B854533F@jupiter.reference.local> I tried with a chmod 777 .. same thing it doesn't work Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: March 5, 2008 2:14 PM To: mailscanner@lists.mailscanner.info Subject: Re: Queue problem on 3-5-2008 10:48 AM Glenn Steen spake the following: > On 05/03/2008, Scott Silva wrote: >> on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: >> > (snip) >> > logfile = /var/log/razor-agent.log > (snip) >> > razorhome = /etc/razor > (snip) >> OK. Maybe the /etc/razor directory doesn't have write access by >> whatever user calls razor. But it seems strange that razor can't >> write its cache, but can write to the logfile. > Different directories might have something to do with that... > > Cheers Yeah. I was looking at mine when I wrote it. Mine has the log in the razor home. Maybe it is time for me to update that so some log rotation takes place. I suppose a temporary solution would be to chmod 777 /etc/razor and see if the debug changes, although mine is at 755. But I'm running sendmail, so I don't have to deal with the "intricacies" of postfix. I can't remember what MTA the poster was running, or if it was even mentioned. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! From glenn.steen at gmail.com Wed Mar 5 19:44:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 5 19:45:36 2008 Subject: Queue problem In-Reply-To: References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <47C9A25E.3050507@ecs.soton.ac.uk> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> Message-ID: <223f97700803051144i2dcf6f50p5efad3133ab2adf7@mail.gmail.com> On 05/03/2008, Scott Silva wrote: > on 3-5-2008 10:48 AM Glenn Steen spake the following: > > > On 05/03/2008, Scott Silva wrote: > >> on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > >> > > (snip) > >> > logfile = /var/log/razor-agent.log > > (snip) > >> > razorhome = /etc/razor > > (snip) > >> OK. Maybe the /etc/razor directory doesn't have write access by whatever user > >> calls razor. But it seems strange that razor can't write its cache, but can > >> write to the logfile. > > Different directories might have something to do with that... > > > > Cheers > > Yeah. I was looking at mine when I wrote it. Mine has the log in the razor > home. Maybe it is time for me to update that so some log rotation takes place. > I suppose a temporary solution would be to chmod 777 /etc/razor and see if the > debug changes, although mine is at 755. But I'm running sendmail, so I don't > have to deal with the "intricacies" of postfix. I can't remember what MTA the > poster was running, or if it was even mentioned. > Maxime has asked a few questions regarding Postfix, so I'm guessing that:-). And Maxime has set /etc/razor to 777 already, with little->no effect... Hm. Maxime, could you do a quick test? Check as the postfix user that that user can write to /etc/razor... Something like: su - postfix -s /bin/bash touch /etc/razor/somefile || echo "Ohoh" should do the trick. Might be that perms on /etc foul things up. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Wed Mar 5 19:46:39 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Wed Mar 5 19:47:33 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> Message-ID: <47CEF89F.4020806@USherbrooke.ca> Maxime Gaudreault a ?crit : > It doesn't work even with rwxrwxrwx for /etc/razor > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: March 5, 2008 1:11 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Queue problem > > on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > >> I reinstalled razor2 v2.84 using razor-admin -create and razor-admin >> -register >> >> 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 >> 11:19:54 [1345] dbg: rules: compiled full tests >> 11:19:54 [1345] dbg: info: entering helper-app run mode >> 11:20:04 [1345] dbg: info: leaving helper-app run mode >> 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds >> >> razor-agent.log: >> >> Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated >> LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 05 >> 11:19:54.378768 check[1345]: [ 5] computed razorhome=, >> conf=/etc/razor/razor-agent.conf, ident=identity Mar 05 >> 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from >> /etc/razor/servers.discovery.lst Mar 05 11:19:54.379648 check[1345]: [ >> 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar >> 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... >> Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 >> server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M >> Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 Mar >> 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 Mar 05 >> 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 Mar 05 >> 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 >> for server c303.cloudmark.com Mar 05 11:19:57.544120 check[1345]: [ 5] >> no razorhome, not caching server info to disk Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... >> Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest >> server discovery Mar 05 11:19:57.544427 check[1345]: [ 5] forcing >> discovery Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from >> server c303.cloudmark.com Mar 05 11:19:57.544857 check[1345]: [ 4] >> c303.cloudmark.com << 5 Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... >> Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com >> >>>> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M >>>> >> Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com >> << 12 Mar 05 11:19:57.632396 check[1345]: [ 4] >> discovery.razor.cloudmark.com >> 111 Mar 05 11:19:57.632831 >> check[1345]: [ 4] discovery.razor.cloudmark.com << 12 Mar 05 >> 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 >> Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server >> discovery.razor.cloudmark.com Mar 05 11:19:57.648496 check[1345]: [ 4] >> discovery.razor.cloudmark.com << 5 Mar 05 11:19:57.648631 check[1345]: >> [ 5] no razorhome, not caching server info to disk Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... >> >> It still says no razorhome but look at /etc/razor/razor-agent.conf: >> >> debuglevel = 5 >> identity = identity >> ignorelist = 0 >> listfile_catalogue = /etc/razor/servers.catalogue.lst >> listfile_discovery = /etc/razor/servers.discovery.lst >> listfile_nomination = /etc/razor/servers.nomination.lst >> logfile = /var/log/razor-agent.log >> logic_method = 4 >> min_cf = ac >> razordiscovery = discovery.razor.cloudmark.com >> razorhome = /etc/razor >> rediscovery_wait = 172800 >> report_headers = 1 >> turn_off_discovery = 0 >> use_engines = 4,8 >> whitelist = razor-whitelist >> >> >> >> Maxime Gaudreault >> Technicien >> >> > OK. Maybe the /etc/razor directory doesn't have write access by whatever user calls razor. But it seems strange that razor can't write its cache, but can write to the logfile. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > Maxime, If your postfix is chrooted it may not even see /etc/razor... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From rob at kettle.org.uk Wed Mar 5 20:06:38 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Wed Mar 5 20:07:13 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CEF46E.5030406@ecs.soton.ac.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk><47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> <47CEE139.1060509@kettle.org.uk> <47CEF46E.5030406@ecs.soton.ac.uk> Message-ID: <47CEFD4E.2020105@kettle.org.uk> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rob Kettle wrote: > >> hi, >> >> yup. I had to do pretty much that as the first upgrade install seemed >> to corrupt the .conf file >> > Which ".conf file" ? > I haven't changed the upgrade_MailScanner_conf code for years, and it > doesn't get run automatically anyway. > I'm perplexed by these reports, they don't make any sense to me at all. > the mailscanner.conf file in /etc/MailScanner i too was very surprised but that is what happened. first time i've had any issue with the upgrade and I've been using it for years. just bad look i guess. >> somehow but not in any obvious way that I could see. >> >> rob >> >> D?rfler Andreas wrote: >> >>> hi rob, >>> >>> dunno if it helps, got the same problem and i had to install 4.67.6 >>> twice. >>> first installed the latest stable 4.66.5-3 and then 4.67.6-1 again. >>> it works now. >>> >>> greetings >>> andy >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rob >>>> Kettle >>>> Sent: Tuesday, March 04, 2008 9:21 PM >>>> To: mailscanner@lists.mailscanner.info >>>> Subject: Re: MailScanner 4.67.6 Attachment Issue >>>> >>>> Julian Field wrote: >>>> >>>> >>>>> Do a MailScanner --lint and a MailScanner --debug and check >>>>> >>>> that they >>>> >>>>> produce nothing untoward. >>>>> What MTA are you using, and have you followed the appropriate >>>>> installation instructions on www.mailscanner.info? How did >>>>> >>>> you install >>>> >>>>> it? What distribution, OS and version? What distribution of >>>>> MailScanner did you use? >>>>> >>>>> >>>>> Rob Kettle wrote: >>>>> >>>>> >>>>>> Hi, >>>>>> >>>>>> just upgraded to the new release but when ever I start >>>>>> >>>> MailScanner I >>>> >>>>>> get a job MailScanner: Extracting Attachments that kicks >>>>>> >>>> in and uses >>>> >>>>>> 70+% CPU constantly and no mail gets processed. >>>>>> >>>>>> any help would be appreciated. >>>>>> >>>>>> thanks >>>>>> Rob >>>>>> >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>> Hi, I was running 4.66.5 with no Issues. Also using Mailwatch. >>>> System is Centos 5.1. MTA is sendmail. Sendmail runs fine on it's >>>> own without MailScanner. >>>> >>>> Output from --lint is : >>>> >>>> Trying to setlogsock(unix) >>>> Checking version numbers... >>>> Version number in MailScanner.conf (4.67.6) is correct. >>>> >>>> Unrar is not installed, it should be in /usr/bin/unrar. >>>> This is required for RAR archives to be read to check filenames and >>>> filetypes. Virus scanning is not affected. >>>> >>>> >>>> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf >>>> ERROR: is not correct, it should match X-Kettle-MailScanner-From >>>> >>>> >>>> Checking for SpamAssassin errors (if you use it)... >>>> SpamAssassin temp dir = >>>> /var/spool/MailScanner/incoming/SpamAssassin-Temp >>>> SpamAssassin reported no errors. >>>> MailScanner.conf says "Virus Scanners = clamd" >>>> Found these virus scanners installed: clamavmodule, clamd >>>> ============================================================== >>>> ============= >>>> ============================================================== >>>> ============= >>>> Virus Scanner test reports: >>>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>>> >>>> If any of your virus scanners (clamavmodule,clamd) are not listed >>>> there, you should check that they are installed correctly and that >>>> MailScanner is finding them correctly via its virus.scanners.conf. >>>> commit ineffective with AutoCommit enabled at >>>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line >>>> 93, line 1. >>>> Commmit ineffective while AutoCommit is on at >>>> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line >>>> 93, line 1. >>>> >>>> the --debug stops at subtests = >>>> and goes no futher >>>> >>>> Rob >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFHzvR4EfZZRxQVtlQRAgfjAJ9LJFZbtwN4S1fraDJhWriqjTZGPgCg4U6J > G/Ggria71ZEiRA9u8XylSWE= > =czIw > -----END PGP SIGNATURE----- > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael at syska.dk Wed Mar 5 20:27:56 2008 From: mikael at syska.dk (Mikael Syska) Date: Wed Mar 5 20:28:35 2008 Subject: Batch times ... seems like its the Online test(how to debug which) Message-ID: <6beca9db0803051227l55deca6dre5a363c3a91001a5@mail.gmail.com> Hi, I think I have some problems on my MailScanner box .... As we speak the queue is filling up and there are ATM 900 messages in queue, started 19.30, about 2 hours ago ... So ... are my system to small or do we need some tweaking ... ? First question ... What are the best way to get a list of what RBL's SA are using and maybe test if some of them are down, not online any more, I'm beeing black listed and maybe get a timeout ? As I think we have a bit too high scan times cause of this ... maybe its something else ..... :-( But its not easy to figure out what is taking all the time ... or maybe just to many RBL ( I'm only using them inside SA ) As a manually scan dont take more than ... well, very short time ... dont know really how to debug it .... MS says about 8 sec per mail ... spam02# spamassassin --progress -t -L < 65FB580C30C.D8DAA Content analysis details: (7.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.5 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 1.7 FUZZY_ERECT BODY: Attempt to obfuscate words in spam 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 100% Completed 38479.85 msgs/sec in 00m00s vs spam02# spamassassin --progress -t -L < 65FB580C30C.D8DAA Content analysis details: (22.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 RCVD_IN_UCE_PFSM_1 RBL: Received via a relay in UCE_PFSM_1 [210.113.42.102 listed in dnsbl-1.uceprotect.net] 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [210.113.42.102 listed in zen.spamhaus.org] 1.5 RCVD_IN_PSBL RBL: Received via a relay in PSBL [210.113.42.102 listed in psbl.surriel.com] 1.0 RCVD_IN_LASHBACK RBL: lashback [210.113.42.102 listed in ubl.unsubscore.com] 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 0.8 FUZZY_ERECT BODY: Attempt to obfuscate words in spam 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.0 DIGEST_MULTIPLE Message hits more than one network digest check 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS 100% Completed 38479.85 msgs/sec in 00m00s >From a few days ago: And from the maillog: Feb 28 15:09:54 spam02 MailScanner[16804]: Batch (20 messages) processed in 124.66 seconds Feb 28 15:09:55 spam02 MailScanner[17104]: Batch (8 messages) processed in 52.43 seconds Feb 28 15:09:57 spam02 MailScanner[16838]: Batch (7 messages) processed in 40.10 seconds Feb 28 15:10:07 spam02 MailScanner[16830]: Batch (3 messages) processed in 26.82 seconds Feb 28 15:10:11 spam02 MailScanner[16935]: Batch (2 messages) processed in 9.52 seconds Feb 28 15:10:13 spam02 MailScanner[16901]: Batch (1 message) processed in 8.35 seconds Feb 28 15:10:37 spam02 MailScanner[16935]: Batch (2 messages) processed in 17.79 seconds >From today: Mar 5 21:19:25 spam02 MailScanner[88165]: Batch (20 messages) processed in 149.17 seconds Mar 5 21:19:27 spam02 MailScanner[88368]: Batch (20 messages) processed in 182.13 seconds Mar 5 21:20:01 spam02 MailScanner[88268]: Batch (20 messages) processed in 159.18 seconds Mar 5 21:20:05 spam02 MailScanner[88418]: Batch (20 messages) processed in 171.26 seconds Mar 5 21:20:09 spam02 MailScanner[88212]: Batch (20 messages) processed in 180.10 seconds Mar 5 21:20:34 spam02 MailScanner[88286]: Batch (20 messages) processed in 153.17 seconds so ... how can I debug this better ... I'm total lost ... with the above testing ... with and without external ( -L, --local Local tests only (no online tests) ) The local are way faster ... so ... a good way to figure out how to test the online sources I'm using ... most of them are default in the SA install ... but I have also added some ... Any hint etc are most welcome ... System: FreeBSD 7.0-BETA1 ( Will be upgraded soon ) Dell PowerEdge 860 CPU Dual Core Intel Xeon 3060 2.40 Ghz, 4MB L2 cache, 1066 Fsb Ram 2GB DDR2 667MHz(2x1GB Dual ranked DIMM's Harddrives 2 stk 146GB in raid 1 MS settings: Max Children = 10 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 20 Max Unsafe Messages Per Scan = 20 Dont know what more options you need ... if, just ask .... best regards Mikael Syska From mgaudreault at reference.qc.ca Wed Mar 5 20:48:00 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Mar 5 20:48:37 2008 Subject: Queue problem In-Reply-To: <223f97700803051144i2dcf6f50p5efad3133ab2adf7@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local><625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local><223f97700803051048j25e877e4nc89400783ed37616@mail.gmail.com> <223f97700803051144i2dcf6f50p5efad3133ab2adf7@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B854534A@jupiter.reference.local> user postfix can write to /etc/razor The log says: no razorhome so I guess it's not a permission problem unless it'd says: can't write to razorhome or something like that... no ? Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: March 5, 2008 2:45 PM To: MailScanner discussion Subject: Re: Queue problem On 05/03/2008, Scott Silva wrote: > on 3-5-2008 10:48 AM Glenn Steen spake the following: > > > On 05/03/2008, Scott Silva wrote: > >> on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > >> > > (snip) > >> > logfile = /var/log/razor-agent.log > > (snip) > >> > razorhome = /etc/razor > > (snip) > >> OK. Maybe the /etc/razor directory doesn't have write access by whatever user > >> calls razor. But it seems strange that razor can't write its cache, but can > >> write to the logfile. > > Different directories might have something to do with that... > > > > Cheers > > Yeah. I was looking at mine when I wrote it. Mine has the log in the razor > home. Maybe it is time for me to update that so some log rotation takes place. > I suppose a temporary solution would be to chmod 777 /etc/razor and see if the > debug changes, although mine is at 755. But I'm running sendmail, so I don't > have to deal with the "intricacies" of postfix. I can't remember what MTA the > poster was running, or if it was even mentioned. > Maxime has asked a few questions regarding Postfix, so I'm guessing that:-). And Maxime has set /etc/razor to 777 already, with little->no effect... Hm. Maxime, could you do a quick test? Check as the postfix user that that user can write to /etc/razor... Something like: su - postfix -s /bin/bash touch /etc/razor/somefile || echo "Ohoh" should do the trick. Might be that perms on /etc foul things up. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mgaudreault at reference.qc.ca Wed Mar 5 20:48:09 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Wed Mar 5 20:48:45 2008 Subject: Queue problem In-Reply-To: <47CEF89F.4020806@USherbrooke.ca> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85451C6@jupiter.reference.local><47C88BFA.4030906@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451F7@jupiter.reference.local><47C98C54.1080705@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85451FA@jupiter.reference.local><4CAB0118AEC63A4FAAE77E6BCBDF760C384668B801@server02.bhl.local><47C9A25E.3050507@ecs.soton.ac.uk><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> <47CEF89F.4020806@USherbrooke.ca> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local> postfix is not chrooted Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: March 5, 2008 2:47 PM To: MailScanner discussion Subject: Re: Queue problem Maxime Gaudreault a ?crit : > It doesn't work even with rwxrwxrwx for /etc/razor > > Maxime Gaudreault > Technicien > > R?f?rence Syst?mes inc. > T?l. : 418.650.0997 > T?l?c. : 418.650.9668 > Courriel : mgaudreault@reference.qc.ca > Site Internet : http://www.reference.qc.ca/ > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: March 5, 2008 1:11 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Queue problem > > on 3-5-2008 8:26 AM Maxime Gaudreault spake the following: > >> I reinstalled razor2 v2.84 using razor-admin -create and razor-admin >> -register >> >> 11:19:46 [1345] dbg: razor2: razor2 is available, version 2.84 >> 11:19:54 [1345] dbg: rules: compiled full tests >> 11:19:54 [1345] dbg: info: entering helper-app run mode >> 11:20:04 [1345] dbg: info: leaving helper-app run mode >> 11:20:04 [1345] dbg: razor2: razor2 check timed out after 10 seconds >> >> razor-agent.log: >> >> Mar 05 11:19:54.378480 check[1345]: [ 2] [bootup] Logging initiated >> LogDebugLevel=5 to file:/var/log/razor-agent.log Mar 05 >> 11:19:54.378768 check[1345]: [ 5] computed razorhome=, >> conf=/etc/razor/razor-agent.conf, ident=identity Mar 05 >> 11:19:54.379383 check[1345]: [ 5] read_file: 1 items read from >> /etc/razor/servers.discovery.lst Mar 05 11:19:54.379648 check[1345]: [ >> 5] read_file: 4 items read from /etc/razor/servers.nomination.lst Mar >> 05 11:19:54.379929 check[1345]: [ 5] read_file: 5 items read from /etc/razor/servers.catalogue.lst Mar 05 11:19:54.381043 check[1345]: [ 5] 151679 seconds before closest server discovery Mar 05 11:19:54.381314 check[1345]: [ 5] no razorhome, not caching server info to disk Mar 05 11:19:54.383995 check[1345]: [ 5] Connecting to c303.cloudmark.com ... >> Mar 05 11:19:57.454347 check[1345]: [ 4] c303.cloudmark.com >> 36 >> server greeting: sn=C&srl=5426&a=1&a=cg&ep4=7542-10^M >> Mar 05 11:19:57.454748 check[1345]: [ 4] c303.cloudmark.com << 25 Mar >> 05 11:19:57.454976 check[1345]: [ 4] c303.cloudmark.com << 14 Mar 05 >> 11:19:57.542496 check[1345]: [ 4] c303.cloudmark.com >> 264 Mar 05 >> 11:19:57.543777 check[1345]: [ 5] Updated to new server state srl 5426 >> for server c303.cloudmark.com Mar 05 11:19:57.544120 check[1345]: [ 5] >> no razorhome, not caching server info to disk Mar 05 11:19:57.544201 check[1345]: [ 5] srl was updated, forcing discovery ... >> Mar 05 11:19:57.544352 check[1345]: [ 5] 167265 seconds before closest >> server discovery Mar 05 11:19:57.544427 check[1345]: [ 5] forcing >> discovery Mar 05 11:19:57.544681 check[1345]: [ 5] disconnecting from >> server c303.cloudmark.com Mar 05 11:19:57.544857 check[1345]: [ 4] >> c303.cloudmark.com << 5 Mar 05 11:19:57.545013 check[1345]: [ 5] Connecting to discovery.razor.cloudmark.com ... >> Mar 05 11:19:57.581489 check[1345]: [ 4] discovery.razor.cloudmark.com >> >>>> 35 server greeting: sn=D&srl=551&a=1&a=cg&ep4=7542-10^M >>>> >> Mar 05 11:19:57.581731 check[1345]: [ 4] discovery.razor.cloudmark.com >> << 12 Mar 05 11:19:57.632396 check[1345]: [ 4] >> discovery.razor.cloudmark.com >> 111 Mar 05 11:19:57.632831 >> check[1345]: [ 4] discovery.razor.cloudmark.com << 12 Mar 05 >> 11:19:57.647953 check[1345]: [ 4] discovery.razor.cloudmark.com >> 91 >> Mar 05 11:19:57.648340 check[1345]: [ 5] disconnecting from server >> discovery.razor.cloudmark.com Mar 05 11:19:57.648496 check[1345]: [ 4] >> discovery.razor.cloudmark.com << 5 Mar 05 11:19:57.648631 check[1345]: >> [ 5] no razorhome, not caching server info to disk Mar 05 11:19:57.648957 check[1345]: [ 5] mail 1.0 e8 got no sig Mar 05 11:19:57.649071 check[1345]: [ 5] Connecting to c303.cloudmark.com ... >> >> It still says no razorhome but look at /etc/razor/razor-agent.conf: >> >> debuglevel = 5 >> identity = identity >> ignorelist = 0 >> listfile_catalogue = /etc/razor/servers.catalogue.lst >> listfile_discovery = /etc/razor/servers.discovery.lst >> listfile_nomination = /etc/razor/servers.nomination.lst >> logfile = /var/log/razor-agent.log >> logic_method = 4 >> min_cf = ac >> razordiscovery = discovery.razor.cloudmark.com >> razorhome = /etc/razor >> rediscovery_wait = 172800 >> report_headers = 1 >> turn_off_discovery = 0 >> use_engines = 4,8 >> whitelist = razor-whitelist >> >> >> >> Maxime Gaudreault >> Technicien >> >> > OK. Maybe the /etc/razor directory doesn't have write access by whatever user calls razor. But it seems strange that razor can't write its cache, but can write to the logfile. > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > Maxime, If your postfix is chrooted it may not even see /etc/razor... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From steve at fsl.com Wed Mar 5 21:19:51 2008 From: steve at fsl.com (Stephen Swaney) Date: Wed Mar 5 21:20:30 2008 Subject: [Fwd: MailWatch v2 alpha 1] Message-ID: <47CF0E77.2000001@fsl.com> Steve posted this to the MailWatch list and then took off for a well earned week of vacation. He just asked me to cross post to the MS list so here it is. Having watched it develop I can very safely say that it's quite worth a look :) Enjoy, Steve Steve Swaney steve@fsl.com www.fsl.com -------- Original Message -------- Subject: MailWatch v2 alpha 1 Date: Mon, 03 Mar 2008 07:18:32 +0000 From: Steve Freegard Reply-To: mailwatch-users@lists.sourceforge.net Organization: Fort Systems Ltd. To: mailwatch-users@lists.sourceforge.net Newsgroups: gmane.mail.virus.mailscanner.mailwatch.general Hi All, I've been up all night working on this and all day yesterday to get this released before I go on holiday today. It's functional - but there are going to be a lot of UI bugs and it also looks like crap and so is the documentation at the moment. What definitely doesn't work: SQL Black/White lists. (no CustomConfig module yet) SQL Spam Scores. (no CustomConfig module yet) Report Scheduler. Password Changing Admins can't manage users settings/lists It isn't possible to create the initial admin user or domain admins via the Web UI. You can download the alpha packages (both are required) from: http://www.fsl.com/mailwatch/mailwatch_v2a1.tar.gz http://www.fsl.com/mailwatch/mailwatchd_v2a1.tar.gz http://www.fsl.com/mailwatch/MailWatch_v2_install_instructions.odt As soon as I get back from holiday I will generate some RPM packages to make this easier to install and address the remaining issues and documentation. Remember - this version is *not* GPL, see the LICENSE file or the top of the source code files. Kind regards, Steve. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ From mikew at crucis.net Wed Mar 5 22:23:38 2008 From: mikew at crucis.net (Mike W) Date: Wed Mar 5 22:24:48 2008 Subject: RESOLVED: F-Prot not being executed by MailScanner 4.66.5-3 Message-ID: <47CF1D6A.8060903@crucis.net> I happy to report that f-prot is now checking for virus as well as ClamAV. I had upgraded to 4.67.6-1 and initially, it did not execute f-prot although f-prot and ClamAV were detected. I had rebooted this morning before leaving for the office and now I see both anti-virus being detected by MS and being executed when I sent through some eicar tests. I'm unsure what was needed to fix the issue---reinstalling Scalar::Utils or upgrading MS. Whatever it was, I'm happy with the result. Thank you all for your help and advice, especially to Res who exchanged a number of e-mails with me and tried to help diagnose the cause. Mike Watson -- This message has been scanned for viruses and dangerous content by MailScanner@CYGNI, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 5 22:50:51 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 5 22:51:27 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local> <625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> <47CEF89F.4020806@USherbrooke.ca> <6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local> Message-ID: <223f97700803051450t5a461e13tc959712a77c24bfd@mail.gmail.com> On 05/03/2008, Maxime Gaudreault wrote: > postfix is not chrooted > Just out of the .... curiosity value gained:-)... Could you remove the razor config (not from MS, just the config changes you've done to razor) and make sure it has a .razor (writable) in ~postfix, so that when you do the usual discover it would find and use the defualt? Does that work? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Mar 5 22:52:05 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 5 22:53:01 2008 Subject: F-Prot 6 (and lack of speed thereof) Message-ID: <47CF2415.7080400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 F-Prot 6, when used as a command-line scanner, is appallingly slow. However, it comes with a daemon fpscand. This runs a whole lot faster. My next job is to implement support for fpscand (I'll probably call it f-protd, which is the name of the "service" used to start and stop it). This should bring back the speed of f-prot, hopefully to the same speed as f-prot 4, which used to be one of the fastest scanners around. Expect news on this front very soon, it affects me badly on my own site :-( Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFHzyQXEfZZRxQVtlQRAqCuAKCMKB4F6sd9xYQ716ZHYQ11sa9PAACdHSYC d1YxyypP+yDTiYAfhYPGL4E= =Ze9O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Wed Mar 5 22:56:15 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 5 22:56:55 2008 Subject: OT: MailWatch Question/ MailScanner Feature Request In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FD@server02.bhl.local> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com><8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com><20080303193924.GA13680@mikea.ath.cx><47CC67B8.2050508@sendit.nodak.edu><47CC6D95.7070406@ew3d.com><47CC7CBA.8090302@evi-inc.com><47CC82B0.1030908@farrows.org><8f54b4330803031520t3517d622ifcc95911c2e5d433@mail.gmail.com><47CD67A0.7070203@evi-inc.com><8f54b4330803040806oec83d3bp3e88aa3e6216a9@mail.gmail.com><47CD7AF7.70307@evi-inc.com><47CD7C42.10404@farrows.org><610C64469748E84DB6BDD5BD23F01A760CA4D7@MED-CORE03-MS1.med.wayne.edu><47CD956F.1050905@fsl.com>, <610C64469748E84DB6BDD5BD23F01A760CA4F4@MED-CORE03-MS1.med.wayne.edu> <4CAB0118AEC63A4FAAE77E6BCBDF760C38466C11FD@server02.bhl.local> Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA52A@MED-CORE03-MS1.med.wayne.edu> Justin, is it easily possible for this feature to be added? Maybe something where if there is multiple rulesets or a ruleset & customfunction that the info is aggregated. My thought is per user whitelist pulled from either sql or ldap and prepending that data to a more global info pulled from a ruleset which has better features for a global setup. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jason Ede Sent: Wednesday, March 05, 2008 3:06 AM To: MailScanner discussion Subject: RE: OT: MailWatch Question ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby [brose@med.wayne.edu] Sent: 05 March 2008 00:22 To: MailScanner discussion Subject: RE: OT: MailWatch Question Thanks. I'd read that in the mailscanner and mailwatch archives but my crazy logic considers wildcard and regex differently. Is it possible for MailScanner to process multiple ruleset or customfunctions in the same way it does it for actions, virus scanners, etc? What I'd like is to allow users have their own whitelists/blacklists but still have my global rules that consists IP & Email Address Regex FROM combos. -=B I tried getting both rulesets and custom functions working but never managed to get it to work satisfactorily. Again I wanted the same functionality that it sounds you're looking for. I've settled for having rulesets or functions. Jason -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Wed Mar 5 23:07:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 5 23:08:19 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <47CF2415.7080400@ecs.soton.ac.uk> References: <47CF2415.7080400@ecs.soton.ac.uk> Message-ID: on 3-5-2008 2:52 PM Julian Field spake the following: > F-Prot 6, when used as a command-line scanner, is appallingly slow. > However, it comes with a daemon fpscand. > This runs a whole lot faster. > > My next job is to implement support for fpscand (I'll probably call it > f-protd, which is the name of the "service" used to start and stop it). > This should bring back the speed of f-prot, hopefully to the same speed > as f-prot 4, which used to be one of the fastest scanners around. > > Expect news on this front very soon, it affects me badly on my own site :-( > > Jules > Hopefully it will be similar to the clamd work you have already done. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080305/797ef7b3/signature.bin From rcooper at dwford.com Wed Mar 5 23:33:51 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 5 23:34:38 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: References: <47CF2415.7080400@ecs.soton.ac.uk> Message-ID: <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Scott Silva > Sent: Wednesday, March 05, 2008 6:07 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: F-Prot 6 (and lack of speed thereof) > > on 3-5-2008 2:52 PM Julian Field spake the following: > > F-Prot 6, when used as a command-line scanner, is appallingly slow. > > However, it comes with a daemon fpscand. > > This runs a whole lot faster. > > > > My next job is to implement support for fpscand (I'll > probably call it > > f-protd, which is the name of the "service" used to start > and stop it). > > This should bring back the speed of f-prot, hopefully to > the same speed > > as f-prot 4, which used to be one of the fastest scanners around. > > > > Expect news on this front very soon, it affects me badly > on my own site :-( > > > > Jules > > > Hopefully it will be similar to the clamd work you have already done. > -- Not much, no. The f-protd expects http GET like syntax, it returns xml (even the error codes) so I would think there will be a bit more to the parseing, as well as building the command. The documentation reference properl url encoded, and it requires the ?/& separators between arguments as well (of course). And I really don't like the sound of this part: "The Daemon Scanner is designed to automatically update itself by executing itself when a new version is in place. The newly executed copy is will bind to the next available port in it's range (by default 10200-10204) since the outdated process stays alive for about 5 - 10 seconds. This is done to guarantee that there is always at least one daemon available at any given time. Clients are expected to cycle through the port range to find a live Daemon Scanner when the one they were previously using dies." How absolutely retarded is that? Here, lemme scan through a few ports looking the currently active daemon, and oh yeah, it apparently will disconnect even when there is an active session, if so we just start scanning through the ports looking for something alive again. Certainly nothing like clamd, or any other rational virus scanning daemon. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Thu Mar 6 01:25:54 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Mar 6 01:26:32 2008 Subject: rpm install of perl-Test-Pod-1.26-1 from install.sh fails Message-ID: I don't know if this is appropriate for this list or not, but I noticed in the output from running the rpm based install.sh script for MailScanner 4.67.6-1 on CentOS 5, that the install of perl-Test-Pod-1.26-1 fails because the 'make test' fails 5 tests. I'm not very familiar with perl installs or tests, but it seems to me that the failures are due to incorrect regexps in the tests (or possibly a version mismatch in a dependency) rather than actual failures. One example is t/cut-outside-block.... # Failed test (t/cut-outside-block.t at line 20) # STDERR is: # # Failed test (t/cut-outside-block.t at line 15) # # t/cut-outside-block.pod (5): =cut found outside a pod block. Skipping to next block. # # not: # /#\s+Failed\ test.*?\n?.*?at\ t\/cut\-outside\-block\.t line 15.*\n?/ # # # t/cut-outside-block.pod (5): =cut found outside a pod block. Skipping to next block. # # as expected In other words it is looking for "at t/cut-outside-block.t line 15" and getting "(t/cut-outside-block.t at line 15)" so the test is failed. The other four tests fail in exactly the same way. The end result is perl-Test-Pod-1.26-1 is not installed. I believe this also happened with the installation of MailScanner betas 4.67.4 and 4.67.5. I don't think it occurred with my initial install of 4.65 This doesn't seem to affect the operation of MailScanner, and it does occur in the section where installs are preceded by Do not worry too much about errors from the next command. It is quite likely that some of the Perl modules are already installed on your system. The important ones are HTML-Parser and MIME-tools. so I'm not too concerned, but I wonder if anyone has any insight into the problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ugob at lubik.ca Thu Mar 6 02:04:20 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 02:05:09 2008 Subject: Include tools with MailScanner distro Message-ID: Hi, Suggestion: Many of us have some scripts that help manage our MailScanner servers. Wouldn't it be nice if it was packaged with MailScanner, or in a separate, optional package? I'm thinking about scripts to check for queue size, processing speed, etc. Opinions? Ugo From mailscanner.info at tedworld.com Thu Mar 6 02:12:02 2008 From: mailscanner.info at tedworld.com (tlum) Date: Thu Mar 6 02:12:19 2008 Subject: Logs infections that are not there. Message-ID: <47CF52F2.9030206@tedworld.com> Consistently logs the following: Mar 5 21:04:18 ms1srvp01 MailScanner[32191]: ClamAVModule::! <- DESTROY= undef during global destruction Mar 5 21:04:19 ms1srvp01 MailScanner[32191]: Virus Scanning: ClamAVModule found 12 infections Mar 5 21:04:19 ms1srvp01 MailScanner[32191]: Virus Scanning: Found 12 viruses Mar 5 21:04:20 ms1srvp01 MailScanner[32191]: Requeue: A24DA900F9.26739 to 6561D900FB Mar 5 21:04:20 ms1srvp01 postfix/qmgr[31346]: 6561D900FB: from=, size=2562, nrcpt=1 (queue active) Mar 5 21:04:20 ms1srvp01 MailScanner[32191]: Uninfected: Delivered 1 messages It always reports 12. There is no infection and the message gets delivered. Not even sure where to start. Any Ideas? -Ted- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 6 12:09:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 12:10:14 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> Message-ID: <47CFDEFA.8020103@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Scott Silva > > Sent: Wednesday, March 05, 2008 6:07 PM > > To: mailscanner@lists.mailscanner.info > > Subject: Re: F-Prot 6 (and lack of speed thereof) > > > > on 3-5-2008 2:52 PM Julian Field spake the following: > > > F-Prot 6, when used as a command-line scanner, is appallingly slow. > > > However, it comes with a daemon fpscand. > > > This runs a whole lot faster. > > > > > > My next job is to implement support for fpscand (I'll > > probably call it > > > f-protd, which is the name of the "service" used to start > > and stop it). > > > This should bring back the speed of f-prot, hopefully to > > the same speed > > > as f-prot 4, which used to be one of the fastest scanners around. > > > > > > Expect news on this front very soon, it affects me badly > > on my own site :-( > > > > > > Jules > > > > > Hopefully it will be similar to the clamd work you have already done. > > -- > > Not much, no. The f-protd expects http GET like syntax, it returns xml (even > the error codes) so I would think there will be a bit more to the parseing, > as well as building the command. The documentation reference properl url > encoded, and it requires the ?/& separators between arguments as well (of > course). And I really don't like the sound of this part: > > "The Daemon Scanner is designed to automatically update itself by executing > itself when a new version is in place. The newly executed copy is will bind > to the next available port in it's range (by default 10200-10204) since the > outdated process stays alive for about 5 - 10 seconds. This is done to > guarantee that there is always at least one daemon available at any given > time. Clients are expected to cycle through the port range to find a live > Daemon Scanner when the one they were previously using dies." > Where did you find that bit? I haven't seen that in my documentation. And it certainly doesn't talk anything like XML. I have some working code that assumes the daemon is at 10200. I have been reading 'man fpscand'. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHz976EfZZRxQVtlQRAnNWAJ0ciTv7rptTwIhsaaMd3mdXdO8eMQCcDIX1 rJ+tmzLqzoDYWCC8hcJ3BEU= =too8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Thu Mar 6 13:11:38 2008 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 6 13:12:19 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <47CFDEFA.8020103@ecs.soton.ac.uk> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> <47CFDEFA.8020103@ecs.soton.ac.uk> Message-ID: <003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Thursday, March 06, 2008 7:10 AM > To: MailScanner discussion > Subject: Re: F-Prot 6 (and lack of speed thereof) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > [...] > > Not much, no. The f-protd expects http GET like syntax, it > returns xml (even > > the error codes) so I would think there will be a bit more > to the parseing, > > as well as building the command. The documentation > reference properl url > > encoded, and it requires the ?/& separators between > arguments as well (of > > course). And I really don't like the sound of this part: > > > > "The Daemon Scanner is designed to automatically update > itself by executing > > itself when a new version is in place. The newly executed > copy is will bind > > to the next available port in it's range (by default > 10200-10204) since the > > outdated process stays alive for about 5 - 10 seconds. > This is done to > > guarantee that there is always at least one daemon > available at any given > > time. Clients are expected to cycle through the port range > to find a live > > Daemon Scanner when the one they were previously using dies." > > > Where did you find that bit? I haven't seen that in my > documentation. > And it certainly doesn't talk anything like XML. > > I have some working code that assumes the daemon is at 10200. > > I have been reading 'man fpscand'. > I was just reading : http://www.f-prot.com/support/unix/unix_manpages/f-protd.8.html And BTW I came across this : http://search.cpan.org/~avar/FProt-Client-0.09/Client.pm Perhaps the xml has to do with the version? The Fprot::Client package doesn't list a version requirement so who knows if it works with the latest and greatest or not. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From arturs at netvision.net.il Thu Mar 6 13:44:53 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Mar 6 13:46:14 2008 Subject: Include tools with MailScanner distro In-Reply-To: Message-ID: <003701c87f90$42cbcd90$e5b418ac@dell> > Hi, > > Suggestion: Many of us have some scripts that help > manage our MailScanner servers. Wouldn't it be nice if it was > packaged with MailScanner, or in a separate, optional package? > > I'm thinking about scripts to check for queue size, > processing speed, etc. > > Opinions? > > Ugo Great idea! Best, -- Arthur Sherman From MailScanner at ecs.soton.ac.uk Thu Mar 6 13:48:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 13:49:07 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> <47CFDEFA.8020103@ecs.soton.ac.uk> <003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> Message-ID: <47CFF626.3040707@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Thursday, March 06, 2008 7:10 AM > > To: MailScanner discussion > > Subject: Re: F-Prot 6 (and lack of speed thereof) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > [...] > > > Not much, no. The f-protd expects http GET like syntax, it > > returns xml (even > > > the error codes) so I would think there will be a bit more > > to the parseing, > > > as well as building the command. The documentation > > reference properl url > > > encoded, and it requires the ?/& separators between > > arguments as well (of > > > course). And I really don't like the sound of this part: > > > > > > "The Daemon Scanner is designed to automatically update > > itself by executing > > > itself when a new version is in place. The newly executed > > copy is will bind > > > to the next available port in it's range (by default > > 10200-10204) since the > > > outdated process stays alive for about 5 - 10 seconds. > > This is done to > > > guarantee that there is always at least one daemon > > available at any given > > > time. Clients are expected to cycle through the port range > > to find a live > > > Daemon Scanner when the one they were previously using dies." > > > > > Where did you find that bit? I haven't seen that in my > > documentation. > > And it certainly doesn't talk anything like XML. > > > > I have some working code that assumes the daemon is at 10200. > > > > I have been reading 'man fpscand'. > > > > I was just reading : > http://www.f-prot.com/support/unix/unix_manpages/f-protd.8.html > I think that's all out of date now. > And BTW I came across this : > http://search.cpan.org/~avar/FProt-Client-0.09/Client.pm > I've written my own. I don't automatically use someone else's code just because it's there :-) > Perhaps the xml has to do with the version? The Fprot::Client package > doesn't list a version requirement so who knows if it works with the latest > and greatest or not. > Probably not, it's changed a whole lot. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHz/YnEfZZRxQVtlQRAhHJAKDM+ZXCraBJfzFRNy/JCNhQpDugCACcDIKW /iO27bcS9wcjMHuC4AgOlts= =3uRX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 6 13:56:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 13:56:22 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> <47CFDEFA.8020103@ecs.soton.ac.uk> <003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> Message-ID: <47CFF7F3.1060307@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released 4.68.1 which includes support for the scanner "f-protd-6" which uses the fpscand daemon provided with F-Prot 6. Very much faster than the scanner "f-prot-6" which uses the command-line scanner provided with F-Prot 6. Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Thursday, March 06, 2008 7:10 AM > > To: MailScanner discussion > > Subject: Re: F-Prot 6 (and lack of speed thereof) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > [...] > > > Not much, no. The f-protd expects http GET like syntax, it > > returns xml (even > > > the error codes) so I would think there will be a bit more > > to the parseing, > > > as well as building the command. The documentation > > reference properl url > > > encoded, and it requires the ?/& separators between > > arguments as well (of > > > course). And I really don't like the sound of this part: > > > > > > "The Daemon Scanner is designed to automatically update > > itself by executing > > > itself when a new version is in place. The newly executed > > copy is will bind > > > to the next available port in it's range (by default > > 10200-10204) since the > > > outdated process stays alive for about 5 - 10 seconds. > > This is done to > > > guarantee that there is always at least one daemon > > available at any given > > > time. Clients are expected to cycle through the port range > > to find a live > > > Daemon Scanner when the one they were previously using dies." > > > > > Where did you find that bit? I haven't seen that in my > > documentation. > > And it certainly doesn't talk anything like XML. > > > > I have some working code that assumes the daemon is at 10200. > > > > I have been reading 'man fpscand'. > > > > I was just reading : > http://www.f-prot.com/support/unix/unix_manpages/f-protd.8.html > > And BTW I came across this : > http://search.cpan.org/~avar/FProt-Client-0.09/Client.pm > > Perhaps the xml has to do with the version? The Fprot::Client package > doesn't list a version requirement so who knows if it works with the latest > and greatest or not. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHz/f0EfZZRxQVtlQRAiV2AJ9Cehl2sMijL6qaqb9oB7JE4RafiACfQWNW DNyeI+Sc3iIG2Izu0UHZy48= =SrTu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Thu Mar 6 14:00:30 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 6 14:01:04 2008 Subject: Include tools with MailScanner distro In-Reply-To: <003701c87f90$42cbcd90$e5b418ac@dell> References: <003701c87f90$42cbcd90$e5b418ac@dell> Message-ID: <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> On Thu, Mar 6, 2008 at 2:44 PM, Arthur Sherman wrote: > > Hi, > > > > Suggestion: Many of us have some scripts that help > > manage our MailScanner servers. Wouldn't it be nice if it was > > packaged with MailScanner, or in a separate, optional package? > > > > I'm thinking about scripts to check for queue size, > > processing speed, etc. > > > > Opinions? > > > > Ugo > > Great idea! Wouldn't it be better to publish tools on the wiki? -- /peter From MailScanner at ecs.soton.ac.uk Thu Mar 6 14:03:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 14:03:32 2008 Subject: Include tools with MailScanner distro In-Reply-To: <003701c87f90$42cbcd90$e5b418ac@dell> References: <003701c87f90$42cbcd90$e5b418ac@dell> Message-ID: <47CFF9A1.40005@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arthur Sherman wrote: >> Hi, >> >> Suggestion: Many of us have some scripts that help >> manage our MailScanner servers. Wouldn't it be nice if it was >> packaged with MailScanner, or in a separate, optional package? >> >> I'm thinking about scripts to check for queue size, >> processing speed, etc. >> >> Opinions? >> >> Ugo >> > > Great idea! > I would need a standard format for them, say they each go into their own directory. They would need decent documentation to go with each one, or no-one will ever use them. I think they would be better as a separated tar-ball on the MailScanner downloads page, called MailScanner-contrib or something like that. But I'm basically in favour of the idea. > > Best, > -- > > Arthur Sherman > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHz/miEfZZRxQVtlQRAq3bAJ92ErWY64/TVUkUD0tHuO//kX5WNwCcDpPE Gk+R5TZlGh9p41vjudBXNiY= =8HKl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Thu Mar 6 14:19:11 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 14:20:10 2008 Subject: Include tools with MailScanner distro In-Reply-To: <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> Message-ID: shuttlebox wrote: > On Thu, Mar 6, 2008 at 2:44 PM, Arthur Sherman wrote: >>> Hi, >> > >> > Suggestion: Many of us have some scripts that help >> > manage our MailScanner servers. Wouldn't it be nice if it was >> > packaged with MailScanner, or in a separate, optional package? >> > >> > I'm thinking about scripts to check for queue size, >> > processing speed, etc. >> > >> > Opinions? >> > >> > Ugo >> >> Great idea! > > Wouldn't it be better to publish tools on the wiki? > Well, it would be good, but having a package, or, even better, a repository, would be better. The best would have tools distributed with MailScanner, but this involves more (Julian doesn't want to receive e-mails about a script that someone else wrote, extra work for julian, etc). Ugo From MailScanner at ecs.soton.ac.uk Thu Mar 6 14:24:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 14:25:50 2008 Subject: Include tools with MailScanner distro In-Reply-To: <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> Message-ID: <47CFFEA8.40601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 shuttlebox wrote: > On Thu, Mar 6, 2008 at 2:44 PM, Arthur Sherman wrote: > >>> Hi, >>> >> > >> > Suggestion: Many of us have some scripts that help >> > manage our MailScanner servers. Wouldn't it be nice if it was >> > packaged with MailScanner, or in a separate, optional package? >> > >> > I'm thinking about scripts to check for queue size, >> > processing speed, etc. >> > >> > Opinions? >> > >> > Ugo >> >> Great idea! >> > > Wouldn't it be better to publish tools on the wiki? > Definitely. Then it doesn't involve any extra work from me at all. Can someone create the relevant bit of the wiki and get the ball rolling please? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFHz/67EfZZRxQVtlQRAhVOAJ0Ry2feCNk/TiR2o9W5jp2KgAJ3TwCeJ+Rw XuvLOJw36zYkI8RR7+mUeFk= =MDN/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.siddall at elirion.net Thu Mar 6 14:38:55 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Mar 6 14:39:44 2008 Subject: Include tools with MailScanner distro In-Reply-To: References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> Message-ID: <47D001FF.9060308@elirion.net> Ugo Bellavance wrote: > Well, it would be good, but having a package, or, even better, a > repository, would be better. The best would have tools distributed with > MailScanner, but this involves more (Julian doesn't want to receive > e-mails about a script that someone else wrote, extra work for julian, > etc). > In one project I work on, parts of the wiki are generated from the source code. Presumably you could go the other way around too. However, this is all extra work for somebody. By "repository", are you talking about something like yum/apt, or CVS/SVN? Regards, Richard Siddall From brose at med.wayne.edu Thu Mar 6 15:14:00 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 6 15:14:40 2008 Subject: Ruleset-from-function Custom Function Broken?? Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu> Doe anyone know how this example is supposed to work? I'm rtrying to use it as a template but if I set Virus Scanning = &VirusScanning('%rules-dir%/virus.scanning.rules') and don't change anything with Ruleset-from-function.pm I start a MailScanner process in debug Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while "strict refs" in use at ./MailScannerTest line 1427. and I also see Enabling SpamAssassin auto-whitelist functionality... in the maillogs even though that isn't enabled in the MailScanner.conf file If I remove the Virus Scaning custom function and start in debug, there's no error and no SA Autowhitelist message is logged. I'm thinking something changed in Config.pm that breaks the calling of rulesets external to config.pm Any ideas? Bobby -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080306/2d0461f2/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 6 16:29:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 16:29:53 2008 Subject: Ruleset-from-function Custom Function Broken?? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D01BD3.1020903@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > Doe anyone know how this example is supposed to work? I'm rtrying to > use it as a template but if I set > Virus Scanning = &VirusScanning('%rules-dir%/virus.scanning.rules') > and don't change anything with Ruleset-from-function.pm I start a > MailScanner process in debug > > Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while > "strict refs" in use at ./MailScannerTest line 1427. > and I also see What happens if you don't use "%rules-dir%" but give the real directory name there instead? > > Enabling SpamAssassin auto-whitelist functionality... > > in the maillogs even though that isn't enabled in the MailScanner.conf > file > > If I remove the Virus Scaning custom function and start in debug, > there's no error and no SA Autowhitelist message is logged. > > I'm thinking something changed in Config.pm that breaks the calling of > rulesets external to config.pm > > Any ideas? > > Bobby Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH0BvUEfZZRxQVtlQRAhCBAJ42irIMILFvy9V+7/NmucXXfDAl+gCfZjyd KDuAeCgCKSS/s2xw7z46mwE= =sU8n -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mgaudreault at reference.qc.ca Thu Mar 6 16:37:16 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Thu Mar 6 16:37:54 2008 Subject: Queue problem In-Reply-To: <223f97700803051450t5a461e13tc959712a77c24bfd@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85452C3@jupiter.reference.local><625385e30803041205s39046c27pcfaf8ff7bf37360c@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local><47CEF89F.4020806@USherbrooke.ca><6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local> <223f97700803051450t5a461e13tc959712a77c24bfd@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B8545379@jupiter.reference.local> pf:/home/postfix/.razor# ls -l total 32 lrwxrwxrwx 1 postfix postfix 19 2008-03-06 11:32 identity -> identity-runB1-jnJ3 -rw------- 1 postfix postfix 90 2008-03-06 11:32 identity-runB1-jnJ3 -rw-r--r-- 1 postfix postfix 706 2008-03-06 11:32 razor-agent.conf -rw-r--r-- 1 postfix postfix 627 2008-03-06 11:32 razor-agent.log -rw-r--r-- 1 postfix postfix 814 2008-03-06 11:32 server.n001.cloudmark.com.conf -rw-r--r-- 1 postfix postfix 787 2008-03-06 11:32 server.n003.cloudmark.com.conf -rw-r--r-- 1 postfix postfix 95 2008-03-06 11:32 servers.catalogue.lst -rw-r--r-- 1 postfix postfix 30 2008-03-06 11:32 servers.discovery.lst -rw-r--r-- 1 postfix postfix 76 2008-03-06 11:32 servers.nomination.lst Did razor-admin -create -home=/home/postfix/.razor/ and razor-admin -register with postfix user (su - postfix -s /bin/bash) Deleted everything in /etc/razor Still no razorhome in /var/log/razor-agent.log Should I just stop using razor ? hehe Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: March 5, 2008 5:51 PM To: MailScanner discussion Subject: Re: Queue problem On 05/03/2008, Maxime Gaudreault wrote: > postfix is not chrooted > Just out of the .... curiosity value gained:-)... Could you remove the razor config (not from MS, just the config changes you've done to razor) and make sure it has a .razor (writable) in ~postfix, so that when you do the usual discover it would find and use the defualt? Does that work? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jan-peter at koopmann.eu Thu Mar 6 16:40:48 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Mar 6 16:41:39 2008 Subject: FreeBSD port Message-ID: Hi guys, sorry for me not being here in a while. Just too busy. I just submitted the latest FreeBSD port. I hope the port maintainers act fast enough. Regards, JP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080306/420aeb15/attachment.html From jan-peter at koopmann.eu Thu Mar 6 16:41:47 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Thu Mar 6 16:42:07 2008 Subject: ESET problem Message-ID: Hi, just fooling around with ESET. MailScanner[4010]: Virus Scanning: esets found 3 infections This looks promising however neither Mailwatch nor the virus-warning-mail contain the ESET virus information. Any idea what could be causing this? Regards, JP -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080306/63c0417e/attachment.html From glenn.steen at gmail.com Thu Mar 6 17:33:14 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 6 17:33:50 2008 Subject: Queue problem In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B8545379@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local> <6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local> <47CEF89F.4020806@USherbrooke.ca> <6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local> <223f97700803051450t5a461e13tc959712a77c24bfd@mail.gmail.com> <6DD6B2C8A11BFC4092A148347F6126B8545379@jupiter.reference.local> Message-ID: <223f97700803060933o2a5205afla49b3daa3d320ebd@mail.gmail.com> On 06/03/2008, Maxime Gaudreault wrote: > pf:/home/postfix/.razor# ls -l > total 32 > lrwxrwxrwx 1 postfix postfix 19 2008-03-06 11:32 identity -> identity-runB1-jnJ3 > -rw------- 1 postfix postfix 90 2008-03-06 11:32 identity-runB1-jnJ3 > -rw-r--r-- 1 postfix postfix 706 2008-03-06 11:32 razor-agent.conf > -rw-r--r-- 1 postfix postfix 627 2008-03-06 11:32 razor-agent.log > -rw-r--r-- 1 postfix postfix 814 2008-03-06 11:32 server.n001.cloudmark.com.conf > -rw-r--r-- 1 postfix postfix 787 2008-03-06 11:32 server.n003.cloudmark.com.conf > -rw-r--r-- 1 postfix postfix 95 2008-03-06 11:32 servers.catalogue.lst > -rw-r--r-- 1 postfix postfix 30 2008-03-06 11:32 servers.discovery.lst > -rw-r--r-- 1 postfix postfix 76 2008-03-06 11:32 servers.nomination.lst > > Did razor-admin -create -home=/home/postfix/.razor/ and razor-admin -register with postfix user (su - postfix -s /bin/bash) > > Deleted everything in /etc/razor > > Still no razorhome in /var/log/razor-agent.log > > Should I just stop using razor ? hehe > It'd solve your timout problem:-D Too frazzled to think of a logical next step... Sorry. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ugob at lubik.ca Thu Mar 6 17:54:26 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 17:55:22 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47D001FF.9060308@elirion.net> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> Message-ID: Richard Siddall wrote: > Ugo Bellavance wrote: >> Well, it would be good, but having a package, or, even better, a >> repository, would be better. The best would have tools distributed >> with MailScanner, but this involves more (Julian doesn't want to >> receive e-mails about a script that someone else wrote, extra work for >> julian, etc). >> > > In one project I work on, parts of the wiki are generated from the > source code. Presumably you could go the other way around too. However, > this is all extra work for somebody. It that is not too much work, the somebody could be me. > By "repository", are you talking about something like yum/apt, or CVS/SVN? If we generate a RPM, it may be easy to put it in a yum/apt repository. We could use CVS/SVN for source code, but I'm less familiar with that. UGo From ugob at lubik.ca Thu Mar 6 17:56:07 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 18:00:14 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47CFF9A1.40005@ecs.soton.ac.uk> References: <003701c87f90$42cbcd90$e5b418ac@dell> <47CFF9A1.40005@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Arthur Sherman wrote: >>> Hi, >>> >>> Suggestion: Many of us have some scripts that help >>> manage our MailScanner servers. Wouldn't it be nice if it was >>> packaged with MailScanner, or in a separate, optional package? >>> >>> I'm thinking about scripts to check for queue size, >>> processing speed, etc. >>> >>> Opinions? >>> >>> Ugo >>> >> Great idea! >> > I would need a standard format for them, say they each go into their own > directory. They would need decent documentation to go with each one, or > no-one will ever use them. I think they would be better as a separated > tar-ball on the MailScanner downloads page, called MailScanner-contrib > or something like that. But I'm basically in favour of the idea. A separate tarball and/or some packages would be great, I think, as long as they don't have weird dependencies. From arturs at netvision.net.il Thu Mar 6 18:22:11 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Mar 6 18:22:51 2008 Subject: Include tools with MailScanner distro In-Reply-To: <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> Message-ID: <007701c87fb6$ff4470f0$e5b418ac@dell> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of shuttlebox > Sent: Thursday, March 06, 2008 4:01 PM > To: MailScanner discussion > Subject: Re: Include tools with MailScanner distro > > On Thu, Mar 6, 2008 at 2:44 PM, Arthur Sherman > wrote: > > > Hi, > > > > > > Suggestion: Many of us have some scripts that help > > > manage our MailScanner servers. Wouldn't it be nice if it was > > > packaged with MailScanner, or in a separate, optional package? > > > > > > I'm thinking about scripts to check for queue size, > > > processing speed, etc. > > > > > > Opinions? > > > > > > Ugo > > > > Great idea! > > Wouldn't it be better to publish tools on the wiki? > > -- > /peter It is not the matter of where to publish, but rather how to package, I think. It would be better if the tool kit would be: 1) ready for integration with MS, 2) centrally maintained, 3) configurable. Actually, I was dreaming for such a toolkit for a long time. It is just wonderful idea. Maybe it will even allow further MS integration with other soft through some wrappers included in the kit. Or maybe it will even move some functionality from the core into the kit, instead of being enabled by default. It is a great added value, I believe. Best, -- Arthur Sherman From arturs at netvision.net.il Thu Mar 6 18:23:33 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Thu Mar 6 18:23:47 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47CFF9A1.40005@ecs.soton.ac.uk> Message-ID: <007801c87fb7$3032fdd0$e5b418ac@dell> > Arthur Sherman wrote: > >> Hi, > >> > >> Suggestion: Many of us have some scripts that help manage our > >> MailScanner servers. Wouldn't it be nice if it was packaged with > >> MailScanner, or in a separate, optional package? > >> > >> I'm thinking about scripts to check for queue size, processing > >> speed, etc. > >> > >> Opinions? > >> > >> Ugo > >> > > > > Great idea! > > > I would need a standard format for them, say they each go > into their own directory. They would need decent > documentation to go with each one, or no-one will ever use > them. I think they would be better as a separated tar-ball on > the MailScanner downloads page, called MailScanner-contrib or > something like that. But I'm basically in favour of the idea. > > > > > Best, > > -- > > > > Arthur Sherman > > > > > > > > Jules That's where community comes in open-source spirit. :) Best, -- Arthur Sherman From MailScanner at ecs.soton.ac.uk Thu Mar 6 18:24:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 18:25:03 2008 Subject: file -i code does work Message-ID: <47D036CC.3090205@ecs.soton.ac.uk> Sorry to whoever posted the comment about using this feature and it not working, I couldn't find your post. However, I did say I would check it and I have. It all appears to work just fine for me. If you can post rather more detail of exactly what you tested and what didn't work, then I'll take another look. But until then I'm considering this problem closed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 6 18:30:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 18:30:52 2008 Subject: Include tools with MailScanner distro In-Reply-To: References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> Message-ID: <47D03849.8000008@ecs.soton.ac.uk> Ugo Bellavance wrote: > Richard Siddall wrote: >> Ugo Bellavance wrote: >>> Well, it would be good, but having a package, or, even better, a >>> repository, would be better. The best would have tools distributed >>> with MailScanner, but this involves more (Julian doesn't want to >>> receive e-mails about a script that someone else wrote, extra work >>> for julian, etc). >>> >> >> In one project I work on, parts of the wiki are generated from the >> source code. Presumably you could go the other way around too. >> However, this is all extra work for somebody. > > It that is not too much work, the somebody could be me. > >> By "repository", are you talking about something like yum/apt, or >> CVS/SVN? > > If we generate a RPM, it may be easy to put it in a yum/apt > repository. We could use CVS/SVN for source code, but I'm less > familiar with that. I think a simple tarball would be more convenient for most people. An RPM is all very well for RedHat folks, but then you've got to distribute one RPM for RedHat, another for SuSE, an apt for Debian, a tarball for non-Linux, it all gets to be a complete nightmare and no-one will ever keep it up to date. Keep it simple. Just a directory of files would do just fine, so long as there is a manifest in each dir that tells you what file does what and where to put it. And a Readme that tells you how to use it. SVN is all very well for maintaining the code, but it won't be anyone's live development repository so there's not much point; again, it just makes it harder for people to contribute. You have to make it very easy for the authors as well as the users. My tuppence worth... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpirie at rma.edu Thu Mar 6 19:53:04 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Mar 6 19:52:51 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47D03849.8000008@ecs.soton.ac.uk> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> Message-ID: <47D04BA0.8050402@rma.edu> Julian Field wrote: > > > Ugo Bellavance wrote: >> Richard Siddall wrote: >>> Ugo Bellavance wrote: >>>> Well, it would be good, but having a package, or, even better, a >>>> repository, would be better. The best would have tools distributed >>>> with MailScanner, but this involves more (Julian doesn't want to >>>> receive e-mails about a script that someone else wrote, extra work >>>> for julian, etc). >>>> >>> >>> In one project I work on, parts of the wiki are generated from the >>> source code. Presumably you could go the other way around too. >>> However, this is all extra work for somebody. >> >> It that is not too much work, the somebody could be me. >> >>> By "repository", are you talking about something like yum/apt, or >>> CVS/SVN? >> >> If we generate a RPM, it may be easy to put it in a yum/apt >> repository. We could use CVS/SVN for source code, but I'm less >> familiar with that. > I think a simple tarball would be more convenient for most people. An > RPM is all very well for RedHat folks, but then you've got to distribute > one RPM for RedHat, another for SuSE, an apt for Debian, a tarball for > non-Linux, it all gets to be a complete nightmare and no-one will ever > keep it up to date. > > Keep it simple. Just a directory of files would do just fine, so long as > there is a manifest in each dir that tells you what file does what and > where to put it. And a Readme that tells you how to use it. > > SVN is all very well for maintaining the code, but it won't be anyone's > live development repository so there's not much point; again, it just > makes it harder for people to contribute. You have to make it very easy > for the authors as well as the users. > > My tuppence worth... > > Jules > Despite the fact that I use RHEL/CentOS, I'm inclined to agree. This should be made available in a non distro centric way. Although, if one wanted to include spec files in the tarballs that would facilitate the use of rpmbuild, I wouldn't be inclined to object. ;) Brendan From peter at farrows.org Thu Mar 6 20:23:35 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 6 20:24:20 2008 Subject: Mail PTR Records In-Reply-To: <47CDD922.5060703@evi-inc.com> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> <47CDD922.5060703@evi-inc.com> Message-ID: <47D052C7.2080208@farrows.org> Matt Kettler wrote: > Glenn Steen wrote: >> On 04/03/2008, Glenn Steen wrote: >>> On 03/03/2008, Matt Kettler wrote: >>> > Nathan Olson wrote: >>> > > It's not RFC-compliant. >>> > >>> > >>> > Please point out the RFC and section it violates. >>> > >>> > AFAIK, there's no section that prohibits refusing mail due to >>> lack of PTR >>> > records for the IP address. >>> >>> It might be that Nathan interpretes the "address verification" bit as >>> doing any form of DNS.... which actually might be the "spirit" of all >>> that.... Hm.... Need sleep and time to think on this:-) >>> >> Ah, I see you all thought this through while I was out carousing in >> Copenhagen... > > Indeed, it boiled down to a mis-application of RFC 2821. > >> >>> > I've been proved wrong before, but I'm extraordinarily skeptical >>> that there's >>> > any such restrictions in the RFCs.. I can find no mention of >>> such a restriction >>> > in RFC 821, 2821 or 1123. >>> >>> :-) You're a big man, Matt. >> At some point in time, I think most people (like us:-) have had a .... >> humbling.... "RFC incident":) > > I still prefer to think of myself as a bit of a child and not a "big > man" (I have a distinctly impish nature at times). However I am a > child that is reasonable and I generally learn well from past mistakes. > > I'm pretty much always willing to admit when I'm wrong or accept I > might be wrong, but I'll fight tooth and nail to prove out the facts > :-) How else will I ever find out the details and learn from them? > > So try not to confuse my tenacious pursuit of facts as a personal need > to be right... Generally I don't care if I'm right or not, I just need > to know what IS right, and I will fight to discover it. :-) > > (And I do greatly appreciate those who will indulge such pursuits...) > > > > > Just for the record, here is a deinition of "should" given to me today during a trade show: "In the UK you *should* drive on the left, in the US and continental Europe you should *drive* on the right. You can of course drive on the left or right on any road but in the wrong country the consequences could be rather significant." Enjoy... From ugob at lubik.ca Thu Mar 6 20:27:28 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 20:28:24 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47D04BA0.8050402@rma.edu> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> Message-ID: Brendan Pirie wrote: > Julian Field wrote: >> >> >> Ugo Bellavance wrote: >>> Richard Siddall wrote: >>>> Ugo Bellavance wrote: >>>>> Well, it would be good, but having a package, or, even better, a >>>>> repository, would be better. The best would have tools distributed >>>>> with MailScanner, but this involves more (Julian doesn't want to >>>>> receive e-mails about a script that someone else wrote, extra work >>>>> for julian, etc). >>>>> >>>> >>>> In one project I work on, parts of the wiki are generated from the >>>> source code. Presumably you could go the other way around too. >>>> However, this is all extra work for somebody. >>> >>> It that is not too much work, the somebody could be me. >>> >>>> By "repository", are you talking about something like yum/apt, or >>>> CVS/SVN? >>> >>> If we generate a RPM, it may be easy to put it in a yum/apt >>> repository. We could use CVS/SVN for source code, but I'm less >>> familiar with that. >> I think a simple tarball would be more convenient for most people. An >> RPM is all very well for RedHat folks, but then you've got to >> distribute one RPM for RedHat, another for SuSE, an apt for Debian, a >> tarball for non-Linux, it all gets to be a complete nightmare and >> no-one will ever keep it up to date. >> >> Keep it simple. Just a directory of files would do just fine, so long >> as there is a manifest in each dir that tells you what file does what >> and where to put it. And a Readme that tells you how to use it. >> >> SVN is all very well for maintaining the code, but it won't be >> anyone's live development repository so there's not much point; again, >> it just makes it harder for people to contribute. You have to make it >> very easy for the authors as well as the users. >> >> My tuppence worth... >> >> Jules >> > Despite the fact that I use RHEL/CentOS, I'm inclined to agree. This > should be made available in a non distro centric way. Although, if one > wanted to include spec files in the tarballs that would facilitate the > use of rpmbuild, I wouldn't be inclined to object. ;) Ok, makes sense. What would be the best way to manage that. I mean, I have some scripts, they work, but they might not be very robust. Having a code repository could help so that others can improve my script and so on... Ugo From mailscanner at generalgau.com Thu Mar 6 21:16:41 2008 From: mailscanner at generalgau.com (Tom Rogers) Date: Thu Mar 6 21:29:25 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail Message-ID: <20080306211526.M21618@generalgau.com> I've been using Mailscanner for a few years now with no problems. Two weeks ago, I started to have a problem. When I run Mailscanner, it maxes out my CPU and the amount of memory it uses keeps climbing and climbing, until it eats all available memory and basically freezes the system up. Mail is not processed from the Postfix hold queue. The system is basically used only by myself, for LAN file storage and email. It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. Using Postfix for mail delivery; the OS is Ubuntu 6.04. I've disabled Spamassassin, but still have the same problem. Running Mailscanner in debug, I get the following: root@fatman:/home/tom# /etc/init.d/mailscanner start In Debugging mode, not forking... >From the /var/log/mail.info (nothing in the mail.err or mail.warn): Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the phishing whitelist Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init function SQLBlacklist Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function MailWatchLogging Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function SQLWhitelist Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock After about 20 minutes, the CPU is still at around 98-99% and using 450+MB of RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). I've tried removing/purging/reinstalling Mailscanner, but keep coming up with the same results. From shuttlebox at gmail.com Thu Mar 6 21:33:08 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 6 21:33:45 2008 Subject: Include tools with MailScanner distro In-Reply-To: References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> Message-ID: <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> On Thu, Mar 6, 2008 at 9:27 PM, Ugo Bellavance wrote: > Ok, makes sense. What would be the best way to manage that. I mean, I > have some scripts, they work, but they might not be very robust. Having > a code repository could help so that others can improve my script and so > on... The wiki will let everyone upload, describe (think README) and edit stuff with full revision control in the simplest way possible. And Julian doesn't have to administer access to the web server for us. A full-blown code repository seems, well overblown. ;-) -- /peter From ugob at lubik.ca Thu Mar 6 22:03:12 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Thu Mar 6 22:04:04 2008 Subject: Cannot open config file --debug Message-ID: server:/etc/MailScanner> MailScanner --debug --sa-debug Cannot open config file --debug, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 657. Compilation failed in require at /usr/sbin/MailScanner line 70. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 70. What is that? MailScanner seems to be running fine... --lint and --debug does that. From MailScanner at ecs.soton.ac.uk Thu Mar 6 22:04:14 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 22:04:59 2008 Subject: Include tools with MailScanner distro In-Reply-To: <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> Message-ID: <47D06A5E.7030102@ecs.soton.ac.uk> shuttlebox wrote: > On Thu, Mar 6, 2008 at 9:27 PM, Ugo Bellavance wrote: > >> Ok, makes sense. What would be the best way to manage that. I mean, I >> have some scripts, they work, but they might not be very robust. Having >> a code repository could help so that others can improve my script and so >> on... >> > > The wiki will let everyone upload, describe (think README) and edit > stuff with full revision control in the simplest way possible. And > Julian doesn't have to administer access to the web server for us. A > full-blown code repository seems, well overblown. ;-) > You took the words right out of my mouth. A branch in the wiki will do the job nicely. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 6 22:11:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 22:11:49 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <20080306211526.M21618@generalgau.com> References: <20080306211526.M21618@generalgau.com> Message-ID: <47D06C08.9040806@ecs.soton.ac.uk> Check for hardware faults. Does /proc/meminfo still agree with you on the amount of RAM in the box, for example? Sounds like you've already got 'Use SpamAssassin = no'. What virus scanners are you using? If you are using clamavmodule, I would switch to clamd if you can on your distro. Run "MailScanner --lint" as well as "MailScanner --debug" to check things out. Tom Rogers wrote: > I've been using Mailscanner for a few years now with no problems. Two weeks > ago, I started to have a problem. > > When I run Mailscanner, it maxes out my CPU and the amount of memory it uses > keeps climbing and climbing, until it eats all available memory and basically > freezes the system up. Mail is not processed from the Postfix hold queue. > > The system is basically used only by myself, for LAN file storage and email. > It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > > Using Postfix for mail delivery; the OS is Ubuntu 6.04. > > I've disabled Spamassassin, but still have the same problem. > > Running Mailscanner in debug, I get the following: > > root@fatman:/home/tom# /etc/init.d/mailscanner start > In Debugging mode, not forking... > > > >From the /var/log/mail.info (nothing in the mail.err or mail.warn): > > Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner > version 4.57.6 starting... > Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the phishing > whitelist > Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init function > SQLBlacklist > Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist > Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries > Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > MailWatchLogging > Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child > Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > SQLWhitelist > Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist > Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries > Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock > > After about 20 minutes, the CPU is still at around 98-99% and using 450+MB of > RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). > > I've tried removing/purging/reinstalling Mailscanner, but keep coming up with > the same results. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandro at e-den.it Thu Mar 6 22:11:55 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Thu Mar 6 22:12:31 2008 Subject: Order in which MailScanner processes mail Message-ID: <20080306221155.GB15668@ubuntu> Hi, i have a server with traffic of around 50/60.000 mail a day. Lately it is giving a great amount of problems in delay in which it processes mail. Some mail stay in the queue for as long as several hours, other are delivered in a couple of minutes. That creates real problems and I cannot understand why that happens. How can I investigate it? Thanks in advance sandro *:-) -- Sandro Dentella *:-) e-mail: sandro@e-den.it http://www.tksql.org TkSQL Home page - My GPL work From MailScanner at ecs.soton.ac.uk Thu Mar 6 22:26:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 22:27:36 2008 Subject: Cannot open config file --debug In-Reply-To: References: Message-ID: <47D06FAA.3020205@ecs.soton.ac.uk> Ugo Bellavance wrote: > server:/etc/MailScanner> MailScanner --debug --sa-debug > Cannot open config file --debug, No such file or directory at > /usr/lib/MailScanner/MailScanner/Config.pm line 657. > Compilation failed in require at /usr/sbin/MailScanner line 70. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 70. > > What is that? MailScanner seems to be running fine... --lint and > --debug does that. > This is a bug in some Perl versions' implementation of getopt. You just need to run either MailScanner /etc/MailScanner/MailScanner.conf --debug --sa-debug or MailScanner --debug --sa-debug /etc/MailScanner/MailScanner.conf One of them will work, I just can't remember which. Note the new timestamps on all the debug output from SpamAssassin! Perl's wonderful ability to be able to re-open stderr to a pipe so that you can automatically run another program on the error output from your own Perl program, without the user having to do anything clever on the command-line at all. Dead cool :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard.frovarp at sendit.nodak.edu Thu Mar 6 22:36:53 2008 From: richard.frovarp at sendit.nodak.edu (Richard Frovarp) Date: Thu Mar 6 22:37:28 2008 Subject: Order in which MailScanner processes mail In-Reply-To: <20080306221155.GB15668@ubuntu> References: <20080306221155.GB15668@ubuntu> Message-ID: <47D07205.4080801@sendit.nodak.edu> Alessandro Dentella wrote: > Hi, > > i have a server with traffic of around 50/60.000 mail a day. Lately it is > giving a great amount of problems in delay in which it processes mail. > > Some mail stay in the queue for as long as several hours, other are > delivered in a couple of minutes. That creates real problems and I cannot > understand why that happens. > > How can I investigate it? > > Thanks in advance > > sandro > *:-) > > See in /etc/MailScanner/MailScanner.conf # If more messages are found in the queue than this, then switch to an # "accelerated" mode of processing messages. This will cause it to stop # scanning messages in strict date order, but in the order it finds them # in the queue. If your queue is bigger than this size a lot of the time, # then some messages could be greatly delayed. So treat this option as # "in emergency only". Max Normal Queue Size = 6000 As far as what is causing the queue to build up, you'll have to look at scan times, memory usage, and that sort of thing to see if something is giving you grief. From Kevin_Miller at ci.juneau.ak.us Thu Mar 6 22:43:53 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 6 22:43:34 2008 Subject: Order in which MailScanner processes mail In-Reply-To: <20080306221155.GB15668@ubuntu> References: <20080306221155.GB15668@ubuntu> Message-ID: Alessandro Dentella wrote: > Hi, > > i have a server with traffic of around 50/60.000 mail a day. Lately > it is giving a great amount of problems in delay in which it > processes mail. > > Some mail stay in the queue for as long as several hours, other are > delivered in a couple of minutes. That creates real problems and I > cannot understand why that happens. I don't run postfix, but if memory serves, some folks have reported similar troubles when a corrupt file or non-queue file was found in the queue directories. Sorry I can't remember more specifically, but you might check to see if some wayward file is in there that's choking the processing. Maybe someone else that had such an issue can offer more details... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mgaudreault at reference.qc.ca Thu Mar 6 22:43:33 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Thu Mar 6 22:44:11 2008 Subject: Queue problem In-Reply-To: <223f97700803060933o2a5205afla49b3daa3d320ebd@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451AE@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B85452DD@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B8545312@jupiter.reference.local><6DD6B2C8A11BFC4092A148347F6126B8545329@jupiter.reference.local><47CEF89F.4020806@USherbrooke.ca><6DD6B2C8A11BFC4092A148347F6126B854534B@jupiter.reference.local><223f97700803051450t5a461e13tc959712a77c24bfd@mail.gmail.com><6DD6B2C8A11BFC4092A148347F6126B8545379@jupiter.reference.local> <223f97700803060933o2a5205afla49b3daa3d320ebd@mail.gmail.com> Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85453A3@jupiter.reference.local> I finally got it to work ! I added these lines in /etc/mail/spamassassin/mailscanner.cf: use_razor2 1 razor_timeout 5 razor_config /etc/razor/razor-agent.conf Maxime Gaudreault Technicien ?????????????????????????????????????????????????? R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: March 6, 2008 12:33 PM To: MailScanner discussion Subject: Re: Queue problem On 06/03/2008, Maxime Gaudreault wrote: > pf:/home/postfix/.razor# ls -l > total 32 > lrwxrwxrwx 1 postfix postfix 19 2008-03-06 11:32 identity -> identity-runB1-jnJ3 > -rw------- 1 postfix postfix 90 2008-03-06 11:32 identity-runB1-jnJ3 > -rw-r--r-- 1 postfix postfix 706 2008-03-06 11:32 razor-agent.conf > -rw-r--r-- 1 postfix postfix 627 2008-03-06 11:32 razor-agent.log > -rw-r--r-- 1 postfix postfix 814 2008-03-06 11:32 server.n001.cloudmark.com.conf > -rw-r--r-- 1 postfix postfix 787 2008-03-06 11:32 server.n003.cloudmark.com.conf > -rw-r--r-- 1 postfix postfix 95 2008-03-06 11:32 servers.catalogue.lst > -rw-r--r-- 1 postfix postfix 30 2008-03-06 11:32 servers.discovery.lst > -rw-r--r-- 1 postfix postfix 76 2008-03-06 11:32 servers.nomination.lst > > Did razor-admin -create -home=/home/postfix/.razor/ and razor-admin -register with postfix user (su - postfix -s /bin/bash) > > Deleted everything in /etc/razor > > Still no razorhome in /var/log/razor-agent.log > > Should I just stop using razor ? hehe > It'd solve your timout problem:-D Too frazzled to think of a logical next step... Sorry. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Mar 6 22:52:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 22:53:16 2008 Subject: MailScanner gets into The Daily WTF Message-ID: <47D075B1.1020105@ecs.soton.ac.uk> Take a look at the last image on this page: http://thedailywtf.com/Articles/Fortune-Not-Found.aspx A very amusing collection of screenshots, but the last one is very relevant. People really have heard about us :-) And now we've had our very first DDoS (distributed denial of service) attack too. Half a million simultaneous requests to download the phishing.bad.sites.conf file from www.mailscanner.eu brought the website to its knees for a few minutes, until the crack squad at Blacknight leapt into action and firewalled off the site temporarily. As far as denial-of-service attacks go, it was pretty ineffective as the only remotely long-lasting effect was that sites didn't get updates to their phishing.bad.sites.conf file for a couple of days. So new phishing sites would have got away with it for two days, but that's hardly the end of the world :-) If they are going to try tricks like that, they are going to have to hit me a whole lot harder than that. Which reminds me, I need to set up some mirroring jobs so I have a backup coopy of the main websites at work, where we have a much fatter pipe but less reliable service. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 6 23:02:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 6 23:03:09 2008 Subject: Order in which MailScanner processes mail In-Reply-To: References: <20080306221155.GB15668@ubuntu> Message-ID: <47D0781C.7070900@ecs.soton.ac.uk> Kevin Miller wrote: > Alessandro Dentella wrote: > >> Hi, >> >> i have a server with traffic of around 50/60.000 mail a day. Lately >> it is giving a great amount of problems in delay in which it >> processes mail. >> >> Some mail stay in the queue for as long as several hours, other are >> delivered in a couple of minutes. That creates real problems and I >> cannot understand why that happens. >> > > I don't run postfix, but if memory serves, some folks have reported > similar troubles when a corrupt file or non-queue file was found in the > queue directories. Sorry I can't remember more specifically, but you > might check to see if some wayward file is in there that's choking the > processing. Maybe someone else that had such an issue can offer more > details... > If you do suffer from this problem, it's probably the oldest (or very nearly the oldest) file in the mqueue.in directory. So just sort by date, "cd /var/spool/mqueue.in; ls -ltr | head -30" will probably show you it. Still a few to go through, but it's a much shorter list than the whole directory :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Thu Mar 6 23:17:31 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 6 23:17:08 2008 Subject: Order in which MailScanner processes mail In-Reply-To: References: <20080306221155.GB15668@ubuntu> Message-ID: Kevin Miller wrote: Opps - my last post was supposed to be in response to the thread w/the subject "Mailscanner max'd out CPU/memory and not processing mail" Sorry about that... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mailscanner at generalgau.com Fri Mar 7 02:49:29 2008 From: mailscanner at generalgau.com (Tom Rogers) Date: Fri Mar 7 03:02:25 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <47D06C08.9040806@ecs.soton.ac.uk> References: <20080306211526.M21618@generalgau.com> <47D06C08.9040806@ecs.soton.ac.uk> Message-ID: <20080307024817.M69030@generalgau.com> "Check for hardware faults. Does /proc/meminfo still agree with you on the amount of RAM in the box, for example?" Yes. root@fatman:/home/tom# cat /proc/meminfo MemTotal: 516048 kB MemFree: 426620 kB Buffers: 18412 kB Cached: 37576 kB SwapCached: 9316 kB Active: 35732 kB Inactive: 37024 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 516048 kB LowFree: 426620 kB SwapTotal: 1572856 kB SwapFree: 1504472 kB Dirty: 148 kB Writeback: 0 kB AnonPages: 12728 kB Mapped: 7576 kB Slab: 10104 kB SReclaimable: 3372 kB SUnreclaim: 6732 kB PageTables: 1160 kB NFS_Unstable: 0 kB Bounce: 0 kB CommitLimit: 1830880 kB Committed_AS: 293188 kB VmallocTotal: 507896 kB VmallocUsed: 3776 kB VmallocChunk: 504004 kB "What virus scanners are you using?" F-Prot. I have ClamAV installed, but don't use it. 'Run "MailScanner --lint" ' root@fatman:/home/tom# MailScanner --lint Read 759 hostnames from the phishing whitelist Config: calling custom init function SQLBlacklist Config: calling custom init function MailWatchLogging Config: calling custom init function SQLWhitelist MailScanner setting GID to (119) MailScanner setting UID to (111) Checking for SpamAssassin errors (if you use it)... lock.pl sees Config LockType = flock lock.pl sees have_module = 0 Using locktype = flock MailScanner.conf says "Virus Scanners = f-prot" Found these virus scanners installed: f-prot, clamavmodule root@fatman:/home/tom# cat /etc/passwd | grep 119 postfix:x:111:119::/var/spool/postfix:/bin/false 'as well as "MailScanner --debug" to check things out.' root@fatman:/home/tom# MailScanner --debug In Debugging mode, not forking... On Thu, 06 Mar 2008 22:11:20 +0000, Julian Field wrote > Check for hardware faults. Does /proc/meminfo still agree with you > on the amount of RAM in the box, for example? > > Sounds like you've already got 'Use SpamAssassin = no'. What virus > scanners are you using? If you are using clamavmodule, I would > switch to clamd if you can on your distro. > > Run "MailScanner --lint" as well as "MailScanner --debug" to check > things out. > > Tom Rogers wrote: > > I've been using Mailscanner for a few years now with no problems. Two weeks > > ago, I started to have a problem. > > > > When I run Mailscanner, it maxes out my CPU and the amount of memory it uses > > keeps climbing and climbing, until it eats all available memory and basically > > freezes the system up. Mail is not processed from the Postfix hold queue. > > > > The system is basically used only by myself, for LAN file storage and email. > > It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > > > > Using Postfix for mail delivery; the OS is Ubuntu 6.04. > > > > I've disabled Spamassassin, but still have the same problem. > > > > Running Mailscanner in debug, I get the following: > > > > root@fatman:/home/tom# /etc/init.d/mailscanner start > > In Debugging mode, not forking... > > > > > > >From the /var/log/mail.info (nothing in the mail.err or mail.warn): > > > > Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner > > version 4.57.6 starting... > > Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the phishing > > whitelist > > Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init function > > SQLBlacklist > > Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist > > Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries > > Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > > MailWatchLogging > > Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child > > Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > > SQLWhitelist > > Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist > > Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries > > Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock > > > > After about 20 minutes, the CPU is still at around 98-99% and using 450+MB of > > RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). > > > > I've tried removing/purging/reinstalling Mailscanner, but keep coming up with > > the same results. > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration > help? Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Fri Mar 7 03:22:30 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Mar 7 03:23:12 2008 Subject: Ruleset-from-function Custom Function Broken?? In-Reply-To: <47D01BD3.1020903@ecs.soton.ac.uk> References: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu> <47D01BD3.1020903@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A760CA5D1@MED-CORE03-MS1.med.wayne.edu> I've tried that with the same result. It's reading in that ruleset based on what I've debugged. I think what is occurring is that when ruleset-from-function creates that temp mailscanner.conf and reads in that single keyword and processes it, all the other config values resort to the defaults of ConfigDefs. If I disable strict refs in the /bin/MailScanner file and uncommment print STDERR "Queues are \"" . join('","',@inqdirs) . "\"\n"; Then if I start I get In Debugging mode, not forking... Trying to setlogsock(unix) Defining virusscan = &VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') Defining virusscan = /opt/MailScanner/etc/rules/virus.scanning.rules Keyword is virusscan, filename is /opt/MailScanner/etc/rules/virus.scanning.rules and type is yesno SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Queues are "" Building a message batch to scan... And in the log Mar 6 22:12:40 eeyore MailScanner.conf-test[17335]: MailScanner E-Mail Virus Scanner version 4.67.6 starting... Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Skipping Custom Function file Ruleset-from-Function.bak as its name does not end in .pm or .pl Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Read 817 hostnames from the phishing whitelist Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Read 5574 hostnames from the phishing blacklist Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Config: calling custom init function MailWatchLogging Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Started SQL Logging child Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Config: calling custom init function VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Using SpamAssassin results cache Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Connected to SpamAssassin cache database Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Enabling SpamAssassin auto-whitelist functionality... Mar 6 22:12:52 eeyore MailScanner.conf-test[17335]: I have found clamavmodule antivir scanners installed, and will use them all by default. Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Using locktype = posix Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Creating hardcoded struct_flock subroutine for linux (Linux-type) But in my mailscanner.conf file, SA auto-whitelist is no and the virus scanners isn't sent to auto. If I drop something into the mqueue.in, nothing happens...the mailscanner process doesn't see it since I'm guessing it no longer has it's queue defined. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 06, 2008 11:29 AM To: MailScanner discussion Subject: Re: Ruleset-from-function Custom Function Broken?? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > Doe anyone know how this example is supposed to work? I'm rtrying to > use it as a template but if I set Virus Scanning = > &VirusScanning('%rules-dir%/virus.scanning.rules') > and don't change anything with Ruleset-from-function.pm I start a > MailScanner process in debug > > Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while > "strict refs" in use at ./MailScannerTest line 1427. > and I also see What happens if you don't use "%rules-dir%" but give the real directory name there instead? > > Enabling SpamAssassin auto-whitelist functionality... > > in the maillogs even though that isn't enabled in the MailScanner.conf > file > > If I remove the Virus Scaning custom function and start in debug, > there's no error and no SA Autowhitelist message is logged. > > I'm thinking something changed in Config.pm that breaks the calling of > rulesets external to config.pm > > Any ideas? > > Bobby Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH0BvUEfZZRxQVtlQRAhCBAJ42irIMILFvy9V+7/NmucXXfDAl+gCfZjyd KDuAeCgCKSS/s2xw7z46mwE= =sU8n -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at lubik.ca Fri Mar 7 03:40:01 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Mar 7 03:41:07 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <20080306211526.M21618@generalgau.com> References: <20080306211526.M21618@generalgau.com> Message-ID: Tom Rogers wrote: > I've been using Mailscanner for a few years now with no problems. Two weeks > ago, I started to have a problem. > > When I run Mailscanner, it maxes out my CPU and the amount of memory it uses > keeps climbing and climbing, until it eats all available memory and basically > freezes the system up. Mail is not processed from the Postfix hold queue. > > The system is basically used only by myself, for LAN file storage and email. > It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > > Using Postfix for mail delivery; the OS is Ubuntu 6.04. Put the Max # of Child Processes to 1 in MailScanner.conf, then restart MailScanner and look how it goes. Let us know how it goes. From hvdkooij at vanderkooij.org Fri Mar 7 06:44:14 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 7 06:45:19 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47D06A5E.7030102@ecs.soton.ac.uk> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> <47D06A5E.7030102@ecs.soton.ac.uk> Message-ID: <47D0E43E.5050104@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: |> The wiki will let everyone upload, describe (think README) and edit |> stuff with full revision control in the simplest way possible. And |> Julian doesn't have to administer access to the web server for us. A |> full-blown code repository seems, well overblown. ;-) |> | You took the words right out of my mouth. A branch in the wiki will do | the job nicely. Jules would you do the honor and open up the branch? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH0OQ8BvzDRVjxmYERAhCcAJwIJlmF2ith6FYmj+YArjtSAeVxJACfUsLV CcYE7mC42Bju6aC0qvtt1cc= =tQDM -----END PGP SIGNATURE----- From glenn.steen at gmail.com Fri Mar 7 06:51:23 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 7 06:51:58 2008 Subject: Mail PTR Records In-Reply-To: <47D052C7.2080208@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> <47CDD922.5060703@evi-inc.com> <47D052C7.2080208@farrows.org> Message-ID: <223f97700803062251x6c51913ci8b8fd154323e8ab0@mail.gmail.com> On 06/03/2008, Peter Farrow wrote: > Matt Kettler wrote: > > Glenn Steen wrote: > >> On 04/03/2008, Glenn Steen wrote: > >>> On 03/03/2008, Matt Kettler wrote: > >>> > Nathan Olson wrote: > >>> > > It's not RFC-compliant. > >>> > > >>> > > >>> > Please point out the RFC and section it violates. > >>> > > >>> > AFAIK, there's no section that prohibits refusing mail due to > >>> lack of PTR > >>> > records for the IP address. > >>> > >>> It might be that Nathan interpretes the "address verification" bit as > >>> doing any form of DNS.... which actually might be the "spirit" of all > >>> that.... Hm.... Need sleep and time to think on this:-) > >>> > >> Ah, I see you all thought this through while I was out carousing in > >> Copenhagen... > > > > Indeed, it boiled down to a mis-application of RFC 2821. > > > >> > >>> > I've been proved wrong before, but I'm extraordinarily skeptical > >>> that there's > >>> > any such restrictions in the RFCs.. I can find no mention of > >>> such a restriction > >>> > in RFC 821, 2821 or 1123. > >>> > >>> :-) You're a big man, Matt. > >> At some point in time, I think most people (like us:-) have had a .... > >> humbling.... "RFC incident":) > > > > I still prefer to think of myself as a bit of a child and not a "big > > man" (I have a distinctly impish nature at times). However I am a > > child that is reasonable and I generally learn well from past mistakes. > > > > I'm pretty much always willing to admit when I'm wrong or accept I > > might be wrong, but I'll fight tooth and nail to prove out the facts > > :-) How else will I ever find out the details and learn from them? > > > > So try not to confuse my tenacious pursuit of facts as a personal need > > to be right... Generally I don't care if I'm right or not, I just need > > to know what IS right, and I will fight to discover it. :-) > > > > (And I do greatly appreciate those who will indulge such pursuits...) > > > > > > > > > > > > Just for the record, here is a deinition of "should" given to me today > during a trade show: > > "In the UK you *should* drive on the left, in the US and continental > Europe you should *drive* on the right. You can of course drive on the > left or right on any road but in the wrong country the consequences > could be rather significant." > > > Enjoy... > :-) Boring thing is that .... since we're talking RFCs (a.k.a. "the law").... That *shouldn't* be SHOULD, it *should* be MUST:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Fri Mar 7 06:52:39 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 7 06:53:09 2008 Subject: Mail PTR Records In-Reply-To: <47D052C7.2080208@farrows.org> References: <00fa01c87d42$ee3f2b90$6102a8c0@salemcorp.com> <8f54b4330803031115w74641d97o2cd5d4c6d6ac6584@mail.gmail.com> <47CC577D.7000207@evi-inc.com> <223f97700803041332t87f2e9dl738d34afed63a685@mail.gmail.com> <223f97700803041348q629b8723x660026b1ac8da160@mail.gmail.com> <47CDD922.5060703@evi-inc.com> <47D052C7.2080208@farrows.org> Message-ID: <47D0E637.8000803@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: | Just for the record, here is a deinition of "should" given to me today | during a trade show: | | "In the UK you *should* drive on the left, in the US and continental | Europe you should *drive* on the right. You can of course drive on the | left or right on any road but in the wrong country the consequences | could be rather significant." That is a typical case of misunderstanding the RFC. The RFC would use MUST here because this rule is in effect the law. So you are not allowed to do otherwise. A better case would be where you SHOULD be nice to your neighbors. There is no law there. So you can ignore it. But it makes sense to get along fine instead of fighting it out. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH0OY0BvzDRVjxmYERAkxcAJoD81MnL1vuJhdQWdlTMyuhE75KtwCfbzXy 6lyWq+YSlPLBWlI38ncCKI8= =ipEe -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Fri Mar 7 09:09:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 7 09:10:03 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <20080307024817.M69030@generalgau.com> References: <20080306211526.M21618@generalgau.com> <47D06C08.9040806@ecs.soton.ac.uk> <20080307024817.M69030@generalgau.com> Message-ID: <47D1063C.6030705@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you recently upgraded F-Prot? The new version 6 is a lot slower than the old version 4. You need my latest beta to get the code which will make version 6 run quickly. Tom Rogers wrote: > "Check for hardware faults. Does /proc/meminfo still agree with you on the > amount of RAM in the box, for example?" > > Yes. > > root@fatman:/home/tom# cat /proc/meminfo > MemTotal: 516048 kB > MemFree: 426620 kB > Buffers: 18412 kB > Cached: 37576 kB > SwapCached: 9316 kB > Active: 35732 kB > Inactive: 37024 kB > HighTotal: 0 kB > HighFree: 0 kB > LowTotal: 516048 kB > LowFree: 426620 kB > SwapTotal: 1572856 kB > SwapFree: 1504472 kB > Dirty: 148 kB > Writeback: 0 kB > AnonPages: 12728 kB > Mapped: 7576 kB > Slab: 10104 kB > SReclaimable: 3372 kB > SUnreclaim: 6732 kB > PageTables: 1160 kB > NFS_Unstable: 0 kB > Bounce: 0 kB > CommitLimit: 1830880 kB > Committed_AS: 293188 kB > VmallocTotal: 507896 kB > VmallocUsed: 3776 kB > VmallocChunk: 504004 kB > > "What virus scanners are you using?" > > F-Prot. I have ClamAV installed, but don't use it. > > 'Run "MailScanner --lint" ' > > root@fatman:/home/tom# MailScanner --lint > Read 759 hostnames from the phishing whitelist > Config: calling custom init function SQLBlacklist > Config: calling custom init function MailWatchLogging > Config: calling custom init function SQLWhitelist > MailScanner setting GID to (119) > MailScanner setting UID to (111) > > Checking for SpamAssassin errors (if you use it)... > lock.pl sees Config LockType = flock > lock.pl sees have_module = 0 > Using locktype = flock > MailScanner.conf says "Virus Scanners = f-prot" > Found these virus scanners installed: f-prot, clamavmodule > > > root@fatman:/home/tom# cat /etc/passwd | grep 119 > postfix:x:111:119::/var/spool/postfix:/bin/false > > 'as well as "MailScanner --debug" to check things out.' > > root@fatman:/home/tom# MailScanner --debug > In Debugging mode, not forking... > > > > On Thu, 06 Mar 2008 22:11:20 +0000, Julian Field wrote > >> Check for hardware faults. Does /proc/meminfo still agree with you >> on the amount of RAM in the box, for example? >> >> Sounds like you've already got 'Use SpamAssassin = no'. What virus >> scanners are you using? If you are using clamavmodule, I would >> switch to clamd if you can on your distro. >> >> Run "MailScanner --lint" as well as "MailScanner --debug" to check >> things out. >> >> Tom Rogers wrote: >> >>> I've been using Mailscanner for a few years now with no problems. Two weeks >>> ago, I started to have a problem. >>> >>> When I run Mailscanner, it maxes out my CPU and the amount of memory it uses >>> keeps climbing and climbing, until it eats all available memory and basically >>> freezes the system up. Mail is not processed from the Postfix hold queue. >>> >>> The system is basically used only by myself, for LAN file storage and email. >>> It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. >>> >>> Using Postfix for mail delivery; the OS is Ubuntu 6.04. >>> >>> I've disabled Spamassassin, but still have the same problem. >>> >>> Running Mailscanner in debug, I get the following: >>> >>> root@fatman:/home/tom# /etc/init.d/mailscanner start >>> In Debugging mode, not forking... >>> >>> >>> >From the /var/log/mail.info (nothing in the mail.err or mail.warn): >>> >>> Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner >>> version 4.57.6 starting... >>> Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the phishing >>> whitelist >>> Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init function >>> SQLBlacklist >>> Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist >>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries >>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function >>> MailWatchLogging >>> Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child >>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function >>> SQLWhitelist >>> Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist >>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries >>> Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock >>> >>> After about 20 minutes, the CPU is still at around 98-99% and using 450+MB of >>> RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). >>> >>> I've tried removing/purging/reinstalling Mailscanner, but keep coming up with >>> the same results. >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration >> help? Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH0QY9EfZZRxQVtlQRAviXAKCkEGNatCNbtgk0eJdqjFGZR1J9PgCeLFWe nGeryqQq+SKRc4Hx4HS+NM4= =J6aY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lhaig at haigmail.com Fri Mar 7 09:57:26 2008 From: lhaig at haigmail.com (Lance Haig) Date: Fri Mar 7 09:58:15 2008 Subject: Mainscanner running with zimbra? Message-ID: <47D11186.8050605@haigmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have a ubuntu dapper server with 2 IP addresses and running zimbra. I would like to get MailScanner running with zimbra on the same box Will it be possible? Anyone done this before? Thanks Lance -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFH0RFEVTfPK1L1ymERAmJ8AKCHsSABNGiM00ojukWXzVP9J/z5YACdGFOF vNOTGaqGaLR7J1m34q3I8dA= =Y9ko -----END PGP SIGNATURE----- From t.d.lee at durham.ac.uk Fri Mar 7 10:48:48 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 7 10:49:53 2008 Subject: MS/Solaris installation buglets In-Reply-To: <47AC8204.2070206@ecs.soton.ac.uk> References: <47AC8204.2070206@ecs.soton.ac.uk> Message-ID: On Fri, 8 Feb 2008, Julian Field wrote: > David Lee wrote: > > Julian: to report a couple of Solaris MS (4.66.5) installation buglets. > > > > 1. MakeMaker requires a release of File::Spec which may be more recent > > than that native in the OS. You already distribute a good File::Spec. > > > > Solution: Re-order the installation to do File::Spec before MakeMaker. > > (Tested: it works.) > > > Done. Will be in the next release. (Sorry for delay in replying. Various delays on site...) Many thanks for File::Spec. > > 2. MakeMaker build reports "Can't locate Pod/Man.pm in @INC...". Might > > these need something like "Pod::Man" adding to the list of modules you > > distribute? > > > This is a bigger problem. They don't distribute Pod::Man as a standalone > module unfortunately. Is it vital? Executive summary: this turns out to be the thin end of a fat wedge. Playing with wedge isn't going to scale well. So at the end of this email I propose a simple solution. Some detail: Don't know about Pod::Man. I decided to stop at that point, so that I could investigate more systematically... which I have just begun... I was trying this on Solaris 8 (yes, relatively old), whose native perl is "5.005_03" (yes, even older!) All sorts of other things started crawling out of the woodwork. Given those ages, I decided to abandon S8. Just trying Solaris-9, whose native perl seems to be "5.6.1". This is better, but still has woes: o Pod-Simple: failed some tests; seems to fail to install o Test-Pod: fails to build; many "Can't locate Test/More.pm in @INC ..." (presumably a result of "Pod-Simple") failure; o MailTools-2.02: fails: Perl v5.8.1 required--this is only v5.6.1 [...] o IO-1.2301: fails: IO.xs:138: parse error before `pos' And I suspect it would continue in this vein. I kow the installation procedure says not to worry too much ("the important ones are HTML-Parser and MIME-tools"). But is the above rate of failure really going to be OK? Jules: From your support perspective, might it simply be time to draw a line, and to do a very early test in 'install.sh' of the form: if perl < 5.8.1 then abandon any attempt to build In Solaris, that would imply either: o only working on S10 (and above) with native perl, or: o the end-user neeeding their own 5.8.1 (or above) perl. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From mailscanner at generalgau.com Fri Mar 7 10:55:20 2008 From: mailscanner at generalgau.com (Tom Rogers) Date: Fri Mar 7 11:08:10 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <47D1063C.6030705@ecs.soton.ac.uk> References: <20080306211526.M21618@generalgau.com> <47D06C08.9040806@ecs.soton.ac.uk> <20080307024817.M69030@generalgau.com> <47D1063C.6030705@ecs.soton.ac.uk> Message-ID: <20080307105449.M55656@generalgau.com> I'm 99.99% sure I didn't upgrade F-Prot recently, but to remove that from consideration, I changed the anti-virus from 'f-prot' to 'none'. Also changed the Max # of Child Processes to 1 as was recommended elsewhere. Same result as before. Tom Rogers On Fri, 07 Mar 2008 09:09:16 +0000, Julian Field wrote > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Have you recently upgraded F-Prot? The new version 6 is a lot slower > than the old version 4. You need my latest beta to get the code > which will make version 6 run quickly. > > Tom Rogers wrote: > > "Check for hardware faults. Does /proc/meminfo still agree with you on the > > amount of RAM in the box, for example?" > > > > Yes. > > > > root@fatman:/home/tom# cat /proc/meminfo > > MemTotal: 516048 kB > > MemFree: 426620 kB > > Buffers: 18412 kB > > Cached: 37576 kB > > SwapCached: 9316 kB > > Active: 35732 kB > > Inactive: 37024 kB > > HighTotal: 0 kB > > HighFree: 0 kB > > LowTotal: 516048 kB > > LowFree: 426620 kB > > SwapTotal: 1572856 kB > > SwapFree: 1504472 kB > > Dirty: 148 kB > > Writeback: 0 kB > > AnonPages: 12728 kB > > Mapped: 7576 kB > > Slab: 10104 kB > > SReclaimable: 3372 kB > > SUnreclaim: 6732 kB > > PageTables: 1160 kB > > NFS_Unstable: 0 kB > > Bounce: 0 kB > > CommitLimit: 1830880 kB > > Committed_AS: 293188 kB > > VmallocTotal: 507896 kB > > VmallocUsed: 3776 kB > > VmallocChunk: 504004 kB > > > > "What virus scanners are you using?" > > > > F-Prot. I have ClamAV installed, but don't use it. > > > > 'Run "MailScanner --lint" ' > > > > root@fatman:/home/tom# MailScanner --lint > > Read 759 hostnames from the phishing whitelist > > Config: calling custom init function SQLBlacklist > > Config: calling custom init function MailWatchLogging > > Config: calling custom init function SQLWhitelist > > MailScanner setting GID to (119) > > MailScanner setting UID to (111) > > > > Checking for SpamAssassin errors (if you use it)... > > lock.pl sees Config LockType = flock > > lock.pl sees have_module = 0 > > Using locktype = flock > > MailScanner.conf says "Virus Scanners = f-prot" > > Found these virus scanners installed: f-prot, clamavmodule > > > > > > root@fatman:/home/tom# cat /etc/passwd | grep 119 > > postfix:x:111:119::/var/spool/postfix:/bin/false > > > > 'as well as "MailScanner --debug" to check things out.' > > > > root@fatman:/home/tom# MailScanner --debug > > In Debugging mode, not forking... > > > > > > > > On Thu, 06 Mar 2008 22:11:20 +0000, Julian Field wrote > > > >> Check for hardware faults. Does /proc/meminfo still agree with you > >> on the amount of RAM in the box, for example? > >> > >> Sounds like you've already got 'Use SpamAssassin = no'. What virus > >> scanners are you using? If you are using clamavmodule, I would > >> switch to clamd if you can on your distro. > >> > >> Run "MailScanner --lint" as well as "MailScanner --debug" to check > >> things out. > >> > >> Tom Rogers wrote: > >> > >>> I've been using Mailscanner for a few years now with no problems. Two weeks > >>> ago, I started to have a problem. > >>> > >>> When I run Mailscanner, it maxes out my CPU and the amount of memory it uses > >>> keeps climbing and climbing, until it eats all available memory and basically > >>> freezes the system up. Mail is not processed from the Postfix hold queue. > >>> > >>> The system is basically used only by myself, for LAN file storage and email. > >>> It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > >>> > >>> Using Postfix for mail delivery; the OS is Ubuntu 6.04. > >>> > >>> I've disabled Spamassassin, but still have the same problem. > >>> > >>> Running Mailscanner in debug, I get the following: > >>> > >>> root@fatman:/home/tom# /etc/init.d/mailscanner start > >>> In Debugging mode, not forking... > >>> > >>> > >>> >From the /var/log/mail.info (nothing in the mail.err or mail.warn): > >>> > >>> Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner > >>> version 4.57.6 starting... > >>> Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the phishing > >>> whitelist > >>> Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init function > >>> SQLBlacklist > >>> Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > >>> MailWatchLogging > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init function > >>> SQLWhitelist > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries > >>> Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock > >>> > >>> After about 20 minutes, the CPU is still at around 98-99% and using 450+MB of > >>> RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). > >>> > >>> I've tried removing/purging/reinstalling Mailscanner, but keep coming up with > >>> the same results. > >>> > >>> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> MailScanner customisation, or any advanced system administration > >> help? Contact me at Jules@Jules.FM > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> PGP public key: http://www.jules.fm/julesfm.asc > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH0QY9EfZZRxQVtlQRAviXAKCkEGNatCNbtgk0eJdqjFGZR1J9PgCeLFWe > nGeryqQq+SKRc4Hx4HS+NM4= > =J6aY > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Fri Mar 7 11:42:36 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 7 11:43:32 2008 Subject: Spam Graph Message-ID: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> Hi, Just in case people get complaints about some spam passing by this might be a nice graph to show how poor email has become: http://www.barracudacentral.com/index.cgi?p=spam OK, this is the competion ;-) But I guess this is a reasonable average. I guess `tar --with-feathers` will not be sufficient to stop this. Hugo. -- From martinh at solidstatelogic.com Fri Mar 7 11:55:15 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 7 11:56:04 2008 Subject: Spam Graph In-Reply-To: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> Message-ID: Hugo I'd say 93% is prob a little low for us, but very within range what I see here... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 07 March 2008 11:43 > To: MailScanner discussion > Subject: Spam Graph > > Hi, > > Just in case people get complaints about some spam passing by this might > be a nice graph to show how poor email has become: > http://www.barracudacentral.com/index.cgi?p=spam > > OK, this is the competion ;-) But I guess this is a reasonable average. > > I guess `tar --with-feathers` will not be sufficient to stop this. > > Hugo. > > -- > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ugob at lubik.ca Fri Mar 7 12:18:26 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Mar 7 12:19:26 2008 Subject: Include tools with MailScanner distro In-Reply-To: <47D0E43E.5050104@vanderkooij.org> References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> <47D06A5E.7030102@ecs.soton.ac.uk> <47D0E43E.5050104@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > > |> The wiki will let everyone upload, describe (think README) and edit > |> stuff with full revision control in the simplest way possible. And > |> Julian doesn't have to administer access to the web server for us. A > |> full-blown code repository seems, well overblown. ;-) > |> > | You took the words right out of my mouth. A branch in the wiki will do > | the job nicely. > > Jules would you do the honor and open up the branch? I'll do it when I have some free time. Should be soon. Ugo From ugob at lubik.ca Fri Mar 7 13:01:47 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Mar 7 13:02:36 2008 Subject: Include tools with MailScanner distro In-Reply-To: References: <003701c87f90$42cbcd90$e5b418ac@dell> <625385e30803060600q65ad7383vfeaeab15afdb8e4b@mail.gmail.com> <47D001FF.9060308@elirion.net> <47D03849.8000008@ecs.soton.ac.uk> <47D04BA0.8050402@rma.edu> <625385e30803061333q2bb27dd3qd41bfeed7f5b433c@mail.gmail.com> <47D06A5E.7030102@ecs.soton.ac.uk> <47D0E43E.5050104@vanderkooij.org> Message-ID: Ugo Bellavance wrote: > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Julian Field wrote: >> >> |> The wiki will let everyone upload, describe (think README) and edit >> |> stuff with full revision control in the simplest way possible. And >> |> Julian doesn't have to administer access to the web server for us. A >> |> full-blown code repository seems, well overblown. ;-) >> |> >> | You took the words right out of my mouth. A branch in the wiki will do >> | the job nicely. >> >> Jules would you do the honor and open up the branch? > > I'll do it when I have some free time. Should be soon. > > Ugo > http://wiki.mailscanner.info/doku.php?id=&idx=contrib_tools From hellowe at gmail.com Fri Mar 7 12:54:24 2008 From: hellowe at gmail.com (louie) Date: Fri Mar 7 13:05:19 2008 Subject: Sophos Error message References: <47BEFF53.20E8.005B.0@harper-adams.ac.uk> Message-ID: Howard Robinson Harper-Adams.ac.uk> writes: > > Dear list > I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's routine /usr/sbin/Sophos.install > > It appeared to run through okay but seemed fast! > Anyway on restarting MailScanner I get the following in the Maillog and emails refused to move in or out. > > "SophosSAVI ERROR:: getting version: One of the files in a split-virus data set could not be located (557)" > > Any ideas > I had a quick look at WIKI but nothing appeared to be relevant . > > In the end I had to rem out sophos from list of virus scanners used to get email flowing again. Two others are > still there and so we are not unprotected but I like Sophos and usually it updates ok > > Any help appreciated. > > Thanks > Have a good weekend. > > Regards > > Howard Robinson, > (Senior Technical Development Officer), > Harper Adams University College, > Edgmond, > Newport, > Shropshire , > TF10 8NB. > > Tel. Direct 01952 815253 > Tel. Switch Board 01952 820280 > Fax 01952 814783 > Email hrobinson harper-adams.ac.uk > Web www.harper-adams.ac.uk > Hi Howard, I also have the similar problem, have you solved for it? Thanks, Louie From ugob at lubik.ca Fri Mar 7 13:05:40 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Fri Mar 7 13:10:12 2008 Subject: new wiki section: contrib_tools Message-ID: Hi, I just created a new section on the wiki. Its purpse is to be some kind of repository for small tools that are handy to diagnose or tune MailScanner servers. http://wiki.mailscanner.info/doku.php?id=&idx=contrib_tools Feel free to add new scripts or improve existing ones. I suggest that we should post here when there is a new tool, or when a tool is improved. If the volume becomes too big on this list, I guess we could create another mailing list. Of course, the volume will probably be high at first, but it should calm down. Thanks for your help. Ugo From v at vladville.com Fri Mar 7 14:15:22 2008 From: v at vladville.com (Vlad Mazek) Date: Fri Mar 7 14:15:58 2008 Subject: conf file changes for multiple MailScanners Message-ID: I am trying to run multiple MailScanner instances (different conf files) on the same system and I was wondering if anyone had tried the same? The specific question I have is in regard to the changes that need to be made to the conf file in order to accomodate that, is it more than just the pid? I have been able to launch them and run them simultaneously just by giving each their own pid, but I'm experiencing a lot of crashing (as in the process dies without leaving a trail in the logs) at random intervals. So far nothing from strace or debug logs, it just vanishes. Ghost Friday I guess :) -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/e26a5018/attachment.html From martinh at solidstatelogic.com Fri Mar 7 14:18:28 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 7 14:19:11 2008 Subject: Sophos Error message In-Reply-To: Message-ID: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> Louie Latest stable fixes the issue. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of louie > Sent: 07 March 2008 12:54 > To: mailscanner@lists.mailscanner.info > Subject: Re: Sophos Error message > > Howard Robinson Harper-Adams.ac.uk> writes: > > > > > Dear list > > I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's > routine > /usr/sbin/Sophos.install > > > > It appeared to run through okay but seemed fast! > > Anyway on restarting MailScanner I get the following in the Maillog and > emails > refused to move in or out. > > > > "SophosSAVI ERROR:: getting version: One of the files in a split-virus > data > set could not be located (557)" > > > > Any ideas > > I had a quick look at WIKI but nothing appeared to be relevant . > > > > In the end I had to rem out sophos from list of virus scanners used to > get > email flowing again. Two others are > > still there and so we are not unprotected but I like Sophos and usually > it > updates ok > > > > Any help appreciated. > > > > Thanks > > Have a good weekend. > > > > Regards > > > > Howard Robinson, > > (Senior Technical Development Officer), > > Harper Adams University College, > > Edgmond, > > Newport, > > Shropshire , > > TF10 8NB. > > > > Tel. Direct 01952 815253 > > Tel. Switch Board 01952 820280 > > Fax 01952 814783 > > Email hrobinson harper-adams.ac.uk > > Web www.harper-adams.ac.uk > > > Hi Howard, > > I also have the similar problem, have you solved for it? > > Thanks, > Louie > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ms-list at alexb.ch Fri Mar 7 14:35:41 2008 From: ms-list at alexb.ch (Alex Broens) Date: Fri Mar 7 14:36:21 2008 Subject: new wiki section: contrib_tools In-Reply-To: References: Message-ID: <47D152BD.6000506@alexb.ch> On 3/7/2008 2:05 PM, Ugo Bellavance wrote: > Hi, > > I just created a new section on the wiki. Its purpse is to be some > kind of repository for small tools that are handy to diagnose or tune > MailScanner servers. > > http://wiki.mailscanner.info/doku.php?id=&idx=contrib_tools > > Feel free to add new scripts or improve existing ones. > > I suggest that we should post here when there is a new tool, or when a > tool is improved. If the volume becomes too big on this list, I guess > we could create another mailing list. Of course, the volume will > probably be high at first, but it should calm down. > > Thanks for your help. > > Ugo Done.. little addition to: http://wiki.mailscanner.info/doku.php?id=contrib_tools:check_process_speed From johnnyb at marlboro.edu Fri Mar 7 14:48:16 2008 From: johnnyb at marlboro.edu (John Baker) Date: Fri Mar 7 14:48:58 2008 Subject: "Syntax error in Postfix queue file"? Message-ID: <47D155B0.40204@marlboro.edu> Hi, Something seemed to go wrong at some point this week and I keep getting this Mailscanner error in my syslog. Syntax error in Postfix queue file, didn't start with a C record Running qshape hold gives me this Use of uninitialized value in subtraction (-) at /usr/sbin/qshape line 251. That section looks like this. 246 # bucket 0 is the total over all the buckets. 247 # buckets 1 to $bnum contain the age breakdown. 248 # 249 sub bucket { 250 my ($qt, $now) = @_; 251 my $m = ($now - $qt) / (60 * $tick); 252 return 1 if ($m < 1); 253 my $b = $opts{"l"} ? int($m+1) : 2 + int(log($m) / log(2)); 254 $b < $bnum ? $b : $bnum; 255 } I'm not really sure what's happened here. Does anybody have any ideas? Something is wrong with the ques yet mail actually does seem to be going through the server. -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From shuttlebox at gmail.com Fri Mar 7 15:03:28 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 7 15:04:03 2008 Subject: conf file changes for multiple MailScanners In-Reply-To: References: Message-ID: <625385e30803070703u8c5b00fvcbd6d6fcb9c6b319@mail.gmail.com> On Fri, Mar 7, 2008 at 3:15 PM, Vlad Mazek wrote: > I am trying to run multiple MailScanner instances (different conf files) on > the same system and I was wondering if anyone had tried the same? The > specific question I have is in regard to the changes that need to be made to > the conf file in order to accomodate that, is it more than just the pid? > > I have been able to launch them and run them simultaneously just by giving > each their own pid, but I'm experiencing a lot of crashing (as in the > process dies without leaving a trail in the logs) at random intervals. So > far nothing from strace or debug logs, it just vanishes. You would probably save yourself a lot of grief by using something like Solaris Zones or Linux Xen or something equivalent for your OS. :-) -- /peter From glenn.steen at gmail.com Fri Mar 7 15:10:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 7 15:10:53 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail In-Reply-To: <20080307105449.M55656@generalgau.com> References: <20080306211526.M21618@generalgau.com> <47D06C08.9040806@ecs.soton.ac.uk> <20080307024817.M69030@generalgau.com> <47D1063C.6030705@ecs.soton.ac.uk> <20080307105449.M55656@generalgau.com> Message-ID: <223f97700803070710j4ab43467if8945575ec161620@mail.gmail.com> On 07/03/2008, Tom Rogers wrote: > I'm 99.99% sure I didn't upgrade F-Prot recently, but to remove that from > consideration, I changed the anti-virus from 'f-prot' to 'none'. > > Also changed the Max # of Child Processes to 1 as was recommended elsewhere. > > > Same result as before. > > > > Tom Rogers > (snip) So what did you change? Or was changed for you? Exact version of Postfix? Do you use milters? Have you done the checks Kevin Miller missent to another thread.... basically "check your hold queue for non-queue files", likely one of the oldest files in that directory...? So many queastion.... but we do need the answers to better help you:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Mar 7 15:39:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 7 15:39:51 2008 Subject: "Syntax error in Postfix queue file"? In-Reply-To: <47D155B0.40204@marlboro.edu> References: <47D155B0.40204@marlboro.edu> Message-ID: <223f97700803070739g64df8fd3g151c3f7d45b59d64@mail.gmail.com> On 07/03/2008, John Baker wrote: > Hi, > > Something seemed to go wrong at some point this week and I keep getting > this Mailscanner error in my syslog. > > Syntax error in Postfix queue file, didn't start with a C record > > Running qshape hold gives me this > > Use of uninitialized value in subtraction (-) at /usr/sbin/qshape line 251. > > That section looks like this. > > 246 # bucket 0 is the total over all the buckets. > 247 # buckets 1 to $bnum contain the age breakdown. > 248 # > 249 sub bucket { > 250 my ($qt, $now) = @_; > 251 my $m = ($now - $qt) / (60 * $tick); > 252 return 1 if ($m < 1); > 253 my $b = $opts{"l"} ? int($m+1) : 2 + int(log($m) / log(2)); > 254 $b < $bnum ? $b : $bnum; > 255 } > > I'm not really sure what's happened here. Does anybody have any ideas? > > Something is wrong with the ques yet mail actually does seem to be going > through the server. What does "postqueue -p" (a.k.a. mailq) have to say? Basically what seems to be happening is that you have a very invalid (possibly non-) queue file in hold, that MailScanner drops from the batch every time it gets "eligible" for pickup. Look in the hold queue, probably at one of the oldest files... Can you "postcat" them? That mail still flows is because MS successfully drops it from the batch. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mgaudreault at reference.qc.ca Fri Mar 7 15:47:36 2008 From: mgaudreault at reference.qc.ca (Maxime Gaudreault) Date: Fri Mar 7 15:50:26 2008 Subject: Lock on bayes Message-ID: <6DD6B2C8A11BFC4092A148347F6126B85453BF@jupiter.reference.local> Does this can cause a delay ? 10:48:19 [4926] dbg: locker: safe_lock: created /opt/MailScanner/etc/bayes/bayes.mutex 10:48:19 [4926] dbg: locker: safe_lock: trying to get lock on /opt/MailScanner/etc/bayes/bayes with 10 timeout 10:48:19 [4926] dbg: locker: safe_lock: link to /opt/MailScanner/etc/bayes/bayes.mutex: link ok 10:48:19 [4926] dbg: bayes: tie-ing to DB file R/W /opt/MailScanner/etc/bayes/bayes_toks 10:48:19 [4926] dbg: bayes: tie-ing to DB file R/W /opt/MailScanner/etc/bayes/bayes_seen 10:48:19 [4926] dbg: bayes: found bayes db version 3 10:48:20 [4926] dbg: bayes: learned 'afb0acc5fea2c9c75499b9d618a0534592059f3a@sa_generated', atime: 1204904887 10:48:20 [4926] dbg: bayes: untie-ing 10:48:21 [4926] dbg: bayes: files locked, now unlocking lock 10:48:21 [4926] dbg: locker: safe_unlock: unlocked /opt/MailScanner/etc/bayes/bayes.mutex Maxime Gaudreault Technicien R?f?rence Syst?mes inc. T?l. : 418.650.0997 T?l?c. : 418.650.9668 Courriel : mgaudreault@reference.qc.ca Site Internet : http://www.reference.qc.ca/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/aa854b8e/attachment.html From TGFurnish at herffjones.com Fri Mar 7 16:04:22 2008 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Fri Mar 7 16:05:02 2008 Subject: quick question: Does "is.definitely.spam.rules" yield SA training? Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03EA73@inex3.herffjones.hj-int> If a message is marked as spam thanks to being caught by an "Is Definitely Spam" rule, does that message get passed to spamassassin for training Bayes? I found a source of spam that still uses a static IP address and doesn't send out enough that processing it is a problem, so rather than block it at the MTA I thought, "Let them train the system..." But then I thought about it a bit more and began to wonder whether MailScanner even runs SA on mail you've categorized that way. -- Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. Unix / Network Administrator Phone: 317.612.3519 Any sufficiently advanced technology is indistinguishable from Unix. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/a857db1f/attachment.html From jaearick at colby.edu Fri Mar 7 16:14:28 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Mar 7 16:15:12 2008 Subject: MS cores in debug mode, runs fine otherwise Message-ID: Julian, Setup: Solaris 10 sparc, MS 4.67.6-1, SA 3.2.4, razor, dcc. When I run MailScanner in debug mode, or debug and sa-debug mode, the output ends with: [13941] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=6.838, head-points=6.838, learned-points=0 [13941] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam Segmentation Fault - core dumped Failed. I find no core file anyplace (even after using coreadm to allow setid and other types of unsecure core files). Thinking it was bayes, I moved my /var/spool/spamassassin directory aside, created a new one, same thing. The funny thing is... MS runs great 24x7 without debug mode. Version 4.66.5-2 had the same issue. I've never found a core file anyplace. Any ideas? Jeff Earickson Colby College From rcooper at dwford.com Fri Mar 7 16:15:54 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 7 16:16:32 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <47CFF7F3.1060307@ecs.soton.ac.uk> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> <47CFDEFA.8020103@ecs.soton.ac.uk><003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> <47CFF7F3.1060307@ecs.soton.ac.uk> Message-ID: <034501c8806e$853eea70$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Thursday, March 06, 2008 8:56 AM > To: MailScanner discussion > Subject: Re: F-Prot 6 (and lack of speed thereof) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released 4.68.1 which includes support for the scanner > "f-protd-6" which uses the fpscand daemon provided with > F-Prot 6. Very > much faster than the scanner "f-prot-6" which uses the command-line > scanner provided with F-Prot 6. > I haven't downloaded this version of MailScanner yet but I did try a modified version of the perl client that comes with f-prot and I am amazed at the speed difference! It was so fast scanning a 128 mb exe that I had to test it with a couple eicar variants just to be sure it was actually reading the files. In my opinion this is the fastest scanner I have yet to come across and was wondering if you are seeing the same thing. I added a fpscand wrapper for my test viralator/squid setup and the speed is phenomenal, the load is insignificant and I might just move this into the larger user base squid servers... Clamd, f-prot, bdc were all too slow on large files (hell clamd caused many timeout issues because of it's poor speed) and fpscand just zips through even huge files in literally seconds. Thanks for getting me interested in this product Julian. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 7 17:10:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 7 17:11:47 2008 Subject: F-Prot 6 (and lack of speed thereof) In-Reply-To: <034501c8806e$853eea70$0301a8c0@SAHOMELT> References: <47CF2415.7080400@ecs.soton.ac.uk> <1d6d01c87f19$5ec296e0$0301a8c0@SAHOMELT> <47CFDEFA.8020103@ecs.soton.ac.uk><003601c87f8b$9cf3bc60$0301a8c0@SAHOMELT> <47CFF7F3.1060307@ecs.soton.ac.uk> <034501c8806e$853eea70$0301a8c0@SAHOMELT> Message-ID: <47D1771E.2060601@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BTW I found one small bug in my fpscand support, I'll issue a fix tomorrow. It doesn't like filenames with spaces in. Rick Cooper wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On > > Behalf Of Julian Field > > Sent: Thursday, March 06, 2008 8:56 AM > > To: MailScanner discussion > > Subject: Re: F-Prot 6 (and lack of speed thereof) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I have just released 4.68.1 which includes support for the scanner > > "f-protd-6" which uses the fpscand daemon provided with > > F-Prot 6. Very > > much faster than the scanner "f-prot-6" which uses the command-line > > scanner provided with F-Prot 6. > > > > I haven't downloaded this version of MailScanner yet but I did try a > modified version of the perl client that comes with f-prot and I am amazed > at the speed difference! It was so fast scanning a 128 mb exe that I had to > test it with a couple eicar variants just to be sure it was actually reading > the files. In my opinion this is the fastest scanner I have yet to come > across and was wondering if you are seeing the same thing. > > I added a fpscand wrapper for my test viralator/squid setup and the speed is > phenomenal, the load is insignificant and I might just move this into the > larger user base squid servers... Clamd, f-prot, bdc were all too slow on > large files (hell clamd caused many timeout issues because of it's poor > speed) and fpscand just zips through even huge files in literally seconds. > Thanks for getting me interested in this product Julian. > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH0XcfEfZZRxQVtlQRAp6wAKDq+MyUuTNDQ4dDSNmspV+ylaKUgwCgjEjo E0lYHjKoQS7XFJBTzPwdipA= =qJTm -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From v at vladville.com Fri Mar 7 17:39:40 2008 From: v at vladville.com (Vlad Mazek) Date: Fri Mar 7 17:40:16 2008 Subject: conf file changes for multiple MailScanners In-Reply-To: <625385e30803070703u8c5b00fvcbd6d6fcb9c6b319@mail.gmail.com> References: <625385e30803070703u8c5b00fvcbd6d6fcb9c6b319@mail.gmail.com> Message-ID: Unfortunately, the two share the multiple mail queues on the system. -Vlad On 3/7/08, shuttlebox wrote: > > On Fri, Mar 7, 2008 at 3:15 PM, Vlad Mazek wrote: > > I am trying to run multiple MailScanner instances (different conf files) > on > > the same system and I was wondering if anyone had tried the same? The > > specific question I have is in regard to the changes that need to be > made to > > the conf file in order to accomodate that, is it more than just the pid? > > > > I have been able to launch them and run them simultaneously just by > giving > > each their own pid, but I'm experiencing a lot of crashing (as in the > > process dies without leaving a trail in the logs) at random intervals. > So > > far nothing from strace or debug logs, it just vanishes. > > > You would probably save yourself a lot of grief by using something > like Solaris Zones or Linux Xen or something equivalent for your OS. > :-) > > -- > /peter > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -Vlad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/421cd325/attachment.html From paul.hutchings at mira.co.uk Fri Mar 7 17:50:36 2008 From: paul.hutchings at mira.co.uk (Paul Hutchings) Date: Fri Mar 7 17:51:24 2008 Subject: Oversized.zip error with clamav/mailscanner Message-ID: I'm running the latest clamav 0.92.1 and mailscanner 4.66.5.3 and occasionally I get the oversized.zip bug in clamav. Is there a fix for this yet (via mailscanner or clamav) please? I see there's a "ClamAVmodule Maximum Compression Ratio = 250" setting in mailscanner.conf, but I'm not sure what a suitable setting might be, if indeed that's the problem. Cheers, Paul Paul Hutchings Network Administrator, MIRA Ltd. Tel: 44 (0)24 7635 5378 Fax: 44 (0)24 7635 8378 mailto:paul.hutchings@mira.co.uk -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England. Registered in England and Wales No. 402570 VAT Registration GB 114 5409 96 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. From Denis.Beauchemin at USherbrooke.ca Fri Mar 7 18:43:32 2008 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Mar 7 18:44:18 2008 Subject: Oversized.zip error with clamav/mailscanner In-Reply-To: References: Message-ID: <47D18CD4.1030601@USherbrooke.ca> Paul Hutchings a ?crit : > I'm running the latest clamav 0.92.1 and mailscanner 4.66.5.3 and > occasionally I get the oversized.zip bug in clamav. > > Is there a fix for this yet (via mailscanner or clamav) please? > > I see there's a "ClamAVmodule Maximum Compression Ratio = 250" setting > in mailscanner.conf, but I'm not sure what a suitable setting might be, > if indeed that's the problem. > > > Paul, Mine is set to 950 and it didn't get me in any trouble... Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From arturs at netvision.net.il Fri Mar 7 19:55:18 2008 From: arturs at netvision.net.il (Arthur Sherman) Date: Fri Mar 7 19:56:00 2008 Subject: Include tools with MailScanner distro In-Reply-To: Message-ID: <00f201c8808d$2b49f3b0$e5b418ac@dell> > > I'll do it when I have some free time. Should be soon. > > > > Ugo > > > > http://wiki.mailscanner.info/doku.php?id=&idx=contrib_tools Thanks! Best, -- Arthur Sherman From johnnyb at marlboro.edu Fri Mar 7 20:27:06 2008 From: johnnyb at marlboro.edu (John Baker) Date: Fri Mar 7 20:27:45 2008 Subject: "Syntax error in Postfix queue file"? In-Reply-To: <223f97700803070739g64df8fd3g151c3f7d45b59d64@mail.gmail.com> References: <47D155B0.40204@marlboro.edu> <223f97700803070739g64df8fd3g151c3f7d45b59d64@mail.gmail.com> Message-ID: <47D1A51A.80304@marlboro.edu> Okay, I found two problem files that way and removed them. All fixed now. Thanks Glenn Steen wrote: > On 07/03/2008, John Baker wrote: >> Hi, >> >> Something seemed to go wrong at some point this week and I keep getting >> this Mailscanner error in my syslog. >> >> Syntax error in Postfix queue file, didn't start with a C record >> >> Running qshape hold gives me this >> >> Use of uninitialized value in subtraction (-) at /usr/sbin/qshape line 251. >> >> That section looks like this. >> >> 246 # bucket 0 is the total over all the buckets. >> 247 # buckets 1 to $bnum contain the age breakdown. >> 248 # >> 249 sub bucket { >> 250 my ($qt, $now) = @_; >> 251 my $m = ($now - $qt) / (60 * $tick); >> 252 return 1 if ($m < 1); >> 253 my $b = $opts{"l"} ? int($m+1) : 2 + int(log($m) / log(2)); >> 254 $b < $bnum ? $b : $bnum; >> 255 } >> >> I'm not really sure what's happened here. Does anybody have any ideas? >> >> Something is wrong with the ques yet mail actually does seem to be going >> through the server. > > What does "postqueue -p" (a.k.a. mailq) have to say? Basically what > seems to be happening is that you have a very invalid (possibly non-) > queue file in hold, that MailScanner drops from the batch every time > it gets "eligible" for pickup. Look in the hold queue, probably at one > of the oldest files... Can you "postcat" them? > > That mail still flows is because MS successfully drops it from the batch. > > Cheers -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From ssilva at sgvwater.com Fri Mar 7 21:36:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 7 21:37:53 2008 Subject: Spam Graph In-Reply-To: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> References: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> Message-ID: on 3-7-2008 3:42 AM Hugo van der Kooij spake the following: > Hi, > > Just in case people get complaints about some spam passing by this might > be a nice graph to show how poor email has become: > http://www.barracudacentral.com/index.cgi?p=spam > > OK, this is the competion ;-) But I guess this is a reasonable average. > > I guess `tar --with-feathers` will not be sufficient to stop this. > > Hugo. > With all that competition in the pharmaceuticals area, maybe Vi@gr@ will get cheaper! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/000dae70/signature.bin From gmane at tippingmar.com Fri Mar 7 21:56:33 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 7 21:57:22 2008 Subject: Oversized.zip error with clamav/mailscanner In-Reply-To: <47D18CD4.1030601@USherbrooke.ca> References: <47D18CD4.1030601@USherbrooke.ca> Message-ID: Denis Beauchemin wrote: > Paul Hutchings a ?crit : >> I'm running the latest clamav 0.92.1 and mailscanner 4.66.5.3 and >> occasionally I get the oversized.zip bug in clamav. >> >> Is there a fix for this yet (via mailscanner or clamav) please? >> >> I see there's a "ClamAVmodule Maximum Compression Ratio = 250" setting >> in mailscanner.conf, but I'm not sure what a suitable setting might be, >> if indeed that's the problem. >> > Paul, > > Mine is set to 950 and it didn't get me in any trouble... > > Denis Or set it to 0 to disable this check. I've seen legitimate files that still trigger it at 350. Mark From ssilva at sgvwater.com Fri Mar 7 22:31:51 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 7 22:32:31 2008 Subject: new wiki section: contrib_tools In-Reply-To: References: Message-ID: on 3-7-2008 5:05 AM Ugo Bellavance spake the following: > Hi, > > I just created a new section on the wiki. Its purpse is to be some > kind of repository for small tools that are handy to diagnose or tune > MailScanner servers. > > http://wiki.mailscanner.info/doku.php?id=&idx=contrib_tools > > Feel free to add new scripts or improve existing ones. > > I suggest that we should post here when there is a new tool, or when a > tool is improved. If the volume becomes too big on this list, I guess > we could create another mailing list. Of course, the volume will > probably be high at first, but it should calm down. > > Thanks for your help. > > Ugo > Added a backup and restore script for MailScanner based on one originally provided by Julian. http://wiki.mailscanner.info/doku.php?id=contrib_tools:mailscanner:back_and_restore -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080307/355f1511/signature.bin From list at torpey.org Sat Mar 8 00:34:44 2008 From: list at torpey.org (Steve' Mailing List) Date: Sat Mar 8 00:33:08 2008 Subject: Fw: MailScanner 4.67.6 - Double processing of message and then Unlink error Message-ID: <115501c880b4$37ebad80$6601a8c0@torpey1> I have been having double processing of a message and then an unlinking error from the second child. Since my server has very very low volume I just set the children to 1. Basically the problem, as I see it, is that while Child 1 is processing the message, Child 2 starts processing. After Child 1 has decided what to do with the message and removes the message from mqueue.in, then Child 2 has finished deciding what to do and then can not find the message to take action. I think this is close the "duplicate message" problems, but since my volume is minimal, Child 1 can remove the message before Child 2 takes action. I upgraded to 4.67.6 and set children to 5 and have the same problem. Log output, mailscanner starting: --------------------------------------- Feb 16 07:06:54 firewall MailScanner[29990]: MailScanner E-Mail Virus Scanner version 4.67.4 starting... Feb 16 07:06:54 firewall MailScanner[29990]: Read 817 hostnames from the phishing whitelist Feb 16 07:06:54 firewall MailScanner[29990]: Read 5198 hostnames from the phishing blacklist Feb 16 07:06:54 firewall MailScanner[29990]: Config: calling custom init function MailWatchLogging Feb 16 07:06:54 firewall MailScanner[29990]: Started SQL Logging child Feb 16 07:06:54 firewall MailScanner[29990]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Feb 16 07:06:54 firewall MailScanner[29990]: Using SpamAssassin results cache Feb 16 07:06:54 firewall MailScanner[29990]: Connected to SpamAssassin cache database Feb 16 07:06:55 firewall MailScanner[29990]: Expired 4 records from the SpamAssassin cache Feb 16 07:06:55 firewall MailScanner[29990]: Enabling SpamAssassin auto-whitelist functionality... Feb 16 07:07:01 firewall MailScanner[29990]: Using locktype = posix Feb 16 07:07:01 firewall MailScanner[29990]: Creating hardcoded struct_flock subroutine for linux (Linux-type) -------------------------------------- Maillog from Child 1 [21738] and Child 2 [21734] processing the same message: ------------------------------------- Feb 15 21:41:09 firewall sendmail[23711]: m1G3f90I023711: from=, size=10010, class=0, nrcpts=1, msgid=<47b62323ka5bbd-qwki6wp5l@pomegranatethistle.com>, proto=SMTP, daemon=MTA, relay=pomegranatethistle.com [209.58.38.171] Feb 15 21:41:09 firewall sendmail[23711]: m1G3f90I023711: to=, delay=00:00:00, mailer=esmtp, pri=40010, stat=queued Feb 15 21:41:09 firewall MailScanner[21738]: New Batch: Scanning 1 messages, 10516 bytes Feb 15 21:41:09 firewall MailScanner[21738]: Spam Checks: Starting Feb 15 21:41:09 firewall MailScanner[21738]: Expired 1 records from the SpamAssassin cache Feb 15 21:41:11 firewall sendmail[23705]: m1G3e9Bi023705: from=<1-6096106-?jan@mx1.twotipperty.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=mx1.twotipperty.com [66.160.171.202] Feb 15 21:41:29 firewall MailScanner[21738]: Message m1G3f90I023711 from 209.58.38.171 (timeforaraise@pomegranatethistle.com) to torpey.org is spam, SpamAssassin (not cached, score=21.098, required 4.9, autolearn=spam, BAYES_50 0.00, FUZZY_MILLION 2.53, HTML_IMAGE_RATIO_04 0.17, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 1.40, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, AZOR2_CHECK 0.50, RCVD_IN_BLCSMA_spamikaze 3.00, RCVD_IN_SBLCSMA_spamikaze 2.00, SPF_HELO_PASS -0.00, SPF_PASS -0.00, URIBL_BLACK 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, to_subscriber 2.00) Feb 15 21:41:29 firewall MailScanner[21738]: Spam Checks: Found 1 spam messages Feb 15 21:41:29 firewall MailScanner[21738]: Spam Actions: message m1G3f90I023711 actions are store,spamtrap@firewall,forward Feb 15 21:41:30 firewall MailScanner[21738]: Virus and Content Scanning: Starting Feb 15 21:41:30 firewall MailScanner[21734]: New Batch: Scanning 1 messages, 10516 bytes Feb 15 21:41:30 firewall MailScanner[21734]: Spam Checks: Starting Feb 15 21:41:31 firewall MailScanner[21738]: Uninfected: Delivered 1 messages Feb 15 21:41:31 firewall MailScanner[21738]: Logging message m1G3f90I023711 to SQL Feb 15 21:41:31 firewall MailScanner[21732]: m1G3f90I023711: Logged to MailWatch SQL Feb 15 21:41:33 firewall sendmail[23723]: m1G3f90I023711: to=|/opt/spamikaze/scripts/passivetrap.pl, ctladdr= (8/0), delay=00:00:24, xdelay=00:00:02, mailer=prog, pri=130010, dsn=2.0.0, stat=Sent Feb 15 21:41:41 firewall MailScanner[21734]: SpamAssassin cache hit for message m1G3f90I023711 Feb 15 21:41:41 firewall MailScanner[21734]: Message m1G3f90I023711 from 209.58.38.171 (timeforaraise@pomegranatethistle.com) to torpey.org is spam, SpamAssassin (cached, score=21.098, required 4.9, autolearn=spam, BAYES_50 0.00, FUZZY_MILLION 2.53, HTML_IMAGE_RATIO_04 0.17, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 1.40, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, AZOR2_CHECK 0.50, RCVD_IN_BLCSMA_spamikaze 3.00, RCVD_IN_SBLCSMA_spamikaze 2.00, SPF_HELO_PASS -0.00, SPF_PASS -0.00, RIBL_BLACK 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, to_subscriber 2.00) Feb 15 21:41:41 firewall MailScanner[21734]: Spam Checks: Found 1 spam messages Feb 15 21:41:41 firewall MailScanner[21734]: Spam Actions: message m1G3f90I023711 actions are store,spamtrap@firewall,forward Feb 15 21:41:42 firewall MailScanner[21734]: Virus and Content Scanning: Starting Feb 15 21:41:42 firewall MailScanner[21734]: Unlinking /var/spool/mqueue.in/qfm1G3f90I023711 failed: No such file or directory Feb 15 21:41:42 firewall MailScanner[21734]: Unlinking /var/spool/mqueue.in/dfm1G3f90I023711 failed: No such file or directory Feb 15 21:41:42 firewall MailScanner[21734]: Unlinking /var/spool/mqueue.in/qfm1G3f90I023711 failed: No such file or directory Feb 15 21:41:42 firewall MailScanner[21734]: Unlinking /var/spool/mqueue.in/dfm1G3f90I023711 failed: No such file or directory Feb 15 21:41:42 firewall MailScanner[21734]: Uninfected: Delivered 1 messages Feb 15 21:41:42 firewall MailScanner[21734]: Logging message m1G3f90I023711 to SQL Feb 15 21:41:42 firewall MailScanner[21732]: m1G3f90I023711: Logged to MailWatch SQL Feb 15 21:41:42 firewall sendmail[23733]: m1G3f90I023711: SYSERR(root): readqf: cannot open ./dfm1G3f90I023711: No such file or directory Feb 15 21:41:44 firewall sendmail[23733]: m1G3f90I023711: to=|/opt/spamikaze/scripts/passivetrap.pl, ctladdr= (8/0), delay=00:00:35, xdelay=00:00:02, mailer=prog, pri=130010, dsn=2.0.0, stat=Sent ----------------------------------------- Even SpamAssassin realizes it is the same message and indicates "cache hit" I think the issue is the following phrase when MailScanner is starting: "Creating hardcoded struct_flock subroutine for linux (Linux-type)" Details MailScanner 4.67.6 OS is equivalent to RHEL3 - Whitebox EL3 Sendmail 8.12.11 What other information can I provide? Any suggestions? Thanks, Steve From shuttlebox at gmail.com Sat Mar 8 10:01:19 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 8 10:01:52 2008 Subject: Fw: MailScanner 4.67.6 - Double processing of message and then Unlink error In-Reply-To: <115501c880b4$37ebad80$6601a8c0@torpey1> References: <115501c880b4$37ebad80$6601a8c0@torpey1> Message-ID: <625385e30803080201h1c510cfby75b026ddcf29c273@mail.gmail.com> On Sat, Mar 8, 2008 at 1:34 AM, Steve' Mailing List wrote: > Feb 16 07:07:01 firewall MailScanner[29990]: Using locktype = posix > > I think the issue is the following phrase when MailScanner is starting: > > "Creating hardcoded struct_flock subroutine for linux (Linux-type)" > > Details > MailScanner 4.67.6 > OS is equivalent to RHEL3 - Whitebox EL3 > Sendmail 8.12.11 Since you're using Sendmail 8.12, try setting Lock Type to flock. -- /peter From ugob at lubik.ca Sat Mar 8 15:02:18 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Mar 8 15:03:31 2008 Subject: Lock on bayes In-Reply-To: <6DD6B2C8A11BFC4092A148347F6126B85453BF@jupiter.reference.local> References: <6DD6B2C8A11BFC4092A148347F6126B85453BF@jupiter.reference.local> Message-ID: Maxime Gaudreault wrote: > Does this can cause a delay ? > > > > 10:48:19 [4926] dbg: locker: safe_lock: created > /opt/MailScanner/etc/bayes/bayes.mutex > > 10:48:19 [4926] dbg: locker: safe_lock: trying to get lock on > /opt/MailScanner/etc/bayes/bayes with 10 timeout > > 10:48:19 [4926] dbg: locker: safe_lock: link to > /opt/MailScanner/etc/bayes/bayes.mutex: link ok > > 10:48:19 [4926] dbg: bayes: tie-ing to DB file R/W > /opt/MailScanner/etc/bayes/bayes_toks > > 10:48:19 [4926] dbg: bayes: tie-ing to DB file R/W > /opt/MailScanner/etc/bayes/bayes_seen > > 10:48:19 [4926] dbg: bayes: found bayes db version 3 > > 10:48:20 [4926] dbg: bayes: learned > 'afb0acc5fea2c9c75499b9d618a0534592059f3a@sa_generated', atime: 1204904887 > > 10:48:20 [4926] dbg: bayes: untie-ing > > 10:48:21 [4926] dbg: bayes: files locked, now unlocking lock > > 10:48:21 [4926] dbg: locker: safe_unlock: unlocked > /opt/MailScanner/etc/bayes/bayes.mutex No, like anything that can be shared and most databases, a lock must be requested when reading and writing. From list at torpey.org Sat Mar 8 15:32:19 2008 From: list at torpey.org (Steve' Mailing List) Date: Sat Mar 8 15:30:59 2008 Subject: Fw: MailScanner 4.67.6 - Double processing of message and thenUnlink error References: <115501c880b4$37ebad80$6601a8c0@torpey1> <625385e30803080201h1c510cfby75b026ddcf29c273@mail.gmail.com> Message-ID: <118701c88131$98dcb1c0$6601a8c0@torpey1> From: "shuttlebox" > On Sat, Mar 8, 2008 at 1:34 AM, Steve' Mailing List wrote: > > Feb 16 07:07:01 firewall MailScanner[29990]: Using locktype = posix > > > > I think the issue is the following phrase when MailScanner is starting: > > > > "Creating hardcoded struct_flock subroutine for linux (Linux-type)" > > > > Details > > MailScanner 4.67.6 > > OS is equivalent to RHEL3 - Whitebox EL3 > > Sendmail 8.12.11 > > Since you're using Sendmail 8.12, try setting Lock Type to flock. > > -- > /peter > -- I was 100% sure that I had tried using flock and had the same problem. When ever I ask for help, I try to do all the suggestions, so I set the Lock Type to flock. I sent hundreds of emails from gmail to cause the Unlinking problem. None showed. I will let leave this configuration and report back if it was the long-term solution. Thanks for your help, Steve From gdoris at rogers.com Sat Mar 8 19:16:58 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 19:17:57 2008 Subject: F-Prot Broken with new version Message-ID: <47D2E62A.60105@rogers.com> I upgraded to the new stable version and tried running MailScanner --lint. It complains that there's an invalid argument -old being passed??? I don't have f-prot-6 installed. Also, I manually ran update_virus_scanners and it successfully checked/updated all scanners including f-prot. f-prot runs correctly using the information from virus.scanners.conf. MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.68.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: ISITINSTALLED Found these virus scanners installed: bitdefender, clamavmodule, f-prot, clamd =========================================================================== Invalid argument '-old' =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" If any of your virus scanners (bitdefender,clamavmodule,f-prot,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. From shuttlebox at gmail.com Sat Mar 8 20:06:25 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 8 20:06:59 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2E62A.60105@rogers.com> References: <47D2E62A.60105@rogers.com> Message-ID: <625385e30803081206i4526ac5chc49cee590f4f1273@mail.gmail.com> On Sat, Mar 8, 2008 at 8:16 PM, Gerry Doris wrote: > I upgraded to the new stable version and tried running MailScanner > --lint. It complains that there's an invalid argument -old being passed??? > > Version number in MailScanner.conf (4.68.2) is correct. 4.67 is the latest stable version, you're running the beta. -- /peter From MailScanner at ecs.soton.ac.uk Sat Mar 8 20:08:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 8 20:09:03 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2E62A.60105@rogers.com> References: <47D2E62A.60105@rogers.com> Message-ID: <47D2F22B.1070508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In /usr/lib/MailScanner/MailScanner/SweepViruses.pm, add a line so it says this at/around line 3678: # Attempt to open the connection to fpscand $sock = ConnectToFpscand($Port, $TimeOut); return 'FPSCANDNOTRUNNING' if $lintonly && !$sock; The 'return' line is the new one. Then 'service MailScanner stop' and run 'MailScanner --lint' again. Please let me know how you get on. Gerry Doris wrote: > I upgraded to the new stable version and tried running MailScanner > --lint. It complains that there's an invalid argument -old being > passed??? > > I don't have f-prot-6 installed. Also, I manually ran > update_virus_scanners and it successfully checked/updated all scanners > including f-prot. f-prot runs correctly using the information from > virus.scanners.conf. > > MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.68.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: > ISITINSTALLED > Found these virus scanners installed: bitdefender, clamavmodule, > f-prot, clamd > =========================================================================== > > Invalid argument '-old' > =========================================================================== > > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > > If any of your virus scanners (bitdefender,clamavmodule,f-prot,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0vIuEfZZRxQVtlQRAjRsAJ9iAgNofEXWuncfQ9JxKE192GVJUwCgv5Q6 LasgwdiAe1i+5uzJK3NwHjM= =HbbS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 8 20:23:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 8 20:23:49 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2E62A.60105@rogers.com> References: <47D2E62A.60105@rogers.com> Message-ID: <47D2F5C2.9010303@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released 4.68.2-2 for you, which includes the fix I posted for you a few minutes ago. I don't like leaving known-broken code out there, it generates more work for me explaining the workaround. Jules. P.S. Please let me know how you get on with 4.68.2-2. Gerry Doris wrote: > I upgraded to the new stable version and tried running MailScanner > --lint. It complains that there's an invalid argument -old being > passed??? > > I don't have f-prot-6 installed. Also, I manually ran > update_virus_scanners and it successfully checked/updated all scanners > including f-prot. f-prot runs correctly using the information from > virus.scanners.conf. > > MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.68.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: > ISITINSTALLED > Found these virus scanners installed: bitdefender, clamavmodule, > f-prot, clamd > =========================================================================== > > Invalid argument '-old' > =========================================================================== > > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > > If any of your virus scanners (bitdefender,clamavmodule,f-prot,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0vXEEfZZRxQVtlQRAhFVAJwPGSIqsRqmHRjTtcBx6W6kub5l/ACfedRZ MeQ3yHtw0cieRRR2CcUEWhY= =kfJb -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sat Mar 8 20:26:35 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 20:27:27 2008 Subject: F-Prot Broken with new version In-Reply-To: <625385e30803081206i4526ac5chc49cee590f4f1273@mail.gmail.com> References: <47D2E62A.60105@rogers.com> <625385e30803081206i4526ac5chc49cee590f4f1273@mail.gmail.com> Message-ID: <47D2F67B.5030301@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/8f2c2c32/attachment.html From gdoris at rogers.com Sat Mar 8 20:35:46 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 20:36:47 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2F22B.1070508@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F22B.1070508@ecs.soton.ac.uk> Message-ID: <47D2F8A2.9070009@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/a5ab29bc/attachment.html From MailScanner at ecs.soton.ac.uk Sat Mar 8 21:35:56 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 8 21:36:43 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2F8A2.9070009@rogers.com> References: <47D2E62A.60105@rogers.com> <47D2F22B.1070508@ecs.soton.ac.uk> <47D2F8A2.9070009@rogers.com> Message-ID: <47D306BC.3000004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, I missed a "$" sign. I have just released 4.68.2-3 which has the "$" in it. Many apologies. Jules. Gerry Doris wrote: > I made the change you suggested...results are below. It got rid of > the FPSCAND error message but I still get the Invalid argument '-old' > and f-prot isn't being called. > > MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.68.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" > Found these virus scanners installed: bitdefender, clamavmodule, > f-prot, clamd > =========================================================================== > Invalid argument '-old' > =========================================================================== > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > > If any of your virus scanners (bitdefender,clamavmodule,f-prot,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> In /usr/lib/MailScanner/MailScanner/SweepViruses.pm, add a line so it >> says this at/around line 3678: >> # Attempt to open the connection to fpscand >> $sock = ConnectToFpscand($Port, $TimeOut); >> return 'FPSCANDNOTRUNNING' if $lintonly && !$sock; >> >> The 'return' line is the new one. >> >> Then 'service MailScanner stop' and run 'MailScanner --lint' again. >> Please let me know how you get on. >> >> >> Gerry Doris wrote: >> >>> I upgraded to the new stable version and tried running MailScanner >>> --lint. It complains that there's an invalid argument -old being >>> passed??? >>> >>> I don't have f-prot-6 installed. Also, I manually ran >>> update_virus_scanners and it successfully checked/updated all scanners >>> including f-prot. f-prot runs correctly using the information from >>> virus.scanners.conf. >>> >>> MailScanner --lint >>> Trying to setlogsock(unix) >>> Checking version numbers... >>> Version number in MailScanner.conf (4.68.2) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> >>> Checking for SpamAssassin errors (if you use it)... >>> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >>> SpamAssassin reported no errors. >>> MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" >>> ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: >>> ISITINSTALLED >>> Found these virus scanners installed: bitdefender, clamavmodule, >>> f-prot, clamd >>> =========================================================================== >>> >>> Invalid argument '-old' >>> =========================================================================== >>> >>> Virus Scanner test reports: >>> Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" >>> Bitdefender said "Found virus EICAR-Test-File (not a virus) in file >>> eicar.com" >>> >>> If any of your virus scanners (bitdefender,clamavmodule,f-prot,clamd) >>> are not listed there, you should check that they are installed correctly >>> and that MailScanner is finding them correctly via its >>> virus.scanners.conf. >>> >>> >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: Use Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFH0vIuEfZZRxQVtlQRAjRsAJ9iAgNofEXWuncfQ9JxKE192GVJUwCgv5Q6 >> LasgwdiAe1i+5uzJK3NwHjM= >> =HbbS >> -----END PGP SIGNATURE----- >> >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0wa+EfZZRxQVtlQRAtclAJ4miG+s6LBi2XDcRcGBwAMkxxphEACfahnz Jinm/5RCu0rbS/auOr4YZK8= =SvHN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sat Mar 8 22:16:51 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 22:18:20 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D2F5C2.9010303@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F5C2.9010303@ecs.soton.ac.uk> Message-ID: <47D31053.6020104@rogers.com> Julian, here are the results of 4.86.2-2. I have the following version of f-prot installed. F-PROT Antivirus version 6.2.1 FRISK Software International (C) Copyright 1989-2007 Engine version: 4.4.1.52 Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4 I set MailScanner.conf with and without f-prot-6 to see what happened. The following is MailScanner --lint with only f-prot listed. *********************************************************** [root@tiger MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.68.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: ISITINSTALLED Found these virus scanners installed: bitdefender, clamavmodule, f-prot, f-prot-6, clamd =========================================================================== Invalid argument '-old' =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" If any of your virus scanners (bitdefender,clamavmodule,f-prot,f-prot-6,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. ************************************************************ This is the results with both f-prot and f-prot-6 set in MailScanner.conf. ************************************************************ [root@tiger MailScanner]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.68.2) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd f-prot f-prot-6 bitdefender" ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: ISITINSTALLED Found these virus scanners installed: bitdefender, clamavmodule, f-prot, f-prot-6, clamd =========================================================================== Invalid argument '-old' =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" F-Prot6 said "[Found virus] ./1/eicar.com" Bitdefender said "Found virus EICAR-Test-File (not a virus) in file eicar.com" If any of your virus scanners (bitdefender,clamavmodule,f-prot,f-prot-6,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. ************************************************************ I checked SweepVirus.pm and the change is there. Code below... # Attempt to open the connection to fpscand $sock = ConnectToFpscand($Port, $TimeOut); return 'FPSCANDNOTRUNNING' if $lintonly && !sock; print "ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON " . ":: $dirname\n" unless $sock; MailScanner::Log::WarnLog("ERROR:: COULD NOT CONNECT TO FPSCAND, ". "RECOMMEND RESTARTING DAEMON ") unless $sock; return 1 unless $sock; return 'FPSCANDOK' if $lintonly; Here's the result of running f-prot on its own. I took the code directly from virus.scanners.conf and ran it against /tmp. ************************************************************* [root@tiger MailScanner]# /usr/lib/MailScanner/f-prot-wrapper /opt/f-prot /tmp F-PROT Antivirus version 6.2.1 FRISK Software International (C) Copyright 1989-2007 Engine version: 4.4.1.52 Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4 (/opt/f-prot/antivir.def) [Not scanning] /tmp/clamd [Not scanning] /tmp/.font-unix/fs7100 [Not scanning] /tmp/mapping-root [Not scanning] /tmp/mapping-gerry [Not scanning] /tmp/keyring-nQXhqv/socket Results: Files: 48 Skipped files: 0 MBR/boot sectors checked: 0 Objects scanned: 96 Infected objects: 0 Files with errors: 0 Disinfected: 0 Running time: 00:18 **************************************************************** Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have just released 4.68.2-2 for you, which includes the fix I posted > for you a few minutes ago. > I don't like leaving known-broken code out there, it generates more work > for me explaining the workaround. > > Jules. > > P.S. Please let me know how you get on with 4.68.2-2. > > > From ccrymes at gmail.com Sat Mar 8 22:24:00 2008 From: ccrymes at gmail.com (Chris Crymes) Date: Sat Mar 8 22:24:35 2008 Subject: MCP Error Fix Message-ID: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> Hello, I'm a new member, I joined to share a fix I couldn't find in the documentation or in the list archives. I was trying to get MCP working and had everything setup correctly. I could see the emails being processed in the mail logs but the emails were disappearing after processing. I finally changed the scan first setting from MCP to SPAM and it started working. I do not know why but it works. I hope it helps someone. -- Chris Crymes ccrymes@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/a89f5525/attachment.html From gdoris at rogers.com Sat Mar 8 22:29:18 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 22:31:03 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D306BC.3000004@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F22B.1070508@ecs.soton.ac.uk> <47D2F8A2.9070009@rogers.com> <47D306BC.3000004@ecs.soton.ac.uk> Message-ID: <47D3133E.3060402@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/0a716b1a/attachment.html From MailScanner at ecs.soton.ac.uk Sat Mar 8 22:38:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 8 22:39:06 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D31053.6020104@rogers.com> References: <47D2E62A.60105@rogers.com> <47D2F5C2.9010303@ecs.soton.ac.uk> <47D31053.6020104@rogers.com> Message-ID: <47D3155C.6050109@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerry Doris wrote: > Julian, here are the results of 4.86.2-2. I have the following > version of f-prot installed. > > F-PROT Antivirus version 6.2.1 So you do have version 6 installed after all. Please install the patched version 4.86.2-3 I just released for you. I omitted a $ sign in one line of code. Then set Virus Scanners = f-protd-6 in MailScanner.conf and then MailScanner --lint should work just fine, so long as you have got fpscand running. Do a ps ax | grep fpscand and kill anything you've got running. Do service f-protd start and then do the ps ax | grep fpscand command again and make sure you have fpscand running. If the "service" command said it couldn't find the f-protd service then try chkconfig --add f-protd then do the service command again. If it still can't find the f-protd service, then you need to cp /usr/local/f-prot/rc-scripts/fpscand.rc-redhat /etc/init.d/f-protd chkconfig --add f-protd service f-protd start MailScanner --lint then edit /etc/MailScanner/virus.scanners.conf and make sure that the f-prot-6 and f-protd-6 lines both refer to /usr/local/f-prot, and it should then work. That's assuming you installed f-prot version 6 into /usr/local/f-prot. The F-Prot 6 installer isn't perfect, not by a long shot :-( > FRISK Software International (C) Copyright 1989-2007 > > Engine version: 4.4.1.52 > Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4 > > > I set MailScanner.conf with and without f-prot-6 to see what > happened. The following is MailScanner --lint with only f-prot listed. > > *********************************************************** > [root@tiger MailScanner]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.68.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd f-prot bitdefender" > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: > ISITINSTALLED > Found these virus scanners installed: bitdefender, clamavmodule, > f-prot, f-prot-6, clamd > =========================================================================== > > Invalid argument '-old' > =========================================================================== > > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > > If any of your virus scanners > (bitdefender,clamavmodule,f-prot,f-prot-6,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > ************************************************************ > > > > This is the results with both f-prot and f-prot-6 set in > MailScanner.conf. > > ************************************************************ > [root@tiger MailScanner]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.68.2) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd f-prot f-prot-6 > bitdefender" > ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING DAEMON :: > ISITINSTALLED > Found these virus scanners installed: bitdefender, clamavmodule, > f-prot, f-prot-6, clamd > =========================================================================== > > Invalid argument '-old' > =========================================================================== > > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature FOUND" > F-Prot6 said "[Found virus] ./1/eicar.com" > Bitdefender said "Found virus EICAR-Test-File (not a virus) in file > eicar.com" > > If any of your virus scanners > (bitdefender,clamavmodule,f-prot,f-prot-6,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > ************************************************************ > > > I checked SweepVirus.pm and the change is there. Code below... > > # Attempt to open the connection to fpscand > $sock = ConnectToFpscand($Port, $TimeOut); > return 'FPSCANDNOTRUNNING' if $lintonly && !sock; > print "ERROR:: COULD NOT CONNECT TO FPSCAND, RECOMMEND RESTARTING > DAEMON " . > ":: $dirname\n" unless $sock; > MailScanner::Log::WarnLog("ERROR:: COULD NOT CONNECT TO FPSCAND, ". > "RECOMMEND RESTARTING DAEMON ") unless $sock; > return 1 unless $sock; > > return 'FPSCANDOK' if $lintonly; > > > Here's the result of running f-prot on its own. I took the code > directly from virus.scanners.conf and ran it against /tmp. > > ************************************************************* > [root@tiger MailScanner]# /usr/lib/MailScanner/f-prot-wrapper > /opt/f-prot /tmp > > F-PROT Antivirus version 6.2.1 > FRISK Software International (C) Copyright 1989-2007 > > Engine version: 4.4.1.52 > Virus signatures: 20080307223672fcda26910ca57b14e37629fd213cf4 > (/opt/f-prot/antivir.def) > > [Not scanning] /tmp/clamd > [Not scanning] > /tmp/.font-unix/fs7100 > [Not scanning] /tmp/mapping-root > [Not scanning] > /tmp/mapping-gerry > [Not scanning] > /tmp/keyring-nQXhqv/socket > > > Results: > > Files: 48 > Skipped files: 0 > MBR/boot sectors checked: 0 > Objects scanned: 96 > Infected objects: 0 > Files with errors: 0 > Disinfected: 0 > > Running time: 00:18 > **************************************************************** > > > > > Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have just released 4.68.2-2 for you, which includes the fix I >> posted for you a few minutes ago. >> I don't like leaving known-broken code out there, it generates more >> work for me explaining the workaround. >> >> Jules. >> >> P.S. Please let me know how you get on with 4.68.2-2. >> >> Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0xVeEfZZRxQVtlQRAnyQAKD+NMX+Zxyxur/oblwgP34U2O+WZACfeS6b ijpGJwOCUazeWA/0MS/as/k= =EOUk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 8 22:40:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 8 22:41:20 2008 Subject: MCP Error Fix In-Reply-To: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> Message-ID: <47D315FB.4010003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is the default setting, and has been for a while. I'll get around to taking a look at this problem some time, but not many people need MCP particularly now I have the "SpamAssassin Rule Actions" setting which can do most of what MCP can, but a *whole* lot faster. Chris Crymes wrote: > Hello, > > I'm a new member, I joined to share a fix I couldn't find in the > documentation or in the list archives. > > I was trying to get MCP working and had everything setup correctly. I > could see the emails being processed in the mail logs but the emails > were disappearing after processing. > > I finally changed the scan first setting from MCP to SPAM and it > started working. I do not know why but it works. > > I hope it helps someone. > > > -- > Chris Crymes > ccrymes@gmail.com Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0xX+EfZZRxQVtlQRAvdQAJ9h2fjEOhTgRbDF1HMXbx9XZ8rxGgCeJgxN v/le1qyQOPfW9nN+wiA/kYE= =BDPX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gdoris at rogers.com Sat Mar 8 22:52:51 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 22:54:06 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D306BC.3000004@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F22B.1070508@ecs.soton.ac.uk> <47D2F8A2.9070009@rogers.com> <47D306BC.3000004@ecs.soton.ac.uk> Message-ID: <47D318C3.5070300@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/08130ba8/attachment.html From gdoris at rogers.com Sat Mar 8 23:14:03 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 23:15:39 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D3155C.6050109@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F5C2.9010303@ecs.soton.ac.uk> <47D31053.6020104@rogers.com> <47D3155C.6050109@ecs.soton.ac.uk> Message-ID: <47D31DBB.2030300@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/8b2e1521/attachment-0001.html From gdoris at rogers.com Sat Mar 8 23:33:43 2008 From: gdoris at rogers.com (Gerry Doris) Date: Sat Mar 8 23:35:17 2008 Subject: F-Prot Broken with new version In-Reply-To: <47D3155C.6050109@ecs.soton.ac.uk> References: <47D2E62A.60105@rogers.com> <47D2F5C2.9010303@ecs.soton.ac.uk> <47D31053.6020104@rogers.com> <47D3155C.6050109@ecs.soton.ac.uk> Message-ID: <47D32257.8070301@rogers.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080308/99809af2/attachment.html From mailscanner at generalgau.com Sun Mar 9 13:37:37 2008 From: mailscanner at generalgau.com (Tom Rogers) Date: Sun Mar 9 13:50:54 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: References: Message-ID: <20080309133600.M53680@generalgau.com> "Have you disabled your custom sql blacklist stuff? Disabled your Mailwatch stuff?" "Have you deleted the spamassasin cache file (regardless of using SA or not)?" I tried both of those (sql/Mailwatch stuff and deleting the spamassasin cache) and I still get the same results. >From the console: root@fatman:/var/lib/MailScanner# !/etc /etc/init.d/mailscanner start Currently you are using no virus scanners. This is probably not what you want. In your /etc/MailScanner/MailScanner.conf file, set Virus Scanners = clamav Then download http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz Unpack it, "cd" into the directory and run ./install.sh In Debugging mode, not forking... >From /var/log/mail.info: Mar 9 09:30:38 generalgau MailScanner[31070]: MailScanner E-Mail Virus Scanner version 4.57.6 starting... Mar 9 09:30:39 generalgau MailScanner[31070]: Read 759 hostnames from the phishing whitelist Mar 9 09:30:39 generalgau MailScanner[31070]: Using locktype = flock On Fri, 7 Mar 2008 21:36:15 +1000 (EST), Res wrote > Have you disabled your custom sql blacklist stuff? Disabled your > Mailwatch stuff? > > Have you deleted the spamassasin cache file (regardless of using SA > or not)? > > ---------- Forwarded message ---------- > Date: Fri, 7 Mar 2008 05:55:20 -0500 > From: Tom Rogers > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Mailscanner max'd out CPU/memory and not processing mail > > I'm 99.99% sure I didn't upgrade F-Prot recently, but to remove that > from consideration, I changed the anti-virus from 'f-prot' to 'none'. > > Also changed the Max # of Child Processes to 1 as was recommended elsewhere. > > Same result as before. > > Tom Rogers > > On Fri, 07 Mar 2008 09:09:16 +0000, Julian Field wrote > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Have you recently upgraded F-Prot? The new version 6 is a lot slower > > than the old version 4. You need my latest beta to get the code > > which will make version 6 run quickly. > > > > Tom Rogers wrote: > >> "Check for hardware faults. Does /proc/meminfo still agree with you on the > >> amount of RAM in the box, for example?" > >> > >> Yes. > >> > >> root@fatman:/home/tom# cat /proc/meminfo > >> MemTotal: 516048 kB > >> MemFree: 426620 kB > >> Buffers: 18412 kB > >> Cached: 37576 kB > >> SwapCached: 9316 kB > >> Active: 35732 kB > >> Inactive: 37024 kB > >> HighTotal: 0 kB > >> HighFree: 0 kB > >> LowTotal: 516048 kB > >> LowFree: 426620 kB > >> SwapTotal: 1572856 kB > >> SwapFree: 1504472 kB > >> Dirty: 148 kB > >> Writeback: 0 kB > >> AnonPages: 12728 kB > >> Mapped: 7576 kB > >> Slab: 10104 kB > >> SReclaimable: 3372 kB > >> SUnreclaim: 6732 kB > >> PageTables: 1160 kB > >> NFS_Unstable: 0 kB > >> Bounce: 0 kB > >> CommitLimit: 1830880 kB > >> Committed_AS: 293188 kB > >> VmallocTotal: 507896 kB > >> VmallocUsed: 3776 kB > >> VmallocChunk: 504004 kB > >> > >> "What virus scanners are you using?" > >> > >> F-Prot. I have ClamAV installed, but don't use it. > >> > >> 'Run "MailScanner --lint" ' > >> > >> root@fatman:/home/tom# MailScanner --lint > >> Read 759 hostnames from the phishing whitelist > >> Config: calling custom init function SQLBlacklist > >> Config: calling custom init function MailWatchLogging > >> Config: calling custom init function SQLWhitelist > >> MailScanner setting GID to (119) > >> MailScanner setting UID to (111) > >> > >> Checking for SpamAssassin errors (if you use it)... > >> lock.pl sees Config LockType = flock > >> lock.pl sees have_module = 0 > >> Using locktype = flock > >> MailScanner.conf says "Virus Scanners = f-prot" > >> Found these virus scanners installed: f-prot, clamavmodule > >> > >> > >> root@fatman:/home/tom# cat /etc/passwd | grep 119 > >> postfix:x:111:119::/var/spool/postfix:/bin/false > >> > >> 'as well as "MailScanner --debug" to check things out.' > >> > >> root@fatman:/home/tom# MailScanner --debug > >> In Debugging mode, not forking... > >> > >> > >> > >> On Thu, 06 Mar 2008 22:11:20 +0000, Julian Field wrote > >> > >>> Check for hardware faults. Does /proc/meminfo still agree with you > >>> on the amount of RAM in the box, for example? > >>> > >>> Sounds like you've already got 'Use SpamAssassin = no'. What virus > >>> scanners are you using? If you are using clamavmodule, I would > >>> switch to clamd if you can on your distro. > >>> > >>> Run "MailScanner --lint" as well as "MailScanner --debug" to check > >>> things out. > >>> > >>> Tom Rogers wrote: > >>> > >>>> I've been using Mailscanner for a few years now with no problems. Two weeks > >>>> ago, I started to have a problem. > >>>> > >>>> When I run Mailscanner, it maxes out my CPU and the amount of memory it uses > >>>> keeps climbing and climbing, until it eats all available memory and > basically > >>>> freezes the system up. Mail is not processed from the Postfix hold queue. > >>>> > >>>> The system is basically used only by myself, for LAN file storage and > email. > >>>> It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > >>>> > >>>> Using Postfix for mail delivery; the OS is Ubuntu 6.04. > >>>> > >>>> I've disabled Spamassassin, but still have the same problem. > >>>> > >>>> Running Mailscanner in debug, I get the following: > >>>> > >>>> root@fatman:/home/tom# /etc/init.d/mailscanner start > >>>> In Debugging mode, not forking... > >>>> > >>>> > >>>>>From the /var/log/mail.info (nothing in the mail.err or mail.warn): > >>>> > >>>> Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner > >>>> version 4.57.6 starting... > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the > phishing > >>>> whitelist > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init > function > >>>> SQLBlacklist > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init > function > >>>> MailWatchLogging > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init > function > >>>> SQLWhitelist > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock > >>>> > >>>> After about 20 minutes, the CPU is still at around 98-99% and using > 450+MB of > >>>> RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). > >>>> > >>>> I've tried removing/purging/reinstalling Mailscanner, but keep coming up > with > >>>> the same results. > >>>> > >>>> > >>> Jules > >>> > >>> -- > >>> Julian Field MEng CITP CEng > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> > >>> MailScanner customisation, or any advanced system administration > >>> help? Contact me at Jules@Jules.FM > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>> PGP public key: http://www.jules.fm/julesfm.asc > >>> > >>> -- > >>> This message has been scanned for viruses and > >>> dangerous content by MailScanner, and is > >>> believed to be clean. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >> > >> > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your > > boss? Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.1 (Build 2523) > > Comment: (pgp-secured) > > Charset: ISO-8859-1 > > > > wj8DBQFH0QY9EfZZRxQVtlQRAviXAKCkEGNatCNbtgk0eJdqjFGZR1J9PgCeLFWe > > nGeryqQq+SKRc4Hx4HS+NM4= > > =J6aY > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sun Mar 9 15:07:01 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 9 15:07:36 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: <20080309133600.M53680@generalgau.com> References: <20080309133600.M53680@generalgau.com> Message-ID: <223f97700803090807r3a367b59u9291758bebd43936@mail.gmail.com> On 09/03/2008, Tom Rogers wrote: > "Have you disabled your custom sql blacklist stuff? Disabled your Mailwatch > stuff?" > > "Have you deleted the spamassasin cache file (regardless of using SA or not)?" > > I tried both of those (sql/Mailwatch stuff and deleting the spamassasin cache) > and I still get the same results. > > >From the console: > > root@fatman:/var/lib/MailScanner# !/etc > > /etc/init.d/mailscanner start > > > Currently you are using no virus scanners. > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > Virus Scanners = clamav > Then download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Unpack it, "cd" into the directory and run ./install.sh > > > In Debugging mode, not forking... > So... could you please look at the things I suggested too? This seems non-related... To recap: 1) Provide some details of postfix version used, and if you have configured any milter handling in Postfix (unlikely, I know, but we need check this... PF 2.3+ support isn't present in the version you have, but it might still work unless you have milters...). 2) Check your hold queue for and non-queue files, or damaged queue files... These might confiuse the hell out of MS, if they are "broken" the wrong way:-). Look at the oldest entries in the hold queue, try parse them with postcat etc... (snip) > On Fri, 7 Mar 2008 21:36:15 +1000 (EST), Res wrote nice to see you still lurk around Noel;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Sun Mar 9 15:40:52 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Mar 9 15:41:27 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: <223f97700803090807r3a367b59u9291758bebd43936@mail.gmail.com> References: <20080309133600.M53680@generalgau.com> <223f97700803090807r3a367b59u9291758bebd43936@mail.gmail.com> Message-ID: <625385e30803090840u5a2e36c0h5fc79e8d0355f365@mail.gmail.com> On Sun, Mar 9, 2008 at 4:07 PM, Glenn Steen wrote: > > On Fri, 7 Mar 2008 21:36:15 +1000 (EST), Res wrote > nice to see you still lurk around Noel;-) For someone who asked to be removed from the list he sure makes a lot of appearances. ;-) -- /peter From glenn.steen at gmail.com Sun Mar 9 15:55:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 9 15:56:34 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: <625385e30803090840u5a2e36c0h5fc79e8d0355f365@mail.gmail.com> References: <20080309133600.M53680@generalgau.com> <223f97700803090807r3a367b59u9291758bebd43936@mail.gmail.com> <625385e30803090840u5a2e36c0h5fc79e8d0355f365@mail.gmail.com> Message-ID: <223f97700803090855x61d060bcn63c479574fd045e1@mail.gmail.com> On 09/03/2008, shuttlebox wrote: > On Sun, Mar 9, 2008 at 4:07 PM, Glenn Steen wrote: > > > On Fri, 7 Mar 2008 21:36:15 +1000 (EST), Res wrote > > nice to see you still lurk around Noel;-) > > > For someone who asked to be removed from the list he sure makes a lot > of appearances. ;-) > He just can't help helping out.... As I've said before.... A nice guy under a rough exterior;-) (and now he'll be cross we me for outing him... again:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Mon Mar 10 04:04:05 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Mar 10 04:04:58 2008 Subject: SA Rule Actions ruleset Message-ID: <610C64469748E84DB6BDD5BD23F01A76119A71@MED-CORE03-MS1.med.wayne.edu> Does anyone have an example of what a ruleset entry should look like? I have FromTo: default BOBBY_TEST=>delete and I see my test message get scanned and scored but delivered. Also, will this override a whitelist ruleset? If not, is there an effective way to have MailScanner ignore whitelisting if a specific SA rule is tripped? Bobby Rose MSIS Network Operations Wayne State University School of Medicine -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/f90675fc/attachment.html From brose at med.wayne.edu Mon Mar 10 04:33:34 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Mar 10 04:34:13 2008 Subject: SA Rule Actions ruleset In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119A71@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A76119A71@MED-CORE03-MS1.med.wayne.edu> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119A74@MED-CORE03-MS1.med.wayne.edu> Sorry typo'd the email it's FromOrTo: default BOBBY_TEST=>delete in my ruleset. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Monday, March 10, 2008 12:04 AM To: mailscanner@lists.mailscanner.info Subject: SA Rule Actions ruleset Does anyone have an example of what a ruleset entry should look like? I have FromTo: default BOBBY_TEST=>delete and I see my test message get scanned and scored but delivered. Also, will this override a whitelist ruleset? If not, is there an effective way to have MailScanner ignore whitelisting if a specific SA rule is tripped? Bobby Rose MSIS Network Operations Wayne State University School of Medicine -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/13abca16/attachment.html From mcwh65 at gmail.com Mon Mar 10 04:48:42 2008 From: mcwh65 at gmail.com (Michael Choo) Date: Mon Mar 10 04:49:23 2008 Subject: Problem after update In-Reply-To: <910ee2ac0803011143wad9ed28pd081973060aa5d78@mail.gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> <47C99DBD.5090306@ecs.soton.ac.uk> <910ee2ac0803011143wad9ed28pd081973060aa5d78@mail.gmail.com> Message-ID: <219F64D8-7461-47E5-AEED-6AF7CBE13B6F@gmail.com> Hmmm just realised the mailscanner in FreeBSD's ports is 4.64.3 Anyway, I ran into the same issue, problem lies with Mail Tools 2.02, downgraded to 1.74 and it works fine. On 2 Mar 2008, at 3:43 AM, emm1 wrote: > Jesus, this is happening to me on FreeBSD as well. :( > > On Sat, Mar 1, 2008 at 6:17 PM, Julian Field > wrote: >> Did you run the ./install.sh to install it? >> >> >> Maxime Gaudreault wrote: >>> >>> I updated MailScanner to 4.66.5. When I start MS I get these errors: >>> >>> >>> >>> pf:~/MailScanner-install-4.66.5# /opt/MailScanner/bin/ >>> check_mailscanner >>> >>> Starting MailScanner...Variable "$FIELD_NAME" is not imported at >>> /opt/MailScanner/lib/MailScanner/Message.pm line 6906. >>> >>> Variable "$FIELD_NAME" is not imported at >>> /opt/MailScanner/lib/MailScanner/Message.pm line 6909. >>> >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /opt/MailScanner/lib/MailScanner/Message.pm line 6906. >>> >>> Global symbol "$FIELD_NAME" requires explicit package name at >>> /opt/MailScanner/lib/MailScanner/Message.pm line 6909. >>> >>> Compilation failed in require at /opt/MailScanner/bin/MailScanner >>> line 79. >>> >>> BEGIN failed--compilation aborted at /opt/MailScanner/bin/ >>> MailScanner >>> line 79. >>> >>> Failed. >>> >>> >>> >>> Any fix ? >>> >>> >>> >>> *Maxime Gaudreault* >>> >>> Technicien >>> >>> _ _ >>> >>> R?f?rence Syst?mes inc. >>> >>> T?l. : 418.650.0997 >>> >>> T?l?c. : 418.650.9668 >>> >>> Courriel : _mgaudreault_@reference.qc.ca >>> >>> >>> Site Internet : http://www.reference.qc.ca/ >>> >>> >>> >>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration >> help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Mon Mar 10 05:10:59 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Mar 10 05:11:38 2008 Subject: SA Rule Actions ruleset In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119A71@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A76119A71@MED-CORE03-MS1.med.wayne.edu> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119A7B@MED-CORE03-MS1.med.wayne.edu> Odd if I put SpamAssassin Rule Actions = BOBBY_TEST=>delete in MailScanner.conf, it still comes thru but if si put SpamAssassin Rule Actions = BOBBY_TEST=>non-deliver,delete it doesn't. I alson noticed this doesn't log in syslog. I'm guessing that requires enabling logging of non-spam. Is it possible to change that and separate this as a separate log action? ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Monday, March 10, 2008 12:04 AM To: mailscanner@lists.mailscanner.info Subject: SA Rule Actions ruleset Does anyone have an example of what a ruleset entry should look like? I have FromTo: default BOBBY_TEST=>delete and I see my test message get scanned and scored but delivered. Also, will this override a whitelist ruleset? If not, is there an effective way to have MailScanner ignore whitelisting if a specific SA rule is tripped? Bobby Rose MSIS Network Operations Wayne State University School of Medicine -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/6f32401a/attachment.html From andreab at guttadauro.com Mon Mar 10 08:07:10 2008 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Mon Mar 10 08:08:12 2008 Subject: Maximum Attachments Per Message Message-ID: <47D4EC2E.30100@guttadauro.com> Hello guys... I need some help about the Maximum Attachments Per Message. I need block all messages that have more than 60 attachements. i setup into Mailscanner.conf Maximum Attachments Per Message = 60 Ok. Now one message is blocked. I try to release it (i'm using mailwatch) but the message is blocked again. The message released is deliverd from user techservice@x.z. This user meet the same problem. Can user techservice@z.y skip all checks ?? Yes ?? How ?? Thanks ! -- _ ?v? Andrea Bazzanini, Guttadauro Sistemi /(_)\ Linux and Post Sales Suppport ^ ^ ZABBIX Certified Specialist T: 0331 - 245680 F: 0331 - 245608 -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/008e8e14/attachment.html From gerard at seibercom.net Mon Mar 10 10:42:10 2008 From: gerard at seibercom.net (Gerard) Date: Mon Mar 10 10:43:29 2008 Subject: Problem after update In-Reply-To: <219F64D8-7461-47E5-AEED-6AF7CBE13B6F@gmail.com> References: <6DD6B2C8A11BFC4092A148347F6126B85451F8@jupiter.reference.local> <47C99DBD.5090306@ecs.soton.ac.uk> <910ee2ac0803011143wad9ed28pd081973060aa5d78@mail.gmail.com> <219F64D8-7461-47E5-AEED-6AF7CBE13B6F@gmail.com> Message-ID: <20080310064210.53d62696@scorpio> On Mon, 10 Mar 2008 12:48:42 +0800 Michael Choo wrote: > Hmmm just realised the mailscanner in FreeBSD's ports is 4.64.3 > Anyway, I ran into the same issue, problem lies with Mail Tools > 2.02, downgraded to 1.74 and it works fine. You might want to contact the port maintainer: j.koopmann@seceidos.de He should be able to inform you as to when the port will be updated. There was a port freeze for a while; however, that has been lifted. -- Gerard gerard@seibercom.net Life may have no meaning, or, even worse, it may have a meaning of which you disapprove. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/75c184e5/signature.bin From martinh at solidstatelogic.com Mon Mar 10 10:57:22 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Mar 10 10:58:12 2008 Subject: Problem after update In-Reply-To: <20080310064210.53d62696@scorpio> Message-ID: <05e9f44a67a8ad4580b1a416d3f38d29@solidstatelogic.com> JP posted towards end of last week saying he'd just submiited 4.67.6 to the port maintainers... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Gerard > Sent: 10 March 2008 10:42 > To: mailscanner@lists.mailscanner.info > Subject: Re: Problem after update > > On Mon, 10 Mar 2008 12:48:42 +0800 > Michael Choo wrote: > > > Hmmm just realised the mailscanner in FreeBSD's ports is 4.64.3 > > Anyway, I ran into the same issue, problem lies with Mail Tools > > 2.02, downgraded to 1.74 and it works fine. > > You might want to contact the port maintainer: > > j.koopmann@seceidos.de > > He should be able to inform you as to when the port will be updated. > There was a port freeze for a while; however, that has been lifted. > > -- > Gerard > gerard@seibercom.net > > Life may have no meaning, or, even worse, > it may have a meaning of which you disapprove. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From housey at sme-ecom.co.uk Mon Mar 10 12:43:26 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Mon Mar 10 12:45:39 2008 Subject: Spam Assasin Timeouts Message-ID: <008901c882ac$5634b620$029e2260$@co.uk> Hi List I get a few complaints from users that Spam has got through, quite often when I investigate the message I can see in the logs that that SpamAssassin timed out and therefore scored zero. Looking at logwatch an average day I would see 20166 messages Scanned by MailScanner 170 SpamAssassin timeout(s) Im just after tips as to how to troubleshoot/minimize timeouts, sometimes ive managed to get a copy of the message and ran spamassasin -t -D < message and it works and scores fine, I don't think its down to load as the load average rarely goes above 3.00 on this server. I also run a caching name server Ive also tried upping the SpamAssasin timeout from 60 to 120? Any other tips? I was thinking perhaps an option if spamassasin times out the message could be put back in mqueue.in for a further attempt to scan the message? Kind Regards Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/1c3084a3/attachment.html From bpirie at rma.edu Mon Mar 10 12:53:16 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Mon Mar 10 12:53:03 2008 Subject: Spam Assasin Timeouts In-Reply-To: <008901c882ac$5634b620$029e2260$@co.uk> References: <008901c882ac$5634b620$029e2260$@co.uk> Message-ID: <47D52F3C.90602@rma.edu> Paul Houselander (SME) wrote: > Hi List > > > > I get a few complaints from users that Spam has got through, quite often > when I investigate the message I can see in the logs that that > SpamAssassin timed out and therefore scored zero. > > > > Looking at logwatch an average day I would see > > > > 20166 messages Scanned by MailScanner > > 170 SpamAssassin timeout(s) > > > > Im just after tips as to how to troubleshoot/minimize timeouts, > sometimes ive managed to get a copy of the message and ran spamassasin > ?t ?D < message and it works and scores fine, I don?t think its down to > load as the load average rarely goes above 3.00 on this server. I also > run a caching name server > > > > Ive also tried upping the SpamAssasin timeout from 60 to 120? > > > > Any other tips? I was thinking perhaps an option if spamassasin times > out the message could be put back in mqueue.in for a further attempt to > scan the message? > > > > Kind Regards > > > > Paul > > > Paul, Are you running a caching nameserver? It's not unlikely that this happens when doing RBL lookups if you're not caching DNS. If RBLs are not the issue, then sa-compile may also be worth considering, if you're not currently using it. Brendan From telecaadmin at gmail.com Mon Mar 10 13:49:10 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Mon Mar 10 13:49:50 2008 Subject: Order in which MailScanner processes mail In-Reply-To: <20080306221155.GB15668@ubuntu> References: <20080306221155.GB15668@ubuntu> Message-ID: <47D53C56.8030600@gmail.com> > i have a server with traffic of around 50/60.000 mail a day. Lately it is > giving a great amount of problems in delay in which it processes mail. > > Some mail stay in the queue for as long as several hours, other are > delivered in a couple of minutes. That creates real problems and I cannot > understand why that happens. A problem that only recent had a serious impact on me (scanning times went from 0.5X to 8.X + seconds): Your DNS servers. Check them so they're fast, have caching on and check that all forwarders are valid and also operating as expected. Cheers, Ronny From list-mailscanner at linguaphone.com Mon Mar 10 13:26:01 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Mar 10 13:54:46 2008 Subject: Spam Assasin Timeouts In-Reply-To: <008901c882ac$5634b620$029e2260$@co.uk> References: <008901c882ac$5634b620$029e2260$@co.uk> Message-ID: <1205155561.17079.0.camel@gblades-suse.linguaphone-intranet.co.uk> I scan about 1000 messages per day and get about 1-3 timeouts. I do run lots of additional rules though. On Mon, 2008-03-10 at 12:43, Paul Houselander (SME) wrote: > Hi List > > > > I get a few complaints from users that Spam has got through, quite > often when I investigate the message I can see in the logs that that > SpamAssassin timed out and therefore scored zero. > > > > Looking at logwatch an average day I would see > > > > 20166 messages Scanned by MailScanner > > 170 SpamAssassin timeout(s) > > > > Im just after tips as to how to troubleshoot/minimize timeouts, > sometimes ive managed to get a copy of the message and ran spamassasin > ?t ?D < message and it works and scores fine, I don?t think its down > to load as the load average rarely goes above 3.00 on this server. I > also run a caching name server > > > > Ive also tried upping the SpamAssasin timeout from 60 to 120? > > > > Any other tips? I was thinking perhaps an option if spamassasin times > out the message could be put back in mqueue.in for a further attempt > to scan the message? > > > > Kind Regards > > > > Paul > > > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jeff at lightspeed.com.sg Mon Mar 10 14:11:34 2008 From: jeff at lightspeed.com.sg (Jeffrey Goh) Date: Mon Mar 10 14:12:27 2008 Subject: Fwd: Sophos Error message Message-ID: <47D54196.9070709@lightspeed.com.sg> Hmm. I managed to fix this by changing the sophos-autoupdate in mailscanner to include sus??.vdb. I'm still using the 4.xx SAVI files, which are a lot smaller (16 vs 96MB), since I only run mailscanner/SAVI on these machines. My mods in green. The code's not real elegant, IMHO, but my perl's a little rusty, so I took the easy way out, and simply copied the two lines above. # Add the new vdl*.vdb files if they are there foreach $number (1..99) { $string = "vdl" . sprintf("%02d", $number) . ".vdb"; symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string"; * $string = "sus" . sprintf("%02d", $number) . ".vdb"; symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string";* } >From the sav-install/README.TXT * Using and updating threat data Threat data consists of the files vdl.dat, vdl??.vdb, *sus??.vdb*, and *.ide. The file vdl.dat is the main threat data file, which is updated monthly. This file is complemented by additional files vdl??.* (which contain further threat data) and other additional files sus??.* (which contain data about suspicious files). All these files are stored in the directory specified by the option "SAV virus data directory" in the file /etc/sav.conf. By default, the directory is /usr/local/sav. vdl.dat is actually a symlink to the file vdl.4.xx in the same directory. For major threat alerts, the threat data has to be updated in between monthly releases of vdl.dat. In that case, IDE files are issued, containing additional threat identities. These must be stored in the same directory as vdl.dat. Cheerio, - jeff === I failed to get to the bottom of this one and re-cloned the machine, as it was faster to do :-) Check your /etc/ld.so.conf and hose /opt/sophos-av, /usr/local/lib/libsav*, /etc/sav* for starters, then reinstall the latest version of version 6. Make sure you haven't got any sav processes running. service sav-protect stop service sav-web stop service sav-rms stop chkconfig --del sav-web chkconfig --del sav-protect chkconfig --del sav-rms Delete all /usr/local/Sophos* files. Do an "ldconfig" to flush the lib cache. Delete /usr/local/bin/savscanm and /usr/bin/savscan. Once you've deleted all the old one and reinstalled the new one, try "savscan" on a file or two first to see if that works. If it does, then rebuild perl-SAVI as well. Good luck! Howard Robinson wrote: >/ Hello again />/ I am still having problems with the error below. />/ I have had a good look at the web and it seems that it would be better to uninstall Sophos then start again. />/ Is there a recommended way of doing this with out it having a knock on effect with MailScanner? />/ />/ />/ />>>>/ "Howard Robinson" > 22/02/2008 16:59 >>> />>>>/ />/ Dear list />/ I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's routine /usr/sbin/Sophos.install />/ />/ It appeared to run through okay but seemed fast! />/ Anyway on restarting MailScanner I get the following in the Maillog and emails refused to move in or out. />/ />/ "SophosSAVI ERROR:: getting version: One of the files in a split-virus data set could not be located (557)" />/ />/ Any ideas />/ I had a quick look at WIKI but nothing appeared to be relevant . />/ />/ In the end I had to rem out sophos from list of virus scanners used to get email flowing again. Two others are still there and so we are not unprotected but I like Sophos and usually it updates ok />/ />/ Any help appreciated. />/ />/ Thanks />/ Howard Robinson, />/ (Senior Technical Development Officer), />/ Harper Adams University College, />/ Edgmond, />/ Newport, />/ Shropshire , />/ TF10 8NB. />/ />/ Tel. Direct 01952 815253 />/ Tel. Switch Board 01952 820280 />/ Fax 01952 814783 />/ Email hrobinson at harper-adams.ac.uk />/ Web www.harper-adams.ac.uk />/ />/ />/ -- />/ MailScanner mailing list />/ mailscanner at lists.mailscanner.info />/ http://lists.mailscanner.info/mailman/listinfo/mailscanner />/ />/ Before posting, read http://wiki.mailscanner.info/posting />/ />/ Support MailScanner development - buy the book off the website! />/ />/ / Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/cbcc02e4/attachment.html From dgottsc at emory.edu Mon Mar 10 14:47:58 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Mar 10 14:48:40 2008 Subject: MCP Error Fix In-Reply-To: <47D315FB.4010003@ecs.soton.ac.uk> References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> <47D315FB.4010003@ecs.soton.ac.uk> Message-ID: Julian, Is there any more documentation on the "Spam Assassin Rule Actions"? I read the description, but I still don't entirely understand how to use it in replacement of MCP. Also, I couldn't find the line in my MailScanner.conf file, so I was wondering if this is in a newer version of MailScanner? I'm running 4.60.8-1. Thanks!! David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Saturday, March 08, 2008 5:41 PM To: MailScanner discussion Subject: Re: MCP Error Fix -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is the default setting, and has been for a while. I'll get around to taking a look at this problem some time, but not many people need MCP particularly now I have the "SpamAssassin Rule Actions" setting which can do most of what MCP can, but a *whole* lot faster. Chris Crymes wrote: > Hello, > > I'm a new member, I joined to share a fix I couldn't find in the > documentation or in the list archives. > > I was trying to get MCP working and had everything setup correctly. I > could see the emails being processed in the mail logs but the emails > were disappearing after processing. > > I finally changed the scan first setting from MCP to SPAM and it > started working. I do not know why but it works. > > I hope it helps someone. > > > -- > Chris Crymes > ccrymes@gmail.com Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH0xX+EfZZRxQVtlQRAvdQAJ9h2fjEOhTgRbDF1HMXbx9XZ8rxGgCeJgxN v/le1qyQOPfW9nN+wiA/kYE= =BDPX -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Mon Mar 10 15:00:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 10 15:00:58 2008 Subject: MCP Error Fix In-Reply-To: References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> <47D315FB.4010003@ecs.soton.ac.uk> Message-ID: <47D54CFA.2070003@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you run upgrade_MailScanner_conf to get the version of your MailScanner.conf up to date? It basically just gives you a means of running any 'spam action' on a message in response to any SpamAssassin rule. Gottschalk, David wrote: > Julian, > Is there any more documentation on the "Spam Assassin Rule Actions"? I read the description, but I still don't entirely understand how to use it in replacement of MCP. Also, I couldn't find the line in my MailScanner.conf file, so I was wondering if this is in a newer version of MailScanner? I'm running 4.60.8-1. > > Thanks!! > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Saturday, March 08, 2008 5:41 PM > To: MailScanner discussion > Subject: Re: MCP Error Fix > > > * PGP Signed by an unmatched address: 03/08/08 at 22:41:02 > > This is the default setting, and has been for a while. I'll get around > to taking a look at this problem some time, but not many people need MCP > particularly now I have the "SpamAssassin Rule Actions" setting which > can do most of what MCP can, but a *whole* lot faster. > > Chris Crymes wrote: > >> Hello, >> >> I'm a new member, I joined to share a fix I couldn't find in the >> documentation or in the list archives. >> >> I was trying to get MCP working and had everything setup correctly. I >> could see the emails being processed in the mail logs but the emails >> were disappearing after processing. >> >> I finally changed the scan first setting from MCP to SPAM and it >> started working. I do not know why but it works. >> >> I hope it helps someone. >> >> >> -- >> Chris Crymes >> ccrymes@gmail.com >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654(L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1Uz7EfZZRxQVtlQRAqL+AJ9M2AuvKJ7Pp81ivxcneBgBj16mTgCdFW+T tpflXrgoHRM1iMssyevuHw8= =6yU/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dgottsc at emory.edu Mon Mar 10 15:06:41 2008 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Mar 10 15:07:23 2008 Subject: MCP Error Fix In-Reply-To: <47D54CFA.2070003@ecs.soton.ac.uk> References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> <47D315FB.4010003@ecs.soton.ac.uk> <47D54CFA.2070003@ecs.soton.ac.uk> Message-ID: Thanks for the pointers. I haven't run upgrade_MailScanner_conf at all, so that's why I probably didn't see it in the MailScanner.conf. After I sent the other email, I noticed the feature was added a while back in the ChangeLog. I think I understand now that basically you just add Spamassassin rules, then this feature within MailScanner can do things to the message based on rule matches. Which is essentially MCP, you just don't call SpamAssassin twice. David Gottschalk UTS Email Team david.gottschalk@emory.edu -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, March 10, 2008 11:00 AM To: MailScanner discussion Subject: Re: MCP Error Fix -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Have you run upgrade_MailScanner_conf to get the version of your MailScanner.conf up to date? It basically just gives you a means of running any 'spam action' on a message in response to any SpamAssassin rule. Gottschalk, David wrote: > Julian, > Is there any more documentation on the "Spam Assassin Rule Actions"? I read the description, but I still don't entirely understand how to use it in replacement of MCP. Also, I couldn't find the line in my MailScanner.conf file, so I was wondering if this is in a newer version of MailScanner? I'm running 4.60.8-1. > > Thanks!! > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Saturday, March 08, 2008 5:41 PM > To: MailScanner discussion > Subject: Re: MCP Error Fix > > > * PGP Signed by an unmatched address: 03/08/08 at 22:41:02 > > This is the default setting, and has been for a while. I'll get around > to taking a look at this problem some time, but not many people need MCP > particularly now I have the "SpamAssassin Rule Actions" setting which > can do most of what MCP can, but a *whole* lot faster. > > Chris Crymes wrote: > >> Hello, >> >> I'm a new member, I joined to share a fix I couldn't find in the >> documentation or in the list archives. >> >> I was trying to get MCP working and had everything setup correctly. I >> could see the emails being processed in the mail logs but the emails >> were disappearing after processing. >> >> I finally changed the scan first setting from MCP to SPAM and it >> started working. I do not know why but it works. >> >> I hope it helps someone. >> >> >> -- >> Chris Crymes >> ccrymes@gmail.com >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654(L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1Uz7EfZZRxQVtlQRAqL+AJ9M2AuvKJ7Pp81ivxcneBgBj16mTgCdFW+T tpflXrgoHRM1iMssyevuHw8= =6yU/ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Mon Mar 10 15:29:24 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 10 15:30:17 2008 Subject: MCP Error Fix In-Reply-To: References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> <47D315FB.4010003@ecs.soton.ac.uk> <47D54CFA.2070003@ecs.soton.ac.uk> Message-ID: <47D553D4.2010402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's about it, yes. A whole lot faster than MCP. And I strongly advise you upgrade_MailScanner_conf. Gottschalk, David wrote: > Thanks for the pointers. > > I haven't run upgrade_MailScanner_conf at all, so that's why I probably didn't see it in the MailScanner.conf. After I sent the other email, I noticed the feature was added a while back in the ChangeLog. > > I think I understand now that basically you just add Spamassassin rules, then this feature within MailScanner can do things to the message based on rule matches. Which is essentially MCP, you just don't call SpamAssassin twice. > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Monday, March 10, 2008 11:00 AM > To: MailScanner discussion > Subject: Re: MCP Error Fix > > > * PGP Signed by an unmatched address: 03/10/08 at 15:00:11 > > Have you run upgrade_MailScanner_conf to get the version of your > MailScanner.conf up to date? > It basically just gives you a means of running any 'spam action' on a > message in response to any SpamAssassin rule. > > Gottschalk, David wrote: > >> Julian, >> Is there any more documentation on the "Spam Assassin Rule Actions"? I read the description, but I still don't entirely understand how to use it in replacement of MCP. Also, I couldn't find the line in my MailScanner.conf file, so I was wondering if this is in a newer version of MailScanner? I'm running 4.60.8-1. >> >> Thanks!! >> >> David Gottschalk >> UTS Email Team >> david.gottschalk@emory.edu >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Saturday, March 08, 2008 5:41 PM >> To: MailScanner discussion >> Subject: Re: MCP Error Fix >> >> >> >>> Old Signed by an unmatched address: 03/08/08 at 22:41:02 >>> >> This is the default setting, and has been for a while. I'll get around >> to taking a look at this problem some time, but not many people need MCP >> particularly now I have the "SpamAssassin Rule Actions" setting which >> can do most of what MCP can, but a *whole* lot faster. >> >> Chris Crymes wrote: >> >> >>> Hello, >>> >>> I'm a new member, I joined to share a fix I couldn't find in the >>> documentation or in the list archives. >>> >>> I was trying to get MCP working and had everything setup correctly. I >>> could see the emails being processed in the mail logs but the emails >>> were disappearing after processing. >>> >>> I finally changed the scan first setting from MCP to SPAM and it >>> started working. I do not know why but it works. >>> >>> I hope it helps someone. >>> >>> >>> -- >>> Chris Crymes >>> ccrymes@gmail.com >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> * Julian Field >> * 0x1415B654(L) >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0x1415B654(L) > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1VPYEfZZRxQVtlQRAqdhAJ44UONTUcPmp5X9JIbxEdjkuukoVwCfbph3 4wFvIEwYRS694yBjqGIZWdI= =MLp+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Mon Mar 10 15:38:05 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Mar 10 15:38:53 2008 Subject: MCP Error Fix In-Reply-To: <47D553D4.2010402@ecs.soton.ac.uk> References: <657642c50803081424u6a050fdaied964c0c2bf639e6@mail.gmail.com> <47D315FB.4010003@ecs.soton.ac.uk> <47D54CFA.2070003@ecs.soton.ac.uk> <47D553D4.2010402@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119AC1@MED-CORE03-MS1.med.wayne.edu> Julian Did you know the format for this option as a ruleset? I haven't been able to get it to work as ruleset (see my previous posts) and was hoping for an example. Also, I think it only logs actions if logging of non-spam is turned on which is alot of extra logging and was wondering if the logs for this function could be a separate option. Thanks -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Monday, March 10, 2008 11:29 AM To: MailScanner discussion Subject: Re: MCP Error Fix -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 That's about it, yes. A whole lot faster than MCP. And I strongly advise you upgrade_MailScanner_conf. Gottschalk, David wrote: > Thanks for the pointers. > > I haven't run upgrade_MailScanner_conf at all, so that's why I probably didn't see it in the MailScanner.conf. After I sent the other email, I noticed the feature was added a while back in the ChangeLog. > > I think I understand now that basically you just add Spamassassin rules, then this feature within MailScanner can do things to the message based on rule matches. Which is essentially MCP, you just don't call SpamAssassin twice. > > David Gottschalk > UTS Email Team > david.gottschalk@emory.edu > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Monday, March 10, 2008 11:00 AM > To: MailScanner discussion > Subject: Re: MCP Error Fix > > > * PGP Signed by an unmatched address: 03/10/08 at 15:00:11 > > Have you run upgrade_MailScanner_conf to get the version of your > MailScanner.conf up to date? > It basically just gives you a means of running any 'spam action' on a > message in response to any SpamAssassin rule. > > Gottschalk, David wrote: > >> Julian, >> Is there any more documentation on the "Spam Assassin Rule Actions"? I read the description, but I still don't entirely understand how to use it in replacement of MCP. Also, I couldn't find the line in my MailScanner.conf file, so I was wondering if this is in a newer version of MailScanner? I'm running 4.60.8-1. >> >> Thanks!! >> >> David Gottschalk >> UTS Email Team >> david.gottschalk@emory.edu >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Saturday, March 08, 2008 5:41 PM >> To: MailScanner discussion >> Subject: Re: MCP Error Fix >> >> >> >>> Old Signed by an unmatched address: 03/08/08 at 22:41:02 >>> >> This is the default setting, and has been for a while. I'll get >> around to taking a look at this problem some time, but not many >> people need MCP particularly now I have the "SpamAssassin Rule >> Actions" setting which can do most of what MCP can, but a *whole* lot faster. >> >> Chris Crymes wrote: >> >> >>> Hello, >>> >>> I'm a new member, I joined to share a fix I couldn't find in the >>> documentation or in the list archives. >>> >>> I was trying to get MCP working and had everything setup correctly. >>> I could see the emails being processed in the mail logs but the >>> emails were disappearing after processing. >>> >>> I finally changed the scan first setting from MCP to SPAM and it >>> started working. I do not know why but it works. >>> >>> I hope it helps someone. >>> >>> >>> -- >>> Chris Crymes >>> ccrymes@gmail.com >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> * Julian Field >> * 0x1415B654(L) >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> This e-mail message (including any attachments) is for the sole use >> of the intended recipient(s) and may contain confidential and >> privileged information. If the reader of this message is not the >> intended recipient, you are hereby notified that any dissemination, >> distribution or copying of this message (including any attachments) >> is strictly prohibited. >> >> If you have received this message in error, please contact the sender >> by reply e-mail message and destroy all copies of the original >> message (including attachments). >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > * Julian Field > * 0x1415B654(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, > distribution or copying of this message (including any attachments) is > strictly prohibited. > > If you have received this message in error, please contact the sender > by reply e-mail message and destroy all copies of the original message > (including attachments). > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1VPYEfZZRxQVtlQRAqdhAJ44UONTUcPmp5X9JIbxEdjkuukoVwCfbph3 4wFvIEwYRS694yBjqGIZWdI= =MLp+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Mon Mar 10 21:17:54 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Mar 10 21:18:49 2008 Subject: Ruleset-from-function Custom Function Broken?? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A760CA5D1@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu><47D01BD3.1020903@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A760CA5D1@MED-CORE03-MS1.med.wayne.edu> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119B46@MED-CORE03-MS1.med.wayne.edu> FYI I've tried calling &LastSpamVirusScanning('/tmp/test','/opt/MailScanner/etc/rules/virus.sca nning.rules') as a test and that returns the same of error Can't use string ("/var/spool/mqueue.in.test") as an ARRAY ref while "strict refs" in use at ./MailScanner line 1427. So the examples for calling a ruleset from a function seems to be broken. -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Thursday, March 06, 2008 10:23 PM To: MailScanner discussion Subject: RE: Ruleset-from-function Custom Function Broken?? I've tried that with the same result. It's reading in that ruleset based on what I've debugged. I think what is occurring is that when ruleset-from-function creates that temp mailscanner.conf and reads in that single keyword and processes it, all the other config values resort to the defaults of ConfigDefs. If I disable strict refs in the /bin/MailScanner file and uncommment print STDERR "Queues are \"" . join('","',@inqdirs) . "\"\n"; Then if I start I get In Debugging mode, not forking... Trying to setlogsock(unix) Defining virusscan = &VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') Defining virusscan = /opt/MailScanner/etc/rules/virus.scanning.rules Keyword is virusscan, filename is /opt/MailScanner/etc/rules/virus.scanning.rules and type is yesno SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Queues are "" Building a message batch to scan... And in the log Mar 6 22:12:40 eeyore MailScanner.conf-test[17335]: MailScanner E-Mail Virus Scanner version 4.67.6 starting... Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Skipping Custom Function file Ruleset-from-Function.bak as its name does not end in .pm or .pl Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Read 817 hostnames from the phishing whitelist Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Read 5574 hostnames from the phishing blacklist Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Config: calling custom init function MailWatchLogging Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Started SQL Logging child Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Config: calling custom init function VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Using SpamAssassin results cache Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Connected to SpamAssassin cache database Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Enabling SpamAssassin auto-whitelist functionality... Mar 6 22:12:52 eeyore MailScanner.conf-test[17335]: I have found clamavmodule antivir scanners installed, and will use them all by default. Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Using locktype = posix Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Creating hardcoded struct_flock subroutine for linux (Linux-type) But in my mailscanner.conf file, SA auto-whitelist is no and the virus scanners isn't sent to auto. If I drop something into the mqueue.in, nothing happens...the mailscanner process doesn't see it since I'm guessing it no longer has it's queue defined. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 06, 2008 11:29 AM To: MailScanner discussion Subject: Re: Ruleset-from-function Custom Function Broken?? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > Doe anyone know how this example is supposed to work? I'm rtrying to > use it as a template but if I set Virus Scanning = > &VirusScanning('%rules-dir%/virus.scanning.rules') > and don't change anything with Ruleset-from-function.pm I start a > MailScanner process in debug > > Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while > "strict refs" in use at ./MailScannerTest line 1427. > and I also see What happens if you don't use "%rules-dir%" but give the real directory name there instead? > > Enabling SpamAssassin auto-whitelist functionality... > > in the maillogs even though that isn't enabled in the MailScanner.conf > file > > If I remove the Virus Scaning custom function and start in debug, > there's no error and no SA Autowhitelist message is logged. > > I'm thinking something changed in Config.pm that breaks the calling of > rulesets external to config.pm > > Any ideas? > > Bobby From MailScanner at ecs.soton.ac.uk Mon Mar 10 22:44:37 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 10 22:45:32 2008 Subject: Ruleset-from-function Custom Function Broken?? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119B46@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A760CA55C@MED-CORE03-MS1.med.wayne.edu><47D01BD3.1020903@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A760CA5D1@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A76119B46@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D5B9D5.6020200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Okay, I'll take a look tomorrow if I get time. If you don't hear from me about this tomorrow, mail me a reminder to mailscanner@ecs.soton.ac.uk. All the best, Jules Rose, Bobby wrote: > FYI I've tried calling > &LastSpamVirusScanning('/tmp/test','/opt/MailScanner/etc/rules/virus.sca > nning.rules') as a test and that returns the same of error > > Can't use string ("/var/spool/mqueue.in.test") as an ARRAY ref while > "strict refs" in use at ./MailScanner line 1427. > > So the examples for calling a ruleset from a function seems to be > broken. > > -=B > > > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, > Bobby > Sent: Thursday, March 06, 2008 10:23 PM > To: MailScanner discussion > Subject: RE: Ruleset-from-function Custom Function Broken?? > > I've tried that with the same result. It's reading in that ruleset > based on what I've debugged. I think what is occurring is that when > ruleset-from-function creates that temp mailscanner.conf and reads in > that single keyword and processes it, all the other config values resort > to the defaults of ConfigDefs. If I disable strict refs in the > /bin/MailScanner file and uncommment print STDERR "Queues are \"" . > join('","',@inqdirs) . "\"\n"; Then if I start I get > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Defining virusscan = > &VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') > Defining virusscan = /opt/MailScanner/etc/rules/virus.scanning.rules > Keyword is virusscan, filename is > /opt/MailScanner/etc/rules/virus.scanning.rules and type is yesno > SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Queues are "" > Building a message batch to scan... > > And in the log > > Mar 6 22:12:40 eeyore MailScanner.conf-test[17335]: MailScanner E-Mail > Virus Scanner version 4.67.6 starting... > Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Skipping Custom > Function file Ruleset-from-Function.bak as its name does not end in .pm > or .pl Mar 6 22:12:41 eeyore MailScanner.conf-test[17335]: Read 817 > hostnames from the phishing whitelist Mar 6 22:12:41 eeyore > MailScanner.conf-test[17335]: Read 5574 hostnames from the phishing > blacklist Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: Config: > calling custom init function MailWatchLogging Mar 6 22:12:42 eeyore > MailScanner.conf-test[17335]: Started SQL Logging child Mar 6 22:12:42 > eeyore MailScanner.conf-test[17335]: Config: calling custom init > function > VirusScanning('/opt/MailScanner/etc/rules/virus.scanning.rules') > Mar 6 22:12:42 eeyore MailScanner.conf-test[17335]: SpamAssassin > temporary working directory is > /var/spool/MailScanner/incoming/SpamAssassin-Temp > Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: Using SpamAssassin > results cache Mar 6 22:12:43 eeyore MailScanner.conf-test[17335]: > Connected to SpamAssassin cache database Mar 6 22:12:43 eeyore > MailScanner.conf-test[17335]: Enabling SpamAssassin auto-whitelist > functionality... > Mar 6 22:12:52 eeyore MailScanner.conf-test[17335]: I have found > clamavmodule antivir scanners installed, and will use them all by > default. > Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Using locktype = > posix Mar 6 22:12:55 eeyore MailScanner.conf-test[17335]: Creating > hardcoded struct_flock subroutine for linux (Linux-type) > > But in my mailscanner.conf file, SA auto-whitelist is no and the virus > scanners isn't sent to auto. If I drop something into the mqueue.in, > nothing happens...the mailscanner process doesn't see it since I'm > guessing it no longer has it's queue defined. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, March 06, 2008 11:29 AM > To: MailScanner discussion > Subject: Re: Ruleset-from-function Custom Function Broken?? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rose, Bobby wrote: > >> Doe anyone know how this example is supposed to work? I'm rtrying to >> use it as a template but if I set Virus Scanning = >> &VirusScanning('%rules-dir%/virus.scanning.rules') >> and don't change anything with Ruleset-from-function.pm I start a >> MailScanner process in debug >> >> Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while >> "strict refs" in use at ./MailScannerTest line 1427. >> and I also see >> > What happens if you don't use "%rules-dir%" but give the real directory > name there instead? > >> >> Enabling SpamAssassin auto-whitelist functionality... >> >> in the maillogs even though that isn't enabled in the MailScanner.conf >> > > >> file >> >> If I remove the Virus Scaning custom function and start in debug, >> there's no error and no SA Autowhitelist message is logged. >> >> I'm thinking something changed in Config.pm that breaks the calling of >> > > >> rulesets external to config.pm >> >> Any ideas? >> >> Bobby >> > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH1bnXEfZZRxQVtlQRAm+UAKDPi5T4zi0WiYAtCVq00oKL0MatRgCg2FPD QTg7UVQa2qV3yx5WNZodu6E= =LWMe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thenrique at gmail.com Tue Mar 11 00:52:43 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Tue Mar 11 00:53:17 2008 Subject: Strange message ! Message-ID: Hy All, After a upgrade for MailScanner 4.66.5, and configured MailScanner to use CLAMD, i have the following message in mail.log on every mail scanned: Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , $!: ) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found 12 infections Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 viruses Anybody can help-me... Tanks.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080310/224c2ed3/attachment.html From mailscanner.info at tedworld.com Tue Mar 11 01:17:54 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 01:18:42 2008 Subject: Strange message ! In-Reply-To: References: Message-ID: <47D5DDC2.5020006@tedworld.com> Glad to see that I'm not alone, but so far no response to my previous report of this. -Ted- Thiago Henrique wrote: > Hy All, > > After a upgrade for MailScanner 4.66.5, and configured MailScanner to > use CLAMD, i have the following message in mail.log on every mail scanned: > > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END > ($@: , $!: ) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= (not implemented) at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= '' at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for > DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY > DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= > undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= > undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= > undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd > found 12 infections > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 > viruses > > > Anybody can help-me... > > Tanks.. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From edward at tdcs.com.au Tue Mar 11 04:29:43 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Tue Mar 11 04:31:49 2008 Subject: Maximum Attachments Per Message In-Reply-To: <47D4EC2E.30100@guttadauro.com> References: <47D4EC2E.30100@guttadauro.com> Message-ID: Hello guys... I need some help about the Maximum Attachments Per Message. I need block all messages that have more than 60 attachements. i setup into Mailscanner.conf Maximum Attachments Per Message = 60 Ok. Now one message is blocked. I try to release it (i'm using mailwatch) but the message is blocked again. The message released is deliverd from user techservice@x.z. This user meet the same problem. Can user techservice@z.y skip all checks ?? Yes ?? How ?? Thanks ! Instead of "Maximum Attachments Per Message = 60", set "Maximum Attachments Per Message = " In the rule set file you can set the default to 60, but for techservice@z.y change it to whatever you like. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/8ad855b3/attachment-0001.html From roland at inbox4u.de Tue Mar 11 05:13:11 2008 From: roland at inbox4u.de (Ehle, Roland) Date: Tue Mar 11 05:15:02 2008 Subject: AW: Strange message ! In-Reply-To: References: Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F958B2051EA0@ts-dc2.TS-Webarts.local> Hi, could you please check, if you have the latest version of the following perl packages installed: DBD::SQLite DBD::mysql DBI Best should be, if you check it in CPAN. Regards, Roland Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Thiago Henrique Gesendet: Dienstag, 11. M?rz 2008 01:53 An: mailscanner@lists.mailscanner.info Betreff: Strange message ! Hy All, After a upgrade for MailScanner 4.66.5, and configured MailScanner to use CLAMD, i have the following message in mail.log on every mail scanned: Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , $!: ) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found 12 infections Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 viruses Anybody can help-me... Tanks.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/ee344213/attachment.html From thenrique at gmail.com Tue Mar 11 11:49:56 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Tue Mar 11 11:50:34 2008 Subject: Strange message ! In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F958B2051EA0@ts-dc2.TS-Webarts.local> References: <9A519AA4E4FCED4582DCCAEFE0E0C6F958B2051EA0@ts-dc2.TS-Webarts.local> Message-ID: Hi, Yes i have the perl packages in the following versions: dev-perl/DBD-SQLite - 1.14 dev-perl/DBD-mysql - 4.00.5 dev-perl/DBI - 1.601 On Tue, Mar 11, 2008 at 2:13 AM, Ehle, Roland wrote: > Hi, > > > > could you please check, if you have the latest version of the following > perl packages installed: > > > > DBD::SQLite > > DBD::mysql > > DBI > > > > Best should be, if you check it in CPAN. > > > > Regards, > > Roland > > *Von:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *Im Auftrag von *Thiago > Henrique > *Gesendet:* Dienstag, 11. M?rz 2008 01:53 > *An:* mailscanner@lists.mailscanner.info > *Betreff:* Strange message ! > > > > Hy All, > > After a upgrade for MailScanner 4.66.5, and configured MailScanner to use > CLAMD, i have the following message in mail.log on every mail scanned: > > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , > $!: ) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all > for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= > (not implemented) at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all > for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= > '' at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for > DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY > DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found > 12 infections > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 > viruses > > > Anybody can help-me... > > Tanks.. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/078577f3/attachment.html From P.G.M.Peters at utwente.nl Tue Mar 11 12:01:37 2008 From: P.G.M.Peters at utwente.nl (Peter Peters) Date: Tue Mar 11 12:03:30 2008 Subject: Maximum Attachments Per Message In-Reply-To: References: <47D4EC2E.30100@guttadauro.com> Message-ID: <47D674A1.4040007@utwente.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edward Dekkers wrote on 11-3-2008 5:29: > I need some help about the Maximum Attachments Per Message. I need block > all messages that have more than 60 attachements. > i setup into Mailscanner.conf > > Maximum Attachments Per Message = 60 > > Ok. Now one message is blocked. I try to release it (i'm using > mailwatch) but the message is blocked again. The message released is > deliverd from user techservice@x.z . This user > meet the same problem. How do you release the message? Do you copy the df- and qf-files to /var/spool/mqueue or /var/spool/mqueue.in. In the latter case the message is scanned again. If you copy them to /var/spool/mqueue sendmail picks it up without problems. For speed I tell sendmail to process that message instantly. - -- Peter Peters, Teamleider Unix/Linux-Beheer ICT-Servicecentrum Universiteit Twente, Postbus 217, 7500 AE Enschede Telefoon 053 489 2301, Fax 053 489 2383, P.G.M.Peters@utwente.nl, http://www.utwente.nl/icts -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH1nSgelLo80lrIdIRAi9fAJ41X8lxD9poa+/QT3TqwAmYjh8XsQCePoBO 7+6okGmdUMPONFftAmH720Q= =WeOA -----END PGP SIGNATURE----- From ben.tisdall at photobox.com Tue Mar 11 13:39:15 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Mar 11 13:40:14 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue Message-ID: <47D68B83.7040007@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm setting up MS on a CentOS box & getting this error with --lint: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while "strict refs" in use at /usr/sbin/MailScanner line 451. If I start MS this appears in the log: File containing list of incoming queue dirs (/var/spool/exim.in/input) does not exist I did an almost identical install of MS/CentOS5.1 the other day which went without a hitch, the only difference was it was MS 4.66.5 In the conf: Incoming Queue Dir = /var/spool/exim.in/input Outgoing Queue Dir = /var/spool/exim/input MTA = exim Queue dirs are exim:exim 0750 Any ideas good folks? - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1ouDZ929emua3lsRAmHaAJ4j/u2V/8RHKoqf3TUZK1YzbQNAmQCdH8Lg gcZpmetsOT79fBQvWggxhEQ= =mc5m -----END PGP SIGNATURE----- From rcooper at dwford.com Tue Mar 11 13:49:17 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 11 13:49:57 2008 Subject: Strange message ! In-Reply-To: References: Message-ID: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Thiago Henrique Sent: Monday, March 10, 2008 8:53 PM To: mailscanner@lists.mailscanner.info Subject: Strange message ! Hy All, After a upgrade for MailScanner 4.66.5, and configured MailScanner to use CLAMD, i have the following message in mail.log on every mail scanned: Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , $!: ) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found 12 infections Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 viruses [Rick Cooper] Are you using sql logging, or is this a mailwatch issue? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/eea8189f/attachment.html From uxbod at splatnix.net Tue Mar 11 13:50:10 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 13:51:21 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <47D68B83.7040007@photobox.com> Message-ID: <284218.721205243410359.JavaMail.root@office.splatnix.net> ls -lR /var/spool/exim* please Outgoing Queue Dir = /var/spool/exim/input is that correct ? out queue is same as in ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ben Tisdall" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm setting up MS on a CentOS box & getting this error with --lint: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while "strict refs" in use at /usr/sbin/MailScanner line 451. If I start MS this appears in the log: File containing list of incoming queue dirs (/var/spool/exim.in/input) does not exist I did an almost identical install of MS/CentOS5.1 the other day which went without a hitch, the only difference was it was MS 4.66.5 In the conf: Incoming Queue Dir = /var/spool/exim.in/input Outgoing Queue Dir = /var/spool/exim/input MTA = exim Queue dirs are exim:exim 0750 Any ideas good folks? - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1ouDZ929emua3lsRAmHaAJ4j/u2V/8RHKoqf3TUZK1YzbQNAmQCdH8Lg gcZpmetsOT79fBQvWggxhEQ= =mc5m -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Tue Mar 11 13:50:42 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 13:51:36 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <47D68B83.7040007@photobox.com> Message-ID: <20978756.751205243442353.JavaMail.root@office.splatnix.net> ignore about queue name! must read properly! Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ben Tisdall" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm setting up MS on a CentOS box & getting this error with --lint: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Can't use string ("/var/spool/mqueue.in") as an ARRAY ref while "strict refs" in use at /usr/sbin/MailScanner line 451. If I start MS this appears in the log: File containing list of incoming queue dirs (/var/spool/exim.in/input) does not exist I did an almost identical install of MS/CentOS5.1 the other day which went without a hitch, the only difference was it was MS 4.66.5 In the conf: Incoming Queue Dir = /var/spool/exim.in/input Outgoing Queue Dir = /var/spool/exim/input MTA = exim Queue dirs are exim:exim 0750 Any ideas good folks? - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1ouDZ929emua3lsRAmHaAJ4j/u2V/8RHKoqf3TUZK1YzbQNAmQCdH8Lg gcZpmetsOT79fBQvWggxhEQ= =mc5m -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ben.tisdall at photobox.com Tue Mar 11 14:19:03 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Mar 11 14:20:14 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <284218.721205243410359.JavaMail.root@office.splatnix.net> References: <284218.721205243410359.JavaMail.root@office.splatnix.net> Message-ID: <47D694D7.20003@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | ls -lR /var/spool/exim* please | | Outgoing Queue Dir = /var/spool/exim/input | | is that correct ? out queue is same as in ? | | Regards, No, incoming is /var/spool/exim.in/input [root@jitter ~]# ls -lR /var/spool/exim /var/spool/exim: total 28 drwxr-x--- 2 exim exim 4096 Jan 7 2007 db drwxr-x--- 2 exim exim 4096 Jan 7 2007 input drwxr-x--- 2 exim exim 4096 Mar 11 07:42 log drwxr-x--- 2 exim exim 4096 Jan 7 2007 msglog /var/spool/exim/db: total 0 /var/spool/exim/input: total 0 /var/spool/exim/log: total 8 - -rw-r----- 1 exim exim 4819 Mar 11 14:08 mainlog-20080311 /var/spool/exim/msglog: total 0 Thanks. Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1pTXZ929emua3lsRAntsAJ9VsDFCZ1MQwTndCrMhoJQNc5Mp1gCghz6Z 2GRvMONToMBy08IYSGHEvM4= =A6hr -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Mar 11 14:29:18 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 14:30:08 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <47D694D7.20003@photobox.com> Message-ID: <30633723.871205245758228.JavaMail.root@office.splatnix.net> ls -lR /var/spool/exim* would be useful so we can see what is under /var/spool/exim.in Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ben Tisdall" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | ls -lR /var/spool/exim* please | | Outgoing Queue Dir = /var/spool/exim/input | | is that correct ? out queue is same as in ? | | Regards, No, incoming is /var/spool/exim.in/input [root@jitter ~]# ls -lR /var/spool/exim /var/spool/exim: total 28 drwxr-x--- 2 exim exim 4096 Jan 7 2007 db drwxr-x--- 2 exim exim 4096 Jan 7 2007 input drwxr-x--- 2 exim exim 4096 Mar 11 07:42 log drwxr-x--- 2 exim exim 4096 Jan 7 2007 msglog /var/spool/exim/db: total 0 /var/spool/exim/input: total 0 /var/spool/exim/log: total 8 - -rw-r----- 1 exim exim 4819 Mar 11 14:08 mainlog-20080311 /var/spool/exim/msglog: total 0 Thanks. Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1pTXZ929emua3lsRAntsAJ9VsDFCZ1MQwTndCrMhoJQNc5Mp1gCghz6Z 2GRvMONToMBy08IYSGHEvM4= =A6hr -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From scrumley at secure-enterprise.com Tue Mar 11 14:35:55 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Tue Mar 11 14:36:31 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU Message-ID: <8775613110ACC349B6CF97F922E670E3450178@kronos.secure-enterprise.com> OK, I'm stuck. I'm running CentOS 4.6, sendmail 8.13.1 and spamassassin 3.2.4. I've disabled mailwatch, spamassassin, sql blacklist, and AV. I also set the number of child processes to 1. MailScanner starts ok, scans a batch of messages ok, then maxes out the cpu and never picks up another batch of mail. Here is the debug output: MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) 10:18:25 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 10:18:25 Building a message batch to scan... 10:18:25 Have a batch of 1 message. This is from maillog: Mar 11 10:18:25 sm6 MailScanner[814]: MailScanner E-Mail Virus Scanner version 4.67.6 starting... Mar 11 10:18:25 sm6 MailScanner[814]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Mar 11 10:18:25 sm6 MailScanner[814]: Using locktype = posix Mar 11 10:18:25 sm6 MailScanner[814]: Creating hardcoded struct_flock subroutine for linux (Linux-type) Mar 11 10:18:25 sm6 MailScanner[814]: New Batch: Scanning 1 messages, 1857 bytes Mar 11 10:18:25 sm6 MailScanner[814]: Spam Checks: Starting Mar 11 10:18:25 sm6 MailScanner[814]: Spam Checks completed at 97434 bytes per second MailScanner -v Running on Linux sm6.secure-enterprise.com 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux This is CentOS release 4.6 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.67.6 Module versions are: 1.00 AnyDBM_File 1.23 Archive::Zip 1.03 Carp 2.008 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.19 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.14 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.21 bignum 2.03 Business::ISBN 1.17 Business::ISBN::Data 1.08 Data::Dump 1.809 DB_File 1.14 DBD::SQLite 1.602 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 1.00 Encode::Detect 0.17012 Error 0.22 ExtUtils::CBuilder 2.19 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.09 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.34 Net::LDAP 4.007 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.42 Test::Harness 1.22 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.74 version missing YAML Any suggestions? Thanks, -Steve From uxbod at splatnix.net Tue Mar 11 14:48:30 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 14:49:21 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E3450178@kronos.secure-enterprise.com> Message-ID: <3361788.961205246910042.JavaMail.root@office.splatnix.net> What does MailScanner --debug-sa show ? Hmmm, also what RBLs are you using ? perhaps one is no longer active. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Steve Crumley" wrote: > OK, I'm stuck. I'm running CentOS 4.6, sendmail 8.13.1 and > spamassassin > 3.2.4. I've disabled mailwatch, spamassassin, sql blacklist, and AV. > I > also set the number of child processes to 1. MailScanner starts ok, > scans a batch of messages ok, then maxes out the cpu and never picks > up > another batch of mail. > > Here is the debug output: > > MailScanner --debug > In Debugging mode, not forking... > Trying to setlogsock(unix) > 10:18:25 SpamAssassin temp dir = > /var/spool/MailScanner/incoming/SpamAssassin-Temp > 10:18:25 Building a message batch to scan... > 10:18:25 Have a batch of 1 message. > > > > This is from maillog: > Mar 11 10:18:25 sm6 MailScanner[814]: MailScanner E-Mail Virus > Scanner > version 4.67.6 starting... > Mar 11 10:18:25 sm6 MailScanner[814]: SpamAssassin temporary working > directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp > Mar 11 10:18:25 sm6 MailScanner[814]: Using locktype = posix > Mar 11 10:18:25 sm6 MailScanner[814]: Creating hardcoded struct_flock > subroutine for linux (Linux-type) > Mar 11 10:18:25 sm6 MailScanner[814]: New Batch: Scanning 1 messages, > 1857 bytes > Mar 11 10:18:25 sm6 MailScanner[814]: Spam Checks: Starting > Mar 11 10:18:25 sm6 MailScanner[814]: Spam Checks completed at 97434 > bytes per second > > > > MailScanner -v > Running on > Linux sm6.secure-enterprise.com 2.6.9-55.0.6.ELsmp #1 SMP Tue Sep 4 > 21:36:00 EDT 2007 i686 i686 i386 GNU/Linux > This is CentOS release 4.6 (Final) > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.67.6 > Module versions are: > 1.00 AnyDBM_File > 1.23 Archive::Zip > 1.03 Carp > 2.008 Compress::Zlib > 1.119 Convert::BinHex > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.19 File::Temp > 0.92 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.02 Mail::Header > 1.86 Math::BigInt > 3.05 MIME::Base64 > 5.425 MIME::Decoder > 5.425 MIME::Decoder::UU > 5.425 MIME::Head > 5.425 MIME::Parser > 3.03 MIME::QuotedPrint > 5.425 MIME::Tools > 0.11 Net::CIDR > 1.08 POSIX > 1.14 Scalar::Util > 1.77 Socket > 1.4 Sys::Hostname::Long > 0.18 Sys::Syslog > 1.68 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.38 Archive::Tar > 0.21 bignum > 2.03 Business::ISBN > 1.17 Business::ISBN::Data > 1.08 Data::Dump > 1.809 DB_File > 1.14 DBD::SQLite > 1.602 DBI > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > 1.00 Encode::Detect > 0.17012 Error > 0.22 ExtUtils::CBuilder > 2.19 ExtUtils::ParseXS > 2.36 Getopt::Long > 0.44 Inline > 1.08 IO::String > 1.09 IO::Zlib > 2.23 IP::Country > missing Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.005 Mail::SPF > 1.999001 Mail::SPF::Query > 0.2808 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > 0.34 Net::LDAP > 4.007 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 2.42 Test::Harness > 1.22 Test::Manifest > 1.95 Text::Balanced > 1.35 URI > 0.74 version > missing YAML > > > > > > Any suggestions? > Thanks, > -Steve -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From thenrique at gmail.com Tue Mar 11 14:51:20 2008 From: thenrique at gmail.com (Thiago Henrique) Date: Tue Mar 11 14:52:00 2008 Subject: Strange message ! In-Reply-To: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> Message-ID: Rick, I'm using MailWatch for parse logs, every message have logged in mysql data base. The strange messages occur after a virus scanner start: Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content Scanning: Starting Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- DBI::END ($@: , $!: ) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a7ec)~0x932cac4) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e64)~0x98d6eac) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6eac)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932cac4)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Clamd found 12 infections Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Found 12 viruses Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: 2E48351F14.1A77F to 9FF1B778CA Mar 11 08:49:21 morpheus MailScanner[20893]: Uninfected: Delivered 1 messages Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message 2E48351F14.1A77F to SQL The mail is sent normally to the user, but every 12 lines of error is considered virus for MailScanner. On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper wrote: > > > ------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] *On Behalf Of *Thiago Henrique > *Sent:* Monday, March 10, 2008 8:53 PM > *To:* mailscanner@lists.mailscanner.info > *Subject:* Strange message ! > > Hy All, > > After a upgrade for MailScanner 4.66.5, and configured MailScanner to use > CLAMD, i have the following message in mail.log on every mail scanned: > > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , > $!: ) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all > for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= > (not implemented) at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all > for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= > '' at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for > DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY > DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in > DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef > during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found > 12 infections > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 > viruses > > > > [Rick Cooper] > Are you using sql logging, or is this a mailwatch issue? > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/a18f3a7f/attachment.html From scrumley at secure-enterprise.com Tue Mar 11 15:13:45 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Tue Mar 11 15:14:21 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <3361788.961205246910042.JavaMail.root@office.splatnix.net> References: <8775613110ACC349B6CF97F922E670E3450178@kronos.secure-enterprise.com> <3361788.961205246910042.JavaMail.root@office.splatnix.net> Message-ID: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of --[ UxBoD ]-- > Sent: Tuesday, March 11, 2008 10:49 AM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > What does MailScanner --debug-sa show ? Hmmm, also what RBLs > are you using ? perhaps one is no longer active. > > Regards, > I've turned off spamassassin and don't do any RBL checks from MailScanner. From uxbod at splatnix.net Tue Mar 11 15:29:12 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 15:30:01 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> Message-ID: <23152946.1431205249352659.JavaMail.root@office.splatnix.net> do you have strace installed on the server ? if so when the process is running at 100% CPU connect to it and see what it is doing. I had this before, but for the life of me I cannot remember what I changed to fix it :( Things to check :- 1) Permissions, are they all correct 2) Check MailScanner.conf again just to make sure no typos Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Steve Crumley" wrote: > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of --[ UxBoD ]-- > Sent: Tuesday, March 11, 2008 10:49 AM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > What does MailScanner --debug-sa show ? Hmmm, also what RBLs > are you using ? perhaps one is no longer active. > > Regards, > I've turned off spamassassin and don't do any RBL checks from MailScanner. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ben.tisdall at photobox.com Tue Mar 11 15:44:41 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Mar 11 15:46:35 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <30633723.871205245758228.JavaMail.root@office.splatnix.net> References: <30633723.871205245758228.JavaMail.root@office.splatnix.net> Message-ID: <47D6A8E9.9000905@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | ls -lR /var/spool/exim* would be useful so we can see what is under /var/spool/exim.in | | Regards, | Ah sorry. The answer is nothing, nada, zip. Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1qjpZ929emua3lsRAlj4AJ9Ycdn7DaSF2tKJtfVMrww8DtXjpQCgmbUA DIaNoDQfHk/PoTzNxnhSrOc= =xNcj -----END PGP SIGNATURE----- From scrumley at secure-enterprise.com Tue Mar 11 15:47:57 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Tue Mar 11 15:48:32 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <23152946.1431205249352659.JavaMail.root@office.splatnix.net> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <23152946.1431205249352659.JavaMail.root@office.splatnix.net> Message-ID: <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of --[ UxBoD ]-- > Sent: Tuesday, March 11, 2008 11:29 AM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > do you have strace installed on the server ? if so when the > process is running at 100% CPU connect to it and see what it > is doing. I had this before, but for the life of me I cannot > remember what I changed to fix it :( > > Things to check :- > > 1) Permissions, are they all correct > 2) Check MailScanner.conf again just to make sure no typos > > Regards, > > -- Here is the output from strace: waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 waitpid(-1, 0xbff09448, WNOHANG) = 0 The system had been running fine for over a year, I can't find any permission or setting change thats doing this, but I could be overlooking something. Thanks, -Steve From uxbod at splatnix.net Tue Mar 11 15:53:19 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 15:54:20 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <47D6A8E9.9000905@photobox.com> Message-ID: <14698881.1611205250799263.JavaMail.root@office.splatnix.net> Okay :) So your config looks wrong then :- Incoming Queue Dir = /var/spool/exim.in/input <---- that directory does not exist, well nothing at all under /var/spool/exim.in Outgoing Queue Dir = /var/spool/exim/input Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ben Tisdall" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | ls -lR /var/spool/exim* would be useful so we can see what is under /var/spool/exim.in | | Regards, | Ah sorry. The answer is nothing, nada, zip. Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1qjpZ929emua3lsRAlj4AJ9Ycdn7DaSF2tKJtfVMrww8DtXjpQCgmbUA DIaNoDQfHk/PoTzNxnhSrOc= =xNcj -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dudi at kolcore.com Tue Mar 11 16:01:14 2008 From: dudi at kolcore.com (Dudi Goldenberg) Date: Tue Mar 11 16:01:26 2008 Subject: DirectAdmin & MailScanner Message-ID: Hello list, I have a new Debian etch machine with DirectAdmin installed ready to replace an old BlueQuatrz server. I'd like to have MS on the new machine, but my concern is not to harm DirectAdmin installation while installing MS. Is there a how-to that covers my needs? TIA Dudi Goldenberg CTO Kolcore Ltd. Registered Linux user #79506 No virus found in this outgoing message. Checked by AVG. Version: 7.5.518 / Virus Database: 269.21.7/1324 - Release Date: 3/10/2008 19:27 From mailscanner.info at tedworld.com Tue Mar 11 16:04:00 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 16:04:39 2008 Subject: Strange message ! In-Reply-To: References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> Message-ID: <47D6AD70.3090903@tedworld.com> I too am using MailWatch and am getting practically the same problem: Mar 11 11:57:31 ms1srvp01 MailScanner[14372]: Spam Checks: Starting Mar 11 11:57:32 ms1srvp01 MailScanner[14372]: Virus and Content Scanning: Starting Mar 11 11:57:32 ms1srvp01 MailScanner[14372]: ClamAVModule:: -- DBI::END ($@: , $!: ) Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0xa012a04)~0xa0663ec) thr#8d36008 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule:: <- disconnect_all= (not implemented) at DBI.pm line 716 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0xa6dca9c)~0xa6dcae4) thr#8d36008 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule:: <- disconnect_all= '' at DBI.pm line 716 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0xa6dcea4)~INNER) thr#8d36008 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule:: DESTROY DBI::db=HASH(0xa6dcea4) skipped due to InactiveDestroy Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! <- DESTROY= undef during global destruction Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0xa6dcae4)~INNER) thr#8d36008 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! <- DESTROY= undef during global destruction Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0xa0663ec)~INNER) thr#8d36008 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: ClamAVModule::! <- DESTROY= undef during global destruction Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: Virus Scanning: ClamAVModule found 12 infections Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: Virus Scanning: Found 12 viruses Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: Requeue: 50D9D90101.83CC1 to E978B90105 Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: Uninfected: Delivered 1 messages Mar 11 11:57:33 ms1srvp01 MailScanner[14372]: Logging message 50D9D90101.83CC1 to SQL Mar 11 11:57:33 ms1srvp01 MailScanner[14356]: 50D9D90101.83CC1: Logged to MailWatch SQL Thiago Henrique wrote: > Rick, > > I'm using MailWatch for parse logs, every message have logged in mysql > data base. The strange messages occur after a virus scanner start: > > Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content > Scanning: Starting > Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- DBI::END > ($@: , $!: ) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a7ec)~0x932cac4) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > disconnect_all= (not implemented) at DBI.pm line 718 > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e64)~0x98d6eac) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > disconnect_all= '' at DBI.pm line 718 > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY for > DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: DESTROY > DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= > undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in > DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6eac)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= > undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in > DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932cac4)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= > undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Clamd > found 12 infections > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Found 12 > viruses > Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: 2E48351F14.1A77F > to 9FF1B778CA > Mar 11 08:49:21 morpheus MailScanner[20893]: Uninfected: Delivered 1 > messages > Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message > 2E48351F14.1A77F to SQL > > The mail is sent normally to the user, but every 12 lines of error is > considered virus for MailScanner. > > > > On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper > wrote: > > > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info > ] *On > Behalf Of *Thiago Henrique > *Sent:* Monday, March 10, 2008 8:53 PM > *To:* mailscanner@lists.mailscanner.info > > *Subject:* Strange message ! > > Hy All, > > After a upgrade for MailScanner 4.66.5, and configured > MailScanner to use CLAMD, i have the following message in > mail.log on every mail scanned: > > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- > DBI::END ($@: , $!: ) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::mysql::dr > (DBI::dr=HASH(0x932a67c)~0x932c954) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= (not implemented) at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= '' at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: > DESTROY DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY in DBD::_::common for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6e7c)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY in DBD::_::dr for DBD::mysql::dr > (DBI::dr=HASH(0x932c954)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: > Clamd found 12 infections > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: > Found 12 viruses > > > > [Rick Cooper] > Are you using sql logging, or is this a mailwatch issue? > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ben.tisdall at photobox.com Tue Mar 11 16:26:08 2008 From: ben.tisdall at photobox.com (Ben Tisdall) Date: Tue Mar 11 16:26:49 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <14698881.1611205250799263.JavaMail.root@office.splatnix.net> References: <14698881.1611205250799263.JavaMail.root@office.splatnix.net> Message-ID: <47D6B2A0.3020407@photobox.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | Okay :) | | So your config looks wrong then :- | | Incoming Queue Dir = /var/spool/exim.in/input <---- that directory does not exist, well nothing at all under /var/spool/exim.in Oh crumbs... for some reason I thought exim created this on startup. I obviously wasn't paying attention the last time I did this :) Conf lints now. Thank you very much. Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1rKgZ929emua3lsRAhlgAKCU063ciFSl9f7qiT32D56H89rnwgCfVotY vQl69nh1Ry4s1j8XPmQmkBc= =Pr9V -----END PGP SIGNATURE----- From uxbod at splatnix.net Tue Mar 11 16:42:20 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 11 16:43:19 2008 Subject: MS4.67.6/exim/CentoS 5.1 queue dir issue In-Reply-To: <47D6B2A0.3020407@photobox.com> Message-ID: <23764234.1701205253740058.JavaMail.root@office.splatnix.net> No problem. Glad all is okay now :) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ben Tisdall" wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --[ UxBoD ]-- wrote: | Okay :) | | So your config looks wrong then :- | | Incoming Queue Dir = /var/spool/exim.in/input <---- that directory does not exist, well nothing at all under /var/spool/exim.in Oh crumbs... for some reason I thought exim created this on startup. I obviously wasn't paying attention the last time I did this :) Conf lints now. Thank you very much. Best regards, Ben. - -- Ben Tisdall Linux Systems Administrator www.photobox.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH1rKgZ929emua3lsRAhlgAKCU063ciFSl9f7qiT32D56H89rnwgCfVotY vQl69nh1Ry4s1j8XPmQmkBc= =Pr9V -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 11 17:21:06 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 11 17:21:42 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <23152946.1431205249352659.JavaMail.root@office.splatnix.net> <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> Message-ID: <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> On 11/03/2008, Steve Crumley wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > Of --[ UxBoD ]-- > > > Sent: Tuesday, March 11, 2008 11:29 AM > > To: MailScanner discussion > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > then hangs at 100 percent CPU > > > > > do you have strace installed on the server ? if so when the > > process is running at 100% CPU connect to it and see what it > > is doing. I had this before, but for the life of me I cannot > > remember what I changed to fix it :( > > > > Things to check :- > > > > 1) Permissions, are they all correct > > 2) Check MailScanner.conf again just to make sure no typos > > > > Regards, > > > > -- > > > Here is the output from strace: > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > > The system had been running fine for over a year, I can't find any > permission or setting change thats doing this, but I could be > overlooking something. > Thanks, > -Steve > Could perhaps be a busted SQLite SA cache? What does analyse_s (I don't remember if it is sacache or spamassassin_cache ... the command completion should take care of it:-) say? If it looks fishy, simply delete the SA cache file and restart MS. You've run MailScanner --lint, right? Nothing obvious from that? Oh, and what av scanners do you use? Obviously not clamavmodule, but perhaps clamav or clamd? are those OK? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Tue Mar 11 17:40:13 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 11 17:40:52 2008 Subject: Strange message ! In-Reply-To: References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> Message-ID: <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> First off, this appears to be a perl error being directed to stderr and that is why it's showing up in your clamd parsing. I am not sure where in the process mailwatch is logging, and the mailwatch people might know right off the bat, however; Perhaps you should look at the debug output (both console and logging) and post those here and also look at the top of /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm for: # DBI->trace(2,'/root/dbitrace.log'); and uncomment that and check the trace log. Also run MailScanner -v and post/check the output Rick _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Thiago Henrique Sent: Tuesday, March 11, 2008 10:51 AM To: MailScanner discussion Subject: Re: Strange message ! Rick, I'm using MailWatch for parse logs, every message have logged in mysql data base. The strange messages occur after a virus scanner start: Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content Scanning: Starting Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- DBI::END ($@: , $!: ) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a7ec)~0x932cac4) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e64)~0x98d6eac) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6eac)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932cac4)~INNER) Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- DESTROY= undef during global destruction Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Clamd found 12 infections Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Found 12 viruses Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: 2E48351F14.1A77F to 9FF1B778CA Mar 11 08:49:21 morpheus MailScanner[20893]: Uninfected: Delivered 1 messages Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message 2E48351F14.1A77F to SQL The mail is sent normally to the user, but every 12 lines of error is considered virus for MailScanner. On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper wrote: _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Thiago Henrique Sent: Monday, March 10, 2008 8:53 PM To: mailscanner@lists.mailscanner.info Subject: Strange message ! Hy All, After a upgrade for MailScanner 4.66.5, and configured MailScanner to use CLAMD, i have the following message in mail.log on every mail scanned: Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- DBI::END ($@: , $!: ) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a67c)~0x932c954) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= (not implemented) at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- disconnect_all= '' at DBI.pm line 718 Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped due to InactiveDestroy Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e7c)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> DESTROY in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932c954)~INNER) Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- DESTROY= undef during global destruction Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Clamd found 12 infections Mar 10 21:48:51 morpheus MailScanner[30706]: Virus Scanning: Found 12 viruses [Rick Cooper] Are you using sql logging, or is this a mailwatch issue? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/23f4357a/attachment-0001.html From william at raidbr.com.br Tue Mar 11 17:48:30 2008 From: william at raidbr.com.br (William A. Knob) Date: Tue Mar 11 17:48:40 2008 Subject: MailScanner as content filter Message-ID: <47D6C5EE.4040005@raidbr.com.br> Hi all; I need to make some "content filtering" on my mail server, like create rules for some users and/or groups. For example: create a rule that says when the word "sex" appears on a Subject when the email is for the group "X", then is blocked. I can do that? Regards, -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From brose at med.wayne.edu Tue Mar 11 18:16:47 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 11 18:17:27 2008 Subject: MailScanner as content filter In-Reply-To: <47D6C5EE.4040005@raidbr.com.br> References: <47D6C5EE.4040005@raidbr.com.br> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> Look at the SpamAssassin Rule Actions option. You define your rule in SA and define in MailScanner what to do when it sees a message that trips that rule. Of course, I'm still waiting on someone to explain how this can be a ruleset because I haven't been able to get it to work in a rules file. But it does work if you chain the rule/action pairs on the MailScanner.conf line but that means it applies to everyone. -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of William A. Knob Sent: Tuesday, March 11, 2008 1:49 PM To: MailScanner discussion Subject: MailScanner as content filter Hi all; I need to make some "content filtering" on my mail server, like create rules for some users and/or groups. For example: create a rule that says when the word "sex" appears on a Subject when the email is for the group "X", then is blocked. I can do that? Regards, -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner.info at tedworld.com Tue Mar 11 18:47:34 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 18:48:21 2008 Subject: Strange message ! In-Reply-To: <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> Message-ID: <47D6D3C6.1000503@tedworld.com> MailWatch.pm might also be found @ ./usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm MailWatch is logging where it says "Logging message xxxxxxxxxx.xxxxx to SQL" - after the whole clam issue. However, MailWatch makes frequent database calls to pull white and black lists, for example. There is no output to the console and all debug output goes to syslog, and as far as I can see has already been posted here. DBI->trace(2,'/root/dbitrace.log'); is already uncommented but generates no output. This is because the whole thing is running as postfix and can't write to /root. Pointed it to /tmp and get the following: -> DBI->connect(dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cache.db, , ****, HASH(0xa664b7c)) -> DBI->install_driver(SQLite) for linux perl=5.008008 pid=16827 ruid=89 euid=89 install_driver: DBD::SQLite version 1.14 loaded from /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/DBD/SQLite.pm <- install_driver= DBI::dr=HASH(0xa66f0a4) !! warn: 0 CLEARED by call to connect method -> connect for DBD::SQLite::dr (DBI::dr=HASH(0xa66f0a4)~0xa66f0ec '/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' **** HASH(0x974e594)) thr#8cd2008 <- connect= DBI::db=HASH(0xa66f4dc) at DBI.pm line 637 -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'PrintError' 0) thr#8cd2008 <- STORE= 1 at DBI.pm line 689 -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'AutoCommit' 1) thr#8cd2008 <- STORE= 1 at DBI.pm line 689 -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'InactiveDestroy' 1) thr#8cd2008 <- STORE= 1 at DBI.pm line 692 -> FETCH for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'InactiveDestroy') thr#8cd2008 <- FETCH= 1 at DBI.pm line 692 -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'Username' '') thr#8cd2008 <- STORE= 1 at DBI.pm line 692 <> FETCH= '' ('Username' from cache) at DBI.pm line 692 -> connected in DBD::_::db for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' '' HASH(0xa664b7c)) thr#8cd2008 <- connected= undef at DBI.pm line 698 <- connect= DBI::db=HASH(0xa66f4dc) -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'dbi_connect_closure' CODE(0xa66f068)) thr#8cd2008 <- STORE= 1 at DBI.pm line 707 -> do in DBD::_::db for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE TABLE cache (md5 TEXT, count INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore FLOAT, saheader BLOB, salongreport BLOB, virusinfected INT)') thr#8cd2008 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'CREATE TABLE cache (md5 TEXT, count INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore FLOAT, saheader BLOB, salongreport BLOB, virusinfected INT)' undef) thr#8cd2008 sqlite trace: prepare statement: CREATE TABLE cache (md5 TEXT, count INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore FLOAT, saheader BLOB, salongreport BLOB, virusinfected INT) at dbdimp.c line 258 -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f674)~INNER) thr#8cd2008 DESTROY for DBI::st=HASH(0xa66f674) ignored - handle not initialised ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' (err#0) <- DESTROY= undef at DBI.pm line 1561 !! ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' (err#0) 1 <- prepare= undef at DBI.pm line 1561 !! ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' (err#0) <- do= undef at SA.pm line 215 !! ERROR: 1 CLEARED by call to do method -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)') thr#8cd2008 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)' undef) thr#8cd2008 sqlite trace: prepare statement: CREATE UNIQUE INDEX md5_uniq ON cache(md5) at dbdimp.c line 258 -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9fab1c8)~INNER) thr#8cd2008 DESTROY for DBI::st=HASH(0x9fab1c8) ignored - handle not initialised ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' (err#0) <- DESTROY= undef at DBI.pm line 1561 !! ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' (err#0) 1 <- prepare= undef at DBI.pm line 1561 !! ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' (err#0) <- do= undef at SA.pm line 216 !! ERROR: 1 CLEARED by call to do method -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE INDEX last_seen_idx ON cache(last)') thr#8cd2008 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'CREATE INDEX last_seen_idx ON cache(last)' undef) thr#8cd2008 sqlite trace: prepare statement: CREATE INDEX last_seen_idx ON cache(last) at dbdimp.c line 258 -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9ebaa8c)~INNER) thr#8cd2008 DESTROY for DBI::st=HASH(0x9ebaa8c) ignored - handle not initialised ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line 271' (err#0) <- DESTROY= undef at DBI.pm line 1561 !! ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line 271' (err#0) 1 <- prepare= undef at DBI.pm line 1561 !! ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line 271' (err#0) <- do= undef at SA.pm line 217 !! ERROR: 1 CLEARED by call to do method -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE INDEX first_seen_idx ON cache(first)') thr#8cd2008 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER 'CREATE INDEX first_seen_idx ON cache(first)' undef) thr#8cd2008 sqlite trace: prepare statement: CREATE INDEX first_seen_idx ON cache(first) at dbdimp.c line 258 -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f74c)~INNER) thr#8cd2008 DESTROY for DBI::st=HASH(0xa66f74c) ignored - handle not initialised ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c line 271' (err#0) <- DESTROY= undef at DBI.pm line 1561 !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c line 271' (err#0) 1 <- prepare= undef at DBI.pm line 1561 !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c line 271' (err#0) <- do= undef at SA.pm line 218 !! ERROR: 1 CLEARED by call to prepare method -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac ' DELETE FROM cache WHERE ( (sasaysspam=0 AND virusinfected<1 AND first<=(strftime('%s','now')-?)) OR (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND first<=(strftime('%s','now')-?)) OR (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND last<=(strftime('%s','now')-?)) OR (virusinfected>=1 AND last<=(strftime('%s','now')-?)) )') thr#8cd2008 sqlite trace: prepare statement: DELETE FROM cache WHERE ( (sasaysspam=0 AND virusinfected<1 AND first<=(strftime('%s','now')-?)) OR (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND first<=(strftime('%s','now')-?)) OR (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND last<=(strftime('%s','now')-?)) OR (virusinfected>=1 AND last<=(strftime('%s','now')-?)) ) at dbdimp.c line 258 <- prepare= DBI::st=HASH(0xa66f7dc) at SA.pm line 730 -> execute for DBD::SQLite::st (DBI::st=HASH(0xa66f7dc)~0xa66f818 '1800' '300' '10800' '172800') thr#8cd2008 <- execute= '0E0' at SA.pm line 738 -> finish for DBD::SQLite::st (DBI::st=HASH(0xa66f7dc)~0xa66f818) thr#8cd2008 <- finish= 1 at SA.pm line 739 -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f818)~INNER) thr#8cd2008 <- DESTROY= undef at SA.pm line 222 Rick Cooper wrote: > First off, this appears to be a perl error being directed to stderr > and that is why it's showing up in your clamd parsing. I am not sure > where in the process mailwatch is logging, and the mailwatch people > might know right off the bat, however; Perhaps you should look at the > debug output (both console and logging) and post those here and also > look at the top of > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm for: > > # DBI->trace(2,'/root/dbitrace.log'); > > and uncomment that and check the trace log. > > Also run MailScanner -v and post/check the output > > Rick > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of > *Thiago Henrique > *Sent:* Tuesday, March 11, 2008 10:51 AM > *To:* MailScanner discussion > *Subject:* Re: Strange message ! > > Rick, > > I'm using MailWatch for parse logs, every message have logged in > mysql data base. The strange messages occur after a virus scanner > start: > > Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content > Scanning: Starting > Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- > DBI::END ($@: , $!: ) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > disconnect_all for DBD::mysql::dr (DBI::dr=HASH(0x932a7ec)~0x932cac4) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > disconnect_all= (not implemented) at DBI.pm line 718 > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > disconnect_all for DBD::SQLite::dr (DBI::dr=HASH(0x98d6e64)~0x98d6eac) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > disconnect_all= '' at DBI.pm line 718 > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY > for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: > DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > DESTROY= undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY > in DBD::_::common for DBD::SQLite::dr (DBI::dr=HASH(0x98d6eac)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > DESTROY= undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY > in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932cac4)~INNER) > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > DESTROY= undef during global destruction > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Clamd > found 12 infections > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Found > 12 viruses > Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: > 2E48351F14.1A77F to 9FF1B778CA > Mar 11 08:49:21 morpheus MailScanner[20893]: Uninfected: Delivered > 1 messages > Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message > 2E48351F14.1A77F to SQL > > The mail is sent normally to the user, but every 12 lines of error > is considered virus for MailScanner. > > > > On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper > wrote: > > > > ------------------------------------------------------------------------ > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info > ] *On > Behalf Of *Thiago Henrique > *Sent:* Monday, March 10, 2008 8:53 PM > *To:* mailscanner@lists.mailscanner.info > > *Subject:* Strange message ! > > Hy All, > > After a upgrade for MailScanner 4.66.5, and configured > MailScanner to use CLAMD, i have the following message in > mail.log on every mail scanned: > > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- > DBI::END ($@: , $!: ) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::mysql::dr > (DBI::dr=HASH(0x932a67c)~0x932c954) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= (not implemented) at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> > disconnect_all for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- > disconnect_all= '' at DBI.pm line 718 > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped > due to InactiveDestroy > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY in DBD::_::common for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6e7c)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> > DESTROY in DBD::_::dr for DBD::mysql::dr > (DBI::dr=HASH(0x932c954)~INNER) > Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- > DESTROY= undef during global destruction > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > Scanning: Clamd found 12 infections > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > Scanning: Found 12 viruses > > > > [Rick Cooper] > Are you using sql logging, or is this a mailwatch issue? > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* > , and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , > and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at rcx.ca Tue Mar 11 18:49:10 2008 From: admin at rcx.ca (Rob McDonald) Date: Tue Mar 11 18:49:46 2008 Subject: Autoresponder being marked as spam Message-ID: Hello all, I currently have MailScanner setup to run with postfix. The autoreply script is writen in perl and here are the changes I have made to postfix: 1. autoreply unix - n n - - pipe flags=F user=vmail argv=/home/vmail/autoreply $sender $recipient 2. In Transport table: autoreply.domain.tld autoreply 3. Then in my virtual table I forward to: user@autoreply.domain.tld The problem I am having is that it seems mailscanner marks these as spam. Is there any way I can avoid this? Thanks in advance. From scrumley at secure-enterprise.com Tue Mar 11 18:58:46 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Tue Mar 11 18:59:21 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> Message-ID: <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Tuesday, March 11, 2008 1:21 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > then hangs at 100 percent CPU > > On 11/03/2008, Steve Crumley wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of --[ UxBoD ]-- > > > > > Sent: Tuesday, March 11, 2008 11:29 AM > > > To: MailScanner discussion > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > > then hangs at 100 percent CPU > > > > > > > > do you have strace installed on the server ? if so when the > > > process is running at 100% CPU connect to it and see what it > > > is doing. I had this before, but for the life of me I cannot > > > remember what I changed to fix it :( > > > > > > Things to check :- > > > > > > 1) Permissions, are they all correct > > > 2) Check MailScanner.conf again just to make sure no typos > > > > > > Regards, > > > > > > -- > > > > > > Here is the output from strace: > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > > > > > > > The system had been running fine for over a year, I can't find any > > permission or setting change thats doing this, but I could be > > overlooking something. > > Thanks, > > -Steve > > > Could perhaps be a busted SQLite SA cache? What does analyse_s (I > don't remember if it is sacache or spamassassin_cache ... the command > completion should take care of it:-) say? If it looks fishy, simply > delete the SA cache file and restart MS. > > You've run MailScanner --lint, right? Nothing obvious from that? > > Oh, and what av scanners do you use? Obviously not clamavmodule, but > perhaps clamav or clamd? are those OK? > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > analyse_SpamAssassin_cache looks clean, MailScanner --lint is clean too. I'm running clamd for AV but I've set virus scanning to no while working on this. Thanks, -Steve From mailscanner.info at tedworld.com Tue Mar 11 19:14:15 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 19:15:02 2008 Subject: Strange message ! In-Reply-To: <47D6D3C6.1000503@tedworld.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> Message-ID: <47D6DA07.1020701@tedworld.com> Actually, this whole problem is caused by "DBI->trace(2,'/root/dbitrace.log');" in MailWatch.pm. Unless you run MailScanner as root this will fail. You MUST point the file to some place where the MailScanner process user can write otherwise you will get this error. As long as I point to /tmp or comment the line out there are no more report of issues in maillog. Of corse now I'm a little curious about this "!! ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' (err#0)", but at least the original problem is gone. tlum wrote: > MailWatch.pm might also be found @ > ./usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > > MailWatch is logging where it says "Logging message xxxxxxxxxx.xxxxx > to SQL" - after the whole clam issue. However, MailWatch makes > frequent database calls to pull white and black lists, for example. > > There is no output to the console and all debug output goes to syslog, > and as far as I can see has already been posted here. > > DBI->trace(2,'/root/dbitrace.log'); is already uncommented but > generates no output. This is because the whole thing is running as > postfix and can't write to /root. Pointed it to /tmp and get the > following: > > -> > DBI->connect(dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cache.db, > , ****, HASH(0xa664b7c)) > -> DBI->install_driver(SQLite) for linux perl=5.008008 pid=16827 > ruid=89 euid=89 > install_driver: DBD::SQLite version 1.14 loaded from > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/DBD/SQLite.pm > <- install_driver= DBI::dr=HASH(0xa66f0a4) > !! warn: 0 CLEARED by call to connect method > -> connect for DBD::SQLite::dr (DBI::dr=HASH(0xa66f0a4)~0xa66f0ec > '/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' **** > HASH(0x974e594)) thr#8cd2008 > <- connect= DBI::db=HASH(0xa66f4dc) at DBI.pm line 637 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'PrintError' 0) thr#8cd2008 > <- STORE= 1 at DBI.pm line 689 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'AutoCommit' 1) thr#8cd2008 > <- STORE= 1 at DBI.pm line 689 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'InactiveDestroy' 1) thr#8cd2008 > <- STORE= 1 at DBI.pm line 692 > -> FETCH for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'InactiveDestroy') thr#8cd2008 > <- FETCH= 1 at DBI.pm line 692 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'Username' '') thr#8cd2008 > <- STORE= 1 at DBI.pm line 692 > <> FETCH= '' ('Username' from cache) at DBI.pm line 692 > -> connected in DBD::_::db for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > 'dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' > '' HASH(0xa664b7c)) thr#8cd2008 > <- connected= undef at DBI.pm line 698 > <- connect= DBI::db=HASH(0xa66f4dc) > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'dbi_connect_closure' CODE(0xa66f068)) thr#8cd2008 > <- STORE= 1 at DBI.pm line 707 > -> do in DBD::_::db for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE TABLE cache (md5 TEXT, > count INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > sahighscoring INT, sascore FLOAT, saheader BLOB, salongreport BLOB, > virusinfected INT)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE TABLE cache (md5 TEXT, count INTEGER, last TIMESTAMP, first > TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore FLOAT, saheader > BLOB, salongreport BLOB, virusinfected INT)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE TABLE cache (md5 TEXT, count > INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > sahighscoring INT, sascore FLOAT, saheader BLOB, salongreport BLOB, > virusinfected INT) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f674)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0xa66f674) ignored - handle not > initialised > ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' > (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' > (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'table cache already exists(1) at dbdimp.c line 271' > (err#0) > <- do= undef at SA.pm line 215 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE UNIQUE INDEX md5_uniq ON > cache(md5) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9fab1c8)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0x9fab1c8) ignored - handle not > initialised > ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' > (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' > (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index md5_uniq already exists(1) at dbdimp.c line 271' > (err#0) > <- do= undef at SA.pm line 216 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > 'CREATE INDEX last_seen_idx ON cache(last)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE INDEX last_seen_idx ON cache(last)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE INDEX last_seen_idx ON > cache(last) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9ebaa8c)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0x9ebaa8c) ignored - handle not > initialised > ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line > 271' (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line > 271' (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index last_seen_idx already exists(1) at dbdimp.c line > 271' (err#0) > <- do= undef at SA.pm line 217 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > 'CREATE INDEX first_seen_idx ON cache(first)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE INDEX first_seen_idx ON cache(first)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE INDEX first_seen_idx ON > cache(first) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f74c)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0xa66f74c) ignored - handle not > initialised > ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > line 271' (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > line 271' (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > line 271' (err#0) > <- do= undef at SA.pm line 218 > !! ERROR: 1 CLEARED by call to prepare method > -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac ' > DELETE FROM cache WHERE ( > (sasaysspam=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > last<=(strftime('%s','now')-?)) OR > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > )') thr#8cd2008 > sqlite trace: prepare statement: > DELETE FROM cache WHERE ( > (sasaysspam=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > last<=(strftime('%s','now')-?)) OR > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > ) at dbdimp.c line 258 > <- prepare= DBI::st=HASH(0xa66f7dc) at SA.pm line 730 > -> execute for DBD::SQLite::st (DBI::st=HASH(0xa66f7dc)~0xa66f818 > '1800' '300' '10800' '172800') thr#8cd2008 > <- execute= '0E0' at SA.pm line 738 > -> finish for DBD::SQLite::st (DBI::st=HASH(0xa66f7dc)~0xa66f818) > thr#8cd2008 > <- finish= 1 at SA.pm line 739 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f818)~INNER) > thr#8cd2008 > <- DESTROY= undef at SA.pm line 222 > > > > > > > > > > Rick Cooper wrote: >> First off, this appears to be a perl error being directed to stderr >> and that is why it's showing up in your clamd parsing. I am not sure >> where in the process mailwatch is logging, and the mailwatch people >> might know right off the bat, however; Perhaps you should look at the >> debug output (both console and logging) and post those here and also >> look at the top of >> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm for: >> >> # DBI->trace(2,'/root/dbitrace.log'); >> >> and uncomment that and check the trace log. >> >> Also run MailScanner -v and post/check the output >> >> Rick >> >> >> ------------------------------------------------------------------------ >> *From:* mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] *On Behalf Of >> *Thiago Henrique >> *Sent:* Tuesday, March 11, 2008 10:51 AM >> *To:* MailScanner discussion >> *Subject:* Re: Strange message ! >> >> Rick, >> >> I'm using MailWatch for parse logs, every message have logged in >> mysql data base. The strange messages occur after a virus scanner >> start: >> >> Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content >> Scanning: Starting >> Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- >> DBI::END ($@: , $!: ) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> >> disconnect_all for DBD::mysql::dr >> (DBI::dr=HASH(0x932a7ec)~0x932cac4) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- >> disconnect_all= (not implemented) at DBI.pm line 718 >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> >> disconnect_all for DBD::SQLite::dr >> (DBI::dr=HASH(0x98d6e64)~0x98d6eac) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- >> disconnect_all= '' at DBI.pm line 718 >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY >> for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: >> DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY >> in DBD::_::common for DBD::SQLite::dr >> (DBI::dr=HASH(0x98d6eac)~INNER) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! -> DESTROY >> in DBD::_::dr for DBD::mysql::dr (DBI::dr=HASH(0x932cac4)~INNER) >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Clamd >> found 12 infections >> Mar 11 08:49:21 morpheus MailScanner[20893]: Virus Scanning: Found >> 12 viruses >> Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: >> 2E48351F14.1A77F to 9FF1B778CA >> Mar 11 08:49:21 morpheus MailScanner[20893]: Uninfected: Delivered >> 1 messages >> Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message >> 2E48351F14.1A77F to SQL >> >> The mail is sent normally to the user, but every 12 lines of error >> is considered virus for MailScanner. >> >> >> >> On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper > > wrote: >> >> >> >> ------------------------------------------------------------------------ >> *From:* mailscanner-bounces@lists.mailscanner.info >> >> [mailto:mailscanner-bounces@lists.mailscanner.info >> ] *On >> Behalf Of *Thiago Henrique >> *Sent:* Monday, March 10, 2008 8:53 PM >> *To:* mailscanner@lists.mailscanner.info >> >> *Subject:* Strange message ! >> >> Hy All, >> >> After a upgrade for MailScanner 4.66.5, and configured >> MailScanner to use CLAMD, i have the following message in >> mail.log on every mail scanned: >> >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -- >> DBI::END ($@: , $!: ) >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> >> disconnect_all for DBD::mysql::dr >> (DBI::dr=HASH(0x932a67c)~0x932c954) >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- >> disconnect_all= (not implemented) at DBI.pm line 718 >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: -> >> disconnect_all for DBD::SQLite::dr >> (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd:: <- >> disconnect_all= '' at DBI.pm line 718 >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> >> DESTROY for DBD::SQLite::db (DBI::db=HASH(0x98dab60)~INNER) >> Mar 10 21:48:51 morpheus MailScanner[30706]: >> Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped >> due to InactiveDestroy >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> >> DESTROY in DBD::_::common for DBD::SQLite::dr >> (DBI::dr=HASH(0x98d6e7c)~INNER) >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! -> >> DESTROY in DBD::_::dr for DBD::mysql::dr >> (DBI::dr=HASH(0x932c954)~INNER) >> Mar 10 21:48:51 morpheus MailScanner[30706]: Clamd::! <- >> DESTROY= undef during global destruction >> Mar 10 21:48:51 morpheus MailScanner[30706]: Virus >> Scanning: Clamd found 12 infections >> Mar 10 21:48:51 morpheus MailScanner[30706]: Virus >> Scanning: Found 12 viruses >> >> >> >> [Rick Cooper] Are you using sql logging, or >> is this a mailwatch issue? >> Rick >> >> -- This message has been scanned for viruses and >> dangerous content by *MailScanner* >> , and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> -- This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue Mar 11 19:18:59 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Mar 11 19:20:31 2008 Subject: Autoresponder being marked as spam In-Reply-To: References: Message-ID: There are many people here who might agree that autoresponders are *always* SPAM. I personally avoid them more fervently than STDs. I'd rather have something that clears up after two weeks on antibiotics than the PITA of having to deal with spammers using me as their spam factory. On the more serious side (I'll hate myself for saying this), if the autoresponder always comes from the same IP (127.0.0.1 for example) you could whitelist stuff that's "From:127. and From:*@mydomain.com" so that it doesn't get marked. On Mar 11, 2008, at 12:49 PM, Rob McDonald wrote: > The problem I am having is that it seems mailscanner marks these as > spam. Is there any way I can avoid this? Thanks in advance. From MailScanner at ecs.soton.ac.uk Tue Mar 11 19:19:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 11 19:20:39 2008 Subject: MailScanner as content filter In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> References: <47D6C5EE.4040005@raidbr.com.br> <610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D6DB54.3000209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What happens when you try to put in a ruleset? What doesn't work? Sorry if I missed this thread. Rose, Bobby wrote: > Look at the SpamAssassin Rule Actions option. You define your rule in SA and define in MailScanner what to do when it sees a message that trips that rule. > > Of course, I'm still waiting on someone to explain how this can be a ruleset because I haven't been able to get it to work in a rules file. But it does work if you chain the rule/action pairs on the MailScanner.conf line but that means it applies to everyone. > > -=B > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of William A. Knob > Sent: Tuesday, March 11, 2008 1:49 PM > To: MailScanner discussion > Subject: MailScanner as content filter > > > Hi all; > > I need to make some "content filtering" on my mail server, like create rules for some users and/or groups. For example: create a rule that says when the word "sex" appears on a Subject when the email is for the group "X", then is blocked. > > I can do that? > > Regards, > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh iC8joy25Z8PyjbbQ9AhetcI= =Gfn+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Mar 11 19:46:36 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 11 19:47:15 2008 Subject: Strange message ! In-Reply-To: <47D6D3C6.1000503@tedworld.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> Message-ID: <04a401c883b0$9e2c3840$0301a8c0@SAHOMELT> Now that you have the trace log set to something that is writable are you still seeing the garbage in your clamd output? If so comment it out (as it should be). I have seen perl progs that spew to stdout when they are supposed to be writing to a file and don't get the file opened properly. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of tlum > Sent: Tuesday, March 11, 2008 2:48 PM > To: MailScanner discussion > Subject: Re: Strange message ! > > MailWatch.pm might also be found @ > ./usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > > MailWatch is logging where it says "Logging message > xxxxxxxxxx.xxxxx to > SQL" - after the whole clam issue. However, MailWatch makes frequent > database calls to pull white and black lists, for example. > > There is no output to the console and all debug output goes > to syslog, > and as far as I can see has already been posted here. > > DBI->trace(2,'/root/dbitrace.log'); is already uncommented > but generates > no output. This is because the whole thing is running as postfix and > can't write to /root. Pointed it to /tmp and get the following: > > -> > DBI->connect(dbi:SQLite:/var/spool/MailScanner/incoming/SpamA > ssassin.cache.db, > , ****, HASH(0xa664b7c)) > -> DBI->install_driver(SQLite) for linux perl=5.008008 pid=16827 > ruid=89 euid=89 > install_driver: DBD::SQLite version 1.14 loaded from > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/DBD/SQLite.pm > <- install_driver= DBI::dr=HASH(0xa66f0a4) > !! warn: 0 CLEARED by call to connect method > -> connect for DBD::SQLite::dr > (DBI::dr=HASH(0xa66f0a4)~0xa66f0ec > '/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' **** > HASH(0x974e594)) thr#8cd2008 > <- connect= DBI::db=HASH(0xa66f4dc) at DBI.pm line 637 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'PrintError' 0) thr#8cd2008 > <- STORE= 1 at DBI.pm line 689 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'AutoCommit' 1) thr#8cd2008 > <- STORE= 1 at DBI.pm line 689 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'InactiveDestroy' 1) thr#8cd2008 > <- STORE= 1 at DBI.pm line 692 > -> FETCH for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'InactiveDestroy') thr#8cd2008 > <- FETCH= 1 at DBI.pm line 692 > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'Username' '') thr#8cd2008 > <- STORE= 1 at DBI.pm line 692 > <> FETCH= '' ('Username' from cache) at DBI.pm line 692 > -> connected in DBD::_::db for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > 'dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cach > e.db' '' '' > HASH(0xa664b7c)) thr#8cd2008 > <- connected= undef at DBI.pm line 698 > <- connect= DBI::db=HASH(0xa66f4dc) > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'dbi_connect_closure' CODE(0xa66f068)) thr#8cd2008 > <- STORE= 1 at DBI.pm line 707 > -> do in DBD::_::db for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE TABLE cache (md5 > TEXT, count > INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > sahighscoring > INT, sascore FLOAT, saheader BLOB, salongreport BLOB, virusinfected > INT)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE TABLE cache (md5 TEXT, count INTEGER, last TIMESTAMP, first > TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore FLOAT, > saheader > BLOB, salongreport BLOB, virusinfected INT)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE TABLE cache (md5 TEXT, count > INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > sahighscoring > INT, sascore FLOAT, saheader BLOB, salongreport BLOB, > virusinfected INT) > at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f674)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0xa66f674) ignored - handle not > initialised > ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' (err#0) > <- do= undef at SA.pm line 215 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE > UNIQUE INDEX md5_uniq ON cache(md5)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE UNIQUE INDEX md5_uniq ON > cache(md5) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9fab1c8)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0x9fab1c8) ignored - handle not > initialised > ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > (err#0) > <- do= undef at SA.pm line 216 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE > INDEX last_seen_idx ON cache(last)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE INDEX last_seen_idx ON cache(last)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE INDEX last_seen_idx ON > cache(last) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9ebaa8c)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0x9ebaa8c) ignored - handle not > initialised > ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > <- do= undef at SA.pm line 217 > !! ERROR: 1 CLEARED by call to do method > -> do for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE > INDEX first_seen_idx ON cache(first)') thr#8cd2008 > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > 'CREATE INDEX first_seen_idx ON cache(first)' undef) thr#8cd2008 > sqlite trace: prepare statement: CREATE INDEX first_seen_idx ON > cache(first) at dbdimp.c line 258 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f74c)~INNER) > thr#8cd2008 > DESTROY for DBI::st=HASH(0xa66f74c) ignored - handle not > initialised > ERROR: 1 'index first_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > <- DESTROY= undef at DBI.pm line 1561 > !! ERROR: 1 'index first_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > 1 <- prepare= undef at DBI.pm line 1561 > !! ERROR: 1 'index first_seen_idx already exists(1) at > dbdimp.c line > 271' (err#0) > <- do= undef at SA.pm line 218 > !! ERROR: 1 CLEARED by call to prepare method > -> prepare for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac ' > DELETE FROM cache WHERE ( > (sasaysspam=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > last<=(strftime('%s','now')-?)) OR > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > )') thr#8cd2008 > sqlite trace: prepare statement: > DELETE FROM cache WHERE ( > (sasaysspam=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > first<=(strftime('%s','now')-?)) OR > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > last<=(strftime('%s','now')-?)) OR > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > ) at dbdimp.c line 258 > <- prepare= DBI::st=HASH(0xa66f7dc) at SA.pm line 730 > -> execute for DBD::SQLite::st > (DBI::st=HASH(0xa66f7dc)~0xa66f818 > '1800' '300' '10800' '172800') thr#8cd2008 > <- execute= '0E0' at SA.pm line 738 > -> finish for DBD::SQLite::st > (DBI::st=HASH(0xa66f7dc)~0xa66f818) > thr#8cd2008 > <- finish= 1 at SA.pm line 739 > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f818)~INNER) > thr#8cd2008 > <- DESTROY= undef at SA.pm line 222 > > > > > > > > > > Rick Cooper wrote: > > First off, this appears to be a perl error being directed > to stderr > > and that is why it's showing up in your clamd parsing. I > am not sure > > where in the process mailwatch is logging, and the > mailwatch people > > might know right off the bat, however; Perhaps you should > look at the > > debug output (both console and logging) and post those > here and also > > look at the top of > > /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm for: > > > > # DBI->trace(2,'/root/dbitrace.log'); > > > > and uncomment that and check the trace log. > > > > Also run MailScanner -v and post/check the output > > > > Rick > > > > > ------------------------------------------------------------- > ----------- > > *From:* mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] > *On Behalf Of > > *Thiago Henrique > > *Sent:* Tuesday, March 11, 2008 10:51 AM > > *To:* MailScanner discussion > > *Subject:* Re: Strange message ! > > > > Rick, > > > > I'm using MailWatch for parse logs, every message have > logged in > > mysql data base. The strange messages occur after a > virus scanner > > start: > > > > Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content > > Scanning: Starting > > Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- > > DBI::END ($@: , $!: ) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > > disconnect_all for DBD::mysql::dr > (DBI::dr=HASH(0x932a7ec)~0x932cac4) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > > disconnect_all= (not implemented) at DBI.pm line 718 > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > > disconnect_all for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6e64)~0x98d6eac) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > > disconnect_all= '' at DBI.pm line 718 > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > > for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: > > DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > > DESTROY= undef during global destruction > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > > in DBD::_::common for DBD::SQLite::dr > (DBI::dr=HASH(0x98d6eac)~INNER) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > > DESTROY= undef during global destruction > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > > in DBD::_::dr for DBD::mysql::dr > (DBI::dr=HASH(0x932cac4)~INNER) > > Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > > DESTROY= undef during global destruction > > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus > Scanning: Clamd > > found 12 infections > > Mar 11 08:49:21 morpheus MailScanner[20893]: Virus > Scanning: Found > > 12 viruses > > Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: > > 2E48351F14.1A77F to 9FF1B778CA > > Mar 11 08:49:21 morpheus MailScanner[20893]: > Uninfected: Delivered > > 1 messages > > Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message > > 2E48351F14.1A77F to SQL > > > > The mail is sent normally to the user, but every 12 > lines of error > > is considered virus for MailScanner. > > > > > > > > On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper > > > wrote: > > > > > > > > > ------------------------------------------------------------- > ----------- > > *From:* mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info > > > ] *On > > Behalf Of *Thiago Henrique > > *Sent:* Monday, March 10, 2008 8:53 PM > > *To:* mailscanner@lists.mailscanner.info > > > > *Subject:* Strange message ! > > > > Hy All, > > > > After a upgrade for MailScanner 4.66.5, and configured > > MailScanner to use CLAMD, i have the following > message in > > mail.log on every mail scanned: > > > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -- > > DBI::END ($@: , $!: ) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -> > > disconnect_all for DBD::mysql::dr > > (DBI::dr=HASH(0x932a67c)~0x932c954) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: <- > > disconnect_all= (not implemented) at DBI.pm line 718 > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -> > > disconnect_all for DBD::SQLite::dr > > (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: <- > > disconnect_all= '' at DBI.pm line 718 > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > > DESTROY for DBD::SQLite::db > (DBI::db=HASH(0x98dab60)~INNER) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > > Clamd:: DESTROY DBI::db=HASH(0x98dab60) skipped > > due to InactiveDestroy > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > > DESTROY= undef during global destruction > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > > DESTROY in DBD::_::common for DBD::SQLite::dr > > (DBI::dr=HASH(0x98d6e7c)~INNER) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > > DESTROY= undef during global destruction > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > > DESTROY in DBD::_::dr for DBD::mysql::dr > > (DBI::dr=HASH(0x932c954)~INNER) > > Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > > DESTROY= undef during global destruction > > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > > Scanning: Clamd found 12 infections > > Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > > Scanning: Found 12 viruses > > > > > > > > [Rick Cooper] > > Are you using sql logging, or is this a > mailwatch issue? > > > > Rick > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* > > , and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off > the website! > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* > , > > and is > > believed to be clean. > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* > , and is > > believed to be clean. > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* > , and is > > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From admin at rcx.ca Tue Mar 11 20:03:55 2008 From: admin at rcx.ca (Rob McDonald) Date: Tue Mar 11 20:04:35 2008 Subject: Autoresponder being marked as spam References: Message-ID: <4469C88D4D704D86B33F104F1875948F@MasterChief> Thanks for the response I have resolved the issue. On the topic you bring up, I am curious how much using this will affect my spam. Does anyone have any statistics on spam increases using autoresponders? Thanks ----- Original Message ----- From: "Alex Neuman" To: "MailScanner discussion" Sent: Tuesday, March 11, 2008 3:18 PM Subject: Re: Autoresponder being marked as spam > > There are many people here who might agree that autoresponders are > *always* SPAM. I personally avoid them more fervently than STDs. I'd > rather have something that clears up after two weeks on antibiotics than > the PITA of having to deal with spammers using me as their spam factory. > > > On the more serious side (I'll hate myself for saying this), if the > autoresponder always comes from the same IP (127.0.0.1 for example) you > could whitelist stuff that's "From:127. and From:*@mydomain.com" so that > it doesn't get marked. > > On Mar 11, 2008, at 12:49 PM, Rob McDonald wrote: > >> The problem I am having is that it seems mailscanner marks these as >> spam. Is there any way I can avoid this? Thanks in advance. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rcooper at dwford.com Tue Mar 11 20:14:46 2008 From: rcooper at dwford.com (Rick Cooper) Date: Tue Mar 11 20:15:25 2008 Subject: Strange message ! In-Reply-To: <47D6DA07.1020701@tedworld.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT><47D6D3C6.1000503@tedworld.com> <47D6DA07.1020701@tedworld.com> Message-ID: <04b401c883b4$8d317600$0301a8c0@SAHOMELT> Well I guess I should have read the next one before my last post. Actually that line is commented by default. And yes, while mailwatch is doing something during or just before the scan output (which comes after the scan, from the parser) the trace log hasn't been opened properly so the output is headed to, I think, stdout (might be stderr as that is redirected iirc) and it's getting fed to the parser as clamd output. If the original poster would comment out the trace line in MailWatch.pm I believe his issues would go away too. There are a lot of incidental warnings and undef errors that DBI doesn't choke on unless -w is used and don't think MailScanner uses that switch a all, or at least not for the most part. The trace log would show those errors however. Rick > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of tlum > Sent: Tuesday, March 11, 2008 3:14 PM > To: MailScanner discussion > Subject: Re: Strange message ! > > Actually, this whole problem is caused by > "DBI->trace(2,'/root/dbitrace.log');" in MailWatch.pm. > Unless you run > MailScanner as root this will fail. You MUST point the file to some > place where the MailScanner process user can write otherwise > you will > get this error. As long as I point to /tmp or comment the > line out there > are no more report of issues in maillog. > > Of corse now I'm a little curious about this "!! ERROR: 1 > 'table cache > already exists(1) at dbdimp.c line 271' (err#0)", but at least the > original problem is gone. > > tlum wrote: > > MailWatch.pm might also be found @ > > ./usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm > > > > MailWatch is logging where it says "Logging message > xxxxxxxxxx.xxxxx > > to SQL" - after the whole clam issue. However, MailWatch makes > > frequent database calls to pull white and black lists, for example. > > > > There is no output to the console and all debug output > goes to syslog, > > and as far as I can see has already been posted here. > > > > DBI->trace(2,'/root/dbitrace.log'); is already uncommented but > > generates no output. This is because the whole thing is running as > > postfix and can't write to /root. Pointed it to /tmp and get the > > following: > > > > -> > > > DBI->connect(dbi:SQLite:/var/spool/MailScanner/incoming/SpamA > ssassin.cache.db, > > , ****, HASH(0xa664b7c)) > > -> DBI->install_driver(SQLite) for linux perl=5.008008 > pid=16827 > > ruid=89 euid=89 > > install_driver: DBD::SQLite version 1.14 loaded from > > > /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/DBD/SQLite.pm > > <- install_driver= DBI::dr=HASH(0xa66f0a4) > > !! warn: 0 CLEARED by call to connect method > > -> connect for DBD::SQLite::dr > (DBI::dr=HASH(0xa66f0a4)~0xa66f0ec > > '/var/spool/MailScanner/incoming/SpamAssassin.cache.db' '' **** > > HASH(0x974e594)) thr#8cd2008 > > <- connect= DBI::db=HASH(0xa66f4dc) at DBI.pm line 637 > > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'PrintError' 0) thr#8cd2008 > > <- STORE= 1 at DBI.pm line 689 > > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'AutoCommit' 1) thr#8cd2008 > > <- STORE= 1 at DBI.pm line 689 > > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'InactiveDestroy' 1) thr#8cd2008 > > <- STORE= 1 at DBI.pm line 692 > > -> FETCH for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'InactiveDestroy') thr#8cd2008 > > <- FETCH= 1 at DBI.pm line 692 > > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'Username' '') thr#8cd2008 > > <- STORE= 1 at DBI.pm line 692 > > <> FETCH= '' ('Username' from cache) at DBI.pm line 692 > > -> connected in DBD::_::db for DBD::SQLite::db > > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > > > 'dbi:SQLite:/var/spool/MailScanner/incoming/SpamAssassin.cach > e.db' '' > > '' HASH(0xa664b7c)) thr#8cd2008 > > <- connected= undef at DBI.pm line 698 > > <- connect= DBI::db=HASH(0xa66f4dc) > > -> STORE for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'dbi_connect_closure' CODE(0xa66f068)) thr#8cd2008 > > <- STORE= 1 at DBI.pm line 707 > > -> do in DBD::_::db for DBD::SQLite::db > > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac 'CREATE TABLE cache (md5 TEXT, > > count INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > > sahighscoring INT, sascore FLOAT, saheader BLOB, > salongreport BLOB, > > virusinfected INT)') thr#8cd2008 > > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'CREATE TABLE cache (md5 TEXT, count INTEGER, last > TIMESTAMP, first > > TIMESTAMP, sasaysspam INT, sahighscoring INT, sascore > FLOAT, saheader > > BLOB, salongreport BLOB, virusinfected INT)' undef) thr#8cd2008 > > sqlite trace: prepare statement: CREATE TABLE cache (md5 > TEXT, count > > INTEGER, last TIMESTAMP, first TIMESTAMP, sasaysspam INT, > > sahighscoring INT, sascore FLOAT, saheader BLOB, > salongreport BLOB, > > virusinfected INT) at dbdimp.c line 258 > > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f674)~INNER) > > thr#8cd2008 > > DESTROY for DBI::st=HASH(0xa66f674) ignored - handle not > > initialised > > ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' > > (err#0) > > <- DESTROY= undef at DBI.pm line 1561 > > !! ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' > > (err#0) > > 1 <- prepare= undef at DBI.pm line 1561 > > !! ERROR: 1 'table cache already exists(1) at dbdimp.c > line 271' > > (err#0) > > <- do= undef at SA.pm line 215 > > !! ERROR: 1 CLEARED by call to do method > > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > > 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)') thr#8cd2008 > > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'CREATE UNIQUE INDEX md5_uniq ON cache(md5)' undef) thr#8cd2008 > > sqlite trace: prepare statement: CREATE UNIQUE INDEX md5_uniq ON > > cache(md5) at dbdimp.c line 258 > > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9fab1c8)~INNER) > > thr#8cd2008 > > DESTROY for DBI::st=HASH(0x9fab1c8) ignored - handle not > > initialised > > ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > > (err#0) > > <- DESTROY= undef at DBI.pm line 1561 > > !! ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > > (err#0) > > 1 <- prepare= undef at DBI.pm line 1561 > > !! ERROR: 1 'index md5_uniq already exists(1) at > dbdimp.c line 271' > > (err#0) > > <- do= undef at SA.pm line 216 > > !! ERROR: 1 CLEARED by call to do method > > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > > 'CREATE INDEX last_seen_idx ON cache(last)') thr#8cd2008 > > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'CREATE INDEX last_seen_idx ON cache(last)' undef) thr#8cd2008 > > sqlite trace: prepare statement: CREATE INDEX last_seen_idx ON > > cache(last) at dbdimp.c line 258 > > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0x9ebaa8c)~INNER) > > thr#8cd2008 > > DESTROY for DBI::st=HASH(0x9ebaa8c) ignored - handle not > > initialised > > ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > > 271' (err#0) > > <- DESTROY= undef at DBI.pm line 1561 > > !! ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > > 271' (err#0) > > 1 <- prepare= undef at DBI.pm line 1561 > > !! ERROR: 1 'index last_seen_idx already exists(1) at > dbdimp.c line > > 271' (err#0) > > <- do= undef at SA.pm line 217 > > !! ERROR: 1 CLEARED by call to do method > > -> do for DBD::SQLite::db (DBI::db=HASH(0xa66f4dc)~0xa66f4ac > > 'CREATE INDEX first_seen_idx ON cache(first)') thr#8cd2008 > > 1 -> prepare for DBD::SQLite::db (DBI::db=HASH(0xa66f4ac)~INNER > > 'CREATE INDEX first_seen_idx ON cache(first)' undef) thr#8cd2008 > > sqlite trace: prepare statement: CREATE INDEX first_seen_idx ON > > cache(first) at dbdimp.c line 258 > > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f74c)~INNER) > > thr#8cd2008 > > DESTROY for DBI::st=HASH(0xa66f74c) ignored - handle not > > initialised > > ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > > line 271' (err#0) > > <- DESTROY= undef at DBI.pm line 1561 > > !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > > line 271' (err#0) > > 1 <- prepare= undef at DBI.pm line 1561 > > !! ERROR: 1 'index first_seen_idx already exists(1) at dbdimp.c > > line 271' (err#0) > > <- do= undef at SA.pm line 218 > > !! ERROR: 1 CLEARED by call to prepare method > > -> prepare for DBD::SQLite::db > (DBI::db=HASH(0xa66f4dc)~0xa66f4ac ' > > DELETE FROM cache WHERE ( > > (sasaysspam=0 AND virusinfected<1 AND > > first<=(strftime('%s','now')-?)) OR > > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > > first<=(strftime('%s','now')-?)) OR > > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > > last<=(strftime('%s','now')-?)) OR > > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > > )') thr#8cd2008 > > sqlite trace: prepare statement: > > DELETE FROM cache WHERE ( > > (sasaysspam=0 AND virusinfected<1 AND > > first<=(strftime('%s','now')-?)) OR > > (sasaysspam>0 AND sahighscoring=0 AND virusinfected<1 AND > > first<=(strftime('%s','now')-?)) OR > > (sasaysspam>0 AND sahighscoring>0 AND virusinfected<1 AND > > last<=(strftime('%s','now')-?)) OR > > (virusinfected>=1 AND last<=(strftime('%s','now')-?)) > > ) at dbdimp.c line 258 > > <- prepare= DBI::st=HASH(0xa66f7dc) at SA.pm line 730 > > -> execute for DBD::SQLite::st > (DBI::st=HASH(0xa66f7dc)~0xa66f818 > > '1800' '300' '10800' '172800') thr#8cd2008 > > <- execute= '0E0' at SA.pm line 738 > > -> finish for DBD::SQLite::st > (DBI::st=HASH(0xa66f7dc)~0xa66f818) > > thr#8cd2008 > > <- finish= 1 at SA.pm line 739 > > -> DESTROY for DBD::SQLite::st (DBI::st=HASH(0xa66f818)~INNER) > > thr#8cd2008 > > <- DESTROY= undef at SA.pm line 222 > > > > > > > > > > > > > > > > > > > > Rick Cooper wrote: > >> First off, this appears to be a perl error being directed > to stderr > >> and that is why it's showing up in your clamd parsing. I > am not sure > >> where in the process mailwatch is logging, and the > mailwatch people > >> might know right off the bat, however; Perhaps you should > look at the > >> debug output (both console and logging) and post those > here and also > >> look at the top of > >> /opt/MailScanner/lib/MailScanner/CustomFunctions/MailWatch.pm for: > >> > >> # DBI->trace(2,'/root/dbitrace.log'); > >> > >> and uncomment that and check the trace log. > >> > >> Also run MailScanner -v and post/check the output > >> > >> Rick > >> > >> > >> > ------------------------------------------------------------- > ----------- > >> *From:* mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] > *On Behalf Of > >> *Thiago Henrique > >> *Sent:* Tuesday, March 11, 2008 10:51 AM > >> *To:* MailScanner discussion > >> *Subject:* Re: Strange message ! > >> > >> Rick, > >> > >> I'm using MailWatch for parse logs, every message > have logged in > >> mysql data base. The strange messages occur after a > virus scanner > >> start: > >> > >> Mar 11 08:49:20 morpheus MailScanner[20893]: Virus and Content > >> Scanning: Starting > >> Mar 11 08:49:20 morpheus MailScanner[20893]: Clamd:: -- > >> DBI::END ($@: , $!: ) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > >> disconnect_all for DBD::mysql::dr > >> (DBI::dr=HASH(0x932a7ec)~0x932cac4) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > >> disconnect_all= (not implemented) at DBI.pm line 718 > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: -> > >> disconnect_all for DBD::SQLite::dr > >> (DBI::dr=HASH(0x98d6e64)~0x98d6eac) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: <- > >> disconnect_all= '' at DBI.pm line 718 > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > >> for DBD::SQLite::db (DBI::db=HASH(0x98dab98)~INNER) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd:: > > >> DESTROY DBI::db=HASH(0x98dab98) skipped due to InactiveDestroy > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > >> in DBD::_::common for DBD::SQLite::dr > >> (DBI::dr=HASH(0x98d6eac)~INNER) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! > -> DESTROY > >> in DBD::_::dr for DBD::mysql::dr > (DBI::dr=HASH(0x932cac4)~INNER) > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Virus > Scanning: Clamd > >> found 12 infections > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Virus > Scanning: Found > >> 12 viruses > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Requeue: > >> 2E48351F14.1A77F to 9FF1B778CA > >> Mar 11 08:49:21 morpheus MailScanner[20893]: > Uninfected: Delivered > >> 1 messages > >> Mar 11 08:49:21 morpheus MailScanner[20893]: Logging message > >> 2E48351F14.1A77F to SQL > >> > >> The mail is sent normally to the user, but every 12 > lines of error > >> is considered virus for MailScanner. > >> > >> > >> > >> On Tue, Mar 11, 2008 at 10:49 AM, Rick Cooper > >> > wrote: > >> > >> > >> > >> > ------------------------------------------------------------- > ----------- > >> *From:* mailscanner-bounces@lists.mailscanner.info > >> > >> [mailto:mailscanner-bounces@lists.mailscanner.info > >> > ] *On > >> Behalf Of *Thiago Henrique > >> *Sent:* Monday, March 10, 2008 8:53 PM > >> *To:* mailscanner@lists.mailscanner.info > >> > >> *Subject:* Strange message ! > >> > >> Hy All, > >> > >> After a upgrade for MailScanner 4.66.5, and configured > >> MailScanner to use CLAMD, i have the > following message in > >> mail.log on every mail scanned: > >> > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -- > >> DBI::END ($@: , $!: ) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -> > >> disconnect_all for DBD::mysql::dr > >> (DBI::dr=HASH(0x932a67c)~0x932c954) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: <- > >> disconnect_all= (not implemented) at DBI.pm line 718 > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: -> > >> disconnect_all for DBD::SQLite::dr > >> (DBI::dr=HASH(0x98d6e34)~0x98d6e7c) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd:: <- > >> disconnect_all= '' at DBI.pm line 718 > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > >> DESTROY for DBD::SQLite::db > (DBI::db=HASH(0x98dab60)~INNER) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > >> Clamd:: DESTROY > DBI::db=HASH(0x98dab60) skipped > >> due to InactiveDestroy > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > >> DESTROY in DBD::_::common for DBD::SQLite::dr > >> (DBI::dr=HASH(0x98d6e7c)~INNER) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! -> > >> DESTROY in DBD::_::dr for DBD::mysql::dr > >> (DBI::dr=HASH(0x932c954)~INNER) > >> Mar 10 21:48:51 morpheus MailScanner[30706]: > Clamd::! <- > >> DESTROY= undef during global destruction > >> Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > >> Scanning: Clamd found 12 infections > >> Mar 10 21:48:51 morpheus MailScanner[30706]: Virus > >> Scanning: Found 12 viruses > >> > >> > >> > >> [Rick Cooper] Are you using sql > logging, or > >> is this a mailwatch issue? > >> Rick > >> > >> -- This message has been scanned for viruses and > >> dangerous content by *MailScanner* > >> , and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book > off the website! > >> > >> > >> > >> -- This message has been scanned for viruses and > >> dangerous content by *MailScanner* > , > >> and is > >> believed to be clean. > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by *MailScanner* > , > >> and is > >> believed to be clean. > >> -- > >> This message has been scanned for viruses and > >> dangerous content by *MailScanner* > , > >> and is > >> believed to be clean. > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 11 20:32:27 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 11 20:33:02 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <23152946.1431205249352659.JavaMail.root@office.splatnix.net> <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> Message-ID: <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> On 11/03/2008, Steve Crumley wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Glenn Steen > > Sent: Tuesday, March 11, 2008 1:21 PM > > To: MailScanner discussion > > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > > then hangs at 100 percent CPU > > > > On 11/03/2008, Steve Crumley wrote: > > > > > > > > > > -----Original Message----- > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > > Of --[ UxBoD ]-- > > > > > > > Sent: Tuesday, March 11, 2008 11:29 AM > > > > To: MailScanner discussion > > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > > > then hangs at 100 percent CPU > > > > > > > > > > > do you have strace installed on the server ? if so when the > > > > process is running at 100% CPU connect to it and see what it > > > > is doing. I had this before, but for the life of me I cannot > > > > remember what I changed to fix it :( > > > > > > > > Things to check :- > > > > > > > > 1) Permissions, are they all correct > > > > 2) Check MailScanner.conf again just to make sure no typos > > > > > > > > Regards, > > > > > > > > -- > > > > > > > > > Here is the output from strace: > > > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > > > > > > > > > > > > The system had been running fine for over a year, I can't find any > > > permission or setting change thats doing this, but I could be > > > overlooking something. > > > Thanks, > > > -Steve > > > > > Could perhaps be a busted SQLite SA cache? What does analyse_s (I > > don't remember if it is sacache or spamassassin_cache ... the command > > completion should take care of it:-) say? If it looks fishy, simply > > delete the SA cache file and restart MS. > > > > You've run MailScanner --lint, right? Nothing obvious from that? > > > > Oh, and what av scanners do you use? Obviously not clamavmodule, but > > perhaps clamav or clamd? are those OK? > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > analyse_SpamAssassin_cache looks clean, MailScanner --lint is clean too. > I'm running clamd for AV but I've set virus scanning to no while working > on this. > > Thanks, > -Steve Couldn't be something easily mended, huh:-).... What you seem to have attached to above (with strace) would be the main MailScanner process, since it basically just wait for it's children to end... Or is it? What does a ps listing show (one that show the command argument list, since Jules rewrite it to show what it thinks it is basically doing)? Do the children restart endlessly when hung? How many children are there, and in what state? Cheers -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 11 20:46:19 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 11 20:46:55 2008 Subject: Autoresponder being marked as spam In-Reply-To: <4469C88D4D704D86B33F104F1875948F@MasterChief> References: <4469C88D4D704D86B33F104F1875948F@MasterChief> Message-ID: <223f97700803111346v5201b619q811099ca91e6b505@mail.gmail.com> On 11/03/2008, Rob McDonald wrote: > Thanks for the response I have resolved the issue. On the topic you bring > up, I am curious how much using this will affect my spam. Does anyone have > any statistics on spam increases using autoresponders? Thanks It is wellnighimpossible to get any relevant statistics to "prove" that autoresponders/OoO/whateveronecallsthem are Evil(tm). Simply because you have no real (relevant) statistics to compare with. The spam volume might fluctuate regardless of your use or not. What I'm pretty certain of is that it does impact your users significantly, since they will be responding to opportunistic spam attempts... This could help a spammer to verify guessed addresses, and by that virue make that address occur on more spammers lists... They do sell their address lists, the vermin. What it definitely does, unless you have a very very clever and foolproof autoresponder (have yet to see one:-), is to make YOU a spammer, of sorts. All they need do is "reflect" their spam off of your autoresponder. A "good" way to get on some BLs...:/ Autoresponders fill a function within the organisation, and your users will demand that it works outside it too. They are wrong, when they claim it is a business need. It is not. None will be happy for receiving a message that you are out of town. They needed you. If they need you enough, they will demand that you read your mails regardless if you are on vacation/seminar/in jail/whatever... Or they will simply call you. If you don't want to monitor your work mail while on vacation.... have a colleague do it. Most mailsystems can handle that. I haven't decided yet which is worse... Autoresponders done wrong, or catch-all addresses...:-):-) Cheers -- Glenn > ----- Original Message ----- > From: "Alex Neuman" > To: "MailScanner discussion" > Sent: Tuesday, March 11, 2008 3:18 PM > Subject: Re: Autoresponder being marked as spam > > > > > > There are many people here who might agree that autoresponders are > > *always* SPAM. I personally avoid them more fervently than STDs. I'd > > rather have something that clears up after two weeks on antibiotics than > > the PITA of having to deal with spammers using me as their spam factory. > > > > > > On the more serious side (I'll hate myself for saying this), if the > > autoresponder always comes from the same IP (127.0.0.1 for example) you > > could whitelist stuff that's "From:127. and From:*@mydomain.com" so that > > it doesn't get marked. > > > > On Mar 11, 2008, at 12:49 PM, Rob McDonald wrote: > > > >> The problem I am having is that it seems mailscanner marks these as > >> spam. Is there any way I can avoid this? Thanks in advance. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 11 20:55:24 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 11 20:55:59 2008 Subject: Strange message ! In-Reply-To: <04b401c883b4$8d317600$0301a8c0@SAHOMELT> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> <47D6DA07.1020701@tedworld.com> <04b401c883b4$8d317600$0301a8c0@SAHOMELT> Message-ID: <223f97700803111355y3ab5eb03w25eaa95501646292@mail.gmail.com> On 11/03/2008, Rick Cooper wrote: > Well I guess I should have read the next one before my last post. Actually > that line is commented by default. And yes, while mailwatch is doing > something during or just before the scan output (which comes after the scan, > from the parser) the trace log hasn't been opened properly so the output is > headed to, I think, stdout (might be stderr as that is redirected iirc) and > it's getting fed to the parser as clamd output. > > If the original poster would comment out the trace line in MailWatch.pm I > believe his issues would go away too. There are a lot of incidental warnings > and undef errors that DBI doesn't choke on unless -w is used and don't think > MailScanner uses that switch a all, or at least not for the most part. The > trace log would show those errors however. > > > Rick > A "fun" addendum here is that since the tracing is at the DBI level, it affects all systems that use that... So teh SA cahce will also start barfing things into the trace. So... Moral of this story is: Never do DBI-tracing unless you actually have a DBI-related problem. If the file is writable (which that path would be on most Linux systems, but perhaps not on most FreeBSD ones? Even if run as user postfix...), it'll fill up pretty fast, so not that good tohave enabled. (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From scrumley at secure-enterprise.com Tue Mar 11 21:20:39 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Tue Mar 11 21:21:15 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> Message-ID: <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Glenn Steen > Sent: Tuesday, March 11, 2008 4:32 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > then hangs at 100 percent CPU > > On 11/03/2008, Steve Crumley wrote: > > > > > > > -----Original Message----- > > > From: mailscanner-bounces@lists.mailscanner.info > > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > > > Of Glenn Steen > > > Sent: Tuesday, March 11, 2008 1:21 PM > > > To: MailScanner discussion > > > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > > > then hangs at 100 percent CPU > > > > > > On 11/03/2008, Steve Crumley > wrote: > > > > > > > > > > > > > -----Original Message----- > > > > > From: mailscanner-bounces@lists.mailscanner.info > > > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > On Behalf > > > > > Of --[ UxBoD ]-- > > > > > > > > > Sent: Tuesday, March 11, 2008 11:29 AM > > > > > To: MailScanner discussion > > > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > > > > then hangs at 100 percent CPU > > > > > > > > > > > > > > do you have strace installed on the server ? if so when the > > > > > process is running at 100% CPU connect to it and see what it > > > > > is doing. I had this before, but for the life of > me I cannot > > > > > remember what I changed to fix it :( > > > > > > > > > > Things to check :- > > > > > > > > > > 1) Permissions, are they all correct > > > > > 2) Check MailScanner.conf again just to make sure no typos > > > > > > > > > > Regards, > > > > > > > > > > -- > > > > > > > > > > > > Here is the output from strace: > > > > > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > > > > > > > > > > > > > > > > > > > The system had been running fine for over a year, I > can't find any > > > > permission or setting change thats doing this, but I could be > > > > overlooking something. > > > > Thanks, > > > > -Steve > > > > > > > Could perhaps be a busted SQLite SA cache? What does > analyse_s (I > > > don't remember if it is sacache or spamassassin_cache > ... the command > > > completion should take care of it:-) say? If it looks > fishy, simply > > > delete the SA cache file and restart MS. > > > > > > You've run MailScanner --lint, right? Nothing obvious from that? > > > > > > Oh, and what av scanners do you use? Obviously not > clamavmodule, but > > > perhaps clamav or clamd? are those OK? > > > > > > Cheers > > > -- > > > -- Glenn > > > email: glenn < dot > steen < at > gmail < dot > com > > > work: glenn < dot > steen < at > ap1 < dot > se > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > analyse_SpamAssassin_cache looks clean, MailScanner --lint > is clean too. > > I'm running clamd for AV but I've set virus scanning to no > while working > > on this. > > > > Thanks, > > -Steve > Couldn't be something easily mended, huh:-).... > > What you seem to have attached to above (with strace) would be the > main MailScanner process, since it basically just wait for it's > children to end... Or is it? What does a ps listing show (one that > show the command argument list, since Jules rewrite it to show what it > thinks it is basically doing)? > Do the children restart endlessly when hung? How many children are > there, and in what state? > Cheers > -- Glenn When I first started it with 8 children, they all end up quickly hanging and consuming CPU. For now, I've set it to 1 child and I've been running in debug mode. The ps gives us a good clue! Its the only mailscanner process and it reports "MailScanner: extracting attachments" Thanks, -Steve From brose at med.wayne.edu Tue Mar 11 21:23:41 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 11 21:24:41 2008 Subject: MailScanner as content filter In-Reply-To: <47D6DB54.3000209@ecs.soton.ac.uk> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> I was hoping for an ruleset example but I think I found my mistake. Every SA_Rule=>Action needs to be on the same line in the ruleset. I had it has one per line like this. FromOrTo: default BOBBY_TEST=>non-deliver,delete FromOrTo: default BOBBY_TEST2=>non-deliver,delete So the correct format is FromOrTo: default BOBBY_TEST=>non-deliver,delete, BOBBY_TEST2=>non-deliver,delete, ...... So here's what I have now FromOrTo 127.0.0.1 FromOrTo: default BOBBY_TEST=>non-deliver,delete, BOBBY_TEST2=>non-deliver,delete But I did have a request for this action to be logged separately from the logging of non-spam so that logging of non-spam doesn't need to be turned on for it. Now I can start dropping those stupid phishing emails relayed to us from main campus ;-) -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, March 11, 2008 3:20 PM To: MailScanner discussion Subject: Re: MailScanner as content filter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What happens when you try to put in a ruleset? What doesn't work? Sorry if I missed this thread. Rose, Bobby wrote: > Look at the SpamAssassin Rule Actions option. You define your rule in SA and define in MailScanner what to do when it sees a message that trips that rule. > > Of course, I'm still waiting on someone to explain how this can be a ruleset because I haven't been able to get it to work in a rules file. But it does work if you chain the rule/action pairs on the MailScanner.conf line but that means it applies to everyone. > > -=B > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > William A. Knob > Sent: Tuesday, March 11, 2008 1:49 PM > To: MailScanner discussion > Subject: MailScanner as content filter > > > Hi all; > > I need to make some "content filtering" on my mail server, like create rules for some users and/or groups. For example: create a rule that says when the word "sex" appears on a Subject when the email is for the group "X", then is blocked. > > I can do that? > > Regards, > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh iC8joy25Z8PyjbbQ9AhetcI= =Gfn+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mailscanner.info at tedworld.com Tue Mar 11 21:25:04 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 21:26:01 2008 Subject: Strange message ! In-Reply-To: <223f97700803111355y3ab5eb03w25eaa95501646292@mail.gmail.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> <47D6DA07.1020701@tedworld.com> <04b401c883b4$8d317600$0301a8c0@SAHOMELT> <223f97700803111355y3ab5eb03w25eaa95501646292@mail.gmail.com> Message-ID: <47D6F8B0.9070500@tedworld.com> Yes, DBI->trace() activates DBI logging globally once called - even though its only called from within "MailWatch,pm" - and ALL subsequent DBI is logged, not just MailWatch. However, /root is NOT writable by any user but root unless you've messed with default permissions even on a Linux system... which this is. And, if you're running in jail then there is even less chance of it working. This was one of those unfortunate cases where enabling more debug logging in an attempt to resole unexplained problems simply resulted in more unexplained problems. The other poster is probably in the same boat. Glenn Steen wrote: > On 11/03/2008, Rick Cooper wrote: > >> Well I guess I should have read the next one before my last post. Actually >> that line is commented by default. And yes, while mailwatch is doing >> something during or just before the scan output (which comes after the scan, >> from the parser) the trace log hasn't been opened properly so the output is >> headed to, I think, stdout (might be stderr as that is redirected iirc) and >> it's getting fed to the parser as clamd output. >> >> If the original poster would comment out the trace line in MailWatch.pm I >> believe his issues would go away too. There are a lot of incidental warnings >> and undef errors that DBI doesn't choke on unless -w is used and don't think >> MailScanner uses that switch a all, or at least not for the most part. The >> trace log would show those errors however. >> >> >> Rick >> >> > > A "fun" addendum here is that since the tracing is at the DBI level, > it affects all systems that use that... So teh SA cahce will also > start barfing things into the trace. > So... Moral of this story is: Never do DBI-tracing unless you actually > have a DBI-related problem. If the file is writable (which that path > would be on most Linux systems, but perhaps not on most FreeBSD ones? > Even if run as user postfix...), it'll fill up pretty fast, so not > that good tohave enabled. > > (snip) > > Cheers > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue Mar 11 21:27:28 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Mar 11 21:29:14 2008 Subject: Autoresponder being marked as spam In-Reply-To: <4469C88D4D704D86B33F104F1875948F@MasterChief> References: <4469C88D4D704D86B33F104F1875948F@MasterChief> Message-ID: <6A84D985-DCE3-4F27-8CB8-D6A8060677FF@nkpanama.com> Yes. The amount of SPAM generated by your server can go from absolutely zero in one day to one bazillion gajillion foofillion per microsecond. Depending on bandwidth. Look up backscatter and autoresponders; it's an interesting read. Basically the spammer will make your server be his "little *itch" and send out their crap as an autoresponse. On Mar 11, 2008, at 2:03 PM, Rob McDonald wrote: > Thanks for the response I have resolved the issue. On the topic you > bring up, I am curious how much using this will affect my spam. Does > anyone have any statistics on spam increases using autoresponders? > Thanks > ----- Original Message ----- From: "Alex Neuman" > To: "MailScanner discussion" > Sent: Tuesday, March 11, 2008 3:18 PM > Subject: Re: Autoresponder being marked as spam > > >> >> There are many people here who might agree that autoresponders are >> *always* SPAM. I personally avoid them more fervently than STDs. >> I'd rather have something that clears up after two weeks on >> antibiotics than the PITA of having to deal with spammers using me >> as their spam factory. >> >> >> On the more serious side (I'll hate myself for saying this), if the >> autoresponder always comes from the same IP (127.0.0.1 for >> example) you could whitelist stuff that's "From:127. and From:*@mydomain.com >> " so that it doesn't get marked. >> >> On Mar 11, 2008, at 12:49 PM, Rob McDonald wrote: >> >>> The problem I am having is that it seems mailscanner marks these >>> as spam. Is there any way I can avoid this? Thanks in advance. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From william at raidbr.com.br Tue Mar 11 22:30:01 2008 From: william at raidbr.com.br (William A. Knob) Date: Tue Mar 11 22:30:08 2008 Subject: MailScanner as content filter In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D707E9.6070603@raidbr.com.br> Hmm... interesting! But, you can explain me (or paste) your BOBBY_TEST rule? Regards, Rose, Bobby escreveu: > I was hoping for an ruleset example but I think I found my mistake. > > Every SA_Rule=>Action needs to be on the same line in the ruleset. I > had it has one per line like this. > FromOrTo: default BOBBY_TEST=>non-deliver,delete > FromOrTo: default BOBBY_TEST2=>non-deliver,delete > > So the correct format is > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete, ...... > > So here's what I have now > FromOrTo 127.0.0.1 > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete > > But I did have a request for this action to be logged separately from > the logging of non-spam so that logging of non-spam doesn't need to be > turned on for it. > > Now I can start dropping those stupid phishing emails relayed to us from > main campus ;-) > > -=B > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, March 11, 2008 3:20 PM > To: MailScanner discussion > Subject: Re: MailScanner as content filter > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What happens when you try to put in a ruleset? What doesn't work? > Sorry if I missed this thread. > > Rose, Bobby wrote: > >> Look at the SpamAssassin Rule Actions option. You define your rule in >> > SA and define in MailScanner what to do when it sees a message that > trips that rule. > >> Of course, I'm still waiting on someone to explain how this can be a >> > ruleset because I haven't been able to get it to work in a rules file. > But it does work if you chain the rule/action pairs on the > MailScanner.conf line but that means it applies to everyone. > >> -=B >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> William A. Knob >> Sent: Tuesday, March 11, 2008 1:49 PM >> To: MailScanner discussion >> Subject: MailScanner as content filter >> >> >> Hi all; >> >> I need to make some "content filtering" on my mail server, like >> > create rules for some users and/or groups. For example: create a rule > that says when the word "sex" appears on a Subject when the email is for > the group "X", then is blocked. > >> I can do that? >> >> Regards, >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh > iC8joy25Z8PyjbbQ9AhetcI= > =Gfn+ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Anti-Spam Raidbr Solucoes em Informatica > Esta mensagem foi analisada pelo sistema de Anti-spam e Anti-Virus e esta livre de perigo. > www.raidbr.com.br > suporte@raidbr.com.br > > > > -- *William A. Knob - Divisão Desenvolvimento* Raidbr Soluções em Informática Ltda. Rua José Albino Reuse, 1125. Cinquentenário. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. From MailScanner at ecs.soton.ac.uk Tue Mar 11 22:50:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 11 22:51:18 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> Message-ID: <47D70CB1.6050207@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Crumley wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Glenn Steen >> Sent: Tuesday, March 11, 2008 4:32 PM >> To: MailScanner discussion >> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >> then hangs at 100 percent CPU >> >> On 11/03/2008, Steve Crumley wrote: >> >>> > -----Original Message----- >>> > From: mailscanner-bounces@lists.mailscanner.info >>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>> >>> >>>> Of Glenn Steen >>>> >>> > Sent: Tuesday, March 11, 2008 1:21 PM >>> > To: MailScanner discussion >>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >>> > then hangs at 100 percent CPU >>> > >>> > On 11/03/2008, Steve Crumley >>> >> wrote: >> >>> > > >>> > > >>> > > > -----Original Message----- >>> > > > From: mailscanner-bounces@lists.mailscanner.info >>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] >>> >> On Behalf >> >>> > > > Of --[ UxBoD ]-- >>> > > >>> > > > Sent: Tuesday, March 11, 2008 11:29 AM >>> > > > To: MailScanner discussion >>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >>> > > > then hangs at 100 percent CPU >>> > > > >>> > > >>> > > > do you have strace installed on the server ? if so when the >>> > > > process is running at 100% CPU connect to it and see what it >>> > > > is doing. I had this before, but for the life of >>> >> me I cannot >> >>> > > > remember what I changed to fix it :( >>> > > > >>> > > > Things to check :- >>> > > > >>> > > > 1) Permissions, are they all correct >>> > > > 2) Check MailScanner.conf again just to make sure no typos >>> > > > >>> > > > Regards, >>> > > > >>> > > > -- >>> > > >>> > > >>> > > Here is the output from strace: >>> > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>> > > >>> > > >>> > > >>> > > >>> > > The system had been running fine for over a year, I >>> >> can't find any >> >>> > > permission or setting change thats doing this, but I could be >>> > > overlooking something. >>> > > Thanks, >>> > > -Steve >>> > > >>> > Could perhaps be a busted SQLite SA cache? What does >>> >> analyse_s (I >> >>> > don't remember if it is sacache or spamassassin_cache >>> >> ... the command >> >>> > completion should take care of it:-) say? If it looks >>> >> fishy, simply >> >>> > delete the SA cache file and restart MS. >>> > >>> > You've run MailScanner --lint, right? Nothing obvious from that? >>> > >>> > Oh, and what av scanners do you use? Obviously not >>> >> clamavmodule, but >> >>> > perhaps clamav or clamd? are those OK? >>> > >>> > Cheers >>> > -- >>> > -- Glenn >>> > email: glenn < dot > steen < at > gmail < dot > com >>> > work: glenn < dot > steen < at > ap1 < dot > se >>> >>> >>>> -- >>>> >>> > MailScanner mailing list >>> > mailscanner@lists.mailscanner.info >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> > Before posting, read http://wiki.mailscanner.info/posting >>> > >>> > Support MailScanner development - buy the book off the website! >>> > >>> >>> >>> >>> analyse_SpamAssassin_cache looks clean, MailScanner --lint >>> >> is clean too. >> >>> I'm running clamd for AV but I've set virus scanning to no >>> >> while working >> >>> on this. >>> >>> Thanks, >>> -Steve >>> >> Couldn't be something easily mended, huh:-).... >> >> What you seem to have attached to above (with strace) would be the >> main MailScanner process, since it basically just wait for it's >> children to end... Or is it? What does a ps listing show (one that >> show the command argument list, since Jules rewrite it to show what it >> thinks it is basically doing)? >> Do the children restart endlessly when hung? How many children are >> there, and in what state? >> Cheers >> -- Glenn >> > > > > When I first started it with 8 children, they all end up quickly hanging > and consuming CPU. For now, I've set it to 1 child and I've been > running in debug mode. The ps gives us a good clue! Its the only > mailscanner process and it reports "MailScanner: extracting attachments" > > Thanks, > -Steve > In which case go into "sub Explode" in /usr/lib/MailScanner/MailScanner/Message.pm, and add some "print STDERR" lines to generate tracing output so you can see how far it gets. When you do a "MailScanner --debug" it will show you the STDERR debug output in the terminal session. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH1wyyEfZZRxQVtlQRAne7AJ0R6QBYIa3D4UkrIPr2/OaQdtNi7wCcDjOq zkit4bJQVIjNujlG84TD0Bk= =146I -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Mar 11 23:04:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 11 23:04:24 2008 Subject: MailScanner as content filter In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D70FE7.9080702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your logging request is noted and will be in the next release. Remind me to test it tomorrow. Rose, Bobby wrote: > I was hoping for an ruleset example but I think I found my mistake. > > Every SA_Rule=>Action needs to be on the same line in the ruleset. I > had it has one per line like this. > FromOrTo: default BOBBY_TEST=>non-deliver,delete > FromOrTo: default BOBBY_TEST2=>non-deliver,delete > > So the correct format is > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete, ...... > > So here's what I have now > FromOrTo 127.0.0.1 > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete > > But I did have a request for this action to be logged separately from > the logging of non-spam so that logging of non-spam doesn't need to be > turned on for it. > > Now I can start dropping those stupid phishing emails relayed to us from > main campus ;-) > > -=B > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Tuesday, March 11, 2008 3:20 PM > To: MailScanner discussion > Subject: Re: MailScanner as content filter > > > * PGP Bad Signature, Signed by an unverified key: 03/11/08 at 19:19:57 > > What happens when you try to put in a ruleset? What doesn't work? > Sorry if I missed this thread. > > Rose, Bobby wrote: > >> Look at the SpamAssassin Rule Actions option. You define your rule in >> > SA and define in MailScanner what to do when it sees a message that > trips that rule. > >> Of course, I'm still waiting on someone to explain how this can be a >> > ruleset because I haven't been able to get it to work in a rules file. > But it does work if you chain the rule/action pairs on the > MailScanner.conf line but that means it applies to everyone. > >> -=B >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> William A. Knob >> Sent: Tuesday, March 11, 2008 1:49 PM >> To: MailScanner discussion >> Subject: MailScanner as content filter >> >> >> Hi all; >> >> I need to make some "content filtering" on my mail server, like >> > create rules for some users and/or groups. For example: create a rule > that says when the word "sex" appears on a Subject when the email is for > the group "X", then is blocked. > >> I can do that? >> >> Regards, >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654 - Unverified(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH1w/pEfZZRxQVtlQRAi8eAJ49yMO1h/xbg2DCvF4biiIIzxir0QCfcmbb aB9isg7zC9LjTnu0LLoR59I= =0xJ2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Tue Mar 11 23:07:38 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 11 23:08:26 2008 Subject: MailScanner as content filter In-Reply-To: <47D707E9.6070603@raidbr.com.br> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> <47D707E9.6070603@raidbr.com.br> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119C27@MED-CORE03-MS1.med.wayne.edu> Simple SA subject rule header BOBBY_TEST Subject =~ /Bobby Test of email/i score BOBBY_TEST 100.0 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of William A. Knob Sent: Tuesday, March 11, 2008 6:30 PM To: MailScanner discussion Subject: Re: MailScanner as content filter Hmm... interesting! But, you can explain me (or paste) your BOBBY_TEST rule? Regards, Rose, Bobby escreveu: > I was hoping for an ruleset example but I think I found my mistake. > > Every SA_Rule=>Action needs to be on the same line in the ruleset. I > had it has one per line like this. > FromOrTo: default BOBBY_TEST=>non-deliver,delete > FromOrTo: default BOBBY_TEST2=>non-deliver,delete > > So the correct format is > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete, ...... > > So here's what I have now > FromOrTo 127.0.0.1 > FromOrTo: default BOBBY_TEST=>non-deliver,delete, > BOBBY_TEST2=>non-deliver,delete > > But I did have a request for this action to be logged separately from > the logging of non-spam so that logging of non-spam doesn't need to be > turned on for it. > > Now I can start dropping those stupid phishing emails relayed to us > from main campus ;-) > > -=B > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Tuesday, March 11, 2008 3:20 PM > To: MailScanner discussion > Subject: Re: MailScanner as content filter > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What happens when you try to put in a ruleset? What doesn't work? > Sorry if I missed this thread. > > Rose, Bobby wrote: > >> Look at the SpamAssassin Rule Actions option. You define your rule >> in >> > SA and define in MailScanner what to do when it sees a message that > trips that rule. > >> Of course, I'm still waiting on someone to explain how this can be a >> > ruleset because I haven't been able to get it to work in a rules file. > But it does work if you chain the rule/action pairs on the > MailScanner.conf line but that means it applies to everyone. > >> -=B >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> William A. Knob >> Sent: Tuesday, March 11, 2008 1:49 PM >> To: MailScanner discussion >> Subject: MailScanner as content filter >> >> >> Hi all; >> >> I need to make some "content filtering" on my mail server, like >> > create rules for some users and/or groups. For example: create a rule > that says when the word "sex" appears on a Subject when the email is > for the group "X", then is blocked. > >> I can do that? >> >> Regards, >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh > iC8joy25Z8PyjbbQ9AhetcI= > =Gfn+ > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Anti-Spam Raidbr Solucoes em Informatica Esta mensagem foi analisada > pelo sistema de Anti-spam e Anti-Virus e esta livre de perigo. > www.raidbr.com.br > suporte@raidbr.com.br > > > > -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antivrus e acredita-se estar livre de perigo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mikael at syska.dk Tue Mar 11 23:14:20 2008 From: mikael at syska.dk (Mikael Syska) Date: Tue Mar 11 23:14:55 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit Message-ID: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> Hi, We are upgrading a old system that are to be changed, because of bad performance with the SAS 5i controller installed in it. While we are changing it, we could use the old one, for some other task, and buy a new better one, as this would probebly get to slow in 1-2 years. We are thinking of buying: Dell poweredge 2950 4 or 8gb ram Raid10 with 300gb 15000rpm SAS harddrives With one of theese 2 processors ...the fastest is the cheapest ... but are there any difference since its cheaper ? ( thinking about the diff with the E and X in the name and the speed) Quad Core Intel(R) Xeon(R) E5440, 2X6MB Cache, 2.8GHz, 1333MHz FSB Quad Core Intel(R) Xeon(R) X5450, 2X6MB Cache, 3.0GHz, 1333MHz FSB We are going to install FreeBSD 7.0 Any on the list running a system with 8 GB memory, tmpfs, and 64bit ? Any problems ? Or will 4 GB be enough and then on 32bit, but still using tmpfs ? How big should the tmpfs be ? Are there any other suggestions to this setup ? Anything that could be changed ? bigger, smaller .... All input are most welcome .... Its also runs some additional small task, as this system seems a bit overkill atm .... :-) best regards Mikael Syska From glenn.steen at gmail.com Tue Mar 11 23:26:02 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 11 23:26:39 2008 Subject: Strange message ! In-Reply-To: <47D6F8B0.9070500@tedworld.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> <47D6DA07.1020701@tedworld.com> <04b401c883b4$8d317600$0301a8c0@SAHOMELT> <223f97700803111355y3ab5eb03w25eaa95501646292@mail.gmail.com> <47D6F8B0.9070500@tedworld.com> Message-ID: <223f97700803111626u596ec89cha402f2860f03b4ff@mail.gmail.com> On 11/03/2008, tlum wrote: > Yes, DBI->trace() activates DBI logging globally once called - even > though its only called from within "MailWatch,pm" - and ALL subsequent > DBI is logged, not just MailWatch. > > However, /root is NOT writable by any user but root unless you've messed > with default permissions even on a Linux system... which this is. And, > if you're running in jail then there is even less chance of it working. ? You've messed with the path? "Default" for that one should be /tmp... Oh well, sloppy reading on my part:-). > This was one of those unfortunate cases where enabling more debug > logging in an attempt to resole unexplained problems simply resulted in > more unexplained problems. The other poster is probably in the same boat. > Ok, so what was your initialproblem, and had you resolved it? Was it in any way related to DBI? What measures have you done, so far... Explain away, I'm sure we'll find something:-). (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner.info at tedworld.com Tue Mar 11 23:55:57 2008 From: mailscanner.info at tedworld.com (tlum) Date: Tue Mar 11 23:56:46 2008 Subject: Strange message ! In-Reply-To: <223f97700803111626u596ec89cha402f2860f03b4ff@mail.gmail.com> References: <03fa01c8837e$b377ccf0$0301a8c0@SAHOMELT> <045501c8839e$f5f16ad0$0301a8c0@SAHOMELT> <47D6D3C6.1000503@tedworld.com> <47D6DA07.1020701@tedworld.com> <04b401c883b4$8d317600$0301a8c0@SAHOMELT> <223f97700803111355y3ab5eb03w25eaa95501646292@mail.gmail.com> <47D6F8B0.9070500@tedworld.com> <223f97700803111626u596ec89cha402f2860f03b4ff@mail.gmail.com> Message-ID: <47D71C0D.10909@tedworld.com> "'/tmp/dbitrace.log" would be a safer "Default", but its "'/root/dbitrace.log" in the distribution, and commented out in any event so you have to take this statement as an example if you choose to enable it. Even a junior sa should understand permissions well enough to avoid that trap so I can't really squawk too loud about it. It was glaringly obvious to me once I started actually paying attention. For me this was a major upgrade of postfix/MailScanner/clam/dovecot and new install of MailWatch. There were many problems along the way and a lot of debugging got turned on to try and solve the issues, most all of which had been dealt with. The only one left really was the DBI in the mallog issue and since it looked like a DBI issue, it made sense to keep DBI logging enabled... little did I realize at the time that WAS the problem. The only real problem left is the lousy performance of the NFS mount for the mail boxes on this VMware image... but this is in no way related to MailScanner so I'll spare this list my woes in this case. Glenn Steen wrote: > On 11/03/2008, tlum wrote: > >> Yes, DBI->trace() activates DBI logging globally once called - even >> though its only called from within "MailWatch,pm" - and ALL subsequent >> DBI is logged, not just MailWatch. >> >> However, /root is NOT writable by any user but root unless you've messed >> with default permissions even on a Linux system... which this is. And, >> if you're running in jail then there is even less chance of it working. >> > ? You've messed with the path? "Default" for that one should be > /tmp... Oh well, sloppy reading on my part:-). > > >> This was one of those unfortunate cases where enabling more debug >> logging in an attempt to resole unexplained problems simply resulted in >> more unexplained problems. The other poster is probably in the same boat. >> >> > Ok, so what was your initialproblem, and had you resolved it? Was it > in any way related to DBI? What measures have you done, so far... > Explain away, I'm sure we'll find something:-). > (snip) > > Cheers > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From william at raidbr.com.br Tue Mar 11 23:59:23 2008 From: william at raidbr.com.br (William A. Knob) Date: Tue Mar 11 23:59:36 2008 Subject: MailScanner as content filter In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119C27@MED-CORE03-MS1.med.wayne.edu> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> <47D707E9.6070603@raidbr.com.br> <610C64469748E84DB6BDD5BD23F01A76119C27@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D71CDB.8060508@raidbr.com.br> Ok, I got it! Really works, but I guess to know one last thing: If I create that example rule with score of "100.0", then my "High Spam Score Action" will be invoked. And if I want to apply that rule only for one domain? Like that: To: *@server.local.test SUBJECT_TEST=>non-deliver,delete My SUBJECT_TEST rule have a score of "100.0". On this way, not only emails To "server.local.test" will be matched on that rule, but all of them! Did you know how can I make rules only to 1 domain or 1 email account ? Regards, Rose, Bobby escreveu: > Simple SA subject rule > > header BOBBY_TEST Subject =~ /Bobby Test of email/i > score BOBBY_TEST 100.0 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of William A. Knob > Sent: Tuesday, March 11, 2008 6:30 PM > To: MailScanner discussion > Subject: Re: MailScanner as content filter > > > Hmm... interesting! > > But, you can explain me (or paste) your BOBBY_TEST rule? > > Regards, > > Rose, Bobby escreveu: > >> I was hoping for an ruleset example but I think I found my mistake. >> >> Every SA_Rule=>Action needs to be on the same line in the ruleset. I >> had it has one per line like this. >> FromOrTo: default BOBBY_TEST=>non-deliver,delete >> FromOrTo: default BOBBY_TEST2=>non-deliver,delete >> >> So the correct format is >> FromOrTo: default BOBBY_TEST=>non-deliver,delete, >> BOBBY_TEST2=>non-deliver,delete, ...... >> >> So here's what I have now >> FromOrTo 127.0.0.1 >> FromOrTo: default BOBBY_TEST=>non-deliver,delete, >> BOBBY_TEST2=>non-deliver,delete >> >> But I did have a request for this action to be logged separately from >> the logging of non-spam so that logging of non-spam doesn't need to be >> turned on for it. >> >> Now I can start dropping those stupid phishing emails relayed to us >> from main campus ;-) >> >> -=B >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Tuesday, March 11, 2008 3:20 PM >> To: MailScanner discussion >> Subject: Re: MailScanner as content filter >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What happens when you try to put in a ruleset? What doesn't work? >> Sorry if I missed this thread. >> >> Rose, Bobby wrote: >> >> >>> Look at the SpamAssassin Rule Actions option. You define your rule >>> in >>> >>> >> SA and define in MailScanner what to do when it sees a message that >> trips that rule. >> >> >>> Of course, I'm still waiting on someone to explain how this can be a >>> >>> >> ruleset because I haven't been able to get it to work in a rules file. >> But it does work if you chain the rule/action pairs on the >> MailScanner.conf line but that means it applies to everyone. >> >> >>> -=B >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> William A. Knob >>> Sent: Tuesday, March 11, 2008 1:49 PM >>> To: MailScanner discussion >>> Subject: MailScanner as content filter >>> >>> >>> Hi all; >>> >>> I need to make some "content filtering" on my mail server, like >>> >>> >> create rules for some users and/or groups. For example: create a rule >> that says when the word "sex" appears on a Subject when the email is >> for the group "X", then is blocked. >> >> >>> I can do that? >>> >>> Regards, >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: Use Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh >> iC8joy25Z8PyjbbQ9AhetcI= >> =Gfn+ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Anti-Spam Raidbr Solucoes em Informatica Esta mensagem foi analisada >> pelo sistema de Anti-spam e Anti-Virus e esta livre de perigo. >> www.raidbr.com.br >> suporte@raidbr.com.br >> >> >> >> >> > > > -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. From brose at med.wayne.edu Wed Mar 12 01:10:45 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 12 01:11:35 2008 Subject: MailScanner as content filter In-Reply-To: <47D71CDB.8060508@raidbr.com.br> References: <47D6C5EE.4040005@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119BDF@MED-CORE03-MS1.med.wayne.edu> <47D6DB54.3000209@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119C21@MED-CORE03-MS1.med.wayne.edu> <47D707E9.6070603@raidbr.com.br><610C64469748E84DB6BDD5BD23F01A76119C27@MED-CORE03-MS1.med.wayne.edu> <47D71CDB.8060508@raidbr.com.br> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119C2E@MED-CORE03-MS1.med.wayne.edu> In my case, I want the rule to apply to everyone. The high score takes care of the non-whitelisted and the SA_RULENAME/Action pair takes care of the whitelisted messages. In my case, I had phishing emails coming to users in my domain due to email forwarding that they have on the main campus mail system which had some whitelisting criteria that I needed to stop those phishing messages from getting thru. You can change the score to whatever you want. Make is 0.001 or something. So long as MailScanner sees that it's been tripped it will apply the rule action based on your mailscanner criteria. If you don't want the SA rule to trip on everyone then make up a meta rule Example header __BOBBY_TEST_SUBJ Subject =~/bobby test of email/i header __BOBBY_TEST_FROM From =~ /\@server.local.net$/i meta BOBBY_TEST ( __BOBBY_TEST_SUBJ && __BOBBY_TEST_FROM ) score 0.01 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of William A. Knob Sent: Tuesday, March 11, 2008 7:59 PM To: MailScanner discussion Subject: Re: MailScanner as content filter Ok, I got it! Really works, but I guess to know one last thing: If I create that example rule with score of "100.0", then my "High Spam Score Action" will be invoked. And if I want to apply that rule only for one domain? Like that: To: *@server.local.test SUBJECT_TEST=>non-deliver,delete My SUBJECT_TEST rule have a score of "100.0". On this way, not only emails To "server.local.test" will be matched on that rule, but all of them! Did you know how can I make rules only to 1 domain or 1 email account ? Regards, Rose, Bobby escreveu: > Simple SA subject rule > > header BOBBY_TEST Subject =~ /Bobby Test of email/i > score BOBBY_TEST 100.0 > > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > William A. Knob > Sent: Tuesday, March 11, 2008 6:30 PM > To: MailScanner discussion > Subject: Re: MailScanner as content filter > > > Hmm... interesting! > > But, you can explain me (or paste) your BOBBY_TEST rule? > > Regards, > > Rose, Bobby escreveu: > >> I was hoping for an ruleset example but I think I found my mistake. >> >> Every SA_Rule=>Action needs to be on the same line in the ruleset. I >> had it has one per line like this. >> FromOrTo: default BOBBY_TEST=>non-deliver,delete >> FromOrTo: default BOBBY_TEST2=>non-deliver,delete >> >> So the correct format is >> FromOrTo: default BOBBY_TEST=>non-deliver,delete, >> BOBBY_TEST2=>non-deliver,delete, ...... >> >> So here's what I have now >> FromOrTo 127.0.0.1 >> FromOrTo: default BOBBY_TEST=>non-deliver,delete, >> BOBBY_TEST2=>non-deliver,delete >> >> But I did have a request for this action to be logged separately from >> the logging of non-spam so that logging of non-spam doesn't need to >> be turned on for it. >> >> Now I can start dropping those stupid phishing emails relayed to us >> from main campus ;-) >> >> -=B >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Tuesday, March 11, 2008 3:20 PM >> To: MailScanner discussion >> Subject: Re: MailScanner as content filter >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> What happens when you try to put in a ruleset? What doesn't work? >> Sorry if I missed this thread. >> >> Rose, Bobby wrote: >> >> >>> Look at the SpamAssassin Rule Actions option. You define your rule >>> in >>> >>> >> SA and define in MailScanner what to do when it sees a message that >> trips that rule. >> >> >>> Of course, I'm still waiting on someone to explain how this can be a >>> >>> >> ruleset because I haven't been able to get it to work in a rules file. >> But it does work if you chain the rule/action pairs on the >> MailScanner.conf line but that means it applies to everyone. >> >> >>> -=B >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> William A. Knob >>> Sent: Tuesday, March 11, 2008 1:49 PM >>> To: MailScanner discussion >>> Subject: MailScanner as content filter >>> >>> >>> Hi all; >>> >>> I need to make some "content filtering" on my mail server, like >>> >>> >> create rules for some users and/or groups. For example: create a rule >> that says when the word "sex" appears on a Subject when the email is >> for the group "X", then is blocked. >> >> >>> I can do that? >>> >>> Regards, >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: Use Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFH1ttdEfZZRxQVtlQRAhM8AKCbc4vXD6qiinSHb8HRYGiICvXOTwCgyRdh >> iC8joy25Z8PyjbbQ9AhetcI= >> =Gfn+ >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Anti-Spam Raidbr Solucoes em Informatica Esta mensagem foi analisada >> pelo sistema de Anti-spam e Anti-Virus e esta livre de perigo. >> www.raidbr.com.br >> suporte@raidbr.com.br >> >> >> >> >> > > > -- *William A. Knob - Divis?o Desenvolvimento* Raidbr Solu??es em Inform?tica Ltda. Rua Jos? Albino Reuse, 1125. Cinquenten?rio. Caxias do Sul - RS Fone/ Fax: (54) 3223.7074 Visite nosso site: www.raidbr.com.br -- Esta mensagem foi verificada pelo sistema de antiv?rus e acredita-se estar livre de perigo. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From noam.kleiman at quiminet.com Wed Mar 12 01:16:44 2008 From: noam.kleiman at quiminet.com (Noam Kleiman) Date: Wed Mar 12 01:16:55 2008 Subject: Email filtering by attachments Message-ID: I?m filtering some extensions using the filename.rules.conf but I can only allow or deny those emails. What I need is to redirect mails with certain extensions to a specific mailbox. For example I like to redirect all the mails delivered to a specific domain with .avi attachments into a specific mailbox. The single suggestion I have found is to assign a high spam score to the email with the extension I want to redirect and then to set a rule for high scoring emails from a specific domain to be redirected to a specific account, but that account will receive all the high spam score and not only the filtered by attachment. Is there any way to have a forward rule for emails with certain attachments? Any other idea? I have seen some suggestions to do it with Procmail but I rather do it through Mailscanner. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/622a9133/attachment.html From brose at med.wayne.edu Wed Mar 12 03:54:33 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 12 03:55:11 2008 Subject: Email filtering by attachments In-Reply-To: References: Message-ID: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> SA_RULENAME=>Action pair ;-) Sorry been geeked now that I figured out how to use it. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Noam Kleiman Sent: Tuesday, March 11, 2008 9:17 PM To: mailscanner@lists.mailscanner.info Subject: Email filtering by attachments I'm filtering some extensions using the filename.rules.conf but I can only allow or deny those emails. What I need is to redirect mails with certain extensions to a specific mailbox. For example I like to redirect all the mails delivered to a specific domain with .avi attachments into a specific mailbox. The single suggestion I have found is to assign a high spam score to the email with the extension I want to redirect and then to set a rule for high scoring emails from a specific domain to be redirected to a specific account, but that account will receive all the high spam score and not only the filtered by attachment. Is there any way to have a forward rule for emails with certain attachments? Any other idea? I have seen some suggestions to do it with Procmail but I rather do it through Mailscanner. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080311/5854b4b9/attachment.html From allan at zandahar.net Wed Mar 12 04:30:42 2008 From: allan at zandahar.net (Allan Spencer) Date: Wed Mar 12 04:31:42 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> References: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> Message-ID: <47D75C72.7040902@zandahar.net> Mikael Syska wrote: > Hi, > > We are upgrading a old system that are to be changed, because of bad > performance with the SAS 5i controller installed in it. > > While we are changing it, we could use the old one, for some other > task, and buy a new better one, as this would probebly get to slow in > 1-2 years. > > We are thinking of buying: > Dell poweredge 2950 > 4 or 8gb ram > Raid10 with 300gb 15000rpm SAS harddrives > With one of theese 2 processors ...the fastest is the cheapest ... but > are there any difference since its cheaper ? ( thinking about the diff > with the E and X in the name and the speed) > Quad Core Intel(R) Xeon(R) E5440, 2X6MB Cache, 2.8GHz, 1333MHz FSB > Quad Core Intel(R) Xeon(R) X5450, 2X6MB Cache, 3.0GHz, 1333MHz FSB > > We are going to install FreeBSD 7.0 > > Any on the list running a system with 8 GB memory, tmpfs, and 64bit ? > Any problems ? Or will 4 GB be enough and then on 32bit, but still > using tmpfs ? > How big should the tmpfs be ? > > Are there any other suggestions to this setup ? Anything that could be > changed ? bigger, smaller .... > > All input are most welcome .... > > Its also runs some additional small task, as this system seems a bit > overkill atm .... :-) > > best regards > Mikael Syska > Not sure about the rest of your Q's but in terms in the E & X for the CPU from memory the 'E' processors are lower power 80W or so and the 'X' processors are like 120W Dont kill me if im wrong :) Allan From jim.barber at ddihealth.com Wed Mar 12 06:48:26 2008 From: jim.barber at ddihealth.com (Jim Barber) Date: Wed Mar 12 06:49:08 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D77CBA.6010706@ddihealth.com> Hi all. For a long time now I've been using the MailScanner packages as distributed by Debian. Recently the maintainer updated the package to use version 4.66.5 of MailScanner (it was previously at 4.58.9). This means that I can now take advantage of the ClamAV daemon to do virus scanning instead of invoking clamav for each batch or messages. But I am encountering a strange error that occurs for some, but not all TNEF attachments. Here is an example of the messages that occur in syslog when processing an email with this problem. Note that I've changed the email address in the second line of output: Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks: Starting Mar 12 13:20:35 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ from 10.128.3.10 (user@ddihealth.com) is whitelisted Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks completed at 83746 bytes per second Mar 12 13:20:36 mail MailScanner[27855]: Expanding TNEF archive at /var/spool/MailScanner/incoming/27855/1JZIS6-00043a-FQ/winmail.dat Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ added TNEF contents image001.jpg,image002.jpg Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ has had TNEF winmail.dat removed Mar 12 13:20:42 mail MailScanner[27855]: Virus and Content Scanning: Starting Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to open file or directory ERROR :: ./1JZIS6-00043a-FQ/mha1BpYaNZ Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to open file or directory ERROR :: ./1JZIS6-00043a-FQ/RRZFcL3LVX Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Clamd found 2 infections Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Found 2 viruses Mar 12 13:20:44 mail MailScanner[27855]: Virus Scanning completed at 7944 bytes per second Mar 12 13:20:44 mail MailScanner[27855]: Uninfected: Delivered 2 messages Mar 12 13:20:44 mail MailScanner[27855]: Virus Processing completed at 195783 bytes per second Mar 12 13:20:44 mail MailScanner[27855]: Batch completed at 6458 bytes per second (63292 / 9) Note that the problem only seems to happen to TNEF attachments where the following log entry occurs: MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES eg. MailScanner[$PID]: Expanding TNEF archive at /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed However If I only get the following messages then the virus scan will be fine: MailScanner[$PID]: Expanding TNEF archive at /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed I have the following TNEF settings in my MailScanner.conf file: Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = internal TNEF Timeout = 120 I changed the "TNEF Expander" to be "internal" a long time ago. I found that having it set to "/usr/bin/tnef --maxsize=100000000" choked on some messages that the internal one was able to handle. The ClamAV daemon is successfully scanning all other emails okay. I've only ever seen the problem associated with certain TNEF attachments. I've left all clamd settings in the MailScanner.conf at their default settings. The clamd virus scanner is found when MailScanner starts as shown in the following log message: Mar 12 11:51:54 mail MailScanner[27855]: I have found clamd scanners installed, and will use them all by default. My MailScanner incoming file system is using tmpfs and is shown as follows in 'df' output: tmpfs 258528 704 257824 1% /var/spool/MailScanner/incoming Any ideas what is going wrong? Thanks. ---------- Jim Barber DDI Health From MailScanner at ecs.soton.ac.uk Wed Mar 12 08:43:12 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 08:43:55 2008 Subject: Email filtering by attachments In-Reply-To: References: Message-ID: <47D797A0.1010700@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a fair request. It can be done at the moment, but it's pretty awkward to implement. Coming soon to a MailScanner near you (as long as my night spent working out how to do it bears fruit). Noam Kleiman wrote: > I?m filtering some extensions using the filename.rules.conf but I can > only allow or deny those emails. What I need is to redirect mails with > certain extensions to a specific mailbox. > For example I like to redirect all the mails delivered to a specific > domain with .avi attachments into a specific mailbox. > The single suggestion I have found is to assign a high spam score to > the email with the extension I want to redirect and then to set a rule > for high scoring emails from a specific domain to be redirected to a > specific account, but that account will receive all the high spam > score and not only the filtered by attachment. Is there any way to > have a forward rule for emails with certain attachments? > > Any other idea? I have seen some suggestions to do it with Procmail > but I rather do it through Mailscanner. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner*, and is > believed to be clean. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFH15egEfZZRxQVtlQRAhAtAJ4p3FnqH70hNdMU4UkBj5ta78yB8gCg4LjP D6lBWM7y4BSQsIPI2PhACEI= =spiH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 08:45:20 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 08:45:39 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <47D77CBA.6010706@ddihealth.com> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> Message-ID: <47D79820.5020907@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What MTA are you using? What are your "Run As" settings? Jim Barber wrote: > Hi all. > > For a long time now I've been using the MailScanner packages as > distributed by Debian. > Recently the maintainer updated the package to use version 4.66.5 of > MailScanner (it was previously at 4.58.9). > This means that I can now take advantage of the ClamAV daemon to do > virus scanning instead of invoking clamav for each batch or messages. > > But I am encountering a strange error that occurs for some, but not > all TNEF attachments. > > Here is an example of the messages that occur in syslog when > processing an email with this problem. > Note that I've changed the email address in the second line of output: > > Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks: Starting > Mar 12 13:20:35 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > from 10.128.3.10 (user@ddihealth.com) is whitelisted > Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks completed at > 83746 bytes per second > Mar 12 13:20:36 mail MailScanner[27855]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/27855/1JZIS6-00043a-FQ/winmail.dat > Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > added TNEF contents image001.jpg,image002.jpg > Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > has had TNEF winmail.dat removed > Mar 12 13:20:42 mail MailScanner[27855]: Virus and Content > Scanning: Starting > Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to > open file or directory ERROR :: ./1JZIS6-00043a-FQ/mha1BpYaNZ > Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to > open file or directory ERROR :: ./1JZIS6-00043a-FQ/RRZFcL3LVX > Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Clamd > found 2 infections > Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Found 2 > viruses > Mar 12 13:20:44 mail MailScanner[27855]: Virus Scanning completed > at 7944 bytes per second > Mar 12 13:20:44 mail MailScanner[27855]: Uninfected: Delivered 2 > messages > Mar 12 13:20:44 mail MailScanner[27855]: Virus Processing > completed at 195783 bytes per second > Mar 12 13:20:44 mail MailScanner[27855]: Batch completed at 6458 > bytes per second (63292 / 9) > > Note that the problem only seems to happen to TNEF attachments where > the following log entry occurs: > > MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES > eg. > MailScanner[$PID]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat > MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES > MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed > > However If I only get the following messages then the virus scan will > be fine: > > MailScanner[$PID]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat > MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed > > I have the following TNEF settings in my MailScanner.conf file: > > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = internal > TNEF Timeout = 120 > > I changed the "TNEF Expander" to be "internal" a long time ago. > I found that having it set to "/usr/bin/tnef --maxsize=100000000" > choked on some messages that the internal one was able to handle. > > The ClamAV daemon is successfully scanning all other emails okay. > I've only ever seen the problem associated with certain TNEF attachments. > > I've left all clamd settings in the MailScanner.conf at their default > settings. > The clamd virus scanner is found when MailScanner starts as shown in > the following log message: > > Mar 12 11:51:54 mail MailScanner[27855]: I have found clamd > scanners installed, and will use them all by default. > > My MailScanner incoming file system is using tmpfs and is shown as > follows in 'df' output: > > tmpfs 258528 704 257824 1% > /var/spool/MailScanner/incoming > > Any ideas what is going wrong? > > Thanks. > > ---------- > Jim Barber > DDI Health Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH15ghEfZZRxQVtlQRAiMPAJ9C7iJL68BNUtzNBPJqgJcnaOTQ8gCgmEoV YLFG3CTI017N/dHO4i7+h08= =4OLt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From allenjiang at clicktosee.com Wed Mar 12 07:56:30 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Wed Mar 12 08:50:08 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47D78CAE.1060407@clicktosee.com> Hello, When i run "MailScanner -debug", i got a wrong In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. I have google it, but not resolved. Anyone can help me? Thank you! MailScanner -v Running on Linux yide2 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 i386 GNU/Linux This is CentOS release 4.4 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.66.5 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.14 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9712 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.07 Digest::SHA1 1.00 Encode::Detect 0.17012 Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS missing Inline missing IO::String 1.09 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.19 Math::BigRat missing Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP 4.007 NetAddr::IP missing Parse::RecDescent missing SAVI 2.42 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.30 URI 0.74 version missing YAML spamassassin -D --lint [32473] dbg: logger: adding facilities: all [32473] dbg: logger: logging level is DBG [32473] dbg: generic: SpamAssassin version 3.2.4 [32473] dbg: config: score set 0 chosen. [32473] dbg: util: running in taint mode? yes [32473] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [32473] dbg: util: PATH included '/usr/kerberos/sbin', keeping [32473] dbg: util: PATH included '/usr/kerberos/bin', keeping [32473] dbg: util: PATH included '/usr/java/jdk1.5.0_09/bin', keeping [32473] dbg: util: PATH included '/usr/local/sbin', keeping [32473] dbg: util: PATH included '/usr/local/bin', keeping [32473] dbg: util: PATH included '/sbin', keeping [32473] dbg: util: PATH included '/bin', keeping [32473] dbg: util: PATH included '/usr/sbin', keeping [32473] dbg: util: PATH included '/usr/bin', keeping [32473] dbg: util: PATH included '/usr/X11R6/bin', keeping [32473] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [32473] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/java/jdk1.5.0_09/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [32473] dbg: dns: is Net::DNS::Resolver available? yes [32473] dbg: dns: Net::DNS version: 0.63 [32473] dbg: diag: perl platform: 5.008005 linux [32473] dbg: diag: module installed: Digest::SHA1, version 2.07 [32473] dbg: diag: module installed: HTML::Parser, version 3.56 [32473] dbg: diag: module installed: Net::DNS, version 0.63 [32473] dbg: diag: module installed: MIME::Base64, version 3.07 [32473] dbg: diag: module installed: DB_File, version 1.809 [32473] dbg: diag: module installed: Net::SMTP, version 2.29 [32473] dbg: diag: module installed: Mail::SPF, version v2.005 [32473] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [32473] dbg: diag: module installed: IP::Country::Fast, version 604.001 [32473] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 [32473] dbg: diag: module installed: Net::Ident, version 1.20 [32473] dbg: diag: module installed: IO::Socket::INET6, version 2.54 [32473] dbg: diag: module installed: IO::Socket::SSL, version 1.13 [32473] dbg: diag: module installed: Compress::Zlib, version 1.41 [32473] dbg: diag: module installed: Time::HiRes, version 1.9712 [32473] dbg: diag: module installed: Mail::DomainKeys, version 1.0 [32473] dbg: diag: module installed: Mail::DKIM, version 0.301 [32473] dbg: diag: module installed: DBI, version 1.56 [32473] dbg: diag: module installed: Getopt::Long, version 2.36 [32473] dbg: diag: module installed: LWP::UserAgent, version 2.031 [32473] dbg: diag: module installed: HTTP::Date, version 1.46 [32473] dbg: diag: module installed: Archive::Tar, version 1.38 [32473] dbg: diag: module installed: IO::Zlib, version 1.09 [32473] dbg: diag: module installed: Encode::Detect, version 1.00 [32473] dbg: ignore: using a test message to lint rules [32473] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [32473] dbg: config: read file /etc/mail/spamassassin/init.pre [32473] dbg: config: read file /etc/mail/spamassassin/v310.pre [32473] dbg: config: read file /etc/mail/spamassassin/v312.pre [32473] dbg: config: read file /etc/mail/spamassassin/v320.pre [32473] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [32473] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf [32473] dbg: config: using "/etc/mail/spamassassin" for site rules dir [32473] dbg: config: read file /etc/mail/spamassassin/local.cf [32473] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [32473] dbg: dcc: local tests only, disabling DCC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [32473] dbg: pyzor: local tests only, disabling Pyzor [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [32473] dbg: razor2: local tests only, skipping Razor [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [32473] dbg: reporter: local tests only, disabling SpamCop [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [32473] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [32473] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [32473] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [32473] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [32473] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [32473] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [32473] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [32473] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [32473] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [32473] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [32473] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [32473] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [32473] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [32473] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [32473] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [32473] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [32473] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [32473] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [32473] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [32473] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [32473] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [32473] dbg: conf: finish parsing [32473] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a30d6c) implements 'finish_parsing_end', priority 0 [32473] dbg: replacetags: replacing tags [32473] dbg: replacetags: done replacing tags [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [32473] dbg: bayes: found bayes db version 3 [32473] dbg: bayes: DB journal sync: last sync: 0 [32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 [32473] dbg: bayes: untie-ing [32473] dbg: config: score set 0 chosen. [32473] dbg: message: main message type: text/plain [32473] dbg: message: ---- MIME PARSER START ---- [32473] dbg: message: parsing normal part [32473] dbg: message: ---- MIME PARSER END ---- [32473] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xa72a194) implements 'check_start', priority 0 [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [32473] dbg: bayes: found bayes db version 3 [32473] dbg: bayes: DB journal sync: last sync: 0 [32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 [32473] dbg: bayes: untie-ing [32473] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xa6db4c8) implements 'check_main', priority 0 [32473] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [32473] dbg: metadata: X-Spam-Relays-Trusted: [32473] dbg: metadata: X-Spam-Relays-Untrusted: [32473] dbg: metadata: X-Spam-Relays-Internal: [32473] dbg: metadata: X-Spam-Relays-External: [32473] dbg: message: no encoding detected [32473] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa550450) implements 'parsed_metadata', priority 0 [32473] dbg: dns: is DNS available? 0 [32473] dbg: rules: local tests only, ignoring RBL eval [32473] dbg: check: running tests for priority: -1000 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: eval: all '*From' addrs: [email]ignore@compiling.spamassassin.taint.org[/email] [32473] dbg: eval: all '*To' addrs: [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -950 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -900 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -400 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 0 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [32473] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [32473] dbg: rules: Message-Id: " [32473] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [32473] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [32473] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1205129328" [32473] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [32473] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1205129328@lint_rules> [32473] dbg: rules: " [32473] dbg: spf: checking to see if the message has a Received-SPF header that we can use [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: cannot get Envelope-From, cannot use SPF [32473] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [32473] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [32473] dbg: spf: spf_whitelist_from: could not find useable envelope sender [32473] dbg: rules: running body tests; score so far=1.899 [32473] dbg: rules: compiled body tests [32473] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [32473] dbg: rules: running uri tests; score so far=1.899 [32473] dbg: rules: compiled uri tests [32473] dbg: eval: stock info total: 0 [32473] dbg: rules: running rawbody tests; score so far=1.899 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [32473] dbg: rules: running full tests; score so far=1.899 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=1.899 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 500 [32473] dbg: dns: harvest_dnsbl_queries [32473] dbg: rules: running head tests; score so far=1.899 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=1.899 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=1.899 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=1.899 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=1.899 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=1.899 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 1000 [32473] dbg: rules: running head tests; score so far=4.205 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=4.205 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=4.205 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=4.205 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=4.205 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=4.205 [32473] dbg: rules: compiled meta tests [32473] dbg: check: is spam? score=4.205 required=5 [32473] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [32473] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID -- ======================================================== allenjiang@clicktosee.com http://www.clicktosee.com ======================================================== From and at missme.ro Wed Mar 12 09:01:28 2008 From: and at missme.ro (Andrei Steriopol) Date: Wed Mar 12 09:02:06 2008 Subject: Skip RBL checks for authenitcated users References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> Message-ID: <002801c8841f$a8b2ec90$6396e6c1@gugu> Hello User's MUA is configured to send mail via SMTP on the server MailScanner is running. The MTA is sendmail and accepts mail from authenticated users. How can I make MailScanner skip RBL checks for authenticated users? Regards, Andrei From martinh at solidstatelogic.com Wed Mar 12 09:23:17 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Mar 12 09:23:54 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> Message-ID: Michael Right now I'd be sticking with 32 bit - there's still a few gotcha's with some applications running in 64bit - MS isn't on of then, but some of the perl modules can have fun sometimes.. As to tmpfs, softupdates works just as fast for me... AS for RAM - spare ram is never wasted. You don't mention how many disks in the RAID 10 array or indded number and size of messages to be processed per day. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Mikael Syska > Sent: 11 March 2008 23:14 > To: mailscanner@lists.mailscanner.info > Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit > > Hi, > > We are upgrading a old system that are to be changed, because of bad > performance with the SAS 5i controller installed in it. > > While we are changing it, we could use the old one, for some other > task, and buy a new better one, as this would probebly get to slow in > 1-2 years. > > We are thinking of buying: > Dell poweredge 2950 > 4 or 8gb ram > Raid10 with 300gb 15000rpm SAS harddrives > With one of theese 2 processors ...the fastest is the cheapest ... but > are there any difference since its cheaper ? ( thinking about the diff > with the E and X in the name and the speed) > Quad Core Intel(R) Xeon(R) E5440, 2X6MB Cache, 2.8GHz, 1333MHz FSB > Quad Core Intel(R) Xeon(R) X5450, 2X6MB Cache, 3.0GHz, 1333MHz FSB > > We are going to install FreeBSD 7.0 > > Any on the list running a system with 8 GB memory, tmpfs, and 64bit ? > Any problems ? Or will 4 GB be enough and then on 32bit, but still > using tmpfs ? > How big should the tmpfs be ? > > Are there any other suggestions to this setup ? Anything that could be > changed ? bigger, smaller .... > > All input are most welcome .... > > Its also runs some additional small task, as this system seems a bit > overkill atm .... :-) > > best regards > Mikael Syska > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From glenn.steen at gmail.com Wed Mar 12 09:45:09 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 12 09:45:45 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47D78CAE.1060407@clicktosee.com> References: <47D78CAE.1060407@clicktosee.com> Message-ID: <223f97700803120245q27f14655tf890868b8ec94ba0@mail.gmail.com> On 12/03/2008, Allen Jiang wrote: > Hello, > > When i run "MailScanner -debug", i got a wrong > > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. > > I have google it, but not resolved. Anyone can help me? > Thank you! > (snip) You cannot have searched the list archives, that is for sure:-). This excerpt is from a mail conversation quite a while back, where Jules point out the error you have (made): ----- > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > 164. > You have screwed your /etc/mail/spamassassin/*.pre files. The following lines must appear in v320.pre, as well as a whole load of other loadplugin lines: # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check Otherwise SpamAssassin won't actually do anything! ----- So just see to it that you set that loadplugin line in one of your .pre files and you'll be fine... Hm, wait... Seems that your commandline SA lint actually manage to load that... So then it is only when run from within MailScanner... Do you by any chance run Postfix? If so, could you try that SA lint as your postfix user (Do "su - postfix -s /bin/bash" to get a valid shell...)? Does that show the same error? If so, your PF user likely can't get at the /etc/mail/spamassassin/* files, for some reason. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 12 09:46:23 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 12 09:46:58 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <223f97700803120245q27f14655tf890868b8ec94ba0@mail.gmail.com> References: <47D78CAE.1060407@clicktosee.com> <223f97700803120245q27f14655tf890868b8ec94ba0@mail.gmail.com> Message-ID: <223f97700803120246n2de356bcl1239de582da948d9@mail.gmail.com> On 12/03/2008, Glenn Steen wrote: > On 12/03/2008, Allen Jiang wrote: > > Hello, > > > > When i run "MailScanner -debug", i got a wrong > > > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > check: no loaded plugin implements 'check_main': cannot scan! at > > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. > > > > I have google it, but not resolved. Anyone can help me? > > Thank you! > > > > (snip) > You cannot have searched the list archives, that is for sure:-). > > This excerpt is from a mail conversation quite a while back, where > Jules point out the error you have (made): > ----- > > > check: no loaded plugin implements 'check_main': cannot scan! at > > > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line > > 164. > > > You have screwed your /etc/mail/spamassassin/*.pre files. The following > lines must appear in v320.pre, as well as a whole load of other > loadplugin lines: > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > Otherwise SpamAssassin won't actually do anything! > ----- > > So just see to it that you set that loadplugin line in one of your > .pre files and you'll be fine... Hm, wait... Seems that your > commandline SA lint actually manage to load that... So then it is only > when run from within MailScanner... Do you by any chance run Postfix? > If so, could you try that SA lint as your postfix user (Do "su - > postfix -s /bin/bash" to get a valid shell...)? Does that show the > same error? If so, your PF user likely can't get at the > /etc/mail/spamassassin/* files, for some reason. > > Cheers > ... Another thought would be multiple installs of SA, I guess... so check you don't have that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Mar 12 09:53:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 09:54:18 2008 Subject: Email filtering by attachments In-Reply-To: <47D797A0.1010700@ecs.soton.ac.uk> References: <47D797A0.1010700@ecs.soton.ac.uk> Message-ID: <47D7A812.3080107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is all written and working and will be in the next release. Instead of allow/deny/deny+delete at the start of the line in filename.rules.conf or filetype.rules conf files, you can now specify a space- or comma-separated list of email addresses. If the rule matches, the message's entire original list of recipients will be replaced with the addresses named here. I plan to do a new beta release very soon, there's quite a lot to go in it. Julian Field wrote: > * PGP Signed: 03/12/08 at 08:43:12 > > This is a fair request. It can be done at the moment, but it's pretty > awkward to implement. > Coming soon to a MailScanner near you (as long as my night spent > working out how to do it bears fruit). > > Noam Kleiman wrote: >> I?m filtering some extensions using the filename.rules.conf but I can >> only allow or deny those emails. What I need is to redirect mails >> with certain extensions to a specific mailbox. >> For example I like to redirect all the mails delivered to a specific >> domain with .avi attachments into a specific mailbox. >> The single suggestion I have found is to assign a high spam score to >> the email with the extension I want to redirect and then to set a >> rule for high scoring emails from a specific domain to be redirected >> to a specific account, but that account will receive all the high >> spam score and not only the filtered by attachment. Is there any way >> to have a forward rule for emails with certain attachments? >> >> Any other idea? I have seen some suggestions to do it with Procmail >> but I rather do it through Mailscanner. >> >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner*, and is >> believed to be clean. > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFH16gWEfZZRxQVtlQRAuobAKCdi0N+4WyyARxWgmd0ln2xWTJfjQCeOGbQ hpyz6vwMmRP1mQDIKzyeLW8= =//zM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From telecaadmin at gmail.com Wed Mar 12 10:18:24 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Wed Mar 12 10:19:15 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> References: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> Message-ID: <47D7ADF0.8060405@gmail.com> > We are upgrading a old system that are to be changed, because of bad > performance with the SAS 5i controller installed in it. 5i sounds alot like the old HP/Compaq SmartArrays? Yes, they are pretty bad. Don't ever think that those were real RAID controllers... > While we are changing it, we could use the old one, for some other > task, and buy a new better one, as this would probebly get to slow in > 1-2 years. > > We are thinking of buying: > Dell poweredge 2950 > 4 or 8gb ram > Raid10 with 300gb 15000rpm SAS harddrives Just make sure you have a hardware RAID write cache with at least 512MB. Those controllers can take some serious beating. The newer HP SmartArray P600/P800 SAS aren't too bad, although still limited to 512MB, so set the read/write ratio to 25/75 or so. I've also had good experiences with the MegaRAIDs (they can have bigger caches) and the ICP Vortex controllers (now bought by Intel). > With one of theese 2 processors ...the fastest is the cheapest ... but > are there any difference since its cheaper ? ( thinking about the diff > with the E and X in the name and the speed) > Quad Core Intel(R) Xeon(R) E5440, 2X6MB Cache, 2.8GHz, 1333MHz FSB > Quad Core Intel(R) Xeon(R) X5450, 2X6MB Cache, 3.0GHz, 1333MHz FSB As one other poster said, take the more energy efficient one. It will pay off in cooling and energy costs. > We are going to install FreeBSD 7.0 > Any on the list running a system with 8 GB memory, tmpfs, and 64bit ? I've seen problems with clamav being slower on 64bit/Linux. It was around the factor 1.5 slower than on 32bit, so I quickly reverted back to 32bit. > Any problems ? Or will 4 GB be enough and then on 32bit, but still > using tmpfs ? > How big should the tmpfs be ? I calculate as follows: 1 Mailscanner instance = 110MB RSS (32bit) Usually 2 instances per CPU/Core = around 1GB gone at 8 instances As for tmpfs: I'm running it with 1GB on Linux (4GB total RAM). I found that using tmpfs is giving a small speedup of around 1/4 because in my setup the data never really has to wait for the disk, but is only present in the caches. So the worst case is: tmpfs full with 1GB -> 2GB tied up for MailScanner. Leaves 2GB for kernel and caching which should be enough. Make sure you use "noatime" for your mailspool. > Are there any other suggestions to this setup ? Anything that could be > changed ? bigger, smaller .... You should always have a 2nd server with the same spam filtering setup as your first! It doesn't have to be a juicy machine, just make a RAID1 for reliability -- but as soon as you've got 2 MX entries spammers will hit the one with the least priority harder. That's why you should use RBLs on the MTA level. I'm running a triple redundancy setup over 2 continents and it gives me real freedom to do maintainance whenever I want which is VERY VERY convenient. Cheers, Ronny From mikael at syska.dk Wed Mar 12 11:03:53 2008 From: mikael at syska.dk (Mikael Syska) Date: Wed Mar 12 11:04:28 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: <47D7ADF0.8060405@gmail.com> References: <6beca9db0803111614s6e4e5cap76b0ec7d5ffba154@mail.gmail.com> <47D7ADF0.8060405@gmail.com> Message-ID: <6beca9db0803120403l3cf1c661yba0f6d5af28fc63d@mail.gmail.com> Hi, Thanks for the great response, we will stick with the 32bit freebsd 7.0 ... dont wont to run into mainteane problems with perl modules etc. Comments futher down ... On Wed, Mar 12, 2008 at 11:18 AM, Ronny T. Lampert wrote: > > > We are upgrading a old system that are to be changed, because of bad > > performance with the SAS 5i controller installed in it. > > 5i sounds alot like the old HP/Compaq SmartArrays? > Yes, they are pretty bad. Don't ever think that those were real RAID > controllers... It was a Dell server, but a crappy controller, was not sold with others at the time ... but it today, maybe we will just replace it with a PERC5. > > > While we are changing it, we could use the old one, for some other > > task, and buy a new better one, as this would probebly get to slow in > > 1-2 years. > > > > We are thinking of buying: > > Dell poweredge 2950 > > 4 or 8gb ram > > Raid10 with 300gb 15000rpm SAS harddrives > > Just make sure you have a hardware RAID write cache with at least 512MB. > Those controllers can take some serious beating. > The newer HP SmartArray P600/P800 SAS aren't too bad, although still > limited to 512MB, so set the read/write ratio to 25/75 or so. > > I've also had good experiences with the MegaRAIDs (they can have bigger > caches) and the ICP Vortex controllers (now bought by Intel). Okay, sounds good, I will just find out much much memory there are on the card > > > With one of theese 2 processors ...the fastest is the cheapest ... but > > are there any difference since its cheaper ? ( thinking about the diff > > with the E and X in the name and the speed) > > Quad Core Intel(R) Xeon(R) E5440, 2X6MB Cache, 2.8GHz, 1333MHz FSB > > Quad Core Intel(R) Xeon(R) X5450, 2X6MB Cache, 3.0GHz, 1333MHz FSB > > As one other poster said, take the more energy efficient one. > It will pay off in cooling and energy costs. Thats also something to consider, since we are having some problems with the heat in the server room once in a while ... > > > We are going to install FreeBSD 7.0 > > Any on the list running a system with 8 GB memory, tmpfs, and 64bit ? > > I've seen problems with clamav being slower on 64bit/Linux. It was > around the factor 1.5 slower than on 32bit, so I quickly reverted back > to 32bit. 32bit it is then ... > > > Any problems ? Or will 4 GB be enough and then on 32bit, but still > > using tmpfs ? > > How big should the tmpfs be ? > > I calculate as follows: > 1 Mailscanner instance = 110MB RSS (32bit) > Usually 2 instances per CPU/Core = around 1GB gone at 8 instances Thought it said 5 per core/cpu in the MailScanner.conf ... but with quad core, 8 seems like a fair number ... same we run at the current. > > As for tmpfs: > I'm running it with 1GB on Linux (4GB total RAM). > I found that using tmpfs is giving a small speedup of around 1/4 because > in my setup the data never really has to wait for the disk, but is > only present in the caches. > > So the worst case is: tmpfs full with 1GB -> > 2GB tied up for MailScanner. Leaves 2GB for kernel and caching which > should be enough. > > Make sure you use "noatime" for your mailspool. Will do ... I'm also wondering ... I havent yet used the atime for anything really thing special. So I will turn it off. > > > > > Are there any other suggestions to this setup ? Anything that could be > > changed ? bigger, smaller .... > > You should always have a 2nd server with the same spam filtering setup > as your first! > It doesn't have to be a juicy machine, just make a RAID1 for reliability > -- but as soon as you've got 2 MX entries spammers will hit the one with > the least priority harder. > That's why you should use RBLs on the MTA level. Thats out next, we will probebly use the old one with a new controller. > > I'm running a triple redundancy setup over 2 continents and it gives me > real freedom to do maintainance whenever I want which is VERY VERY > convenient. Think we will spilt the SMTP connections at out firewall with some roundrobind, spilt 25% to the old and the rest to the new .... would this give any problems ? I can't think of any, that way. > > Cheers, > Ronny > -- > > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Best regards Mikael Syska From MailScanner at ecs.soton.ac.uk Wed Mar 12 14:28:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 14:29:34 2008 Subject: Spam with random letter sequences Message-ID: <47D7E896.3050508@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone been seeing any spam that looks like this? We're getting quite a lot of it. Anyone know any good ways of stopping it? From: olliegaskin3480lx@yahoo.co.uk [mailto:olliegaskin3480lx@yahoo.co.uk] Sent: 12 March 2008 02:12 To: hnr234245@msn.com Subject: erotic w Cuties g. y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s ysu cxgr. d sii jcyz fajl x. ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1+iXEfZZRxQVtlQRAnfHAKCFvCFXLTaJ+PHgV3Wo6k1AeKFIlwCg45q0 9vo70J76uUOgExUMeKQHeIA= =SMLD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Wed Mar 12 14:42:47 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Mar 12 14:43:34 2008 Subject: {Spam?} Spam with random letter sequences In-Reply-To: <47D7E896.3050508@ecs.soton.ac.uk> References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119C67@MED-CORE03-MS1.med.wayne.edu> Funny, I just had someone ask about this from yesterday but with a different URL. It has a score of 4.816 (3.5 from Bayes_99) but didn't trip SURBL checks. I check SURBL and the URL is there now so I'm guessing it was added after we'd already seen it. The one sample I have was bounced off yahoo.co.uk -=B -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, March 12, 2008 10:29 AM To: MailScanner discussion Subject: {Spam?} Spam with random letter sequences -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone been seeing any spam that looks like this? We're getting quite a lot of it. Anyone know any good ways of stopping it? From: olliegaskin3480lx@yahoo.co.uk [mailto:olliegaskin3480lx@yahoo.co.uk] Sent: 12 March 2008 02:12 To: hnr234245@msn.com Subject: erotic w Cuties g. y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s ysu cxgr. d sii jcyz fajl x. ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH1+iXEfZZRxQVtlQRAnfHAKCFvCFXLTaJ+PHgV3Wo6k1AeKFIlwCg45q0 9vo70J76uUOgExUMeKQHeIA= =SMLD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From t.d.lee at durham.ac.uk Wed Mar 12 15:46:38 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Wed Mar 12 15:47:39 2008 Subject: Spam with random letter sequences In-Reply-To: <47D7E896.3050508@ecs.soton.ac.uk> References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: On Wed, 12 Mar 2008, Julian Field wrote: > Anyone been seeing any spam that looks like this? Yes. > Anyone know any good ways of stopping it? No. But it seems genuinely to come through "yahoo" (judging by the "Received:" field as it hops over the garden wall into our jurisdiction). We've been seeing it for several days. The content seems too random for Bayes to do anything systematically reliably with it. And the embedded URLs seem to hop about, possibly too fast for the blacklists (accessed via SA) to keep pace. (We also use "spamhaus", via JANET, to do MTA blocking, which may stop some; but there's a lot still gets through.) I wonder how much Yahoo are doing to try to block it? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From list-mailscanner at linguaphone.com Wed Mar 12 15:22:26 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Mar 12 15:54:43 2008 Subject: {Spam?} Spam with random letter sequences In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119C67@MED-CORE03-MS1.med.wayne.edu> References: <47D7E896.3050508@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119C67@MED-CORE03-MS1.med.wayne.edu> Message-ID: <1205335345.23690.11.camel@gblades-suse.linguaphone-intranet.co.uk> Seen a similar thing here but the mails dont seem to be ofuscated as much but they are all coming from hotmail and again are not in uribl when they arrive. On Wed, 2008-03-12 at 14:42, Rose, Bobby wrote: > Funny, I just had someone ask about this from yesterday but with a > different URL. It has a score of 4.816 (3.5 from Bayes_99) but didn't > trip SURBL checks. I check SURBL and the URL is there now so I'm > guessing it was added after we'd already seen it. The one sample I have > was bounced off yahoo.co.uk > > -=B > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Wednesday, March 12, 2008 10:29 AM > To: MailScanner discussion > Subject: {Spam?} Spam with random letter sequences > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone been seeing any spam that looks like this? We're getting quite a > lot of it. Anyone know any good ways of stopping it? > > From: olliegaskin3480lx@yahoo.co.uk > [mailto:olliegaskin3480lx@yahoo.co.uk] > Sent: 12 March 2008 02:12 > To: hnr234245@msn.com > Subject: erotic w Cuties g. > > y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s > ysu cxgr. d sii jcyz fajl x. > ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH1+iXEfZZRxQVtlQRAnfHAKCFvCFXLTaJ+PHgV3Wo6k1AeKFIlwCg45q0 > 9vo70J76uUOgExUMeKQHeIA= > =SMLD > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From Kevin_Miller at ci.juneau.ak.us Wed Mar 12 16:01:38 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 12 16:01:14 2008 Subject: Email filtering by attachments In-Reply-To: <47D7A812.3080107@ecs.soton.ac.uk> References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > This is all written and working and will be in the next release. > Instead of allow/deny/deny+delete at the start of the line in > filename.rules.conf or filetype.rules conf files, you can now specify > a space- or comma-separated list of email addresses. If the rule > matches, the message's entire original list of recipients will be > replaced with the addresses named here. What happens if it doesn't match - auto deny? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ms-list at alexb.ch Wed Mar 12 16:06:15 2008 From: ms-list at alexb.ch (Alex Broens) Date: Wed Mar 12 16:07:09 2008 Subject: Spam with random letter sequences In-Reply-To: <47D7E896.3050508@ecs.soton.ac.uk> References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: <47D7FF77.3060609@alexb.ch> On 3/12/2008 3:28 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Anyone been seeing any spam that looks like this? We're getting quite a > lot of it. Anyone know any good ways of stopping it? > > From: olliegaskin3480lx@yahoo.co.uk [mailto:olliegaskin3480lx@yahoo.co.uk] > Sent: 12 March 2008 02:12 > To: hnr234245@msn.com > Subject: erotic w Cuties g. > > y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s ysu cxgr. d sii jcyz fajl x. > ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. > this stuff should be listed in URIBLs (URibl.com /SURBL). If your staff wants to submit and help the cause: http://lookup.uribl.com/?section=users;method=register Alex From scrumley at secure-enterprise.com Wed Mar 12 16:08:41 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Wed Mar 12 16:09:17 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <47D70CB1.6050207@ecs.soton.ac.uk> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com><8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> Message-ID: <8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, March 11, 2008 6:50 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > * PGP Signed by an unverified key: 03/11/08 at 18:50:26 > > > > Steve Crumley wrote: > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Glenn Steen > >> Sent: Tuesday, March 11, 2008 4:32 PM > >> To: MailScanner discussion > >> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >> then hangs at 100 percent CPU > >> > >> On 11/03/2008, Steve Crumley > wrote: > >> > >>> > -----Original Message----- > >>> > From: mailscanner-bounces@lists.mailscanner.info > >>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>> > >>> > >>>> Of Glenn Steen > >>>> > >>> > Sent: Tuesday, March 11, 2008 1:21 PM > >>> > To: MailScanner discussion > >>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >>> > then hangs at 100 percent CPU > >>> > > >>> > On 11/03/2008, Steve Crumley > >>> > >> wrote: > >> > >>> > > > >>> > > > >>> > > > -----Original Message----- > >>> > > > From: mailscanner-bounces@lists.mailscanner.info > >>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > >>> > >> On Behalf > >> > >>> > > > Of --[ UxBoD ]-- > >>> > > > >>> > > > Sent: Tuesday, March 11, 2008 11:29 AM > >>> > > > To: MailScanner discussion > >>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > >>> > > > then hangs at 100 percent CPU > >>> > > > > >>> > > > >>> > > > do you have strace installed on the server ? if so when the > >>> > > > process is running at 100% CPU connect to it and > see what it > >>> > > > is doing. I had this before, but for the life of > >>> > >> me I cannot > >> > >>> > > > remember what I changed to fix it :( > >>> > > > > >>> > > > Things to check :- > >>> > > > > >>> > > > 1) Permissions, are they all correct > >>> > > > 2) Check MailScanner.conf again just to make sure no typos > >>> > > > > >>> > > > Regards, > >>> > > > > >>> > > > -- > >>> > > > >>> > > > >>> > > Here is the output from strace: > >>> > > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > The system had been running fine for over a year, I > >>> > >> can't find any > >> > >>> > > permission or setting change thats doing this, but > I could be > >>> > > overlooking something. > >>> > > Thanks, > >>> > > -Steve > >>> > > > >>> > Could perhaps be a busted SQLite SA cache? What does > >>> > >> analyse_s (I > >> > >>> > don't remember if it is sacache or spamassassin_cache > >>> > >> ... the command > >> > >>> > completion should take care of it:-) say? If it looks > >>> > >> fishy, simply > >> > >>> > delete the SA cache file and restart MS. > >>> > > >>> > You've run MailScanner --lint, right? Nothing obvious > from that? > >>> > > >>> > Oh, and what av scanners do you use? Obviously not > >>> > >> clamavmodule, but > >> > >>> > perhaps clamav or clamd? are those OK? > >>> > > >>> > Cheers > >>> > -- > >>> > -- Glenn > >>> > email: glenn < dot > steen < at > gmail < dot > com > >>> > work: glenn < dot > steen < at > ap1 < dot > se > >>> > >>> > >>>> -- > >>>> > >>> > MailScanner mailing list > >>> > mailscanner@lists.mailscanner.info > >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > > >>> > Before posting, read http://wiki.mailscanner.info/posting > >>> > > >>> > Support MailScanner development - buy the book off the website! > >>> > > >>> > >>> > >>> > >>> analyse_SpamAssassin_cache looks clean, MailScanner --lint > >>> > >> is clean too. > >> > >>> I'm running clamd for AV but I've set virus scanning to no > >>> > >> while working > >> > >>> on this. > >>> > >>> Thanks, > >>> -Steve > >>> > >> Couldn't be something easily mended, huh:-).... > >> > >> What you seem to have attached to above (with strace) would be the > >> main MailScanner process, since it basically just wait for it's > >> children to end... Or is it? What does a ps listing show (one that > >> show the command argument list, since Jules rewrite it to > show what it > >> thinks it is basically doing)? > >> Do the children restart endlessly when hung? How many children are > >> there, and in what state? > >> Cheers > >> -- Glenn > >> > > > > > > > > When I first started it with 8 children, they all end up > quickly hanging > > and consuming CPU. For now, I've set it to 1 child and I've been > > running in debug mode. The ps gives us a good clue! Its the only > > mailscanner process and it reports "MailScanner: extracting > attachments" > > > > Thanks, > > -Steve > > > In which case go into "sub Explode" in > /usr/lib/MailScanner/MailScanner/Message.pm, and add some > "print STDERR" > lines to generate tracing output so you can see how far it gets. When > you do a "MailScanner --debug" it will show you the STDERR > debug output > in the terminal session. > > Jules > There's something very screwed up with my perl. I've put "print"s in MailScanner around the call to Explode and I put a print first thing in Explode. I get the output right before the call but nothing from explode itself and we never return to MailScanner. I really appreciate everyone's help with this. Thanks, -Steve From mikea at mikea.ath.cx Wed Mar 12 16:15:26 2008 From: mikea at mikea.ath.cx (mikea) Date: Wed Mar 12 16:16:05 2008 Subject: Spam with random letter sequences In-Reply-To: References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: <20080312161526.GE58892@mikea.ath.cx> On Wed, Mar 12, 2008 at 03:46:38PM +0000, David Lee wrote: > On Wed, 12 Mar 2008, Julian Field wrote: > > > Anyone been seeing any spam that looks like this? > > Yes. > > > Anyone know any good ways of stopping it? > > No. > > But it seems genuinely to come through "yahoo" (judging by the "Received:" > field as it hops over the garden wall into our jurisdiction). > > We've been seeing it for several days. The content seems too random for > Bayes to do anything systematically reliably with it. And the embedded > URLs seem to hop about, possibly too fast for the blacklists (accessed via > SA) to keep pace. (We also use "spamhaus", via JANET, to do MTA blocking, > which may stop some; but there's a lot still gets through.) > > I wonder how much Yahoo are doing to try to block it? Headers and body to me by private mail, please? I have some contacts at Yahoo that may be able to get something done about this, or to tell me what _they_ are seeing. The embedded URLs probably are of fast-flux servers on zombies, with private DNS also on zombies. See "Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority" foran academic article on closely-related matters. I don't have a URL for the paper, but think a Google search on the title or keywords from it will get it for you. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From rcooper at dwford.com Wed Mar 12 16:34:35 2008 From: rcooper at dwford.com (Rick Cooper) Date: Wed Mar 12 16:35:14 2008 Subject: Spam with random letter sequences In-Reply-To: References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: <024301c8845e$f594efb0$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of David Lee > Sent: Wednesday, March 12, 2008 11:47 AM > To: MailScanner discussion > Subject: Re: Spam with random letter sequences > > On Wed, 12 Mar 2008, Julian Field wrote: > > > Anyone been seeing any spam that looks like this? > > Yes. > > > Anyone know any good ways of stopping it? > > No. > > But it seems genuinely to come through "yahoo" (judging by > the "Received:" > field as it hops over the garden wall into our jurisdiction). > > We've been seeing it for several days. The content seems > too random for > Bayes to do anything systematically reliably with it. And > the embedded > URLs seem to hop about, possibly too fast for the blacklists > (accessed via > SA) to keep pace. (We also use "spamhaus", via JANET, to do > MTA blocking, > which may stop some; but there's a lot still gets through.) > > I wonder how much Yahoo are doing to try to block it? > > -- I would think you are seeing the results of the hotmail/live/yahoo/gmail captchas being cracked over the last few months. I get tons of stuff in from valid yahoo/hotmail accounts but so far they have been quite easy to block and the urls contained within seem to show up on the url black lists within 24 hrs anyway. One I constantly see is To: OneRandomLetter with the to envelope being a valid local email address. The subject is hi/hello/good day and the body has nothing but a url. It comes straight from legit yahoo mail servers. We are really beginning to pay for these "free" email accounts. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 16:50:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 16:51:26 2008 Subject: Email filtering by attachments In-Reply-To: References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> Message-ID: <47D809DF.50902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Miller wrote: > Julian Field wrote: > > >> This is all written and working and will be in the next release. >> Instead of allow/deny/deny+delete at the start of the line in >> filename.rules.conf or filetype.rules conf files, you can now specify >> a space- or comma-separated list of email addresses. If the rule >> matches, the message's entire original list of recipients will be >> replaced with the addresses named here. >> > > What happens if it doesn't match - auto deny? > If the rule doesn't match, I believe it is permitted. It's in the docs somewhere. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH2AnfEfZZRxQVtlQRAv1XAKCIrC6v04jTQt0IKzsuE0DH35t1YwCbBS7o ai9ymAmaKdvaHZqSEB03ujE= =fmo9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Kevin_Miller at ci.juneau.ak.us Wed Mar 12 17:15:24 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 12 17:15:03 2008 Subject: Email filtering by attachments In-Reply-To: <47D809DF.50902@ecs.soton.ac.uk> References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D809DF.50902@ecs.soton.ac.uk> Message-ID: Julian Field wrote: >> What happens if it doesn't match - auto deny? >> > If the rule doesn't match, I believe it is permitted. It's in the docs > somewhere. Hmmm. How hard would it be to have a ruleset there, or syntax something the options for what to do with mail (deliver, forward, store, etc.) like with Spam Actions or Non-Spam Actions? I can envision cases where I might want to allow specific filetypes for some, but not the general users... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From doc at maddoc.net Wed Mar 12 17:26:42 2008 From: doc at maddoc.net (Doc Schneider) Date: Wed Mar 12 17:27:42 2008 Subject: Spam with random letter sequences In-Reply-To: <47D7E896.3050508@ecs.soton.ac.uk> References: <47D7E896.3050508@ecs.soton.ac.uk> Message-ID: <47D81252.5070908@maddoc.net> Julian Field wrote: > Anyone been seeing any spam that looks like this? We're getting quite a > lot of it. Anyone know any good ways of stopping it? > > From: olliegaskin3480lx@yahoo.co.uk [mailto:olliegaskin3480lx@yahoo.co.uk] > Sent: 12 March 2008 02:12 > To: hnr234245@msn.com > Subject: erotic w Cuties g. > > y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s ysu cxgr. d sii jcyz fajl x. > ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. > > > Jules > I'd use http://rulesemporium.com/rules/chickenpox.cf good catch all for these pesky messages. Of course Alex's suggestion about getting those domains in uribl.com is good also. -- -Doc Lincoln, NE. http://www.fsl.com http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From MailScanner at ecs.soton.ac.uk Wed Mar 12 18:00:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 18:00:49 2008 Subject: Email filtering by attachments In-Reply-To: References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D809DF.50902@ecs.soton.ac.uk> Message-ID: <47D81A23.3090606@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Miller wrote: > Julian Field wrote: > >>> What happens if it doesn't match - auto deny? >>> >>> >> If the rule doesn't match, I believe it is permitted. It's in the docs >> somewhere. >> > > Hmmm. How hard would it be to have a ruleset there, or syntax something > the options for what to do with mail (deliver, forward, store, etc.) > like with Spam Actions or Non-Spam Actions? > > I can envision cases where I might want to allow specific filetypes for > some, but not the general users... > You can already do that. It's in the wiki, and the Book. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2BooEfZZRxQVtlQRAv+WAJ0eb9rqTUuuTW9F1GLUVGpEeGo+GwCgg10F oIckXZgIiVvztzAWJ8l2H20= =3auo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 18:02:34 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 18:03:01 2008 Subject: Spam with random letter sequences In-Reply-To: <47D81252.5070908@maddoc.net> References: <47D7E896.3050508@ecs.soton.ac.uk> <47D81252.5070908@maddoc.net> Message-ID: <47D81ABA.6060007@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doc Schneider wrote: > Julian Field wrote: > >> Anyone been seeing any spam that looks like this? We're getting quite a >> lot of it. Anyone know any good ways of stopping it? >> >> From: olliegaskin3480lx@yahoo.co.uk [mailto:olliegaskin3480lx@yahoo.co.uk] >> Sent: 12 March 2008 02:12 >> To: hnr234245@msn.com >> Subject: erotic w Cuties g. >> >> y bvybf, sexual mkbdi mfm Female ycuc oltat http://www.vijdeohot.cn s ysu cxgr. d sii jcyz fajl x. >> ui eusk mwnvz zqh xu uxwr, yi ysn gtmpj k c. >> >> >> Jules >> >> > > I'd use http://rulesemporium.com/rules/chickenpox.cf good catch all for > these pesky messages. > I already use that ruleset, and it's not catching them. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2BrFEfZZRxQVtlQRAmDcAKCDJc0lOrR1PNbbIU2+yMQwRiUcXACg8fBE gFw7Byem1drnbf8smncuGxQ= =eLbk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 12 18:58:56 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 12 19:00:03 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <47D77CBA.6010706@ddihealth.com> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> Message-ID: on 3-11-2008 11:48 PM Jim Barber spake the following: > Hi all. > > For a long time now I've been using the MailScanner packages as > distributed by Debian. > Recently the maintainer updated the package to use version 4.66.5 of > MailScanner (it was previously at 4.58.9). > This means that I can now take advantage of the ClamAV daemon to do > virus scanning instead of invoking clamav for each batch or messages. > > But I am encountering a strange error that occurs for some, but not all > TNEF attachments. > > Here is an example of the messages that occur in syslog when processing > an email with this problem. > Note that I've changed the email address in the second line of output: > > Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks: Starting > Mar 12 13:20:35 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > from 10.128.3.10 (user@ddihealth.com) is whitelisted > Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks completed at > 83746 bytes per second > Mar 12 13:20:36 mail MailScanner[27855]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/27855/1JZIS6-00043a-FQ/winmail.dat > Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > added TNEF contents image001.jpg,image002.jpg > Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ > has had TNEF winmail.dat removed > Mar 12 13:20:42 mail MailScanner[27855]: Virus and Content Scanning: > Starting > Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to > open file or directory ERROR :: ./1JZIS6-00043a-FQ/mha1BpYaNZ > Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to > open file or directory ERROR :: ./1JZIS6-00043a-FQ/RRZFcL3LVX > Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Clamd found > 2 infections > Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Found 2 > viruses > Mar 12 13:20:44 mail MailScanner[27855]: Virus Scanning completed at > 7944 bytes per second > Mar 12 13:20:44 mail MailScanner[27855]: Uninfected: Delivered 2 > messages > Mar 12 13:20:44 mail MailScanner[27855]: Virus Processing completed > at 195783 bytes per second > Mar 12 13:20:44 mail MailScanner[27855]: Batch completed at 6458 > bytes per second (63292 / 9) > > Note that the problem only seems to happen to TNEF attachments where the > following log entry occurs: > > MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES > eg. > MailScanner[$PID]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat > MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES > MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed > > However If I only get the following messages then the virus scan will be > fine: > > MailScanner[$PID]: Expanding TNEF archive at > /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat > MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed > > I have the following TNEF settings in my MailScanner.conf file: > > Expand TNEF = yes > Use TNEF Contents = replace > Deliver Unparsable TNEF = no > TNEF Expander = internal > TNEF Timeout = 120 > > I changed the "TNEF Expander" to be "internal" a long time ago. > I found that having it set to "/usr/bin/tnef --maxsize=100000000" choked > on some messages that the internal one was able to handle. > > The ClamAV daemon is successfully scanning all other emails okay. > I've only ever seen the problem associated with certain TNEF attachments. > > I've left all clamd settings in the MailScanner.conf at their default > settings. > The clamd virus scanner is found when MailScanner starts as shown in the > following log message: > > Mar 12 11:51:54 mail MailScanner[27855]: I have found clamd scanners > installed, and will use them all by default. > > My MailScanner incoming file system is using tmpfs and is shown as > follows in 'df' output: > > tmpfs 258528 704 257824 1% > /var/spool/MailScanner/incoming > > Any ideas what is going wrong? > > Thanks. Hijacking threads has caused bad karma on your mailserver. Repent, say 10 hail Julian's, and hijack no more! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080312/be5ec02f/signature.bin From ssilva at sgvwater.com Wed Mar 12 19:02:53 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 12 19:05:12 2008 Subject: Email filtering by attachments In-Reply-To: References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D809DF.50902@ecs.soton.ac.uk> Message-ID: on 3-12-2008 10:15 AM Kevin Miller spake the following: > Julian Field wrote: >>> What happens if it doesn't match - auto deny? >>> >> If the rule doesn't match, I believe it is permitted. It's in the docs >> somewhere. > > Hmmm. How hard would it be to have a ruleset there, or syntax something > the options for what to do with mail (deliver, forward, store, etc.) > like with Spam Actions or Non-Spam Actions? > > I can envision cases where I might want to allow specific filetypes for > some, but not the general users... > > ...Kevin Something like this? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading&s=overloading -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080312/03d06f34/signature.bin From glenn.steen at gmail.com Wed Mar 12 19:05:34 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 12 19:06:10 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <23152946.1431205249352659.JavaMail.root@office.splatnix.net> <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> Message-ID: <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> On 12/03/2008, Steve Crumley wrote: > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > > Of Julian Field > > Sent: Tuesday, March 11, 2008 6:50 PM > > To: MailScanner discussion > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > then hangs at 100 percent CPU > > > > > * PGP Signed by an unverified key: 03/11/08 at 18:50:26 > > > > > > > > Steve Crumley wrote: > > > > > > > > > > > >> -----Original Message----- > > >> From: mailscanner-bounces@lists.mailscanner.info > > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > >> Of Glenn Steen > > >> Sent: Tuesday, March 11, 2008 4:32 PM > > >> To: MailScanner discussion > > >> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > > >> then hangs at 100 percent CPU > > >> > > >> On 11/03/2008, Steve Crumley > > wrote: > > >> > > >>> > -----Original Message----- > > >>> > From: mailscanner-bounces@lists.mailscanner.info > > >>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > > >>> > > >>> > > >>>> Of Glenn Steen > > >>>> > > >>> > Sent: Tuesday, March 11, 2008 1:21 PM > > >>> > To: MailScanner discussion > > >>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > > >>> > then hangs at 100 percent CPU > > >>> > > > >>> > On 11/03/2008, Steve Crumley > > >>> > > >> wrote: > > >> > > >>> > > > > >>> > > > > >>> > > > -----Original Message----- > > >>> > > > From: mailscanner-bounces@lists.mailscanner.info > > >>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > > >>> > > >> On Behalf > > >> > > >>> > > > Of --[ UxBoD ]-- > > >>> > > > > >>> > > > Sent: Tuesday, March 11, 2008 11:29 AM > > >>> > > > To: MailScanner discussion > > >>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > > >>> > > > then hangs at 100 percent CPU > > >>> > > > > > >>> > > > > >>> > > > do you have strace installed on the server ? if so when the > > >>> > > > process is running at 100% CPU connect to it and > > see what it > > >>> > > > is doing. I had this before, but for the life of > > >>> > > >> me I cannot > > >> > > >>> > > > remember what I changed to fix it :( > > >>> > > > > > >>> > > > Things to check :- > > >>> > > > > > >>> > > > 1) Permissions, are they all correct > > >>> > > > 2) Check MailScanner.conf again just to make sure no typos > > >>> > > > > > >>> > > > Regards, > > >>> > > > > > >>> > > > -- > > >>> > > > > >>> > > > > >>> > > Here is the output from strace: > > >>> > > > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > The system had been running fine for over a year, I > > >>> > > >> can't find any > > >> > > >>> > > permission or setting change thats doing this, but > > I could be > > >>> > > overlooking something. > > >>> > > Thanks, > > >>> > > -Steve > > >>> > > > > >>> > Could perhaps be a busted SQLite SA cache? What does > > >>> > > >> analyse_s (I > > >> > > >>> > don't remember if it is sacache or spamassassin_cache > > >>> > > >> ... the command > > >> > > >>> > completion should take care of it:-) say? If it looks > > >>> > > >> fishy, simply > > >> > > >>> > delete the SA cache file and restart MS. > > >>> > > > >>> > You've run MailScanner --lint, right? Nothing obvious > > from that? > > >>> > > > >>> > Oh, and what av scanners do you use? Obviously not > > >>> > > >> clamavmodule, but > > >> > > >>> > perhaps clamav or clamd? are those OK? > > >>> > > > >>> > Cheers > > >>> > -- > > >>> > -- Glenn > > >>> > email: glenn < dot > steen < at > gmail < dot > com > > >>> > work: glenn < dot > steen < at > ap1 < dot > se > > >>> > > >>> > > >>>> -- > > >>>> > > >>> > MailScanner mailing list > > >>> > mailscanner@lists.mailscanner.info > > >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>> > > > >>> > Before posting, read http://wiki.mailscanner.info/posting > > >>> > > > >>> > Support MailScanner development - buy the book off the website! > > >>> > > > >>> > > >>> > > >>> > > >>> analyse_SpamAssassin_cache looks clean, MailScanner --lint > > >>> > > >> is clean too. > > >> > > >>> I'm running clamd for AV but I've set virus scanning to no > > >>> > > >> while working > > >> > > >>> on this. > > >>> > > >>> Thanks, > > >>> -Steve > > >>> > > >> Couldn't be something easily mended, huh:-).... > > >> > > >> What you seem to have attached to above (with strace) would be the > > >> main MailScanner process, since it basically just wait for it's > > >> children to end... Or is it? What does a ps listing show (one that > > >> show the command argument list, since Jules rewrite it to > > show what it > > >> thinks it is basically doing)? > > >> Do the children restart endlessly when hung? How many children are > > >> there, and in what state? > > >> Cheers > > >> -- Glenn > > >> > > > > > > > > > > > > When I first started it with 8 children, they all end up > > quickly hanging > > > and consuming CPU. For now, I've set it to 1 child and I've been > > > running in debug mode. The ps gives us a good clue! Its the only > > > mailscanner process and it reports "MailScanner: extracting > > attachments" > > > > > > Thanks, > > > -Steve > > > > > In which case go into "sub Explode" in > > /usr/lib/MailScanner/MailScanner/Message.pm, and add some > > "print STDERR" > > lines to generate tracing output so you can see how far it gets. When > > you do a "MailScanner --debug" it will show you the STDERR > > debug output > > in the terminal session. > > > > Jules > > > > > There's something very screwed up with my perl. I've put "print"s in > MailScanner around the call to Explode and I put a print first thing in > Explode. I get the output right before the call but nothing from > explode itself and we never return to MailScanner. > > I really appreciate everyone's help with this. > Thanks, > -Steve > I wonder if STDERR is unbuffered (too lazy/tired to go look it up...:) ... Jules? Else you might need do that to get reliable error printing... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Wed Mar 12 19:08:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 19:08:55 2008 Subject: Email filtering by attachments In-Reply-To: <47D7A812.3080107@ecs.soton.ac.uk> References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> Message-ID: <47D82A12.7010704@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One question for you, I want to see what people think. When the original recipients are replaced with the recipient given in the forwarding rules for the attachments, what should be put in the addresses used for matching other rulesets? Should the message continue to match based on its original recipients, or should it match based on the new "forwarding rules" recipients? I suspect it doesn't matter either way, very much. But I want to hear your comments. Julian Field wrote: > * PGP Signed: 03/12/08 at 09:53:26 > > This is all written and working and will be in the next release. > Instead of allow/deny/deny+delete at the start of the line in > filename.rules.conf or filetype.rules conf files, you can now specify > a space- or comma-separated list of email addresses. If the rule > matches, the message's entire original list of recipients will be > replaced with the addresses named here. > > I plan to do a new beta release very soon, there's quite a lot to go > in it. > > Julian Field wrote: >> > Old Signed: 03/12/08 at 08:43:12 >> >> This is a fair request. It can be done at the moment, but it's pretty >> awkward to implement. >> Coming soon to a MailScanner near you (as long as my night spent >> working out how to do it bears fruit). >> >> Noam Kleiman wrote: >>> I?m filtering some extensions using the filename.rules.conf but I >>> can only allow or deny those emails. What I need is to redirect >>> mails with certain extensions to a specific mailbox. >>> For example I like to redirect all the mails delivered to a specific >>> domain with .avi attachments into a specific mailbox. >>> The single suggestion I have found is to assign a high spam score to >>> the email with the extension I want to redirect and then to set a >>> rule for high scoring emails from a specific domain to be redirected >>> to a specific account, but that account will receive all the high >>> spam score and not only the filtered by attachment. Is there any way >>> to have a forward rule for emails with certain attachments? >>> >>> Any other idea? I have seen some suggestions to do it with Procmail >>> but I rather do it through Mailscanner. >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by *MailScanner*, and is >>> believed to be clean. >> >> Jules >> > > Jules > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: windows-1252 wj8DBQFH2CoXEfZZRxQVtlQRAsCcAJ9Rg311FeA8PqlT5wpd9LhR4uYjQQCg1jTr +3Qok2bXmHfWlsIg+Qk2GU4= =PdVO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 19:22:11 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 19:22:37 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> Message-ID: <47D82D63.9040301@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And he hasn't responded to my question about what MTA he's using and what his "Run As" settings are. I suspect it's just a permissions problem. Scott Silva wrote: > on 3-11-2008 11:48 PM Jim Barber spake the following: >> Hi all. >> >> For a long time now I've been using the MailScanner packages as >> distributed by Debian. >> Recently the maintainer updated the package to use version 4.66.5 of >> MailScanner (it was previously at 4.58.9). >> This means that I can now take advantage of the ClamAV daemon to do >> virus scanning instead of invoking clamav for each batch or messages. >> >> But I am encountering a strange error that occurs for some, but not >> all TNEF attachments. >> >> Here is an example of the messages that occur in syslog when >> processing an email with this problem. >> Note that I've changed the email address in the second line of output: >> >> Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks: Starting >> Mar 12 13:20:35 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ >> from 10.128.3.10 (user@ddihealth.com) is whitelisted >> Mar 12 13:20:35 mail MailScanner[27855]: Spam Checks completed at >> 83746 bytes per second >> Mar 12 13:20:36 mail MailScanner[27855]: Expanding TNEF archive >> at /var/spool/MailScanner/incoming/27855/1JZIS6-00043a-FQ/winmail.dat >> Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ >> added TNEF contents image001.jpg,image002.jpg >> Mar 12 13:20:42 mail MailScanner[27855]: Message 1JZIS6-00043a-FQ >> has had TNEF winmail.dat removed >> Mar 12 13:20:42 mail MailScanner[27855]: Virus and Content >> Scanning: Starting >> Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to >> open file or directory ERROR :: ./1JZIS6-00043a-FQ/mha1BpYaNZ >> Mar 12 13:20:43 mail MailScanner[27855]: Clamd::ERROR:: Unable to >> open file or directory ERROR :: ./1JZIS6-00043a-FQ/RRZFcL3LVX >> Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Clamd >> found 2 infections >> Mar 12 13:20:43 mail MailScanner[27855]: Virus Scanning: Found 2 >> viruses >> Mar 12 13:20:44 mail MailScanner[27855]: Virus Scanning completed >> at 7944 bytes per second >> Mar 12 13:20:44 mail MailScanner[27855]: Uninfected: Delivered 2 >> messages >> Mar 12 13:20:44 mail MailScanner[27855]: Virus Processing >> completed at 195783 bytes per second >> Mar 12 13:20:44 mail MailScanner[27855]: Batch completed at 6458 >> bytes per second (63292 / 9) >> >> Note that the problem only seems to happen to TNEF attachments where >> the following log entry occurs: >> >> MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES >> eg. >> MailScanner[$PID]: Expanding TNEF archive at >> /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat >> MailScanner[$PID]: Message $MSG_ID added TNEF contents $FILES >> MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed >> >> However If I only get the following messages then the virus scan will >> be fine: >> >> MailScanner[$PID]: Expanding TNEF archive at >> /var/spool/MailScanner/incoming/$PID/$MSG_ID/winmail.dat >> MailScanner[$PID]: Message $MSG_ID has had TNEF winmail.dat removed >> >> I have the following TNEF settings in my MailScanner.conf file: >> >> Expand TNEF = yes >> Use TNEF Contents = replace >> Deliver Unparsable TNEF = no >> TNEF Expander = internal >> TNEF Timeout = 120 >> >> I changed the "TNEF Expander" to be "internal" a long time ago. >> I found that having it set to "/usr/bin/tnef --maxsize=100000000" >> choked on some messages that the internal one was able to handle. >> >> The ClamAV daemon is successfully scanning all other emails okay. >> I've only ever seen the problem associated with certain TNEF >> attachments. >> >> I've left all clamd settings in the MailScanner.conf at their default >> settings. >> The clamd virus scanner is found when MailScanner starts as shown in >> the following log message: >> >> Mar 12 11:51:54 mail MailScanner[27855]: I have found clamd >> scanners installed, and will use them all by default. >> >> My MailScanner incoming file system is using tmpfs and is shown as >> follows in 'df' output: >> >> tmpfs 258528 704 257824 1% >> /var/spool/MailScanner/incoming >> >> Any ideas what is going wrong? >> >> Thanks. > Hijacking threads has caused bad karma on your mailserver. Repent, say > 10 hail Julian's, and hijack no more! > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: UTF-8 wj8DBQFH2C1pEfZZRxQVtlQRAouqAKCwYzfLbu+o85ItSQbvcZZR7yQUSQCgncAA a8GG/klJIu16WtxroRclBb8= =rggL -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 19:42:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 19:43:49 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <23152946.1431205249352659.JavaMail.root@office.splatnix.net> <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> Message-ID: <47D83241.5040702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 12/03/2008, Steve Crumley wrote: > >> > -----Original Message----- >> > From: mailscanner-bounces@lists.mailscanner.info >> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> >> >>> Of Julian Field >>> >> > Sent: Tuesday, March 11, 2008 6:50 PM >> > To: MailScanner discussion >> > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >> > then hangs at 100 percent CPU >> > >> >> >>> * PGP Signed by an unverified key: 03/11/08 at 18:50:26 >>> >> > >> > >> > >> > Steve Crumley wrote: >> > > >> > > >> > > >> > >> -----Original Message----- >> > >> From: mailscanner-bounces@lists.mailscanner.info >> > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> > >> Of Glenn Steen >> > >> Sent: Tuesday, March 11, 2008 4:32 PM >> > >> To: MailScanner discussion >> > >> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >> > >> then hangs at 100 percent CPU >> > >> >> > >> On 11/03/2008, Steve Crumley >> > wrote: >> > >> >> > >>> > -----Original Message----- >> > >>> > From: mailscanner-bounces@lists.mailscanner.info >> > >>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> > >>> >> > >>> >> > >>>> Of Glenn Steen >> > >>>> >> > >>> > Sent: Tuesday, March 11, 2008 1:21 PM >> > >>> > To: MailScanner discussion >> > >>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >> > >>> > then hangs at 100 percent CPU >> > >>> > >> > >>> > On 11/03/2008, Steve Crumley >> > >>> >> > >> wrote: >> > >> >> > >>> > > >> > >>> > > >> > >>> > > > -----Original Message----- >> > >>> > > > From: mailscanner-bounces@lists.mailscanner.info >> > >>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] >> > >>> >> > >> On Behalf >> > >> >> > >>> > > > Of --[ UxBoD ]-- >> > >>> > > >> > >>> > > > Sent: Tuesday, March 11, 2008 11:29 AM >> > >>> > > > To: MailScanner discussion >> > >>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >> > >>> > > > then hangs at 100 percent CPU >> > >>> > > > >> > >>> > > >> > >>> > > > do you have strace installed on the server ? if so when the >> > >>> > > > process is running at 100% CPU connect to it and >> > see what it >> > >>> > > > is doing. I had this before, but for the life of >> > >>> >> > >> me I cannot >> > >> >> > >>> > > > remember what I changed to fix it :( >> > >>> > > > >> > >>> > > > Things to check :- >> > >>> > > > >> > >>> > > > 1) Permissions, are they all correct >> > >>> > > > 2) Check MailScanner.conf again just to make sure no typos >> > >>> > > > >> > >>> > > > Regards, >> > >>> > > > >> > >>> > > > -- >> > >>> > > >> > >>> > > >> > >>> > > Here is the output from strace: >> > >>> > > >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > The system had been running fine for over a year, I >> > >>> >> > >> can't find any >> > >> >> > >>> > > permission or setting change thats doing this, but >> > I could be >> > >>> > > overlooking something. >> > >>> > > Thanks, >> > >>> > > -Steve >> > >>> > > >> > >>> > Could perhaps be a busted SQLite SA cache? What does >> > >>> >> > >> analyse_s (I >> > >> >> > >>> > don't remember if it is sacache or spamassassin_cache >> > >>> >> > >> ... the command >> > >> >> > >>> > completion should take care of it:-) say? If it looks >> > >>> >> > >> fishy, simply >> > >> >> > >>> > delete the SA cache file and restart MS. >> > >>> > >> > >>> > You've run MailScanner --lint, right? Nothing obvious >> > from that? >> > >>> > >> > >>> > Oh, and what av scanners do you use? Obviously not >> > >>> >> > >> clamavmodule, but >> > >> >> > >>> > perhaps clamav or clamd? are those OK? >> > >>> > >> > >>> > Cheers >> > >>> > -- >> > >>> > -- Glenn >> > >>> > email: glenn < dot > steen < at > gmail < dot > com >> > >>> > work: glenn < dot > steen < at > ap1 < dot > se >> > >>> >> > >>> >> > >>>> -- >> > >>>> >> > >>> > MailScanner mailing list >> > >>> > mailscanner@lists.mailscanner.info >> > >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >>> > >> > >>> > Before posting, read http://wiki.mailscanner.info/posting >> > >>> > >> > >>> > Support MailScanner development - buy the book off the website! >> > >>> > >> > >>> >> > >>> >> > >>> >> > >>> analyse_SpamAssassin_cache looks clean, MailScanner --lint >> > >>> >> > >> is clean too. >> > >> >> > >>> I'm running clamd for AV but I've set virus scanning to no >> > >>> >> > >> while working >> > >> >> > >>> on this. >> > >>> >> > >>> Thanks, >> > >>> -Steve >> > >>> >> > >> Couldn't be something easily mended, huh:-).... >> > >> >> > >> What you seem to have attached to above (with strace) would be the >> > >> main MailScanner process, since it basically just wait for it's >> > >> children to end... Or is it? What does a ps listing show (one that >> > >> show the command argument list, since Jules rewrite it to >> > show what it >> > >> thinks it is basically doing)? >> > >> Do the children restart endlessly when hung? How many children are >> > >> there, and in what state? >> > >> Cheers >> > >> -- Glenn >> > >> >> > > >> > > >> > > >> > > When I first started it with 8 children, they all end up >> > quickly hanging >> > > and consuming CPU. For now, I've set it to 1 child and I've been >> > > running in debug mode. The ps gives us a good clue! Its the only >> > > mailscanner process and it reports "MailScanner: extracting >> > attachments" >> > > >> > > Thanks, >> > > -Steve >> > > >> > In which case go into "sub Explode" in >> > /usr/lib/MailScanner/MailScanner/Message.pm, and add some >> > "print STDERR" >> > lines to generate tracing output so you can see how far it gets. When >> > you do a "MailScanner --debug" it will show you the STDERR >> > debug output >> > in the terminal session. >> > >> > Jules >> > >> >> >> There's something very screwed up with my perl. I've put "print"s in >> MailScanner around the call to Explode and I put a print first thing in >> Explode. I get the output right before the call but nothing from >> explode itself and we never return to MailScanner. >> >> I really appreciate everyone's help with this. >> Thanks, >> -Steve >> >> > I wonder if STDERR is unbuffered (too lazy/tired to go look it up...:) > ... Jules? Else you might need do that to get reliable error > printing... > STDERR is unbuffered. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2DJGEfZZRxQVtlQRAujLAJ4ytKdJ3TqZrSPJDuyHKSomDJG13QCbBmN6 E1kEwpWmNuq7SzIB3mBdBTQ= =22gB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From scrumley at secure-enterprise.com Wed Mar 12 19:44:53 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Wed Mar 12 19:45:28 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com><223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com><8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com><47D70CB1.6050207@ecs.soton.ac.uk><8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> Message-ID: <8775613110ACC349B6CF97F922E670E34501A6@kronos.secure-enterprise.com> > > > I wonder if STDERR is unbuffered (too lazy/tired to go look it up...:) > ... Jules? Else you might need do that to get reliable error > printing... > > Cheers > -- > -- Glenn I believe STDOUT is buffered and STDERR is unbuffered. Could some other module have defined an Explode function? Is there a way to ask perl where the functions are that it is using or would it normally complain if a function got overloaded? I know just enough perl to be dangerous and I'm really out of ideas right now. Thanks, -Steve From scrumley at secure-enterprise.com Wed Mar 12 20:59:47 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Wed Mar 12 21:00:23 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <47D70CB1.6050207@ecs.soton.ac.uk> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com><8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> Message-ID: <8775613110ACC349B6CF97F922E670E34501A7@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Tuesday, March 11, 2008 6:50 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > * PGP Signed by an unverified key: 03/11/08 at 18:50:26 > > > > Steve Crumley wrote: > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Glenn Steen > >> Sent: Tuesday, March 11, 2008 4:32 PM > >> To: MailScanner discussion > >> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >> then hangs at 100 percent CPU > >> > >> On 11/03/2008, Steve Crumley > wrote: > >> > >>> > -----Original Message----- > >>> > From: mailscanner-bounces@lists.mailscanner.info > >>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>> > >>> > >>>> Of Glenn Steen > >>>> > >>> > Sent: Tuesday, March 11, 2008 1:21 PM > >>> > To: MailScanner discussion > >>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >>> > then hangs at 100 percent CPU > >>> > > >>> > On 11/03/2008, Steve Crumley > >>> > >> wrote: > >> > >>> > > > >>> > > > >>> > > > -----Original Message----- > >>> > > > From: mailscanner-bounces@lists.mailscanner.info > >>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > >>> > >> On Behalf > >> > >>> > > > Of --[ UxBoD ]-- > >>> > > > >>> > > > Sent: Tuesday, March 11, 2008 11:29 AM > >>> > > > To: MailScanner discussion > >>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > >>> > > > then hangs at 100 percent CPU > >>> > > > > >>> > > > >>> > > > do you have strace installed on the server ? if so when the > >>> > > > process is running at 100% CPU connect to it and > see what it > >>> > > > is doing. I had this before, but for the life of > >>> > >> me I cannot > >> > >>> > > > remember what I changed to fix it :( > >>> > > > > >>> > > > Things to check :- > >>> > > > > >>> > > > 1) Permissions, are they all correct > >>> > > > 2) Check MailScanner.conf again just to make sure no typos > >>> > > > > >>> > > > Regards, > >>> > > > > >>> > > > -- > >>> > > > >>> > > > >>> > > Here is the output from strace: > >>> > > > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > The system had been running fine for over a year, I > >>> > >> can't find any > >> > >>> > > permission or setting change thats doing this, but > I could be > >>> > > overlooking something. > >>> > > Thanks, > >>> > > -Steve > >>> > > > >>> > Could perhaps be a busted SQLite SA cache? What does > >>> > >> analyse_s (I > >> > >>> > don't remember if it is sacache or spamassassin_cache > >>> > >> ... the command > >> > >>> > completion should take care of it:-) say? If it looks > >>> > >> fishy, simply > >> > >>> > delete the SA cache file and restart MS. > >>> > > >>> > You've run MailScanner --lint, right? Nothing obvious > from that? > >>> > > >>> > Oh, and what av scanners do you use? Obviously not > >>> > >> clamavmodule, but > >> > >>> > perhaps clamav or clamd? are those OK? > >>> > > >>> > Cheers > >>> > -- > >>> > -- Glenn > >>> > email: glenn < dot > steen < at > gmail < dot > com > >>> > work: glenn < dot > steen < at > ap1 < dot > se > >>> > >>> > >>>> -- > >>>> > >>> > MailScanner mailing list > >>> > mailscanner@lists.mailscanner.info > >>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > > >>> > Before posting, read http://wiki.mailscanner.info/posting > >>> > > >>> > Support MailScanner development - buy the book off the website! > >>> > > >>> > >>> > >>> > >>> analyse_SpamAssassin_cache looks clean, MailScanner --lint > >>> > >> is clean too. > >> > >>> I'm running clamd for AV but I've set virus scanning to no > >>> > >> while working > >> > >>> on this. > >>> > >>> Thanks, > >>> -Steve > >>> > >> Couldn't be something easily mended, huh:-).... > >> > >> What you seem to have attached to above (with strace) would be the > >> main MailScanner process, since it basically just wait for it's > >> children to end... Or is it? What does a ps listing show (one that > >> show the command argument list, since Jules rewrite it to > show what it > >> thinks it is basically doing)? > >> Do the children restart endlessly when hung? How many children are > >> there, and in what state? > >> Cheers > >> -- Glenn > >> > > > > > > > > When I first started it with 8 children, they all end up > quickly hanging > > and consuming CPU. For now, I've set it to 1 child and I've been > > running in debug mode. The ps gives us a good clue! Its the only > > mailscanner process and it reports "MailScanner: extracting > attachments" > > > > Thanks, > > -Steve > > > In which case go into "sub Explode" in > /usr/lib/MailScanner/MailScanner/Message.pm, and add some > "print STDERR" > lines to generate tracing output so you can see how far it gets. When > you do a "MailScanner --debug" it will show you the STDERR > debug output > in the terminal session. OK, Here is whats happening. Its using Explode in MessageBatch.pm and not Message.pm. Here is where it dies in MessageBatch.pm: sub Explode { my $this = shift; print STDERR "messagebatch\n"; #crumley my($key, $message); # jjh 2004-03-12 reap as many as we can. # JKF Test 2004-11-23 1 until waitpid(-1, &POSIX::WNOHANG) == -1; print STDERR "about to hang\n"; 1 until waitpid(-1, WNOHANG) == -1; print STDERR "we never get here\n"; > From ssilva at sgvwater.com Wed Mar 12 21:44:14 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 12 21:44:53 2008 Subject: Email filtering by attachments In-Reply-To: <47D82A12.7010704@ecs.soton.ac.uk> References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D82A12.7010704@ecs.soton.ac.uk> Message-ID: on 3-12-2008 12:08 PM Julian Field spake the following: > One question for you, I want to see what people think. > When the original recipients are replaced with the recipient given in > the forwarding rules for the attachments, what should be put in the > addresses used for matching other rulesets? > > Should the message continue to match based on its original recipients, > or should it match based on the new "forwarding rules" recipients? > > I suspect it doesn't matter either way, very much. But I want to hear > your comments. > If it suddenly matches on the new recipient, could mail get stuck in a loop if you weren't careful on your rulesets? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080312/2b411cc2/signature.bin From MailScanner at ecs.soton.ac.uk Wed Mar 12 21:51:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 21:52:16 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E34501A7@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com><8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501A7@kronos.secure-enterprise.com> Message-ID: <47D8505E.1030006@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Crumley wrote: > > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Tuesday, March 11, 2008 6:50 PM >> To: MailScanner discussion >> Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >> then hangs at 100 percent CPU >> >> * PGP Signed by an unverified key: 03/11/08 at 18:50:26 >> >> >> >> Steve Crumley wrote: >> >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Glenn Steen >>>> Sent: Tuesday, March 11, 2008 4:32 PM >>>> To: MailScanner discussion >>>> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >>>> then hangs at 100 percent CPU >>>> >>>> On 11/03/2008, Steve Crumley >>>> >> wrote: >> >>>> >>>> >>>>> > -----Original Message----- >>>>> > From: mailscanner-bounces@lists.mailscanner.info >>>>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>> >>>>> >>>>> >>>>>> Of Glenn Steen >>>>>> >>>>>> >>>>> > Sent: Tuesday, March 11, 2008 1:21 PM >>>>> > To: MailScanner discussion >>>>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >>>>> > then hangs at 100 percent CPU >>>>> > >>>>> > On 11/03/2008, Steve Crumley >>>>> >>>>> >>>> wrote: >>>> >>>> >>>>> > > >>>>> > > >>>>> > > > -----Original Message----- >>>>> > > > From: mailscanner-bounces@lists.mailscanner.info >>>>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] >>>>> >>>>> >>>> On Behalf >>>> >>>> >>>>> > > > Of --[ UxBoD ]-- >>>>> > > >>>>> > > > Sent: Tuesday, March 11, 2008 11:29 AM >>>>> > > > To: MailScanner discussion >>>>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >>>>> > > > then hangs at 100 percent CPU >>>>> > > > >>>>> > > >>>>> > > > do you have strace installed on the server ? if so when the >>>>> > > > process is running at 100% CPU connect to it and >>>>> >> see what it >> >>>>> > > > is doing. I had this before, but for the life of >>>>> >>>>> >>>> me I cannot >>>> >>>> >>>>> > > > remember what I changed to fix it :( >>>>> > > > >>>>> > > > Things to check :- >>>>> > > > >>>>> > > > 1) Permissions, are they all correct >>>>> > > > 2) Check MailScanner.conf again just to make sure no typos >>>>> > > > >>>>> > > > Regards, >>>>> > > > >>>>> > > > -- >>>>> > > >>>>> > > >>>>> > > Here is the output from strace: >>>>> > > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > The system had been running fine for over a year, I >>>>> >>>>> >>>> can't find any >>>> >>>> >>>>> > > permission or setting change thats doing this, but >>>>> >> I could be >> >>>>> > > overlooking something. >>>>> > > Thanks, >>>>> > > -Steve >>>>> > > >>>>> > Could perhaps be a busted SQLite SA cache? What does >>>>> >>>>> >>>> analyse_s (I >>>> >>>> >>>>> > don't remember if it is sacache or spamassassin_cache >>>>> >>>>> >>>> ... the command >>>> >>>> >>>>> > completion should take care of it:-) say? If it looks >>>>> >>>>> >>>> fishy, simply >>>> >>>> >>>>> > delete the SA cache file and restart MS. >>>>> > >>>>> > You've run MailScanner --lint, right? Nothing obvious >>>>> >> from that? >> >>>>> > >>>>> > Oh, and what av scanners do you use? Obviously not >>>>> >>>>> >>>> clamavmodule, but >>>> >>>> >>>>> > perhaps clamav or clamd? are those OK? >>>>> > >>>>> > Cheers >>>>> > -- >>>>> > -- Glenn >>>>> > email: glenn < dot > steen < at > gmail < dot > com >>>>> > work: glenn < dot > steen < at > ap1 < dot > se >>>>> >>>>> >>>>> >>>>>> -- >>>>>> >>>>>> >>>>> > MailScanner mailing list >>>>> > mailscanner@lists.mailscanner.info >>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> > >>>>> > Before posting, read http://wiki.mailscanner.info/posting >>>>> > >>>>> > Support MailScanner development - buy the book off the website! >>>>> > >>>>> >>>>> >>>>> >>>>> analyse_SpamAssassin_cache looks clean, MailScanner --lint >>>>> >>>>> >>>> is clean too. >>>> >>>> >>>>> I'm running clamd for AV but I've set virus scanning to no >>>>> >>>>> >>>> while working >>>> >>>> >>>>> on this. >>>>> >>>>> Thanks, >>>>> -Steve >>>>> >>>>> >>>> Couldn't be something easily mended, huh:-).... >>>> >>>> What you seem to have attached to above (with strace) would be the >>>> main MailScanner process, since it basically just wait for it's >>>> children to end... Or is it? What does a ps listing show (one that >>>> show the command argument list, since Jules rewrite it to >>>> >> show what it >> >>>> thinks it is basically doing)? >>>> Do the children restart endlessly when hung? How many children are >>>> there, and in what state? >>>> Cheers >>>> -- Glenn >>>> >>>> >>> >>> When I first started it with 8 children, they all end up >>> >> quickly hanging >> >>> and consuming CPU. For now, I've set it to 1 child and I've been >>> running in debug mode. The ps gives us a good clue! Its the only >>> mailscanner process and it reports "MailScanner: extracting >>> >> attachments" >> >>> Thanks, >>> -Steve >>> >>> >> In which case go into "sub Explode" in >> /usr/lib/MailScanner/MailScanner/Message.pm, and add some >> "print STDERR" >> lines to generate tracing output so you can see how far it gets. When >> you do a "MailScanner --debug" it will show you the STDERR >> debug output >> in the terminal session. >> > > > OK, Here is whats happening. Its using Explode in MessageBatch.pm and > not Message.pm. > Here is where it dies in MessageBatch.pm: > > sub Explode { > my $this = shift; > print STDERR "messagebatch\n"; #crumley > > my($key, $message); > > # jjh 2004-03-12 reap as many as we can. > # JKF Test 2004-11-23 1 until waitpid(-1, &POSIX::WNOHANG) == -1; > print STDERR "about to hang\n"; > 1 until waitpid(-1, WNOHANG) == -1; > print STDERR "we never get here\n"; > But as the comments in the code show, this code hasn't been touched since 2004. So I don't understand why you are just seeing a change in behaviour. I would suspect you have upgraded something else in your system. Are other people seeing the same problem? What OS, distro, version, kernel, etc are you running? Is anyone else running an identical system? If so, are they seeing the same symptoms? From the "perl-func" man page: waitpid PID,FLAGS Waits for a particular child process to terminate and returns the pid of the deceased process, or "-1" if there is no such child process. so it should reap processes until there aren't any left to be reaped. What does the documentation for waitpid say on your system? This is a POSIX function, so should be the same across most systems. If you take out the waitpid() call, you will collect processes, as they are terminating but never being reaped. So this call is very necessary. I'm not going to touch this code with a 10-foot barge pole unless I have *very* good reason to. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2FBiEfZZRxQVtlQRAl4eAJ0SzVj0VVnisBxaEqBH/FArFk5t9gCgvk/I UjetCsUZ1ZmEaLAA4+DJB7g= =hWp8 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 22:27:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 22:28:50 2008 Subject: Email filtering by attachments In-Reply-To: References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D82A12.7010704@ecs.soton.ac.uk> Message-ID: <47D858EA.70406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 3-12-2008 12:08 PM Julian Field spake the following: >> One question for you, I want to see what people think. >> When the original recipients are replaced with the recipient given in >> the forwarding rules for the attachments, what should be put in the >> addresses used for matching other rulesets? >> >> Should the message continue to match based on its original >> recipients, or should it match based on the new "forwarding rules" >> recipients? >> >> I suspect it doesn't matter either way, very much. But I want to hear >> your comments. >> > If it suddenly matches on the new recipient, could mail get stuck in a > loop if you weren't careful on your rulesets? But the rulesets don't contain loops... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: UTF-8 wj8DBQFH2Fj3EfZZRxQVtlQRAp4cAKDaoZvUoh8mFcH8rbh/XdnGDo6lxwCbB2ev NmRG2m//zE1gAp1Frk65CsM= =iVyj -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 12 22:35:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 12 22:35:50 2008 Subject: New beta release 4.68.3 Message-ID: <47D85AAF.2060405@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new beta, 4.68.3. This contains quite a lot of major new things, some of which are very much "behind the scenes" so I would appreciate it if people could test this out for me. The major new changes are mostly these: - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. - - Support for Vexira and Esets scanners updated. - - Major new delivery system for Web Bug Replacement image and phishing.bad.sites.conf file. This now uses an "anycast" content delivery network graciously provided by Matt Hampton, so big thanks to him. This should make Distributed Denial of Service attacks (which I suffered a couple of weeks ago) virtually impossible as the files are provided by a globally-distributed network of hosts all behind the same URL and IP address. - - New ability to forward messages to a list of email addresses if the messages contain filenames or filetypes matching the rules give in filename.rules.conf and filetype.rules.conf files. Download as usual from www.mailscanner.info. Please let me know how you get on with this release. Thanks folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2FqzEfZZRxQVtlQRAkafAKDWCl4needN4ZYGMKAnzMYeJBrjEwCfVR9e fmT9BeNMoHuvV+1LRQrg7y8= =shP6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at generalgau.com Wed Mar 12 22:28:07 2008 From: mailscanner at generalgau.com (Tom Rogers) Date: Wed Mar 12 22:42:08 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: <20080309133600.M53680@generalgau.com> References: <20080309133600.M53680@generalgau.com> Message-ID: <20080312222712.M14049@generalgau.com> Does anyone have any ideas on how to fix this? Thanks. On Sun, 9 Mar 2008 08:37:37 -0500, Tom Rogers wrote > "Have you disabled your custom sql blacklist stuff? Disabled your Mailwatch > stuff?" > > "Have you deleted the spamassasin cache file (regardless of using SA > or not)?" > > I tried both of those (sql/Mailwatch stuff and deleting the > spamassasin cache) and I still get the same results. > > >From the console: > > root@fatman:/var/lib/MailScanner# !/etc > /etc/init.d/mailscanner start > > Currently you are using no virus scanners. > This is probably not what you want. > > In your /etc/MailScanner/MailScanner.conf file, set > Virus Scanners = clamav > Then download > http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > Unpack it, "cd" into the directory and run ./install.sh > > In Debugging mode, not forking... > > >From /var/log/mail.info: > > Mar 9 09:30:38 generalgau MailScanner[31070]: MailScanner E-Mail Virus > Scanner version 4.57.6 starting... > > Mar 9 09:30:39 generalgau MailScanner[31070]: Read 759 hostnames > from the phishing whitelist > Mar 9 09:30:39 generalgau MailScanner[31070]: Using locktype = flock > > On Fri, 7 Mar 2008 21:36:15 +1000 (EST), Res wrote > > Have you disabled your custom sql blacklist stuff? Disabled your > > Mailwatch stuff? > > > > Have you deleted the spamassasin cache file (regardless of using SA > > or not)? > > > > ---------- Forwarded message ---------- > > Date: Fri, 7 Mar 2008 05:55:20 -0500 > > From: Tom Rogers > > Reply-To: MailScanner discussion > > To: MailScanner discussion > > Subject: Re: Mailscanner max'd out CPU/memory and not processing mail > > > > I'm 99.99% sure I didn't upgrade F-Prot recently, but to remove that > > from consideration, I changed the anti-virus from 'f-prot' to 'none'. > > > > Also changed the Max # of Child Processes to 1 as was recommended elsewhere. > > > > Same result as before. > > > > Tom Rogers > > > > On Fri, 07 Mar 2008 09:09:16 +0000, Julian Field wrote > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Have you recently upgraded F-Prot? The new version 6 is a lot slower > > > than the old version 4. You need my latest beta to get the code > > > which will make version 6 run quickly. > > > > > > Tom Rogers wrote: > > >> "Check for hardware faults. Does /proc/meminfo still agree with you on the > > >> amount of RAM in the box, for example?" > > >> > > >> Yes. > > >> > > >> root@fatman:/home/tom# cat /proc/meminfo > > >> MemTotal: 516048 kB > > >> MemFree: 426620 kB > > >> Buffers: 18412 kB > > >> Cached: 37576 kB > > >> SwapCached: 9316 kB > > >> Active: 35732 kB > > >> Inactive: 37024 kB > > >> HighTotal: 0 kB > > >> HighFree: 0 kB > > >> LowTotal: 516048 kB > > >> LowFree: 426620 kB > > >> SwapTotal: 1572856 kB > > >> SwapFree: 1504472 kB > > >> Dirty: 148 kB > > >> Writeback: 0 kB > > >> AnonPages: 12728 kB > > >> Mapped: 7576 kB > > >> Slab: 10104 kB > > >> SReclaimable: 3372 kB > > >> SUnreclaim: 6732 kB > > >> PageTables: 1160 kB > > >> NFS_Unstable: 0 kB > > >> Bounce: 0 kB > > >> CommitLimit: 1830880 kB > > >> Committed_AS: 293188 kB > > >> VmallocTotal: 507896 kB > > >> VmallocUsed: 3776 kB > > >> VmallocChunk: 504004 kB > > >> > > >> "What virus scanners are you using?" > > >> > > >> F-Prot. I have ClamAV installed, but don't use it. > > >> > > >> 'Run "MailScanner --lint" ' > > >> > > >> root@fatman:/home/tom# MailScanner --lint > > >> Read 759 hostnames from the phishing whitelist > > >> Config: calling custom init function SQLBlacklist > > >> Config: calling custom init function MailWatchLogging > > >> Config: calling custom init function SQLWhitelist > > >> MailScanner setting GID to (119) > > >> MailScanner setting UID to (111) > > >> > > >> Checking for SpamAssassin errors (if you use it)... > > >> lock.pl sees Config LockType = flock > > >> lock.pl sees have_module = 0 > > >> Using locktype = flock > > >> MailScanner.conf says "Virus Scanners = f-prot" > > >> Found these virus scanners installed: f-prot, clamavmodule > > >> > > >> > > >> root@fatman:/home/tom# cat /etc/passwd | grep 119 > > >> postfix:x:111:119::/var/spool/postfix:/bin/false > > >> > > >> 'as well as "MailScanner --debug" to check things out.' > > >> > > >> root@fatman:/home/tom# MailScanner --debug > > >> In Debugging mode, not forking... > > >> > > >> > > >> > > >> On Thu, 06 Mar 2008 22:11:20 +0000, Julian Field wrote > > >> > > >>> Check for hardware faults. Does /proc/meminfo still agree with you > > >>> on the amount of RAM in the box, for example? > > >>> > > >>> Sounds like you've already got 'Use SpamAssassin = no'. What virus > > >>> scanners are you using? If you are using clamavmodule, I would > > >>> switch to clamd if you can on your distro. > > >>> > > >>> Run "MailScanner --lint" as well as "MailScanner --debug" to check > > >>> things out. > > >>> > > >>> Tom Rogers wrote: > > >>> > > >>>> I've been using Mailscanner for a few years now with no problems. Two > weeks > > >>>> ago, I started to have a problem. > > >>>> > > >>>> When I run Mailscanner, it maxes out my CPU and the amount of memory it > uses > > >>>> keeps climbing and climbing, until it eats all available memory and > > basically > > >>>> freezes the system up. Mail is not processed from the Postfix hold queue. > > >>>> > > >>>> The system is basically used only by myself, for LAN file storage and > > email. > > >>>> It's a P2 333mhz, with 512mb of RAM, which has been just fine for my needs. > > >>>> > > >>>> Using Postfix for mail delivery; the OS is Ubuntu 6.04. > > >>>> > > >>>> I've disabled Spamassassin, but still have the same problem. > > >>>> > > >>>> Running Mailscanner in debug, I get the following: > > >>>> > > >>>> root@fatman:/home/tom# /etc/init.d/mailscanner start > > >>>> In Debugging mode, not forking... > > >>>> > > >>>> > > >>>>>From the /var/log/mail.info (nothing in the mail.err or mail.warn): > > >>>> > > >>>> Mar 6 16:10:48 fatman MailScanner[7063]: MailScanner E-Mail Virus Scanner > > >>>> version 4.57.6 starting... > > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Read 759 hostnames from the > > phishing > > >>>> whitelist > > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Config: calling custom init > > function > > >>>> SQLBlacklist > > >>>> Mar 6 16:10:49 fatman MailScanner[7063]: Starting up SQL Blacklist > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 0 blacklist entries > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init > > function > > >>>> MailWatchLogging > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Started SQL Logging child > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Config: calling custom init > > function > > >>>> SQLWhitelist > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Starting up SQL Whitelist > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Read 18 whitelist entries > > >>>> Mar 6 16:10:50 fatman MailScanner[7063]: Using locktype = flock > > >>>> > > >>>> After about 20 minutes, the CPU is still at around 98-99% and using > > 450+MB of > > >>>> RAM (on my installation, Mailscanner uses 60-70MB of RAM per instance). > > >>>> > > >>>> I've tried removing/purging/reinstalling Mailscanner, but keep coming up > > with > > >>>> the same results. > > >>>> > > >>>> > > >>> Jules > > >>> > > >>> -- > > >>> Julian Field MEng CITP CEng > > >>> www.MailScanner.info > > >>> Buy the MailScanner book at www.MailScanner.info/store > > >>> > > >>> MailScanner customisation, or any advanced system administration > > >>> help? Contact me at Jules@Jules.FM > > >>> > > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > >>> PGP public key: http://www.jules.fm/julesfm.asc > > >>> > > >>> -- > > >>> This message has been scanned for viruses and > > >>> dangerous content by MailScanner, and is > > >>> believed to be clean. > > >>> > > >>> -- > > >>> MailScanner mailing list > > >>> mailscanner@lists.mailscanner.info > > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > > >>> > > >>> Before posting, read http://wiki.mailscanner.info/posting > > >>> > > >>> Support MailScanner development - buy the book off the website! > > >>> > > >> > > >> > > > > > > Jules > > > > > > - -- > > > Julian Field MEng CITP CEng > > > www.MailScanner.info > > > Buy the MailScanner book at www.MailScanner.info/store > > > > > > Need help customising MailScanner? > > > Contact me! > > > Need help fixing or optimising your systems? > > > Contact me! > > > Need help getting you started solving new requirements from your > > > boss? Contact me! > > > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP Desktop 9.8.1 (Build 2523) > > > Comment: (pgp-secured) > > > Charset: ISO-8859-1 > > > > > > wj8DBQFH0QY9EfZZRxQVtlQRAviXAKCkEGNatCNbtgk0eJdqjFGZR1J9PgCeLFWe > > > nGeryqQq+SKRc4Hx4HS+NM4= > > > =J6aY > > > -----END PGP SIGNATURE----- > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. > > > > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From jim.barber at ddihealth.com Thu Mar 13 00:23:12 2008 From: jim.barber at ddihealth.com (Jim Barber) Date: Thu Mar 13 00:23:52 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <47D82D63.9040301@ecs.soton.ac.uk> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <47D82D63.9040301@ecs.soton.ac.uk> Message-ID: <47D873F0.4000007@ddihealth.com> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/82ec68e6/attachment.html From rcooper at dwford.com Thu Mar 13 00:43:14 2008 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 13 00:43:54 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <47D8505E.1030006@ecs.soton.ac.uk> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com><23152946.1431205249352659.JavaMail.root@office.splatnix.net><8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com><223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com><8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com><8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk><8775613110ACC349B6CF97F922E670E34501A7@kronos.secure-enterprise.com> <47D8505E.1030006@ecs.soton.ac.uk> Message-ID: <02c501c884a3$3899fa50$0301a8c0@SAHOMELT> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Julian Field > Sent: Wednesday, March 12, 2008 5:51 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 [...] > >> In which case go into "sub Explode" in > >> /usr/lib/MailScanner/MailScanner/Message.pm, and add some > >> "print STDERR" > >> lines to generate tracing output so you can see how far > it gets. When > >> you do a "MailScanner --debug" it will show you the STDERR > >> debug output > >> in the terminal session. > >> > > > > > > OK, Here is whats happening. Its using Explode in > MessageBatch.pm and > > not Message.pm. > > Here is where it dies in MessageBatch.pm: > > > > sub Explode { > > my $this = shift; > > print STDERR "messagebatch\n"; #crumley > > > > my($key, $message); > > > > # jjh 2004-03-12 reap as many as we can. > > # JKF Test 2004-11-23 1 until waitpid(-1, &POSIX::WNOHANG) == -1; > > print STDERR "about to hang\n"; > > 1 until waitpid(-1, WNOHANG) == -1; > > print STDERR "we never get here\n"; > > > But as the comments in the code show, this code hasn't been touched > since 2004. So I don't understand why you are just seeing a > change in > behaviour. I would suspect you have upgraded something else > in your system. I missed a bunch of this and I could go back and read but I will ask instead... Have you had a look at what the hanging process is doing yet with lsof? Particularly lsof +r -p ? > > Are other people seeing the same problem? > What OS, distro, version, kernel, etc are you running? > Is anyone else running an identical system? > If so, are they seeing the same symptoms? > > From the "perl-func" man page: > waitpid PID,FLAGS > Waits for a particular child process to > terminate and returns > the pid of the deceased process, or "-1" if > there is no such > child process. > so it should reap processes until there aren't any left to > be reaped. > What does the documentation for waitpid say on your system? > This is a > POSIX function, so should be the same across most systems. > > If you take out the waitpid() call, you will collect > processes, as they are terminating but never being reaped. > So this call > is very necessary. > > I'm not going to touch this code with a 10-foot barge pole > unless I have > *very* good reason to. > > Jules -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Thu Mar 13 03:22:13 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 13 03:23:08 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D85AAF.2060405@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> The logging for SA_Actions is working. But I have a question, is this to correct action to get such messages to be dropped "non-delivery,delete" or should just "delete" work? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, March 12, 2008 6:35 PM To: MailScanner discussion Subject: New beta release 4.68.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released a new beta, 4.68.3. This contains quite a lot of major new things, some of which are very much "behind the scenes" so I would appreciate it if people could test this out for me. The major new changes are mostly these: - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. - - Support for Vexira and Esets scanners updated. - - Major new delivery system for Web Bug Replacement image and phishing.bad.sites.conf file. This now uses an "anycast" content delivery network graciously provided by Matt Hampton, so big thanks to him. This should make Distributed Denial of Service attacks (which I suffered a couple of weeks ago) virtually impossible as the files are provided by a globally-distributed network of hosts all behind the same URL and IP address. - - New ability to forward messages to a list of email addresses if the messages contain filenames or filetypes matching the rules give in filename.rules.conf and filetype.rules.conf files. Download as usual from www.mailscanner.info. Please let me know how you get on with this release. Thanks folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2FqzEfZZRxQVtlQRAkafAKDWCl4needN4ZYGMKAnzMYeJBrjEwCfVR9e fmT9BeNMoHuvV+1LRQrg7y8= =shP6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From scrumley at secure-enterprise.com Thu Mar 13 04:19:16 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Thu Mar 13 04:19:51 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <47D8505E.1030006@ecs.soton.ac.uk> Message-ID: <8775613110ACC349B6CF97F922E670E33F79A2@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Julian Field > Sent: Wednesday, March 12, 2008 5:51 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > then hangs at 100 percent CPU > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Steve Crumley wrote: > > > > > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >> Of Julian Field > >> Sent: Tuesday, March 11, 2008 6:50 PM > >> To: MailScanner discussion > >> Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch > >> then hangs at 100 percent CPU > >> > >> * PGP Signed by an unverified key: 03/11/08 at 18:50:26 > >> > >> > >> > >> Steve Crumley wrote: > >> > >>> > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: mailscanner-bounces@lists.mailscanner.info > >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>>> Of Glenn Steen > >>>> Sent: Tuesday, March 11, 2008 4:32 PM > >>>> To: MailScanner discussion > >>>> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >>>> then hangs at 100 percent CPU > >>>> > >>>> On 11/03/2008, Steve Crumley > >>>> > >> wrote: > >> > >>>> > >>>> > >>>>> > -----Original Message----- > >>>>> > From: mailscanner-bounces@lists.mailscanner.info > >>>>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > >>>>> > >>>>> > >>>>> > >>>>>> Of Glenn Steen > >>>>>> > >>>>>> > >>>>> > Sent: Tuesday, March 11, 2008 1:21 PM > >>>>> > To: MailScanner discussion > >>>>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > >>>>> > then hangs at 100 percent CPU > >>>>> > > >>>>> > On 11/03/2008, Steve Crumley > >>>>> > >>>>> > >>>> wrote: > >>>> > >>>> > >>>>> > > > >>>>> > > > >>>>> > > > -----Original Message----- > >>>>> > > > From: mailscanner-bounces@lists.mailscanner.info > >>>>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] > >>>>> > >>>>> > >>>> On Behalf > >>>> > >>>> > >>>>> > > > Of --[ UxBoD ]-- > >>>>> > > > >>>>> > > > Sent: Tuesday, March 11, 2008 11:29 AM > >>>>> > > > To: MailScanner discussion > >>>>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner > scans a batch > >>>>> > > > then hangs at 100 percent CPU > >>>>> > > > > >>>>> > > > >>>>> > > > do you have strace installed on the server ? if > so when the > >>>>> > > > process is running at 100% CPU connect to it and > >>>>> > >> see what it > >> > >>>>> > > > is doing. I had this before, but for the life of > >>>>> > >>>>> > >>>> me I cannot > >>>> > >>>> > >>>>> > > > remember what I changed to fix it :( > >>>>> > > > > >>>>> > > > Things to check :- > >>>>> > > > > >>>>> > > > 1) Permissions, are they all correct > >>>>> > > > 2) Check MailScanner.conf again just to make > sure no typos > >>>>> > > > > >>>>> > > > Regards, > >>>>> > > > > >>>>> > > > -- > >>>>> > > > >>>>> > > > >>>>> > > Here is the output from strace: > >>>>> > > > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> > > The system had been running fine for over a year, I > >>>>> > >>>>> > >>>> can't find any > >>>> > >>>> > >>>>> > > permission or setting change thats doing this, but > >>>>> > >> I could be > >> > >>>>> > > overlooking something. > >>>>> > > Thanks, > >>>>> > > -Steve > >>>>> > > > >>>>> > Could perhaps be a busted SQLite SA cache? What does > >>>>> > >>>>> > >>>> analyse_s (I > >>>> > >>>> > >>>>> > don't remember if it is sacache or spamassassin_cache > >>>>> > >>>>> > >>>> ... the command > >>>> > >>>> > >>>>> > completion should take care of it:-) say? If it looks > >>>>> > >>>>> > >>>> fishy, simply > >>>> > >>>> > >>>>> > delete the SA cache file and restart MS. > >>>>> > > >>>>> > You've run MailScanner --lint, right? Nothing obvious > >>>>> > >> from that? > >> > >>>>> > > >>>>> > Oh, and what av scanners do you use? Obviously not > >>>>> > >>>>> > >>>> clamavmodule, but > >>>> > >>>> > >>>>> > perhaps clamav or clamd? are those OK? > >>>>> > > >>>>> > Cheers > >>>>> > -- > >>>>> > -- Glenn > >>>>> > email: glenn < dot > steen < at > gmail < dot > com > >>>>> > work: glenn < dot > steen < at > ap1 < dot > se > >>>>> > >>>>> > >>>>> > >>>>>> -- > >>>>>> > >>>>>> > >>>>> > MailScanner mailing list > >>>>> > mailscanner@lists.mailscanner.info > >>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>>>> > > >>>>> > Before posting, read http://wiki.mailscanner.info/posting > >>>>> > > >>>>> > Support MailScanner development - buy the book off > the website! > >>>>> > > >>>>> > >>>>> > >>>>> > >>>>> analyse_SpamAssassin_cache looks clean, MailScanner --lint > >>>>> > >>>>> > >>>> is clean too. > >>>> > >>>> > >>>>> I'm running clamd for AV but I've set virus scanning to no > >>>>> > >>>>> > >>>> while working > >>>> > >>>> > >>>>> on this. > >>>>> > >>>>> Thanks, > >>>>> -Steve > >>>>> > >>>>> > >>>> Couldn't be something easily mended, huh:-).... > >>>> > >>>> What you seem to have attached to above (with strace) > would be the > >>>> main MailScanner process, since it basically just wait for it's > >>>> children to end... Or is it? What does a ps listing show > (one that > >>>> show the command argument list, since Jules rewrite it to > >>>> > >> show what it > >> > >>>> thinks it is basically doing)? > >>>> Do the children restart endlessly when hung? How many > children are > >>>> there, and in what state? > >>>> Cheers > >>>> -- Glenn > >>>> > >>>> > >>> > >>> When I first started it with 8 children, they all end up > >>> > >> quickly hanging > >> > >>> and consuming CPU. For now, I've set it to 1 child and I've been > >>> running in debug mode. The ps gives us a good clue! Its the only > >>> mailscanner process and it reports "MailScanner: extracting > >>> > >> attachments" > >> > >>> Thanks, > >>> -Steve > >>> > >>> > >> In which case go into "sub Explode" in > >> /usr/lib/MailScanner/MailScanner/Message.pm, and add some > >> "print STDERR" > >> lines to generate tracing output so you can see how far it > gets. When > >> you do a "MailScanner --debug" it will show you the STDERR > >> debug output > >> in the terminal session. > >> > > > > > > OK, Here is whats happening. Its using Explode in > MessageBatch.pm and > > not Message.pm. > > Here is where it dies in MessageBatch.pm: > > > > sub Explode { > > my $this = shift; > > print STDERR "messagebatch\n"; #crumley > > > > my($key, $message); > > > > # jjh 2004-03-12 reap as many as we can. > > # JKF Test 2004-11-23 1 until waitpid(-1, &POSIX::WNOHANG) == -1; > > print STDERR "about to hang\n"; > > 1 until waitpid(-1, WNOHANG) == -1; > > print STDERR "we never get here\n"; > > > But as the comments in the code show, this code hasn't been touched > since 2004. So I don't understand why you are just seeing a change in > behaviour. I would suspect you have upgraded something else > in your system. > > Are other people seeing the same problem? > What OS, distro, version, kernel, etc are you running? > Is anyone else running an identical system? > If so, are they seeing the same symptoms? > > From the "perl-func" man page: > waitpid PID,FLAGS > Waits for a particular child process to > terminate and returns > the pid of the deceased process, or "-1" if > there is no such > child process. > so it should reap processes until there aren't any left to be reaped. > What does the documentation for waitpid say on your system? This is a > POSIX function, so should be the same across most systems. > > If you take out the waitpid() call, you will collect > processes, as they are terminating but never being reaped. So > this call > is very necessary. > > I'm not going to touch this code with a 10-foot barge pole > unless I have > *very* good reason to. > > Jules > > - -- > Julian Field MEng CITP CEng Julian, I really appreciate you looking at this. I understand this code hasn't changed and I'm certianly not suggesting you change it now. I'm just trying to track this down. I'm running a pretty standard Centos 4.6 system plus the rpmforge repositories so I'm guessing someone else may run into this as well. I think you are probably right, something else on the system may be involved. Everything is up to date with a "yum upgrade". I just don't have a clue as to what could be causing this. Thanks, -Steve From mcwh65 at gmail.com Thu Mar 13 04:56:07 2008 From: mcwh65 at gmail.com (Michael Choo) Date: Thu Mar 13 04:56:48 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: References: Message-ID: I'm planning to build a new MailScanner sever to off load my current server (FreeBSD 6.3 P4 2.0Ghz, 1.5Gb RAM, 2x80 GB gmirrored disks), currently handling about 110K mails a day (90% rejected at MTA level). Average CPU utilisation is about 60-80% Am thinking of 64bit FreeBSD 7 on dual quad core Xeons (2.0Ghz) with 8GB RAM. > > Right now I'd be sticking with 32 bit - there's still a few gotcha's > with some applications running in 64bit - MS isn't on of then, but > some of the perl modules can have fun sometimes.. > Are there any known instances of perl modules not behaving in 64bit mode? Anyone out here running Mailscanner on 64bit intel servers? cheers -Mike From MailScanner at ecs.soton.ac.uk Thu Mar 13 08:47:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 08:47:54 2008 Subject: New beta release 4.68.3 In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> References: <47D85AAF.2060405@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D8EA0E.1060305@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > The logging for SA_Actions is working. But I have a question, is this > to correct action to get such messages to be dropped > "non-delivery,delete" or should just "delete" work? > If the Spam Actions included "deliver" then you'll need to include a "non-deliver" or "not-deliver" (or "no-deliver"). It works by massaging the delivery options that are already set. I could make this a special case I guess if you would prefer. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Wednesday, March 12, 2008 6:35 PM > To: MailScanner discussion > Subject: New beta release 4.68.3 > > > * PGP Bad Signature, Signed by an unverified key: 03/12/08 at 22:35:31 > > I have just released a new beta, 4.68.3. > This contains quite a lot of major new things, some of which are very > much "behind the scenes" so I would appreciate it if people could test > this out for me. > > The major new changes are mostly these: > - Support for F-Prot version 6 scanning daemon, fpscand. This is very > fast. > - Support for Vexira and Esets scanners updated. > - Major new delivery system for Web Bug Replacement image and > phishing.bad.sites.conf file. This now uses an "anycast" content > delivery network graciously provided by Matt Hampton, so big thanks to > him. This should make Distributed Denial of Service attacks (which I > suffered a couple of weeks ago) virtually impossible as the files are > provided by a globally-distributed network of hosts all behind the same > URL and IP address. > - New ability to forward messages to a list of email addresses if the > messages contain filenames or filetypes matching the rules give in > filename.rules.conf and filetype.rules.conf files. > > Download as usual from www.mailscanner.info. > > Please let me know how you get on with this release. > Thanks folks! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654 - Unverified(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT dxvJup3IppeyoGCKfFXqAIs= =uEGl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 08:48:38 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 08:48:57 2008 Subject: FreeBSD 7.0, MS, MW, ClamAV, 8gb with 64bit or 4 gb with 32bit In-Reply-To: References: Message-ID: <47D8EA66.1070309@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Choo wrote: > I'm planning to build a new MailScanner sever to off load my current > server (FreeBSD 6.3 P4 2.0Ghz, 1.5Gb RAM, 2x80 GB gmirrored disks), > currently handling about 110K mails a day (90% rejected at MTA level). > Average CPU utilisation is about 60-80% > > Am thinking of 64bit FreeBSD 7 on dual quad core Xeons (2.0Ghz) with > 8GB RAM. > >> >> Right now I'd be sticking with 32 bit - there's still a few gotcha's >> with some applications running in 64bit - MS isn't on of then, but >> some of the perl modules can have fun sometimes.. >> > > Are there any known instances of perl modules not behaving in 64bit mode? Should work just fine, only problems I have had are with sophossavi not building in 64-bit mode due to lack of 64-bit SAVI libraries. > > Anyone out here running Mailscanner on 64bit intel servers? Yes, quite a few. > > cheers > -Mike Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH2OpnEfZZRxQVtlQRAunEAJ9oEx4CN96/JgTzGzDvvpLxajEJxwCgtPs9 V+QE2l9t8KVX1c/ucIeO3jE= =2YXM -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 13 09:41:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 13 09:41:50 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <47D83241.5040702@ecs.soton.ac.uk> References: <8775613110ACC349B6CF97F922E670E345017B@kronos.secure-enterprise.com> <8775613110ACC349B6CF97F922E670E3450182@kronos.secure-enterprise.com> <223f97700803111021y75a96e40q7da65f10e6ab9b1@mail.gmail.com> <8775613110ACC349B6CF97F922E670E345018A@kronos.secure-enterprise.com> <223f97700803111332q2fb98961ub9afafad611cf3ce@mail.gmail.com> <8775613110ACC349B6CF97F922E670E3450195@kronos.secure-enterprise.com> <47D70CB1.6050207@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E345019F@kronos.secure-enterprise.com> <223f97700803121205n59c4476bh61b6fcfa40abaebc@mail.gmail.com> <47D83241.5040702@ecs.soton.ac.uk> Message-ID: <223f97700803130241x340349b1we3cf73461c965af9@mail.gmail.com> On 12/03/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > Glenn Steen wrote: (snip) >> > > I wonder if STDERR is unbuffered (too lazy/tired to go look it up...:) > > ... Jules? Else you might need do that to get reliable error > > printing... > > > > STDERR is unbuffered. > Of course it is... What a "testament" to my tiredness... Oh well, all better now, after a full nights sleep:-). Sorry. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Mar 13 10:00:08 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 13 10:00:42 2008 Subject: Mailscanner max'd out CPU/memory and not processing mail (fwd) In-Reply-To: <20080312222712.M14049@generalgau.com> References: <20080309133600.M53680@generalgau.com> <20080312222712.M14049@generalgau.com> Message-ID: <223f97700803130300j3c69ce39i2bed7442ca23b18c@mail.gmail.com> On 12/03/2008, Tom Rogers wrote: > Does anyone have any ideas on how to fix this? > > > Thanks. > Tom, ... Do what? I've asked repeatedly (and nicely:-) for more information to work with, and have asked you to look at the "usual culprits in the hold queue"... And you've answered with silence... So what do you think? We should use ESP here, perhaps:-):-). As I said before, I think the things you've looked at so far are unrelated to your problem... Check your hold queue first ("ls -ltr|head 30"... any really old files? any files not conforming to queue ID names, can you postcat them? Do they look "sane"?), then we might start looking at other things, like possible Postfix version upgrade borking things, perl modules etc etc etc. Without a dialog though... I can do nothing for you. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Thu Mar 13 12:59:23 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 13 13:00:02 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D8EA0E.1060305@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> Sorry, what I mean is shouldn't delete be the same thing as "non-delivery". Currently I have to specify both non-delivery & delete. If I just specify delete, the message still comes thru even though in the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused action delete in message m2DBtuAu029683" -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 13, 2008 4:47 AM To: MailScanner discussion Subject: Re: New beta release 4.68.3 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > The logging for SA_Actions is working. But I have a question, is this > to correct action to get such messages to be dropped > "non-delivery,delete" or should just "delete" work? > If the Spam Actions included "deliver" then you'll need to include a "non-deliver" or "not-deliver" (or "no-deliver"). It works by massaging the delivery options that are already set. I could make this a special case I guess if you would prefer. > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Wednesday, March 12, 2008 6:35 PM > To: MailScanner discussion > Subject: New beta release 4.68.3 > > > * PGP Bad Signature, Signed by an unverified key: 03/12/08 at 22:35:31 > > I have just released a new beta, 4.68.3. > This contains quite a lot of major new things, some of which are very > much "behind the scenes" so I would appreciate it if people could test > this out for me. > > The major new changes are mostly these: > - Support for F-Prot version 6 scanning daemon, fpscand. This is very > fast. > - Support for Vexira and Esets scanners updated. > - Major new delivery system for Web Bug Replacement image and > phishing.bad.sites.conf file. This now uses an "anycast" content > delivery network graciously provided by Matt Hampton, so big thanks to > him. This should make Distributed Denial of Service attacks (which I > suffered a couple of weeks ago) virtually impossible as the files are > provided by a globally-distributed network of hosts all behind the > same URL and IP address. > - New ability to forward messages to a list of email addresses if the > messages contain filenames or filetypes matching the rules give in > filename.rules.conf and filetype.rules.conf files. > > Download as usual from www.mailscanner.info. > > Please let me know how you get on with this release. > Thanks folks! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654 - Unverified(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT dxvJup3IppeyoGCKfFXqAIs= =uEGl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Mar 13 13:35:20 2008 From: devonharding at gmail.com (Devon Harding) Date: Thu Mar 13 13:35:55 2008 Subject: FC8 Perl Message-ID: <2baac6140803130635of851ccdj6a12aa429c560339@mail.gmail.com> I'm trying to update perl (perl-5.8.8-36.fc8) on FC8 and I'm getting conflicts with whats installed by MailScanner. How can I fix this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/1e58d92f/attachment.html From MailScanner at ecs.soton.ac.uk Thu Mar 13 14:40:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 14:41:21 2008 Subject: FC8 Perl In-Reply-To: <2baac6140803130635of851ccdj6a12aa429c560339@mail.gmail.com> References: <2baac6140803130635of851ccdj6a12aa429c560339@mail.gmail.com> Message-ID: <47D93CE8.5050208@ecs.soton.ac.uk> Uninstall the problematic perl module RPMs, update Perl and then re-install MailScanner. Devon Harding wrote: > I'm trying to update perl (perl-5.8.8-36.fc8) on FC8 and I'm getting > conflicts with whats installed by MailScanner. How can I fix this? > > -Devon Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 14:45:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 14:46:10 2008 Subject: New beta release 4.68.3 In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D93E22.8010300@ecs.soton.ac.uk> Fixed for the next release. I have added a line that deletes the "deliver" action if the "delete" action has been supplied. Okay with you? Jules. Rose, Bobby wrote: > Sorry, what I mean is shouldn't delete be the same thing as > "non-delivery". Currently I have to specify both non-delivery & delete. > If I just specify delete, the message still comes thru even though in > the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused > action delete in message m2DBtuAu029683" > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, March 13, 2008 4:47 AM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rose, Bobby wrote: > >> The logging for SA_Actions is working. But I have a question, is this >> > > >> to correct action to get such messages to be dropped >> "non-delivery,delete" or should just "delete" work? >> >> > If the Spam Actions included "deliver" then you'll need to include a > "non-deliver" or "not-deliver" (or "no-deliver"). It works by massaging > the delivery options that are already set. I could make this a special > case I guess if you would prefer. > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Wednesday, March 12, 2008 6:35 PM >> To: MailScanner discussion >> Subject: New beta release 4.68.3 >> >> >> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at 22:35:31 >> >> I have just released a new beta, 4.68.3. >> This contains quite a lot of major new things, some of which are very >> much "behind the scenes" so I would appreciate it if people could test >> > > >> this out for me. >> >> The major new changes are mostly these: >> - Support for F-Prot version 6 scanning daemon, fpscand. This is very >> fast. >> - Support for Vexira and Esets scanners updated. >> - Major new delivery system for Web Bug Replacement image and >> phishing.bad.sites.conf file. This now uses an "anycast" content >> delivery network graciously provided by Matt Hampton, so big thanks to >> > > >> him. This should make Distributed Denial of Service attacks (which I >> suffered a couple of weeks ago) virtually impossible as the files are >> provided by a globally-distributed network of hosts all behind the >> same URL and IP address. >> - New ability to forward messages to a list of email addresses if the >> messages contain filenames or filetypes matching the rules give in >> filename.rules.conf and filetype.rules.conf files. >> >> Download as usual from www.mailscanner.info. >> >> Please let me know how you get on with this release. >> Thanks folks! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> * Julian Field >> * 0x1415B654 - Unverified(L) >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT > dxvJup3IppeyoGCKfFXqAIs= > =uEGl > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Sylvain.Phaneuf at imsu.ox.ac.uk Thu Mar 13 14:52:06 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Thu Mar 13 14:53:01 2008 Subject: Sophos Error message In-Reply-To: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> References: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> Message-ID: <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> Sorry to be so picky... Is there a way to fix this without having to install the latest stable version? I am away from the office for a couple of weeks and I don't want to do an installation remotely... Perhaps a new Sophos.install just for me? :-) Or a quick how-to to add the missing symlinks, or whatever a quick fix could be? Regards, Sylvain -- ============================================ Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 Information Management Services Unit - Medical Sciences Division Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 Oxford OX3 9DU England ============================================ >>> On 07/03/2008 at 14:18, "Martin.Hepworth" wrote: > Louie > > Latest stable fixes the issue. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of louie >> Sent: 07 March 2008 12:54 >> To: mailscanner@lists.mailscanner.info >> Subject: Re: Sophos Error message >> >> Howard Robinson Harper-Adams.ac.uk> writes: >> >> > >> > Dear list >> > I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's >> routine >> /usr/sbin/Sophos.install >> > >> > It appeared to run through okay but seemed fast! >> > Anyway on restarting MailScanner I get the following in the Maillog and >> emails >> refused to move in or out. >> > >> > "SophosSAVI ERROR:: getting version: One of the files in a split-virus >> data >> set could not be located (557)" >> > >> > Any ideas >> > I had a quick look at WIKI but nothing appeared to be relevant . >> > >> > In the end I had to rem out sophos from list of virus scanners used to >> get >> email flowing again. Two others are >> > still there and so we are not unprotected but I like Sophos and usually >> it >> updates ok >> > >> > Any help appreciated. >> > >> > Thanks >> > Have a good weekend. >> > >> > Regards >> > >> > Howard Robinson, >> > (Senior Technical Development Officer), >> > Harper Adams University College, >> > Edgmond, >> > Newport, >> > Shropshire , >> > TF10 8NB. >> > >> > Tel. Direct 01952 815253 >> > Tel. Switch Board 01952 820280 >> > Fax 01952 814783 >> > Email hrobinson harper-adams.ac.uk >> > Web www.harper-adams.ac.uk >> > >> Hi Howard, >> >> I also have the similar problem, have you solved for it? >> >> Thanks, >> Louie >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Thu Mar 13 15:10:01 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 13 15:10:44 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D93E22.8010300@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> Sweet, thanks. Just thought it was oddity since another postmaster here asked about it when they saw the log actions. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 13, 2008 10:46 AM To: MailScanner discussion Subject: Re: New beta release 4.68.3 Fixed for the next release. I have added a line that deletes the "deliver" action if the "delete" action has been supplied. Okay with you? Jules. Rose, Bobby wrote: > Sorry, what I mean is shouldn't delete be the same thing as > "non-delivery". Currently I have to specify both non-delivery & delete. > If I just specify delete, the message still comes thru even though in > the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused > action delete in message m2DBtuAu029683" > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Thursday, March 13, 2008 4:47 AM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Rose, Bobby wrote: > >> The logging for SA_Actions is working. But I have a question, is >> this >> > > >> to correct action to get such messages to be dropped >> "non-delivery,delete" or should just "delete" work? >> >> > If the Spam Actions included "deliver" then you'll need to include a > "non-deliver" or "not-deliver" (or "no-deliver"). It works by > massaging the delivery options that are already set. I could make this > a special case I guess if you would prefer. > >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Wednesday, March 12, 2008 6:35 PM >> To: MailScanner discussion >> Subject: New beta release 4.68.3 >> >> >> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at >> 22:35:31 >> >> I have just released a new beta, 4.68.3. >> This contains quite a lot of major new things, some of which are very >> much "behind the scenes" so I would appreciate it if people could >> test >> > > >> this out for me. >> >> The major new changes are mostly these: >> - Support for F-Prot version 6 scanning daemon, fpscand. This is very >> fast. >> - Support for Vexira and Esets scanners updated. >> - Major new delivery system for Web Bug Replacement image and >> phishing.bad.sites.conf file. This now uses an "anycast" content >> delivery network graciously provided by Matt Hampton, so big thanks >> to >> > > >> him. This should make Distributed Denial of Service attacks (which I >> suffered a couple of weeks ago) virtually impossible as the files are >> provided by a globally-distributed network of hosts all behind the >> same URL and IP address. >> - New ability to forward messages to a list of email addresses if the >> messages contain filenames or filetypes matching the rules give in >> filename.rules.conf and filetype.rules.conf files. >> >> Download as usual from www.mailscanner.info. >> >> Please let me know how you get on with this release. >> Thanks folks! >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> * Julian Field >> * 0x1415B654 - Unverified(L) >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: (pgp-secured) > Charset: ISO-8859-1 > > wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT > dxvJup3IppeyoGCKfFXqAIs= > =uEGl > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From bernardo_ehlinux at yahoo.com.br Thu Mar 13 15:27:48 2008 From: bernardo_ehlinux at yahoo.com.br (Bernardo Goulart de Faria) Date: Thu Mar 13 15:28:23 2008 Subject: Problems in write maillog to SQL Message-ID: <973618.47548.qm@web53511.mail.re2.yahoo.com> Hello, I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. Ifollowed the guide instructions for the site. On file header_check ofpostfix, I put / ^ Received: / HOLD, set all permissions in /var/postfix and /var/MailScanner. I installed the MailWatch andchanged information, User and Password in MailWatch.pm andSQLBlacklist.pm, moved to /usr/lib/MailScanner/MailScanner/CustomFunctions/. Start the MailScanner and everything worksnormally, but the messages are not recorded in the table in MySQLmaillog. The permissions of GRANT in the bank also has been set. Tanks! Faria, Bernardo Abra sua conta no Yahoo! Mail, o ?nico sem limite de espa?o para armazenamento! http://br.mail.yahoo.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/e3a8b96b/attachment.html From martinh at solidstatelogic.com Thu Mar 13 15:34:19 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Mar 13 15:34:54 2008 Subject: Sophos Error message In-Reply-To: <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <5ac8d84d57c41644b76316e1f14bfa5d@solidstatelogic.com> Sylvain It's the Sophos virus signature update code that was fixed from what see in the change log. Installs remotely should be fine..or you want me to pop down the road ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Sylvain Phaneuf > Sent: 13 March 2008 14:52 > To: MailScanner discussion > Subject: RE: Sophos Error message > > Sorry to be so picky... Is there a way to fix this without having to > install the latest stable version? > > I am away from the office for a couple of weeks and I don't want to do an > installation remotely... > > Perhaps a new Sophos.install just for me? :-) > > Or a quick how-to to add the missing symlinks, or whatever a quick fix > could be? > > > Regards, > > Sylvain > -- > > ============================================ > Sylvain Phaneuf --- Systems Manager | phone : +44 (0)1865 221323 > Information Management Services Unit - Medical Sciences Division > Oxford University | email : sylvain.phaneuf@imsu.ox.ac.uk > Room 3A25B John Radcliffe Hospital | fax : +44 (0) 1865 221322 > Oxford OX3 9DU England > ============================================ > > > >>> On 07/03/2008 at 14:18, "Martin.Hepworth" > wrote: > > Louie > > > > Latest stable fixes the issue. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of louie > >> Sent: 07 March 2008 12:54 > >> To: mailscanner@lists.mailscanner.info > >> Subject: Re: Sophos Error message > >> > >> Howard Robinson Harper-Adams.ac.uk> writes: > >> > >> > > >> > Dear list > >> > I have updated Sophos using Linux.intel.libc6.tar.Z using Julian's > >> routine > >> /usr/sbin/Sophos.install > >> > > >> > It appeared to run through okay but seemed fast! > >> > Anyway on restarting MailScanner I get the following in the Maillog > and > >> emails > >> refused to move in or out. > >> > > >> > "SophosSAVI ERROR:: getting version: One of the files in a split- > virus > >> data > >> set could not be located (557)" > >> > > >> > Any ideas > >> > I had a quick look at WIKI but nothing appeared to be relevant . > >> > > >> > In the end I had to rem out sophos from list of virus scanners used > to > >> get > >> email flowing again. Two others are > >> > still there and so we are not unprotected but I like Sophos and > usually > >> it > >> updates ok > >> > > >> > Any help appreciated. > >> > > >> > Thanks > >> > Have a good weekend. > >> > > >> > Regards > >> > > >> > Howard Robinson, > >> > (Senior Technical Development Officer), > >> > Harper Adams University College, > >> > Edgmond, > >> > Newport, > >> > Shropshire , > >> > TF10 8NB. > >> > > >> > Tel. Direct 01952 815253 > >> > Tel. Switch Board 01952 820280 > >> > Fax 01952 814783 > >> > Email hrobinson harper-adams.ac.uk > >> > Web www.harper-adams.ac.uk > >> > > >> Hi Howard, > >> > >> I also have the similar problem, have you solved for it? > >> > >> Thanks, > >> Louie > >> > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > > > ********************************************************************** > > Confidentiality : This e-mail and any attachments are intended for the > > addressee only and may be confidential. If they come to you in error > > you must take no action based on them, nor must you copy or show them > > to anyone. Please advise the sender by replying to this e-mail > > immediately and then delete the original from your computer. > > Opinion : Any opinions expressed in this e-mail are entirely those of > > the author and unless specifically stated to the contrary, are not > > necessarily those of the author's employer. > > Security Warning : Internet e-mail is not necessarily a secure > > communications medium and can be subject to data corruption. We advise > > that you consider this fact when e-mailing us. > > Viruses : We have taken steps to ensure that this e-mail and any > > attachments are free from known viruses but in keeping with good > > computing practice, you should ensure that they are virus free. > > > > Red Lion 49 Ltd T/A Solid State Logic > > Registered as a limited company in England and Wales > > (Company No:5362730) > > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > > United Kingdom > > ********************************************************************** > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From martinh at solidstatelogic.com Thu Mar 13 15:36:22 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Thu Mar 13 15:36:32 2008 Subject: Problems in write maillog to SQL In-Reply-To: <973618.47548.qm@web53511.mail.re2.yahoo.com> Message-ID: <2cf0d482157bbf4292d3340360d6c512@solidstatelogic.com> Bernardo... Did you put the change to "always looked up last" in Mailscanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Bernardo Goulart de Faria > Sent: 13 March 2008 15:28 > To: mailscanner@lists.mailscanner.info > Subject: Problems in write maillog to SQL > > Hello, > > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 Distrib > 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. > > > I followed the guide instructions for the site. On file header_check of > postfix, I put / ^ Received: / HOLD, set all permissions in /var/postfix > and /var/MailScanner. I installed the MailWatch and changed information, > User and Password in MailWatch.pm and SQLBlacklist.pm, moved to > /usr/lib/MailScanner/MailScanner/CustomFunctions/. > Start the MailScanner and everything works normally, but the messages are > not recorded in the table in MySQL maillog. The permissions of GRANT in > the bank also has been set. > > Tanks! > Faria, Bernardo > > > ________________________________ > > Abra sua conta no Yahoo! Mail > , o > ?nico sem limite de espa?o para armazenamento! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Thu Mar 13 15:36:13 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 15:37:01 2008 Subject: Sophos Error message In-Reply-To: <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> References: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> Message-ID: <47D949ED.90401@ecs.soton.ac.uk> You just need to replace /usr/lib/MailScanner/sophos-autoupdate. A new one is attached. Sylvain Phaneuf wrote: > Sorry to be so picky... Is there a way to fix this without having to install the latest stable version? > > I am away from the office for a couple of weeks and I don't want to do an installation remotely... > > Perhaps a new Sophos.install just for me? :-) > > Or a quick how-to to add the missing symlinks, or whatever a quick fix could be? > > > Regards, > > Sylvain > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: sophos-autoupdate.zip Type: application/x-zip-compressed Size: 2195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/3263e939/sophos-autoupdate.bin From Kevin_Miller at ci.juneau.ak.us Thu Mar 13 15:43:19 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Mar 13 15:42:53 2008 Subject: Email filtering by attachments In-Reply-To: References: <47D797A0.1010700@ecs.soton.ac.uk> <47D7A812.3080107@ecs.soton.ac.uk> <47D809DF.50902@ecs.soton.ac.uk> Message-ID: Scott Silva wrote: > on 3-12-2008 10:15 AM Kevin Miller spake the following: >> Julian Field wrote: >>>> What happens if it doesn't match - auto deny? >>>> >>> If the rule doesn't match, I believe it is permitted. It's in the >>> docs somewhere. >> >> Hmmm. How hard would it be to have a ruleset there, or syntax >> something the options for what to do with mail (deliver, forward, >> store, etc.) like with Spam Actions or Non-Spam Actions? >> >> I can envision cases where I might want to allow specific filetypes >> for some, but not the general users... >> >> ...Kevin > Something like this? > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rul esets:overloading&s=overloading Uh, yeah. I think I misread the purpose of the original request. I was thinking of per user exceptions to a default deny rather than a generic reroute applying to the whole domain. After I reread the OP's question I see he was thinking of something else. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From mailscanner.info at tedworld.com Thu Mar 13 15:59:07 2008 From: mailscanner.info at tedworld.com (tlum) Date: Thu Mar 13 15:59:54 2008 Subject: Problems in write maillog to SQL In-Reply-To: <973618.47548.qm@web53511.mail.re2.yahoo.com> References: <973618.47548.qm@web53511.mail.re2.yahoo.com> Message-ID: <47D94F4B.9080300@tedworld.com> When MailScanner starts up you should see message similar to following in maillog: Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child When mail is received you should see message similar to following in maillog: Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message 4A8CC900F9.7D18D to SQL Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged to MailWatch SQL If you don't see the first one then custom logging is not being registered. If you don't see the second then there is a problem with "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. Probably the most common reason is not connecting to the database for some reason... missing perl module, wrong credentials (bad connect strings), wrong permissions, etc. Bernardo Goulart de Faria wrote: > Hello, > > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. > > I followed the guide instructions for the site. On file header_check > of postfix, I put / ^ Received: / HOLD, set all permissions in > /var/postfix and /var/MailScanner. I installed the MailWatch and > changed information, User and Password in MailWatch.pm and > SQLBlacklist.pm, moved to > /usr/lib/MailScanner/MailScanner/CustomFunctions/. > Start the MailScanner and everything works normally, but the messages > are not recorded in the table in MySQL maillog. The permissions of > GRANT in the bank also has been set. > > Tanks! > Faria, Bernardo > > ------------------------------------------------------------------------ > Abra sua conta no Yahoo! Mail > , > o ?nico sem limite de espa?o para armazenamento! > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Thu Mar 13 16:17:26 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 13 16:18:26 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E33F79A2@kronos.secure-enterprise.com> References: <47D8505E.1030006@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E33F79A2@kronos.secure-enterprise.com> Message-ID: on 3-12-2008 9:19 PM Steve Crumley spake the following: > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Julian Field >> Sent: Wednesday, March 12, 2008 5:51 PM >> To: MailScanner discussion >> Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >> then hangs at 100 percent CPU >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Steve Crumley wrote: >>> >>> >>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>> Of Julian Field >>>> Sent: Tuesday, March 11, 2008 6:50 PM >>>> To: MailScanner discussion >>>> Subject: Re: Upgraded to 4.67.6, MailScanner scans a batch >>>> then hangs at 100 percent CPU >>>> >>>> * PGP Signed by an unverified key: 03/11/08 at 18:50:26 >>>> >>>> >>>> >>>> Steve Crumley wrote: >>>> >>>>> >>>>> >>>>> >>>>> >>>>>> -----Original Message----- >>>>>> From: mailscanner-bounces@lists.mailscanner.info >>>>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>>> Of Glenn Steen >>>>>> Sent: Tuesday, March 11, 2008 4:32 PM >>>>>> To: MailScanner discussion >>>>>> Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >>>>>> then hangs at 100 percent CPU >>>>>> >>>>>> On 11/03/2008, Steve Crumley >>>>>> >>>> wrote: >>>> >>>>>> >>>>>> >>>>>>> > -----Original Message----- >>>>>>> > From: mailscanner-bounces@lists.mailscanner.info >>>>>>> > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Of Glenn Steen >>>>>>>> >>>>>>>> >>>>>>> > Sent: Tuesday, March 11, 2008 1:21 PM >>>>>>> > To: MailScanner discussion >>>>>>> > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch >>>>>>> > then hangs at 100 percent CPU >>>>>>> > >>>>>>> > On 11/03/2008, Steve Crumley >>>>>>> >>>>>>> >>>>>> wrote: >>>>>> >>>>>> >>>>>>> > > >>>>>>> > > >>>>>>> > > > -----Original Message----- >>>>>>> > > > From: mailscanner-bounces@lists.mailscanner.info >>>>>>> > > > [mailto:mailscanner-bounces@lists.mailscanner.info] >>>>>>> >>>>>>> >>>>>> On Behalf >>>>>> >>>>>> >>>>>>> > > > Of --[ UxBoD ]-- >>>>>>> > > >>>>>>> > > > Sent: Tuesday, March 11, 2008 11:29 AM >>>>>>> > > > To: MailScanner discussion >>>>>>> > > > Subject: Re: Upgraded to 4.67.6, MailScanner >> scans a batch >>>>>>> > > > then hangs at 100 percent CPU >>>>>>> > > > >>>>>>> > > >>>>>>> > > > do you have strace installed on the server ? if >> so when the >>>>>>> > > > process is running at 100% CPU connect to it and >>>>>>> >>>> see what it >>>> >>>>>>> > > > is doing. I had this before, but for the life of >>>>>>> >>>>>>> >>>>>> me I cannot >>>>>> >>>>>> >>>>>>> > > > remember what I changed to fix it :( >>>>>>> > > > >>>>>>> > > > Things to check :- >>>>>>> > > > >>>>>>> > > > 1) Permissions, are they all correct >>>>>>> > > > 2) Check MailScanner.conf again just to make >> sure no typos >>>>>>> > > > >>>>>>> > > > Regards, >>>>>>> > > > >>>>>>> > > > -- >>>>>>> > > >>>>>>> > > >>>>>>> > > Here is the output from strace: >>>>>>> > > >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > waitpid(-1, 0xbff09448, WNOHANG) = 0 >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > The system had been running fine for over a year, I >>>>>>> >>>>>>> >>>>>> can't find any >>>>>> >>>>>> >>>>>>> > > permission or setting change thats doing this, but >>>>>>> >>>> I could be >>>> >>>>>>> > > overlooking something. >>>>>>> > > Thanks, >>>>>>> > > -Steve >>>>>>> > > >>>>>>> > Could perhaps be a busted SQLite SA cache? What does >>>>>>> >>>>>>> >>>>>> analyse_s (I >>>>>> >>>>>> >>>>>>> > don't remember if it is sacache or spamassassin_cache >>>>>>> >>>>>>> >>>>>> ... the command >>>>>> >>>>>> >>>>>>> > completion should take care of it:-) say? If it looks >>>>>>> >>>>>>> >>>>>> fishy, simply >>>>>> >>>>>> >>>>>>> > delete the SA cache file and restart MS. >>>>>>> > >>>>>>> > You've run MailScanner --lint, right? Nothing obvious >>>>>>> >>>> from that? >>>> >>>>>>> > >>>>>>> > Oh, and what av scanners do you use? Obviously not >>>>>>> >>>>>>> >>>>>> clamavmodule, but >>>>>> >>>>>> >>>>>>> > perhaps clamav or clamd? are those OK? >>>>>>> > >>>>>>> > Cheers >>>>>>> > -- >>>>>>> > -- Glenn >>>>>>> > email: glenn < dot > steen < at > gmail < dot > com >>>>>>> > work: glenn < dot > steen < at > ap1 < dot > se >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> >>>>>>> > MailScanner mailing list >>>>>>> > mailscanner@lists.mailscanner.info >>>>>>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> > >>>>>>> > Before posting, read http://wiki.mailscanner.info/posting >>>>>>> > >>>>>>> > Support MailScanner development - buy the book off >> the website! >>>>>>> > >>>>>>> >>>>>>> >>>>>>> >>>>>>> analyse_SpamAssassin_cache looks clean, MailScanner --lint >>>>>>> >>>>>>> >>>>>> is clean too. >>>>>> >>>>>> >>>>>>> I'm running clamd for AV but I've set virus scanning to no >>>>>>> >>>>>>> >>>>>> while working >>>>>> >>>>>> >>>>>>> on this. >>>>>>> >>>>>>> Thanks, >>>>>>> -Steve >>>>>>> >>>>>>> >>>>>> Couldn't be something easily mended, huh:-).... >>>>>> >>>>>> What you seem to have attached to above (with strace) >> would be the >>>>>> main MailScanner process, since it basically just wait for it's >>>>>> children to end... Or is it? What does a ps listing show >> (one that >>>>>> show the command argument list, since Jules rewrite it to >>>>>> >>>> show what it >>>> >>>>>> thinks it is basically doing)? >>>>>> Do the children restart endlessly when hung? How many >> children are >>>>>> there, and in what state? >>>>>> Cheers >>>>>> -- Glenn >>>>>> >>>>>> >>>>> When I first started it with 8 children, they all end up >>>>> >>>> quickly hanging >>>> >>>>> and consuming CPU. For now, I've set it to 1 child and I've been >>>>> running in debug mode. The ps gives us a good clue! Its the only >>>>> mailscanner process and it reports "MailScanner: extracting >>>>> >>>> attachments" >>>> >>>>> Thanks, >>>>> -Steve >>>>> >>>>> >>>> In which case go into "sub Explode" in >>>> /usr/lib/MailScanner/MailScanner/Message.pm, and add some >>>> "print STDERR" >>>> lines to generate tracing output so you can see how far it >> gets. When >>>> you do a "MailScanner --debug" it will show you the STDERR >>>> debug output >>>> in the terminal session. >>>> >>> >>> OK, Here is whats happening. Its using Explode in >> MessageBatch.pm and >>> not Message.pm. >>> Here is where it dies in MessageBatch.pm: >>> >>> sub Explode { >>> my $this = shift; >>> print STDERR "messagebatch\n"; #crumley >>> >>> my($key, $message); >>> >>> # jjh 2004-03-12 reap as many as we can. >>> # JKF Test 2004-11-23 1 until waitpid(-1, &POSIX::WNOHANG) == -1; >>> print STDERR "about to hang\n"; >>> 1 until waitpid(-1, WNOHANG) == -1; >>> print STDERR "we never get here\n"; >>> >> But as the comments in the code show, this code hasn't been touched >> since 2004. So I don't understand why you are just seeing a change in >> behaviour. I would suspect you have upgraded something else >> in your system. >> >> Are other people seeing the same problem? >> What OS, distro, version, kernel, etc are you running? >> Is anyone else running an identical system? >> If so, are they seeing the same symptoms? >> >> From the "perl-func" man page: >> waitpid PID,FLAGS >> Waits for a particular child process to >> terminate and returns >> the pid of the deceased process, or "-1" if >> there is no such >> child process. >> so it should reap processes until there aren't any left to be reaped. >> What does the documentation for waitpid say on your system? This is a >> POSIX function, so should be the same across most systems. >> >> If you take out the waitpid() call, you will collect >> processes, as they are terminating but never being reaped. So >> this call >> is very necessary. >> >> I'm not going to touch this code with a 10-foot barge pole >> unless I have >> *very* good reason to. >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng > > Julian, I really appreciate you looking at this. I understand this code > hasn't changed and I'm certianly not suggesting you change it now. I'm > just trying to track this down. I'm running a pretty standard Centos > 4.6 system plus the rpmforge repositories so I'm guessing someone else > may run into this as well. I think you are probably right, something > else on the system may be involved. Everything is up to date with a > "yum upgrade". I just don't have a clue as to what could be causing > this. > Thanks, > -Steve Rpmforge on 4.6? How about doing a rpm -qa --last and posting any changed rpm's since the time it quit working. I'm guessing a new perl module that is slightly incompatible like the mail-tools problem earlier in the year. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/1b8dd5a7/signature.bin From ssilva at sgvwater.com Thu Mar 13 16:20:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 13 16:25:13 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <47D873F0.4000007@ddihealth.com> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <47D82D63.9040301@ecs.soton.ac.uk> <47D873F0.4000007@ddihealth.com> Message-ID: on 3-12-2008 5:23 PM Jim Barber spake the following: > Hi. > > I've hi-jacked a thread? > Sorry, I don't know what you mean? > I checked the mailing lists for a similar problem before I posted and > saw no related topic. > http://en.wikipedia.org/wiki/Thread_hijacking -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/6ad67d8b/signature.bin From ssilva at sgvwater.com Thu Mar 13 16:25:26 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 13 16:30:12 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: <47D873F0.4000007@ddihealth.com> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <47D82D63.9040301@ecs.soton.ac.uk> <47D873F0.4000007@ddihealth.com> Message-ID: on 3-12-2008 5:23 PM Jim Barber spake the following: > Hi. > > I've hi-jacked a thread? > Sorry, I don't know what you mean? > I checked the mailing lists for a similar problem before I posted and > saw no related topic. > > Sorry for the delay in responding. > I suspect I'm way out of sync with you guys regarding time zones hence > why I haven't responded to your question yet Julian. > I sent this off towards the end of work yesterday and I'm back in now > this morning. > > Anyway, I'll try to explain as much as I can about the permissions side > of things and see if you spot any problems. > > I'm using the exim4 (v4.69-2) package in Debian. > The configuration has been modified to have an incoming and outgoing > queue so that MailScanner can intercept the emails. > Exim4 runs under a user name called "Debian-exim" who is a member of a > groups that is also called "Debian-exim". > > The clamd process runs under a user called "clamav" who is also a member > of the "clamav" group. > I've also added this user to the "Debian-exim" group: > > $ groups clamav > clamav : clamav Debian-exim > > The permissions on the /var/spool/MailScanner/incoming/ directory is as > follows: > > drwxr-x--- 4 Debian-exim Debian-exim 100 2008-03-13 09:13 > /var/spool/MailScanner/incoming/ > > Under here a directory is created with the PID of MailScanner, and at > the moment it looks as follows: > > drwxr-x--- 2 Debian-exim Debian-exim 40 2008-03-13 09:13 21152/ > > If I do a 'ls -lR' on this directory and catch a message in transit I > see permissions like so: > > # ls -lR 21152/ > 21152/: > total 80 > drwxr-x--- 2 Debian-exim Debian-exim 80 2008-03-13 09:14 > 1JZb5m-0001MG-06/ > -rw-r----- 1 Debian-exim Debian-exim 870 2008-03-13 09:14 > 1JZb5m-0001MG-06.header > -rw-rw---- 1 Debian-exim Debian-exim 65713 2008-03-13 09:14 > 1JZb5m-0001MG-06.message > > 21152/1JZb5m-0001MG-06: > total 64 > -rw-r----- 1 Debian-exim Debian-exim 7061 2008-03-13 09:14 > msg-21152-127.txt > -rw-r----- 1 Debian-exim Debian-exim 53896 2008-03-13 09:14 > msg-21152-128.html > > Here are the settings that I think may be relevant from the > MailScanner.conf file: > > Run As User = Debian-exim > Run As Group = Debian-exim > Incoming Queue Dir = /var/spool/exim4_incoming/input > Outgoing Queue Dir = /var/spool/exim4/input > Incoming Work Dir = /var/spool/MailScanner/incoming > MTA = exim > Sendmail = /usr/sbin/exim4 -DOUTGOING > Sendmail2 = /usr/sbin/exim4 -DOUTGOING > Incoming Work User = > Incoming Work Group = > Incoming Work Permissions = 0640 Try 0770 here for a test so the group can have a little more room in working with the files > > As far as I can tell this should be okay since the clamav user is part > of the Debian-exim group? > It seems to be scanning everything else okay? > > Thanks. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/70b99c42/signature.bin From bernardo_ehlinux at yahoo.com.br Thu Mar 13 17:45:03 2008 From: bernardo_ehlinux at yahoo.com.br (Bernardo Goulart de Faria) Date: Thu Mar 13 17:45:39 2008 Subject: Res: Problems in write maillog to SQL Message-ID: <164801.57897.qm@web53511.mail.re2.yahoo.com> Hi, I have these three messages on my maillog: Mar 12 13:08:23 angra-ms MailScanner[7185]: Config: calling custom init function MailWatchLogging Mar 12 13:08:23 angra-ms MailScanner[7185]: Started SQL Logging child Mar 12 13:17:56 angra-ms MailScanner[7147]: Logging message 562BB168F42.D55BE to SQL What perl module might be missing? Tanks Faria, Bernardo ----- Mensagem original ---- De: tlum Para: MailScanner discussion Enviadas: Quinta-feira, 13 de Mar?o de 2008 12:59:07 Assunto: Re: Problems in write maillog to SQL When MailScanner starts up you should see message similar to following in maillog: Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child When mail is received you should see message similar to following in maillog: Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message 4A8CC900F9.7D18D to SQL Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged to MailWatch SQL If you don't see the first one then custom logging is not being registered. If you don't see the second then there is a problem with "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. Probably the most common reason is not connecting to the database for some reason... missing perl module, wrong credentials (bad connect strings), wrong permissions, etc. Bernardo Goulart de Faria wrote: > Hello, > > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. > > I followed the guide instructions for the site. On file header_check > of postfix, I put / ^ Received: / HOLD, set all permissions in > /var/postfix and /var/MailScanner. I installed the MailWatch and > changed information, User and Password in MailWatch.pm and > SQLBlacklist.pm, moved to > /usr/lib/MailScanner/MailScanner/CustomFunctions/. > Start the MailScanner and everything works normally, but the messages > are not recorded in the table in MySQL maillog. The permissions of > GRANT in the bank also has been set. > > Tanks! > Faria, Bernardo > > ------------------------------------------------------------------------ > Abra sua conta no Yahoo! Mail > , > o ?nico sem limite de espa?o para armazenamento! > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Abra sua conta no Yahoo! Mail, o ?nico sem limite de espa?o para armazenamento! http://br.mail.yahoo.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/411d730e/attachment-0001.html From mailscanner.info at tedworld.com Thu Mar 13 18:25:58 2008 From: mailscanner.info at tedworld.com (tlum) Date: Thu Mar 13 18:26:48 2008 Subject: Res: Problems in write maillog to SQL In-Reply-To: <164801.57897.qm@web53511.mail.re2.yahoo.com> References: <164801.57897.qm@web53511.mail.re2.yahoo.com> Message-ID: <47D971B6.7060600@tedworld.com> Are you sure the record is not in the database and its not a MailWatch issue? If you got that far so silently - no errors - then it almost certainly has put the record in the table. I would check the database. # mysql -u -p (if the db is not local you need -h also) Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 19266 to server version: 5.0.22 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> then try "select count(*) from .maillog;" and you'll get something like this: mysql> select count(*) from mailscanner.maillog; +----------+ | count(*) | +----------+ | 1875 | +----------+ 1 row in set (0.01 sec) mysql> At this point I would bet you have a problem with MailScanner retrieving the data from the database. Bernardo Goulart de Faria wrote: > Hi, > > I have these three messages on my maillog: > > Mar 12 13:08:23 angra-ms MailScanner[7185]: Config: calling custom > init function MailWatchLogging > Mar 12 13:08:23 angra-ms MailScanner[7185]: Started SQL Logging child > Mar 12 13:17:56 angra-ms MailScanner[7147]: Logging message > 562BB168F42.D55BE to SQL > > What perl module might be missing? > > Tanks > Faria, Bernardo > > ----- Mensagem original ---- > De: tlum > Para: MailScanner discussion > Enviadas: Quinta-feira, 13 de Mar?o de 2008 12:59:07 > Assunto: Re: Problems in write maillog to SQL > > When MailScanner starts up you should see message similar to following > in maillog: > > Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child > > When mail is received you should see message similar to following in > maillog: > > Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message > 4A8CC900F9.7D18D to SQL > Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged > to MailWatch SQL > > If you don't see the first one then custom logging is not being > registered. If you don't see the second then there is a problem with > "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. > > Probably the most common reason is not connecting to the database for > some reason... missing perl module, wrong credentials (bad connect > strings), wrong permissions, etc. > > Bernardo Goulart de Faria wrote: > > Hello, > > > > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 > > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 > > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. > > > > I followed the guide instructions for the site. On file header_check > > of postfix, I put / ^ Received: / HOLD, set all permissions in > > /var/postfix and /var/MailScanner. I installed the MailWatch and > > changed information, User and Password in MailWatch.pm and > > SQLBlacklist.pm, moved to > > /usr/lib/MailScanner/MailScanner/CustomFunctions/. > > Start the MailScanner and everything works normally, but the messages > > are not recorded in the table in MySQL maillog. The permissions of > > GRANT in the bank also has been set. > > > > Tanks! > > Faria, Bernardo > > > > ------------------------------------------------------------------------ > > Abra sua conta no Yahoo! Mail > > , > > o ?nico sem limite de espa?o para armazenamento! > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* , > and is > > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > Abra sua conta no Yahoo! Mail > , > o ?nico sem limite de espa?o para armazenamento! > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 19:02:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 19:02:45 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D97A29.6030605@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it running okay otherwise? I haven't seen much sign of anyone running 4.68.3, the list has been remarkably quiet :-( Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it being updated at all? (You did run upgrade_MailScanner_conf didn't you?) Can you check the Web Bug Replacement is coming from www.mailscanner.tv please? Thanks! Jules. Rose, Bobby wrote: > Sweet, thanks. Just thought it was oddity since another postmaster here > asked about it when they saw the log actions. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, March 13, 2008 10:46 AM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 > > Fixed for the next release. > I have added a line that deletes the "deliver" action if the "delete" > action has been supplied. Okay with you? > > Jules. > > Rose, Bobby wrote: > >> Sorry, what I mean is shouldn't delete be the same thing as >> "non-delivery". Currently I have to specify both non-delivery & >> > delete. > >> If I just specify delete, the message still comes thru even though in >> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused >> action delete in message m2DBtuAu029683" >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, March 13, 2008 4:47 AM >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Rose, Bobby wrote: >> >> >>> The logging for SA_Actions is working. But I have a question, is >>> this >>> >>> >> >> >>> to correct action to get such messages to be dropped >>> "non-delivery,delete" or should just "delete" work? >>> >>> >>> >> If the Spam Actions included "deliver" then you'll need to include a >> "non-deliver" or "not-deliver" (or "no-deliver"). It works by >> massaging the delivery options that are already set. I could make this >> > > >> a special case I guess if you would prefer. >> >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Wednesday, March 12, 2008 6:35 PM >>> To: MailScanner discussion >>> Subject: New beta release 4.68.3 >>> >>> >>> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at >>> 22:35:31 >>> >>> I have just released a new beta, 4.68.3. >>> This contains quite a lot of major new things, some of which are very >>> > > >>> much "behind the scenes" so I would appreciate it if people could >>> test >>> >>> >> >> >>> this out for me. >>> >>> The major new changes are mostly these: >>> - Support for F-Prot version 6 scanning daemon, fpscand. This is very >>> > > >>> fast. >>> - Support for Vexira and Esets scanners updated. >>> - Major new delivery system for Web Bug Replacement image and >>> phishing.bad.sites.conf file. This now uses an "anycast" content >>> delivery network graciously provided by Matt Hampton, so big thanks >>> to >>> >>> >> >> >>> him. This should make Distributed Denial of Service attacks (which I >>> suffered a couple of weeks ago) virtually impossible as the files are >>> > > >>> provided by a globally-distributed network of hosts all behind the >>> same URL and IP address. >>> - New ability to forward messages to a list of email addresses if the >>> > > >>> messages contain filenames or filetypes matching the rules give in >>> filename.rules.conf and filetype.rules.conf files. >>> >>> Download as usual from www.mailscanner.info. >>> >>> Please let me know how you get on with this release. >>> Thanks folks! >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration >>> > help? > >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >>> public key: http://www.jules.fm/julesfm.asc >>> >>> >>> * Julian Field >>> * 0x1415B654 - Unverified(L) >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT >> dxvJup3IppeyoGCKfFXqAIs= >> =uEGl >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2XorEfZZRxQVtlQRAtGqAJ92Owa6g/bhBYxRccmYi2lN7kFtGwCffPNv RRwDL4K1Sb6Rc1ZZKaFADG4= =A0ix -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Thu Mar 13 19:04:08 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Mar 13 19:04:42 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D85AAF.2060405@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> Message-ID: <20080313190408.GA3396@msapiro> On Wed, Mar 12, 2008 at 10:35:27PM +0000, Julian Field wrote: > > I have just released a new beta, 4.68.3. > This contains quite a lot of major new things, some of which are very > much "behind the scenes" so I would appreciate it if people could test > this out for me. I just installed it. The install and restart had no problems so far. > The major new changes are mostly these: > - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. > - - Support for Vexira and Esets scanners updated. > - - Major new delivery system for Web Bug Replacement image and > phishing.bad.sites.conf file. This now uses an "anycast" content > delivery network graciously provided by Matt Hampton, so big thanks to > him. This should make Distributed Denial of Service attacks (which I > suffered a couple of weeks ago) virtually impossible as the files are > provided by a globally-distributed network of hosts all behind the same > URL and IP address. > - - New ability to forward messages to a list of email addresses if the > messages contain filenames or filetypes matching the rules give in > filename.rules.conf and filetype.rules.conf files. Since I see nothing above regarding the Postfix message duplication issue, I'm keeping Max Children = 1 for now. On another note. On the http://www.mailscanner.info/downloads.html page the PGP Signature links for Beta downloads seem to be broken. I've seen this before. Is this intentional or an oversight? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From scrumley at secure-enterprise.com Thu Mar 13 19:22:14 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Thu Mar 13 19:22:49 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: Message-ID: <8775613110ACC349B6CF97F922E670E33F79A9@kronos.secure-enterprise.com> > Rpmforge on 4.6? How about doing a rpm -qa --last and posting > any changed > rpm's since the time it quit working. I'm guessing a new perl > module that is > slightly incompatible like the mail-tools problem earlier in the year. > Here is the rpm list: mailscanner-4.67.6-1 Fri 07 Mar 2008 02:55:06 PM EST perl-MIME-tools-5.425-1 Fri 07 Mar 2008 02:50:01 PM EST perl-IO-1.2301-1 Fri 07 Mar 2008 02:49:02 PM EST perl-Test-Pod-1.26-1 Fri 07 Mar 2008 02:47:33 PM EST perl-TimeDate-1.16-3 Fri 07 Mar 2008 02:46:49 PM EST perl-MIME-Base64-3.07-1 Fri 07 Mar 2008 02:46:17 PM EST netpbm-devel-10.25-2.EL4.6.el4_6.1 Fri 07 Mar 2008 12:10:02 PM EST gd-devel-2.0.28-5.4E.el4_6.1 Fri 07 Mar 2008 12:10:02 PM EST syslinux-3.62-1.el4.rf Fri 07 Mar 2008 12:10:01 PM EST rsync-3.0.0-1.el4.rf Fri 07 Mar 2008 12:10:01 PM EST perl-HTML-Tagset-3.20-1.el4.rf Fri 07 Mar 2008 12:09:59 PM EST netpbm-progs-10.25-2.EL4.6.el4_6.1 Fri 07 Mar 2008 12:09:59 PM EST ghostscript-7.07-33.2.el4_6.1 Fri 07 Mar 2008 12:09:56 PM EST perl-Test-Simple-0.78-1.el4.rf Fri 07 Mar 2008 12:09:54 PM EST gd-2.0.28-5.4E.el4_6.1 Fri 07 Mar 2008 12:09:53 PM EST netpbm-10.25-2.EL4.6.el4_6.1 Fri 07 Mar 2008 12:09:43 PM EST re2c-0.13.2-1.el4.rf Thu 28 Feb 2008 02:48:19 PM EST perl-IO-Socket-SSL-1.13-1.el4.rf Thu 28 Feb 2008 02:48:19 PM EST gdb-6.3.0.0-1.153.el4_6.2 Thu 28 Feb 2008 02:48:19 PM EST perl-Time-HiRes-1.9712-1.el4.rf Thu 28 Feb 2008 02:48:18 PM EST perl-IO-Socket-INET6-2.54-1.el4.rf Thu 28 Feb 2008 02:48:18 PM EST openldap-devel-2.2.13-8.el4_6.4 Thu 28 Feb 2008 02:48:18 PM EST cups-1.1.22-0.rc1.9.20.2.el4_6.5 Thu 28 Feb 2008 02:48:15 PM EST openldap-clients-2.2.13-8.el4_6.4 Thu 28 Feb 2008 02:48:14 PM EST perl-Net-DNS-0.63-1.el4.rf Thu 28 Feb 2008 02:48:13 PM EST perl-DBI-1.602-1.el4.rf Thu 28 Feb 2008 02:48:12 PM EST perl-Socket6-0.20-1.el4.rf Thu 28 Feb 2008 02:48:11 PM EST cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5 Thu 28 Feb 2008 02:48:11 PM EST openldap-2.2.13-8.el4_6.4 Thu 28 Feb 2008 02:48:04 PM EST perl-Business-ISBN-2.03-1.el4.rf Thu 28 Feb 2008 02:45:14 PM EST perl-Business-ISBN-Data-1.17-1.el4.rf Thu 28 Feb 2008 02:45:00 PM EST perl-ExtUtils-CBuilder-0.22-1.el4.rf Thu 28 Feb 2008 02:44:04 PM EST perl-ExtUtils-ParseXS-2.19-1.el4.rf Thu 28 Feb 2008 02:43:41 PM EST perl-Inline-0.44-1.el4.rf Thu 28 Feb 2008 02:42:58 PM EST perl-IO-String-1.08-1.2.el4.rf Thu 28 Feb 2008 02:42:36 PM EST perl-Module-Build-0.2808-1.el4.rf Thu 28 Feb 2008 02:42:02 PM EST perl-Net-DNS-Resolver-Programmable-0.003-1.el4.rf Thu 28 Feb 2008 02:41:29 PM EST perl-Parse-RecDescent-1.94-1.el4.rf Thu 28 Feb 2008 02:40:47 PM EST perl-Test-Manifest-1.22-1.el4.rf Thu 28 Feb 2008 02:37:40 PM EST perl-YAML-0.66-1.el4.rf Thu 28 Feb 2008 02:36:57 PM EST perl-Test-Base-0.54-1.el4.rf Thu 28 Feb 2008 02:36:56 PM EST perl-Spiffy-0.30-1.el4.rf Thu 28 Feb 2008 02:36:56 PM EST perl-Module-Install-0.68-1.el4.rf Thu 28 Feb 2008 02:36:35 PM EST Thanks, -Steve From jaearick at colby.edu Thu Mar 13 19:31:46 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 13 19:32:32 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <47D97A29.6030605@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: On Thu, 13 Mar 2008, Julian Field wrote: > Date: Thu, 13 Mar 2008 19:02:01 +0000 > From: Julian Field > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 -- anyone running it? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is it running okay otherwise? > I haven't seen much sign of anyone running 4.68.3, the list has been > remarkably quiet :-( Julian, I will try to install it early next week. I will be out tomorrow and I don't want to break email for three days in a row. BTW, I never heard a peep from anybody about my note of "attempts to core in debug mode, runs fine in standard mode". Jeff Earickson Colby College From mailscanner.info at tedworld.com Thu Mar 13 19:48:31 2008 From: mailscanner.info at tedworld.com (tlum) Date: Thu Mar 13 19:49:13 2008 Subject: Res: Problems in write maillog to SQL In-Reply-To: <47D971B6.7060600@tedworld.com> References: <164801.57897.qm@web53511.mail.re2.yahoo.com> <47D971B6.7060600@tedworld.com> Message-ID: <47D9850F.5020806@tedworld.com> CORRECTION: I meant to say: At this point I would bet you have a problem with MailWatch retrieving the data from the database. tlum wrote: > Are you sure the record is not in the database and its not a MailWatch > issue? If you got that far so silently - no errors - then it almost > certainly has put the record in the table. I would check the database. > > # mysql -u -p (if the db is not local you need -h > also) > Enter password: > Welcome to the MySQL monitor. Commands end with ; or \g. > Your MySQL connection id is 19266 to server version: 5.0.22 > > Type 'help;' or '\h' for help. Type '\c' to clear the buffer. > > mysql> > > then try "select count(*) from .maillog;" > > and you'll get something like this: > > mysql> select count(*) from mailscanner.maillog; > +----------+ > | count(*) | > +----------+ > | 1875 | > +----------+ > 1 row in set (0.01 sec) > > mysql> > > At this point I would bet you have a problem with MailScanner > retrieving the data from the database. > > Bernardo Goulart de Faria wrote: >> Hi, >> >> I have these three messages on my maillog: >> >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Config: calling custom >> init function MailWatchLogging >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Started SQL Logging child >> Mar 12 13:17:56 angra-ms MailScanner[7147]: Logging message >> 562BB168F42.D55BE to SQL >> >> What perl module might be missing? >> >> Tanks >> Faria, Bernardo >> >> ----- Mensagem original ---- >> De: tlum >> Para: MailScanner discussion >> Enviadas: Quinta-feira, 13 de Mar?o de 2008 12:59:07 >> Assunto: Re: Problems in write maillog to SQL >> >> When MailScanner starts up you should see message similar to following >> in maillog: >> >> Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child >> >> When mail is received you should see message similar to following in >> maillog: >> >> Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message >> 4A8CC900F9.7D18D to SQL >> Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged >> to MailWatch SQL >> >> If you don't see the first one then custom logging is not being >> registered. If you don't see the second then there is a problem with >> "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. >> >> Probably the most common reason is not connecting to the database for >> some reason... missing perl module, wrong credentials (bad connect >> strings), wrong permissions, etc. >> >> Bernardo Goulart de Faria wrote: >> > Hello, >> > >> > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 >> > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 >> > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. >> > > I followed the guide instructions for the site. On file header_check >> > of postfix, I put / ^ Received: / HOLD, set all permissions in >> > /var/postfix and /var/MailScanner. I installed the MailWatch and >> > changed information, User and Password in MailWatch.pm and >> > SQLBlacklist.pm, moved to >> > /usr/lib/MailScanner/MailScanner/CustomFunctions/. >> > Start the MailScanner and everything works normally, but the messages >> > are not recorded in the table in MySQL maillog. The permissions of >> > GRANT in the bank also has been set. >> > >> > Tanks! >> > Faria, Bernardo >> > >> > >> ------------------------------------------------------------------------ >> > Abra sua conta no Yahoo! Mail >> > >> , >> > o ?nico sem limite de espa?o para armazenamento! >> > -- >> > This message has been scanned for viruses and >> > dangerous content by *MailScanner* , >> and is >> > believed to be clean. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Abra sua conta no Yahoo! Mail >> , >> o ?nico sem limite de espa?o para armazenamento! >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From doc at maddoc.net Thu Mar 13 20:01:58 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Mar 13 20:03:02 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D85AAF.2060405@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> Message-ID: <47D98836.5090907@maddoc.net> Julian Field wrote: > I have just released a new beta, 4.68.3. > > Please let me know how you get on with this release. > Thanks folks! > > Jules > Running it here and seeing no issues. Good job Jules! -- -Doc Lincoln, NE. http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From Sylvain.Phaneuf at imsu.ox.ac.uk Thu Mar 13 20:05:30 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Thu Mar 13 20:06:19 2008 Subject: Sophos Error message In-Reply-To: <47D949ED.90401@ecs.soton.ac.uk> References: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk><47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> <47D949ED.90401@ecs.soton.ac.uk> Message-ID: <47D9890C.FEA8.00EB.0@imsu.ox.ac.uk> Thanks a lot Julian!!!! I will try your file tomorrow morning. Sylvain >>> On 13/03/2008 at 15:36, Julian Field wrote: > You just need to replace /usr/lib/MailScanner/sophos-autoupdate. > A new one is attached. > > Sylvain Phaneuf wrote: >> Sorry to be so picky... Is there a way to fix this without having to > install the latest stable version? >> >> I am away from the office for a couple of weeks and I don't want to do an > installation remotely... >> >> Perhaps a new Sophos.install just for me? :-) >> >> Or a quick how-to to add the missing symlinks, or whatever a quick fix could > be? >> >> >> Regards, >> >> Sylvain >> > > Jules From MailScanner at ecs.soton.ac.uk Thu Mar 13 20:14:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 20:15:09 2008 Subject: New beta release 4.68.3 In-Reply-To: <20080313190408.GA3396@msapiro> References: <47D85AAF.2060405@ecs.soton.ac.uk> <20080313190408.GA3396@msapiro> Message-ID: <47D98B1A.2070208@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > On Wed, Mar 12, 2008 at 10:35:27PM +0000, Julian Field wrote: > >> I have just released a new beta, 4.68.3. >> This contains quite a lot of major new things, some of which are very >> much "behind the scenes" so I would appreciate it if people could test >> this out for me. >> > > > I just installed it. The install and restart had no problems so far. > > > >> The major new changes are mostly these: >> - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. >> - - Support for Vexira and Esets scanners updated. >> - - Major new delivery system for Web Bug Replacement image and >> phishing.bad.sites.conf file. This now uses an "anycast" content >> delivery network graciously provided by Matt Hampton, so big thanks to >> him. This should make Distributed Denial of Service attacks (which I >> suffered a couple of weeks ago) virtually impossible as the files are >> provided by a globally-distributed network of hosts all behind the same >> URL and IP address. >> - - New ability to forward messages to a list of email addresses if the >> messages contain filenames or filetypes matching the rules give in >> filename.rules.conf and filetype.rules.conf files. >> > > > Since I see nothing above regarding the Postfix message duplication issue, > I'm keeping Max Children = 1 for now. > > > On another note. On the http://www.mailscanner.info/downloads.html page > the PGP Signature links for Beta downloads seem to be broken. I've seen > this before. Is this intentional or an oversight? > I forgot to generate the signatures and I can't at the moment as the VNC Server on my big mac at work has stopped again. I don't know how to restart it without gui access :-( Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2YskEfZZRxQVtlQRAr+TAJ91NIORX4d9F1g4ctiJxrxuAiuQNACgs0nT 36e59YIvU3HeIKcWYxbr2Bk= =IziR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 20:16:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 20:17:23 2008 Subject: New beta release 4.68.3 In-Reply-To: <20080313190408.GA3396@msapiro> References: <47D85AAF.2060405@ecs.soton.ac.uk> <20080313190408.GA3396@msapiro> Message-ID: <47D98BBB.1030105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: > On Wed, Mar 12, 2008 at 10:35:27PM +0000, Julian Field wrote: > >> I have just released a new beta, 4.68.3. >> This contains quite a lot of major new things, some of which are very >> much "behind the scenes" so I would appreciate it if people could test >> this out for me. >> > > > I just installed it. The install and restart had no problems so far. > Great. Thanks for that. > > >> The major new changes are mostly these: >> - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. >> - - Support for Vexira and Esets scanners updated. >> - - Major new delivery system for Web Bug Replacement image and >> phishing.bad.sites.conf file. This now uses an "anycast" content >> delivery network graciously provided by Matt Hampton, so big thanks to >> him. This should make Distributed Denial of Service attacks (which I >> suffered a couple of weeks ago) virtually impossible as the files are >> provided by a globally-distributed network of hosts all behind the same >> URL and IP address. >> - - New ability to forward messages to a list of email addresses if the >> messages contain filenames or filetypes matching the rules give in >> filename.rules.conf and filetype.rules.conf files. >> > > > Since I see nothing above regarding the Postfix message duplication issue, > I'm keeping Max Children = 1 for now. > Is anyone else seeing this problem? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2Yu9EfZZRxQVtlQRAtzuAJ9+efpCWiC1H11/FDlXaQzPLJWaewCgqNjp 7Sk3BgLPXsZOAY8n1MBYfZI= =9hbf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 20:19:01 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 20:19:24 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: <47D98C35.30008@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff A. Earickson wrote: > On Thu, 13 Mar 2008, Julian Field wrote: > >> Date: Thu, 13 Mar 2008 19:02:01 +0000 >> From: Julian Field >> Reply-To: MailScanner discussion >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 -- anyone running it? >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Is it running okay otherwise? >> I haven't seen much sign of anyone running 4.68.3, the list has been >> remarkably quiet :-( > > Julian, > > I will try to install it early next week. I will be out tomorrow and > I don't want to break email for three days in a row. Sounds like a good idea to me! Nothing quite like taking a holiday and discovering you destroyed the site just before you left :-) > BTW, I never heard > a peep from anybody about my note of "attempts to core in debug mode, > runs fine in standard mode". Random Perl bug. Almost impossible to track down. Have you tried a "strace MailScanner --debug" to see where it dies? It probably won't tell you anything useful, but you never know... Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2Yw3EfZZRxQVtlQRAlt1AKDt/cUe2xRfGackE7rSDxqYLgdvYACdHMTa LzF4lj8DRaQrok655/HySJ8= =LykQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Thu Mar 13 20:23:39 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 13 20:24:30 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <47D97A29.6030605@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119D6D@MED-CORE03-MS1.med.wayne.edu> I updated last night and it's been working fine. The logging for sa rule actions is working, phishing update worked this morning and I manually kicked it off and it updated. The web bug replacement is in my config, but how would one test it. Is there an html test email for webbugs? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 13, 2008 3:02 PM To: MailScanner discussion Subject: Re: New beta release 4.68.3 -- anyone running it? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it running okay otherwise? I haven't seen much sign of anyone running 4.68.3, the list has been remarkably quiet :-( Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it being updated at all? (You did run upgrade_MailScanner_conf didn't you?) Can you check the Web Bug Replacement is coming from www.mailscanner.tv please? Thanks! Jules. Rose, Bobby wrote: > Sweet, thanks. Just thought it was oddity since another postmaster > here asked about it when they saw the log actions. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Thursday, March 13, 2008 10:46 AM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 > > Fixed for the next release. > I have added a line that deletes the "deliver" action if the "delete" > action has been supplied. Okay with you? > > Jules. > > Rose, Bobby wrote: > >> Sorry, what I mean is shouldn't delete be the same thing as >> "non-delivery". Currently I have to specify both non-delivery & >> > delete. > >> If I just specify delete, the message still comes thru even though in >> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused >> action delete in message m2DBtuAu029683" >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, March 13, 2008 4:47 AM >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Rose, Bobby wrote: >> >> >>> The logging for SA_Actions is working. But I have a question, is >>> this >>> >>> >> >> >>> to correct action to get such messages to be dropped >>> "non-delivery,delete" or should just "delete" work? >>> >>> >>> >> If the Spam Actions included "deliver" then you'll need to include a >> "non-deliver" or "not-deliver" (or "no-deliver"). It works by >> massaging the delivery options that are already set. I could make >> this >> > > >> a special case I guess if you would prefer. >> >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Wednesday, March 12, 2008 6:35 PM >>> To: MailScanner discussion >>> Subject: New beta release 4.68.3 >>> >>> >>> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at >>> 22:35:31 >>> >>> I have just released a new beta, 4.68.3. >>> This contains quite a lot of major new things, some of which are >>> very >>> > > >>> much "behind the scenes" so I would appreciate it if people could >>> test >>> >>> >> >> >>> this out for me. >>> >>> The major new changes are mostly these: >>> - Support for F-Prot version 6 scanning daemon, fpscand. This is >>> very >>> > > >>> fast. >>> - Support for Vexira and Esets scanners updated. >>> - Major new delivery system for Web Bug Replacement image and >>> phishing.bad.sites.conf file. This now uses an "anycast" content >>> delivery network graciously provided by Matt Hampton, so big thanks >>> to >>> >>> >> >> >>> him. This should make Distributed Denial of Service attacks (which I >>> suffered a couple of weeks ago) virtually impossible as the files >>> are >>> > > >>> provided by a globally-distributed network of hosts all behind the >>> same URL and IP address. >>> - New ability to forward messages to a list of email addresses if >>> the >>> > > >>> messages contain filenames or filetypes matching the rules give in >>> filename.rules.conf and filetype.rules.conf files. >>> >>> Download as usual from www.mailscanner.info. >>> >>> Please let me know how you get on with this release. >>> Thanks folks! >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration >>> > help? > >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >>> public key: http://www.jules.fm/julesfm.asc >>> >>> >>> * Julian Field >>> * 0x1415B654 - Unverified(L) >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT >> dxvJup3IppeyoGCKfFXqAIs= >> =uEGl >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2XorEfZZRxQVtlQRAtGqAJ92Owa6g/bhBYxRccmYi2lN7kFtGwCffPNv RRwDL4K1Sb6Rc1ZZKaFADG4= =A0ix -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Thu Mar 13 20:30:01 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Thu Mar 13 20:30:25 2008 Subject: New beta release 4.68.3 -- anyone running it? References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119D6E@MED-CORE03-MS1.med.wayne.edu> I checked my logs and found some emails that web bug that were disarmed and checked those messages from the mailboxes and they appear to be fine. -----Original Message----- From: Rose, Bobby Sent: Thursday, March 13, 2008 4:24 PM To: 'MailScanner discussion' Subject: RE: New beta release 4.68.3 -- anyone running it? I updated last night and it's been working fine. The logging for sa rule actions is working, phishing update worked this morning and I manually kicked it off and it updated. The web bug replacement is in my config, but how would one test it. Is there an html test email for webbugs? -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, March 13, 2008 3:02 PM To: MailScanner discussion Subject: Re: New beta release 4.68.3 -- anyone running it? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it running okay otherwise? I haven't seen much sign of anyone running 4.68.3, the list has been remarkably quiet :-( Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it being updated at all? (You did run upgrade_MailScanner_conf didn't you?) Can you check the Web Bug Replacement is coming from www.mailscanner.tv please? Thanks! Jules. Rose, Bobby wrote: > Sweet, thanks. Just thought it was oddity since another postmaster > here asked about it when they saw the log actions. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Julian Field > Sent: Thursday, March 13, 2008 10:46 AM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 > > Fixed for the next release. > I have added a line that deletes the "deliver" action if the "delete" > action has been supplied. Okay with you? > > Jules. > > Rose, Bobby wrote: > >> Sorry, what I mean is shouldn't delete be the same thing as >> "non-delivery". Currently I have to specify both non-delivery & >> > delete. > >> If I just specify delete, the message still comes thru even though in >> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused >> action delete in message m2DBtuAu029683" >> >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, March 13, 2008 4:47 AM >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Rose, Bobby wrote: >> >> >>> The logging for SA_Actions is working. But I have a question, is >>> this >>> >>> >> >> >>> to correct action to get such messages to be dropped >>> "non-delivery,delete" or should just "delete" work? >>> >>> >>> >> If the Spam Actions included "deliver" then you'll need to include a >> "non-deliver" or "not-deliver" (or "no-deliver"). It works by >> massaging the delivery options that are already set. I could make >> this >> > > >> a special case I guess if you would prefer. >> >> >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Wednesday, March 12, 2008 6:35 PM >>> To: MailScanner discussion >>> Subject: New beta release 4.68.3 >>> >>> >>> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at >>> 22:35:31 >>> >>> I have just released a new beta, 4.68.3. >>> This contains quite a lot of major new things, some of which are >>> very >>> > > >>> much "behind the scenes" so I would appreciate it if people could >>> test >>> >>> >> >> >>> this out for me. >>> >>> The major new changes are mostly these: >>> - Support for F-Prot version 6 scanning daemon, fpscand. This is >>> very >>> > > >>> fast. >>> - Support for Vexira and Esets scanners updated. >>> - Major new delivery system for Web Bug Replacement image and >>> phishing.bad.sites.conf file. This now uses an "anycast" content >>> delivery network graciously provided by Matt Hampton, so big thanks >>> to >>> >>> >> >> >>> him. This should make Distributed Denial of Service attacks (which I >>> suffered a couple of weeks ago) virtually impossible as the files >>> are >>> > > >>> provided by a globally-distributed network of hosts all behind the >>> same URL and IP address. >>> - New ability to forward messages to a list of email addresses if >>> the >>> > > >>> messages contain filenames or filetypes matching the rules give in >>> filename.rules.conf and filetype.rules.conf files. >>> >>> Download as usual from www.mailscanner.info. >>> >>> Please let me know how you get on with this release. >>> Thanks folks! >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> MailScanner customisation, or any advanced system administration >>> > help? > >>> Contact me at Jules@Jules.FM >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >>> public key: http://www.jules.fm/julesfm.asc >>> >>> >>> * Julian Field >>> * 0x1415B654 - Unverified(L) >>> >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: (pgp-secured) >> Charset: ISO-8859-1 >> >> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT >> dxvJup3IppeyoGCKfFXqAIs= >> =uEGl >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2XorEfZZRxQVtlQRAtGqAJ92Owa6g/bhBYxRccmYi2lN7kFtGwCffPNv RRwDL4K1Sb6Rc1ZZKaFADG4= =A0ix -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From devonharding at gmail.com Thu Mar 13 20:36:35 2008 From: devonharding at gmail.com (Devon Harding) Date: Thu Mar 13 20:37:09 2008 Subject: Sendmail cannot write to queue Message-ID: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> For some reason sendmail is not writing to its queue directory to send mail. What could be causing this? Mar 13 14:19:28 raid sendmail[3087]: m2DIJSML003087: SYSERR(root): collect: Cannot write ./dfm2DIJSML003087 (bfcommit, uid=0, gid=51): Permission denied Mar 13 14:19:28 raid sendmail[3087]: m2DIJSML003087: from=< root@raid.domain.com>, size=463, class=0, nrcpts=1, proto=ESMTP, daemon=MTA, relay=raid.domain.com [127.0.0.1] Mar 13 14:19:28 raid sm-msp-queue[3085]: m2DF78jA002134: to=devon@domain.com, ctladdr=root (0/0), delay=03:12:20, xdelay=00:00:00, mailer=relay, pri=1200307, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 421 4.3.0 collect: Cannot write ./dfm2DIJSML003087 (bfcommit, uid=0, gid=51): Permission denied Mar 13 14:19:28 raid sm-msp-queue[3085]: m2DEP5RL004885: to=root, delay=03:54:23, xdelay=00:00:00, mailer=relay, pri=2374400, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred Here are the permissions of the queue directories: drwxrwxr-x 2 root mail 4.0K 2008-03-12 09:12 mail drwxr-xr-x 4 root root 4.0K 2008-03-12 09:50 MailScanner drwx------ 2 root mail 4.0K 2008-03-12 08:17 mqueue drwx------ 2 root root 4.0K 2008-03-04 07:09 mqueue.in Any Ideas? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/a979afe9/attachment.html From bernardo_ehlinux at yahoo.com.br Thu Mar 13 20:37:11 2008 From: bernardo_ehlinux at yahoo.com.br (Bernardo Goulart de Faria) Date: Thu Mar 13 20:37:46 2008 Subject: Res: Res: Problems in write maillog to SQL Message-ID: <806846.46448.qm@web53506.mail.re2.yahoo.com> The MailScanner not write in MySQL... Is empity: mysql> select count(*) from mailscanner.maillog; +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.00 sec) Tanks Faria, Bernardo ----- Mensagem original ---- De: tlum Para: MailScanner discussion Enviadas: Quinta-feira, 13 de Mar?o de 2008 16:48:31 Assunto: Re: Res: Problems in write maillog to SQL CORRECTION: I meant to say: At this point I would bet you have a problem with MailWatch retrieving the data from the database. tlum wrote: > Are you sure the record is not in the database and its not a MailWatch > issue? If you got that far so silently - no errors - then it almost > certainly has put the record in the table. I would check the database. > > # mysql -u -p (if the db is not local you need -h > also) > Enter password: > Welcome to the MySQL monitor. Commands end with ; or \g. > Your MySQL connection id is 19266 to server version: 5.0.22 > > Type 'help;' or '\h' for help. Type '\c' to clear the buffer. > > mysql> > > then try "select count(*) from .maillog;" > > and you'll get something like this: > > mysql> select count(*) from mailscanner.maillog; > +----------+ > | count(*) | > +----------+ > | 1875 | > +----------+ > 1 row in set (0.01 sec) > > mysql> > > At this point I would bet you have a problem with MailScanner > retrieving the data from the database. > > Bernardo Goulart de Faria wrote: >> Hi, >> >> I have these three messages on my maillog: >> >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Config: calling custom >> init function MailWatchLogging >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Started SQL Logging child >> Mar 12 13:17:56 angra-ms MailScanner[7147]: Logging message >> 562BB168F42.D55BE to SQL >> >> What perl module might be missing? >> >> Tanks >> Faria, Bernardo >> >> ----- Mensagem original ---- >> De: tlum >> Para: MailScanner discussion >> Enviadas: Quinta-feira, 13 de Mar?o de 2008 12:59:07 >> Assunto: Re: Problems in write maillog to SQL >> >> When MailScanner starts up you should see message similar to following >> in maillog: >> >> Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child >> >> When mail is received you should see message similar to following in >> maillog: >> >> Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message >> 4A8CC900F9.7D18D to SQL >> Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged >> to MailWatch SQL >> >> If you don't see the first one then custom logging is not being >> registered. If you don't see the second then there is a problem with >> "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. >> >> Probably the most common reason is not connecting to the database for >> some reason... missing perl module, wrong credentials (bad connect >> strings), wrong permissions, etc. >> >> Bernardo Goulart de Faria wrote: >> > Hello, >> > >> > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 >> > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 >> > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. >> > > I followed the guide instructions for the site. On file header_check >> > of postfix, I put / ^ Received: / HOLD, set all permissions in >> > /var/postfix and /var/MailScanner. I installed the MailWatch and >> > changed information, User and Password in MailWatch.pm and >> > SQLBlacklist.pm, moved to >> > /usr/lib/MailScanner/MailScanner/CustomFunctions/. >> > Start the MailScanner and everything works normally, but the messages >> > are not recorded in the table in MySQL maillog. The permissions of >> > GRANT in the bank also has been set. >> > >> > Tanks! >> > Faria, Bernardo >> > >> > >> ------------------------------------------------------------------------ >> > Abra sua conta no Yahoo! Mail >> > >> , >> > o ?nico sem limite de espa?o para armazenamento! >> > -- >> > This message has been scanned for viruses and >> > dangerous content by *MailScanner* , >> and is >> > believed to be clean. >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> ------------------------------------------------------------------------ >> Abra sua conta no Yahoo! Mail >> , >> o ?nico sem limite de espa?o para armazenamento! >> -- >> This message has been scanned for viruses and >> dangerous content by *MailScanner* , >> and is >> believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! Abra sua conta no Yahoo! Mail, o ?nico sem limite de espa?o para armazenamento! http://br.mail.yahoo.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/6dd2bdd8/attachment-0001.html From MailScanner at ecs.soton.ac.uk Thu Mar 13 20:37:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 20:38:44 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D98836.5090907@maddoc.net> References: <47D85AAF.2060405@ecs.soton.ac.uk> <47D98836.5090907@maddoc.net> Message-ID: <47D9909B.5060402@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doc Schneider wrote: > Julian Field wrote: > >> I have just released a new beta, 4.68.3. >> >> Please let me know how you get on with this release. >> Thanks folks! >> >> Jules >> >> > > Running it here and seeing no issues. Good job Jules! > Thanks, just what I need to hear :-) Can you check your phishing.bad.sites.conf file is being updated and that the URL to the Web Bug Replacement is not on www.sng.ecs.soton.ac.uk any more? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2ZClEfZZRxQVtlQRAopVAKDWWFts0eA4yXMqEUH3xynwUKDlwgCgyY8f HEBVOkqAVaJgRQzkvMJJ1eM= =1ruC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 13 20:49:50 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 13 20:50:32 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D98BBB.1030105@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> <20080313190408.GA3396@msapiro> <47D98BBB.1030105@ecs.soton.ac.uk> Message-ID: <223f97700803131349p57a2de26x3deed1897f6854c0@mail.gmail.com> On 13/03/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > Mark Sapiro wrote: > > On Wed, Mar 12, 2008 at 10:35:27PM +0000, Julian Field wrote: > > > >> I have just released a new beta, 4.68.3. > >> This contains quite a lot of major new things, some of which are very > >> much "behind the scenes" so I would appreciate it if people could test > >> this out for me. > >> > > > > > > I just installed it. The install and restart had no problems so far. > > > > Great. Thanks for that. > > > > > > >> The major new changes are mostly these: > >> - - Support for F-Prot version 6 scanning daemon, fpscand. This is very fast. > >> - - Support for Vexira and Esets scanners updated. > >> - - Major new delivery system for Web Bug Replacement image and > >> phishing.bad.sites.conf file. This now uses an "anycast" content > >> delivery network graciously provided by Matt Hampton, so big thanks to > >> him. This should make Distributed Denial of Service attacks (which I > >> suffered a couple of weeks ago) virtually impossible as the files are > >> provided by a globally-distributed network of hosts all behind the same > >> URL and IP address. > >> - - New ability to forward messages to a list of email addresses if the > >> messages contain filenames or filetypes matching the rules give in > >> filename.rules.conf and filetype.rules.conf files. > >> > > > > > > Since I see nothing above regarding the Postfix message duplication issue, > > I'm keeping Max Children = 1 for now. > > > > Is anyone else seeing this problem? > At least two reported instances, might affect all... Don't you remember....?:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Mar 13 21:26:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 21:27:33 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119D6D@MED-CORE03-MS1.med.wayne.edu> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D6D@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D99C0C.2080304@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > I updated last night and it's been working fine. The logging for sa > rule actions is working, phishing update worked this morning and I > manually kicked it off and it updated. The web bug replacement is in my > config, but how would one test it. Is there an html test email for > webbugs? > No, just try fetching the file with a web browser and make sure it works please. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, March 13, 2008 3:02 PM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 -- anyone running it? > > > * PGP Bad Signature, Signed by an unverified key: 03/13/08 at 19:02:03 > > Is it running okay otherwise? > I haven't seen much sign of anyone running 4.68.3, the list has been > remarkably quiet :-( > > Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it > being updated at all? (You did run upgrade_MailScanner_conf didn't you?) > Can you check the Web Bug Replacement is coming from www.mailscanner.tv > please? > > Thanks! > Jules. > > Rose, Bobby wrote: > >> Sweet, thanks. Just thought it was oddity since another postmaster >> here asked about it when they saw the log actions. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, March 13, 2008 10:46 AM >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 >> >> Fixed for the next release. >> I have added a line that deletes the "deliver" action if the "delete" >> action has been supplied. Okay with you? >> >> Jules. >> >> Rose, Bobby wrote: >> >> >>> Sorry, what I mean is shouldn't delete be the same thing as >>> "non-delivery". Currently I have to specify both non-delivery & >>> >>> >> delete. >> >> >>> If I just specify delete, the message still comes thru even though in >>> > > >>> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused >>> > > >>> action delete in message m2DBtuAu029683" >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Thursday, March 13, 2008 4:47 AM >>> To: MailScanner discussion >>> Subject: Re: New beta release 4.68.3 >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Rose, Bobby wrote: >>> >>> >>> >>>> The logging for SA_Actions is working. But I have a question, is >>>> this >>>> >>>> >>>> >>> >>> >>> >>>> to correct action to get such messages to be dropped >>>> "non-delivery,delete" or should just "delete" work? >>>> >>>> >>>> >>>> >>> If the Spam Actions included "deliver" then you'll need to include a >>> "non-deliver" or "not-deliver" (or "no-deliver"). It works by >>> massaging the delivery options that are already set. I could make >>> this >>> >>> >> >> >>> a special case I guess if you would prefer. >>> >>> >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Julian Field >>>> Sent: Wednesday, March 12, 2008 6:35 PM >>>> To: MailScanner discussion >>>> Subject: New beta release 4.68.3 >>>> >>>> >>>> >>>>> Old Bad Signature, Signed by an unverified key: 03/12/08 at >>>>> >>>> 22:35:31 >>>> >>>> I have just released a new beta, 4.68.3. >>>> This contains quite a lot of major new things, some of which are >>>> very >>>> >>>> >> >> >>>> much "behind the scenes" so I would appreciate it if people could >>>> test >>>> >>>> >>>> >>> >>> >>> >>>> this out for me. >>>> >>>> The major new changes are mostly these: >>>> - Support for F-Prot version 6 scanning daemon, fpscand. This is >>>> very >>>> >>>> >> >> >>>> fast. >>>> - Support for Vexira and Esets scanners updated. >>>> - Major new delivery system for Web Bug Replacement image and >>>> phishing.bad.sites.conf file. This now uses an "anycast" content >>>> delivery network graciously provided by Matt Hampton, so big thanks >>>> to >>>> >>>> >>>> >>> >>> >>> >>>> him. This should make Distributed Denial of Service attacks (which I >>>> > > >>>> suffered a couple of weeks ago) virtually impossible as the files >>>> are >>>> >>>> >> >> >>>> provided by a globally-distributed network of hosts all behind the >>>> same URL and IP address. >>>> - New ability to forward messages to a list of email addresses if >>>> the >>>> >>>> >> >> >>>> messages contain filenames or filetypes matching the rules give in >>>> filename.rules.conf and filetype.rules.conf files. >>>> >>>> Download as usual from www.mailscanner.info. >>>> >>>> Please let me know how you get on with this release. >>>> Thanks folks! >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> MailScanner customisation, or any advanced system administration >>>> >>>> >> help? >> >> >>>> Contact me at Jules@Jules.FM >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >>>> > > >>>> public key: http://www.jules.fm/julesfm.asc >>>> >>>> >>>> * Julian Field >>>> * 0x1415B654 - Unverified(L) >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> > boss? > >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.8.1 (Build 2523) >>> Comment: (pgp-secured) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT >>> dxvJup3IppeyoGCKfFXqAIs= >>> =uEGl >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654 - Unverified(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2ZwNEfZZRxQVtlQRAlRqAKDiDugXsIGk0RUn3EHq7px+9LplIQCggAaZ HY1YEzHoz27hMsGCW7JyEck= =uLP6 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 13 21:27:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 13 21:27:46 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119D6E@MED-CORE03-MS1.med.wayne.edu> References: <47D85AAF.2060405@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CE5@MED-CORE03-MS1.med.wayne.edu> <47D8EA0E.1060305@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119CF4@MED-CORE03-MS1.med.wayne.edu> <47D93E22.8010300@ecs.soton.ac.uk><610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D6E@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47D99C27.20206@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > I checked my logs and found some emails that web bug that were disarmed > and checked those messages from the mailboxes and they appear to be > fine. > Great! > -----Original Message----- > From: Rose, Bobby > Sent: Thursday, March 13, 2008 4:24 PM > To: 'MailScanner discussion' > Subject: RE: New beta release 4.68.3 -- anyone running it? > > I updated last night and it's been working fine. The logging for sa > rule actions is working, phishing update worked this morning and I > manually kicked it off and it updated. The web bug replacement is in my > config, but how would one test it. Is there an html test email for > webbugs? > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Thursday, March 13, 2008 3:02 PM > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 -- anyone running it? > > > * PGP Bad Signature, Signed by an unverified key: 03/13/08 at 19:02:03 > > Is it running okay otherwise? > I haven't seen much sign of anyone running 4.68.3, the list has been > remarkably quiet :-( > > Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it > being updated at all? (You did run upgrade_MailScanner_conf didn't you?) > Can you check the Web Bug Replacement is coming from www.mailscanner.tv > please? > > Thanks! > Jules. > > Rose, Bobby wrote: > >> Sweet, thanks. Just thought it was oddity since another postmaster >> here asked about it when they saw the log actions. >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Thursday, March 13, 2008 10:46 AM >> To: MailScanner discussion >> Subject: Re: New beta release 4.68.3 >> >> Fixed for the next release. >> I have added a line that deletes the "deliver" action if the "delete" >> action has been supplied. Okay with you? >> >> Jules. >> >> Rose, Bobby wrote: >> >> >>> Sorry, what I mean is shouldn't delete be the same thing as >>> "non-delivery". Currently I have to specify both non-delivery & >>> >>> >> delete. >> >> >>> If I just specify delete, the message still comes thru even though in >>> > > >>> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused >>> > > >>> action delete in message m2DBtuAu029683" >>> >>> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Thursday, March 13, 2008 4:47 AM >>> To: MailScanner discussion >>> Subject: Re: New beta release 4.68.3 >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> >>> Rose, Bobby wrote: >>> >>> >>> >>>> The logging for SA_Actions is working. But I have a question, is >>>> this >>>> >>>> >>>> >>> >>> >>> >>>> to correct action to get such messages to be dropped >>>> "non-delivery,delete" or should just "delete" work? >>>> >>>> >>>> >>>> >>> If the Spam Actions included "deliver" then you'll need to include a >>> "non-deliver" or "not-deliver" (or "no-deliver"). It works by >>> massaging the delivery options that are already set. I could make >>> this >>> >>> >> >> >>> a special case I guess if you would prefer. >>> >>> >>> >>>> >>>> >>>> -----Original Message----- >>>> From: mailscanner-bounces@lists.mailscanner.info >>>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>> Julian Field >>>> Sent: Wednesday, March 12, 2008 6:35 PM >>>> To: MailScanner discussion >>>> Subject: New beta release 4.68.3 >>>> >>>> >>>> >>>>> Old Bad Signature, Signed by an unverified key: 03/12/08 at >>>>> >>>> 22:35:31 >>>> >>>> I have just released a new beta, 4.68.3. >>>> This contains quite a lot of major new things, some of which are >>>> very >>>> >>>> >> >> >>>> much "behind the scenes" so I would appreciate it if people could >>>> test >>>> >>>> >>>> >>> >>> >>> >>>> this out for me. >>>> >>>> The major new changes are mostly these: >>>> - Support for F-Prot version 6 scanning daemon, fpscand. This is >>>> very >>>> >>>> >> >> >>>> fast. >>>> - Support for Vexira and Esets scanners updated. >>>> - Major new delivery system for Web Bug Replacement image and >>>> phishing.bad.sites.conf file. This now uses an "anycast" content >>>> delivery network graciously provided by Matt Hampton, so big thanks >>>> to >>>> >>>> >>>> >>> >>> >>> >>>> him. This should make Distributed Denial of Service attacks (which I >>>> > > >>>> suffered a couple of weeks ago) virtually impossible as the files >>>> are >>>> >>>> >> >> >>>> provided by a globally-distributed network of hosts all behind the >>>> same URL and IP address. >>>> - New ability to forward messages to a list of email addresses if >>>> the >>>> >>>> >> >> >>>> messages contain filenames or filetypes matching the rules give in >>>> filename.rules.conf and filetype.rules.conf files. >>>> >>>> Download as usual from www.mailscanner.info. >>>> >>>> Please let me know how you get on with this release. >>>> Thanks folks! >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> MailScanner customisation, or any advanced system administration >>>> >>>> >> help? >> >> >>>> Contact me at Jules@Jules.FM >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >>>> > > >>>> public key: http://www.jules.fm/julesfm.asc >>>> >>>> >>>> * Julian Field >>>> * 0x1415B654 - Unverified(L) >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>>> >>>> >>>> >>> Jules >>> >>> - -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> > boss? > >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: PGP Desktop 9.8.1 (Build 2523) >>> Comment: (pgp-secured) >>> Charset: ISO-8859-1 >>> >>> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT >>> dxvJup3IppeyoGCKfFXqAIs= >>> =uEGl >>> -----END PGP SIGNATURE----- >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > public key: http://www.jules.fm/julesfm.asc > > > * Julian Field > * 0x1415B654 - Unverified(L) > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH2ZwpEfZZRxQVtlQRAt3SAJ9NDsT5E363CCoEk/GFCRLzUICh/wCg8wYN scIWTYgelLzNe+OmRFbX/QU= =dWjR -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 13 21:35:11 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 13 21:35:46 2008 Subject: Sendmail cannot write to queue In-Reply-To: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> References: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> Message-ID: <223f97700803131435m3b14e3d7qd408d991c00ebfb1@mail.gmail.com> On 13/03/2008, Devon Harding wrote: > For some reason sendmail is not writing to its queue directory to send mail. > What could be causing this? > > Mar 13 14:19:28 raid sendmail[3087]: m2DIJSML003087: SYSERR(root): collect: > Cannot write ./dfm2DIJSML003087 (bfcommit, uid=0, gid=51): Permission denied > Mar 13 14:19:28 raid sendmail[3087]: m2DIJSML003087: > from=, size=463, class=0, nrcpts=1, proto=ESMTP, > daemon=MTA, relay=raid.domain.com [127.0.0.1] > Mar 13 14:19:28 raid sm-msp-queue[3085]: m2DF78jA002134: > to=devon@domain.com, ctladdr=root (0/0), delay=03:12:20, xdelay=00:00:00, > mailer=relay, pri=1200307, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > stat=Deferred: 421 4.3.0 collect: Cannot write ./dfm2DIJSML003087 (bfcommit, > uid=0, gid=51): Permission denied > Mar 13 14:19:28 raid sm-msp-queue[3085]: m2DEP5RL004885: to=root, > delay=03:54:23, xdelay=00:00:00, mailer=relay, pri=2374400, > relay=[127.0.0.1], dsn=4.0.0, stat=Deferred > > Here are the permissions of the queue directories: > > drwxrwxr-x 2 root mail 4.0K 2008-03-12 09:12 mail > drwxr-xr-x 4 root root 4.0K 2008-03-12 09:50 MailScanner > drwx------ 2 root mail 4.0K 2008-03-12 08:17 mqueue > drwx------ 2 root root 4.0K 2008-03-04 07:09 mqueue.in > > Any Ideas? > How about mount and df? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner.info at tedworld.com Thu Mar 13 22:01:25 2008 From: mailscanner.info at tedworld.com (tlum) Date: Thu Mar 13 22:02:07 2008 Subject: Res: Res: Problems in write maillog to SQL In-Reply-To: <806846.46448.qm@web53506.mail.re2.yahoo.com> References: <806846.46448.qm@web53506.mail.re2.yahoo.com> Message-ID: <47D9A435.5080000@tedworld.com> Interesting!!! In MailWatch.pm enable: DBI->trace(2,'/tmp/dbitrace.log'); (remove the '#'). Make sure the log points to some place where the MailScanner user has access to write. If this is a busy server then enable it only as long as necessary as the file can grow quite large quite quickly. Examine the resulting log for problems. Be aware that a lot of unrelated transaction will also be logged and that some errors are normal. Below is an example of a correct transaction: mysql_st_internal_execute MYSQL_VERSION_ID 50022 >parse_params statement INSERT INTO maillog (timestamp, id, size, from_address, from_domain, to_address, to_domain, subject, clientip, archive, isspam, ishighspam, issaspam, isrblspam, spamwhitelisted, spamblacklisted, sascore, spamreport, virusinfected, nameinfected, otherinfected, report, ismcp, ishighmcp, issamcp, mcpwhitelisted, mcpblacklisted, mcpsascore, mcpreport, hostname, date, time, headers, quarantined) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?) Binding parameters: INSERT INTO maillog (timestamp, id, size, from_address, from_domain, to_address, to_domain, subject, clientip, archive, isspam, ishighspam, issaspam, isrblspam, spamwhitelisted, spamblacklisted, sascore, spamreport, virusinfected, nameinfected, otherinfected, report, ismcp, ishighmcp, issamcp, mcpwhitelisted, mcpblacklisted, mcpsascore, mcpreport, hostname, date, time, headers, quarantined) VALUES ('2008-03-11 15:48:28','B025390101.C8002','22822','mailscanner-bounces@lists.mailscanner.info','lists.mailscanner.info','mailscanner.info@tedworld.com','tedworld.com','RE: Strange message ! ... [truncated for readability] ... mailscanner-bounces@lists.mailscanner.info','0') <- dbd_st_execute returning imp_sth->row_num 1 <- execute= 1 at MailWatch.pm line 133 It is at this point the mysql insert is happening. Bernardo Goulart de Faria wrote: > The MailScanner not write in MySQL... > > Is empity: > > mysql> select count(*) from mailscanner.maillog; > +----------+ > | count(*) | > +----------+ > | 0 | > +----------+ > 1 row in set (0.00 sec) > > > Tanks > Faria, Bernardo > > ----- Mensagem original ---- > De: tlum > Para: MailScanner discussion > Enviadas: Quinta-feira, 13 de Mar?o de 2008 16:48:31 > Assunto: Re: Res: Problems in write maillog to SQL > > CORRECTION: I meant to say: > > At this point I would bet you have a problem with MailWatch retrieving > the data from the database. > > tlum wrote: > > Are you sure the record is not in the database and its not a MailWatch > > issue? If you got that far so silently - no errors - then it almost > > certainly has put the record in the table. I would check the database. > > > > # mysql -u -p (if the db is not local you need -h > > also) > > Enter password: > > Welcome to the MySQL monitor. Commands end with ; or \g. > > Your MySQL connection id is 19266 to server version: 5.0.22 > > > > Type 'help;' or '\h' for help. Type '\c' to clear the buffer. > > > > mysql> > > > > then try "select count(*) from .maillog;" > > > > and you'll get something like this: > > > > mysql> select count(*) from mailscanner.maillog; > > +----------+ > > | count(*) | > > +----------+ > > | 1875 | > > +----------+ > > 1 row in set (0.01 sec) > > > > mysql> > > > > At this point I would bet you have a problem with MailScanner > > retrieving the data from the database. > > > > Bernardo Goulart de Faria wrote: > >> Hi, > >> > >> I have these three messages on my maillog: > >> > >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Config: calling custom > >> init function MailWatchLogging > >> Mar 12 13:08:23 angra-ms MailScanner[7185]: Started SQL Logging child > >> Mar 12 13:17:56 angra-ms MailScanner[7147]: Logging message > >> 562BB168F42.D55BE to SQL > >> > >> What perl module might be missing? > >> > >> Tanks > >> Faria, Bernardo > >> > >> ----- Mensagem original ---- > >> De: tlum > > >> Para: MailScanner discussion > > >> Enviadas: Quinta-feira, 13 de Mar?o de 2008 12:59:07 > >> Assunto: Re: Problems in write maillog to SQL > >> > >> When MailScanner starts up you should see message similar to following > >> in maillog: > >> > >> Mar 13 11:22:25 ms1srvp01 MailScanner[23349]: Started SQL Logging child > >> > >> When mail is received you should see message similar to following in > >> maillog: > >> > >> Mar 13 11:22:47 ms1srvp01 MailScanner[23336]: Logging message > >> 4A8CC900F9.7D18D to SQL > >> Mar 13 11:22:47 ms1srvp01 MailScanner[23338]: 4A8CC900F9.7D18D: Logged > >> to MailWatch SQL > >> > >> If you don't see the first one then custom logging is not being > >> registered. If you don't see the second then there is a problem with > >> "Always Looked Up Last = &MailWatchLogging" in MailScanner.conf. > >> > >> Probably the most common reason is not connecting to the database for > >> some reason... missing perl module, wrong credentials (bad connect > >> strings), wrong permissions, etc. > >> > >> Bernardo Goulart de Faria wrote: > >> > Hello, > >> > > >> > I have one MailServer using Fedora 7 (2.6.21-1.3194.fc7) i686 i386 > >> > GNU/Linux + Postfix 2.5.1 + MailScanner 4.66.5-3 + MYSQL Ver 14.12 > >> > Distrib 5.0.45 + mailwatch-1.0.4 + PHP 5.2.4. > >> > > I followed the guide instructions for the site. On file > header_check > >> > of postfix, I put / ^ Received: / HOLD, set all permissions in > >> > /var/postfix and /var/MailScanner. I installed the MailWatch and > >> > changed information, User and Password in MailWatch.pm and > >> > SQLBlacklist.pm, moved to > >> > /usr/lib/MailScanner/MailScanner/CustomFunctions/. > >> > Start the MailScanner and everything works normally, but the messages > >> > are not recorded in the table in MySQL maillog. The permissions of > >> > GRANT in the bank also has been set. > >> > > >> > Tanks! > >> > Faria, Bernardo > >> > > >> > > >> > ------------------------------------------------------------------------ > >> > Abra sua conta no Yahoo! Mail > >> > > >> , > >> > o ?nico sem limite de espa?o para armazenamento! > >> > -- > >> > This message has been scanned for viruses and > >> > dangerous content by *MailScanner* , > >> and is > >> > believed to be clean. > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > > >> > > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > ------------------------------------------------------------------------ > >> Abra sua conta no Yahoo! Mail > >> > , > >> o ?nico sem limite de espa?o para armazenamento! > >> -- > >> This message has been scanned for viruses and > >> dangerous content by *MailScanner* , > >> and is > >> believed to be clean. > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > Abra sua conta no Yahoo! Mail > , > o ?nico sem limite de espa?o para armazenamento! > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Thu Mar 13 22:03:21 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Mar 13 22:03:54 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <47D97A29.6030605@ecs.soton.ac.uk> References: <47D93E22.8010300@ecs.soton.ac.uk> <610C64469748E84DB6BDD5BD23F01A76119D15@MED-CORE03-MS1.med.wayne.edu> <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: <20080313220321.GA3456@msapiro> On Thu, Mar 13, 2008 at 07:02:01PM +0000, Julian Field wrote: > > Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it > being updated at all? (You did run upgrade_MailScanner_conf didn't you?) > Can you check the Web Bug Replacement is coming from www.mailscanner.tv > please? Yes, since installing 4.68.3, my phishing.bad.sites.conf file update is running normally and the file is updated. And yes, the web bug replacement is http://www.mailscanner.tv/1x1spacer.gif -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Thu Mar 13 22:11:48 2008 From: mark at msapiro.net (Mark Sapiro) Date: Thu Mar 13 22:11:54 2008 Subject: Duplicate Messages - was: New beta release 4.68.3 In-Reply-To: <47D98BBB.1030105@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> <20080313190408.GA3396@msapiro> <47D98BBB.1030105@ecs.soton.ac.uk> Message-ID: <20080313221148.GB3456@msapiro> On Thu, Mar 13, 2008 at 08:16:59PM +0000, Julian Field wrote: > > Mark Sapiro wrote: > > > > Since I see nothing above regarding the Postfix message duplication issue, > > I'm keeping Max Children = 1 for now. > > > Is anyone else seeing this problem? Besides my report, there was a report last month that started the thread at . -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From doc at maddoc.net Thu Mar 13 22:25:56 2008 From: doc at maddoc.net (Doc Schneider) Date: Thu Mar 13 22:26:58 2008 Subject: New beta release 4.68.3 In-Reply-To: <47D9909B.5060402@ecs.soton.ac.uk> References: <47D85AAF.2060405@ecs.soton.ac.uk> <47D98836.5090907@maddoc.net> <47D9909B.5060402@ecs.soton.ac.uk> Message-ID: <47D9A9F4.5060604@maddoc.net> Julian Field wrote: > > > Doc Schneider wrote: >> Julian Field wrote: > >>> I have just released a new beta, 4.68.3. >>> >>> Please let me know how you get on with this release. >>> Thanks folks! >>> >>> Jules >>> >>> >> Running it here and seeing no issues. Good job Jules! > > Thanks, just what I need to hear :-) > Can you check your phishing.bad.sites.conf file is being updated and > that the URL to the Web Bug Replacement is not on > www.sng.ecs.soton.ac.uk any more? > > Jules > Yep all that is being updated correctly aqnd the url is now at mailscanner.tv -- -Doc Lincoln, NE. http://www.fsl.com/ http://www.genealogyforyou.com/ http://www.cairnproductions.com/ From jeff at lightspeed.com.sg Thu Mar 13 23:45:46 2008 From: jeff at lightspeed.com.sg (Jeffrey Goh) Date: Thu Mar 13 23:46:30 2008 Subject: MailScanner Digest, Vol 27, Issue 29 In-Reply-To: <200803131819.m2DIFLxb004381@safir.blacknight.ie> References: <200803131819.m2DIFLxb004381@safir.blacknight.ie> Message-ID: <47D9BCAA.4080300@lightspeed.com.sg> In bash: cd /usr/local/Sophos/ide ; for i in ../usr/local/Sophos/lib/sus[0-9][0-9].vdb ; do ln -s $i ; done mailscanner-request@lists.mailscanner.info wrote: > Date: Thu, 13 Mar 2008 14:52:06 +0000 > From: "Sylvain Phaneuf" > Subject: RE: Sophos Error message > To: "MailScanner discussion" > Message-ID: <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> > Content-Type: text/plain; charset=US-ASCII > > Sorry to be so picky... Is there a way to fix this without having to install the latest stable version? > > I am away from the office for a couple of weeks and I don't want to do an installation remotely... > > Perhaps a new Sophos.install just for me? :-) > > Or a quick how-to to add the missing symlinks, or whatever a quick fix could be? > > > Regards, > > Sylvain > -- ============================================ Sylvain Phaneuf --- > Systems Manager | phone : +44 (0)1865 221323 Information Management > Services Unit - Medical Sciences Division Oxford University | email : > sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | fax > : +44 (0) 1865 221322 Oxford OX3 9DU England > ============================================ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/ca061cf3/attachment.html From jeff at lightspeed.com.sg Thu Mar 13 23:54:03 2008 From: jeff at lightspeed.com.sg (Jeffrey Goh) Date: Thu Mar 13 23:54:19 2008 Subject: Sophos Error message In-Reply-To: <47D9BCAA.4080300@lightspeed.com.sg> References: <200803131819.m2DIFLxb004381@safir.blacknight.ie> <47D9BCAA.4080300@lightspeed.com.sg> Message-ID: <47D9BE9B.7080408@lightspeed.com.sg> Actually, updating/patching /usr/lib/MailScanner/sophos.autoupdate is better, otherwise the next Sophos download (a month away) will break again. I need to sleep more. Missed Julian Fields' post on this topic earlier. Regards, - jeff Jeffrey Goh wrote: > In bash: > > cd /usr/local/Sophos/ide ; for i in > ../usr/local/Sophos/lib/sus[0-9][0-9].vdb ; do ln -s $i ; done > > mailscanner-request@lists.mailscanner.info wrote: >> Date: Thu, 13 Mar 2008 14:52:06 +0000 >> From: "Sylvain Phaneuf" >> Subject: RE: Sophos Error message >> To: "MailScanner discussion" >> Message-ID: <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> >> Content-Type: text/plain; charset=US-ASCII >> >> Sorry to be so picky... Is there a way to fix this without having to install the latest stable version? >> >> I am away from the office for a couple of weeks and I don't want to do an installation remotely... >> >> Perhaps a new Sophos.install just for me? :-) >> >> Or a quick how-to to add the missing symlinks, or whatever a quick fix could be? >> >> >> Regards, >> >> Sylvain >> -- ============================================ Sylvain Phaneuf --- >> Systems Manager | phone : +44 (0)1865 221323 Information Management >> Services Unit - Medical Sciences Division Oxford University | email : >> sylvain.phaneuf@imsu.ox.ac.uk Room 3A25B John Radcliffe Hospital | >> fax : +44 (0) 1865 221322 Oxford OX3 9DU England >> ============================================ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/52834975/attachment.html From devonharding at gmail.com Fri Mar 14 02:30:23 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 02:30:58 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E33F79A9@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E33F79A9@kronos.secure-enterprise.com> Message-ID: <2baac6140803131930j1bed2b37pe66492217acea13c@mail.gmail.com> I'm having the same issue. CPU goes to 100% and getting 'MailScanner: extracting attachments' from a ps aux. What was the fix? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/605513b3/attachment.html From devonharding at gmail.com Fri Mar 14 02:33:44 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 02:34:21 2008 Subject: Sendmail cannot write to queue In-Reply-To: <223f97700803131435m3b14e3d7qd408d991c00ebfb1@mail.gmail.com> References: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> <223f97700803131435m3b14e3d7qd408d991c00ebfb1@mail.gmail.com> Message-ID: <2baac6140803131933l31b8ba98n908d413de5b1ac21@mail.gmail.com> > > 7:09 mqueue.in > > > > Any Ideas? > > > How about mount and df? > I just disabled SElinux and it now works. Not sure what the tie with the two is? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080313/9b269b01/attachment.html From devonharding at gmail.com Fri Mar 14 04:05:09 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 04:05:42 2008 Subject: MailScanner 4.67.6 Attachment Issue In-Reply-To: <47CEFD4E.2020105@kettle.org.uk> References: <47CD3098.8000300@ecs.soton.ac.uk> <47CD5AD6.4010703@kettle.org.uk> <47CD6442.2020700@ecs.soton.ac.uk> <47CDAF24.4060304@kettle.org.uk> <47CEE139.1060509@kettle.org.uk> <47CEF46E.5030406@ecs.soton.ac.uk> <47CEFD4E.2020105@kettle.org.uk> Message-ID: <2baac6140803132105q47c6fb70pd80c482182222462@mail.gmail.com> > > > > i too was very surprised but that is what happened. first time i've had > any issue with the upgrade and I've been using it for years. just bad > look i guess. Same thing here. I've tried 4.68 with no success. Still 100% MailScanner: extracting attachments What else can I do? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/1a19bfaa/attachment.html From hvdkooij at vanderkooij.org Fri Mar 14 06:01:04 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Fri Mar 14 06:02:45 2008 Subject: Skip RBL checks for authenitcated users In-Reply-To: <002801c8841f$a8b2ec90$6396e6c1@gugu> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <002801c8841f$a8b2ec90$6396e6c1@gugu> Message-ID: <47DA14A0.6070401@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei Steriopol wrote: | Hello | | User's MUA is configured to send mail via SMTP on the server MailScanner | is running. The MTA is sendmail and accepts mail from authenticated users. | | How can I make MailScanner skip RBL checks for authenticated users? Was it "hijack a thread' day yesterday? This is a hijack of a hijack by now: References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> MailScanner is not doing any RBL anyway. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH2hSeBvzDRVjxmYERArzSAJ4qAKmocbm/4V0YvTTRHxn6yS/vjwCfetIu vc+S19zm8/IuKJ3CJkFdovk= =Mnkd -----END PGP SIGNATURE----- From O.FRANCHET at dominux.net Fri Mar 14 08:41:33 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Fri Mar 14 08:42:12 2008 Subject: ERROR::UNKNOWN CLAMD RETURN Message-ID: Hi everyone I installed MailScanner/Postfix/SpamAssassin and I have this error in the maillog : Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 messages, 3051 bytes Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content Scanning: Starting Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/MailScanner/incoming/17418 Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd found 1 infections Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 viruses Only 1 result from Google (an old thread from this list but no help for me). [root@centos postfix]# MailScanner -v Running on Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 2008 i686 athlon i386 GNU/Linux This is CentOS release 5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.67.6 ANY IDEA ? Cordialement/Regards, Olivier -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/e7609065/attachment.html From MailScanner at ecs.soton.ac.uk Fri Mar 14 09:15:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 09:16:27 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: Message-ID: <47DA423B.3090207@ecs.soton.ac.uk> What is your "Virus Scanners =" setting in MailScanner.conf, what does "MailScanner --lint" produce and do you have clamd running ("service clamd start" to start it)? Olivier FRANCHET wrote: > > Hi everyone > > I installed MailScanner/Postfix/SpamAssassin and I have this error in > the maillog : > > Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 > messages, 3051 bytes > Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content Scanning: > Starting > Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: > UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: > /var/spool/MailScanner/incoming/17418 > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd found > 1 infections > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 > viruses > > Only 1 result from Google (an old thread from this list but no help > for me). > > > [root@centos postfix]# MailScanner -v > Running on > Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 > EST 2008 > i686 athlon i386 GNU/Linux > This is CentOS release 5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.67.6 > > > ANY IDEA ? > > Cordialement/Regards, > Olivier > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Sylvain.Phaneuf at imsu.ox.ac.uk Fri Mar 14 09:17:42 2008 From: Sylvain.Phaneuf at imsu.ox.ac.uk (Sylvain Phaneuf) Date: Fri Mar 14 09:18:32 2008 Subject: Sophos Error message In-Reply-To: <47D949ED.90401@ecs.soton.ac.uk> References: <5bd7d8a047285d4a9928542080de76f4@solidstatelogic.com> <47D93F96.FEA8.00EB.0@imsu.ox.ac.uk><47D93F96.FEA8.00EB.0@imsu.ox.ac.uk> <47D949ED.90401@ecs.soton.ac.uk> Message-ID: <47DA42B5.FEA8.00EB.0@imsu.ox.ac.uk> Job done, and I can sleep well for the next few weeks As usual, you've done a great job Julian ! All the best for the coming holidays + lot's of chocolate!!! Sylvain >>> On 13/03/2008 at 15:36, Julian Field wrote: > You just need to replace /usr/lib/MailScanner/sophos-autoupdate. > A new one is attached. > > Sylvain Phaneuf wrote: >> Sorry to be so picky... Is there a way to fix this without having to > install the latest stable version? >> >> I am away from the office for a couple of weeks and I don't want to do an > installation remotely... >> >> Perhaps a new Sophos.install just for me? :-) >> >> Or a quick how-to to add the missing symlinks, or whatever a quick fix could > be? >> >> >> Regards, >> >> Sylvain >> > > Jules From martinh at solidstatelogic.com Fri Mar 14 09:34:56 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 14 09:35:46 2008 Subject: New beta release 4.68.3 -- anyone running it? In-Reply-To: <47D97A29.6030605@ecs.soton.ac.uk> Message-ID: <9f585e0a8d879e4d9d9233e37ff3e73d@solidstatelogic.com> Jules Been running just under 24 hours.. Update is working OK, trawling thought trying to find a web bug replacement to double check. But so far so good.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 13 March 2008 19:02 > To: MailScanner discussion > Subject: Re: New beta release 4.68.3 -- anyone running it? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is it running okay otherwise? > I haven't seen much sign of anyone running 4.68.3, the list has been > remarkably quiet :-( > > Can you check your /etc/MailScanner/phishing.bad.sites.conf file. Is it > being updated at all? (You did run upgrade_MailScanner_conf didn't you?) > Can you check the Web Bug Replacement is coming from www.mailscanner.tv > please? > > Thanks! > Jules. > > Rose, Bobby wrote: > > Sweet, thanks. Just thought it was oddity since another postmaster here > > asked about it when they saw the log actions. > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info > > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > > Field > > Sent: Thursday, March 13, 2008 10:46 AM > > To: MailScanner discussion > > Subject: Re: New beta release 4.68.3 > > > > Fixed for the next release. > > I have added a line that deletes the "deliver" action if the "delete" > > action has been supplied. Okay with you? > > > > Jules. > > > > Rose, Bobby wrote: > > > >> Sorry, what I mean is shouldn't delete be the same thing as > >> "non-delivery". Currently I have to specify both non-delivery & > >> > > delete. > > > >> If I just specify delete, the message still comes thru even though in > >> the logs, it says "SpamAssassin Rule Actions: rule bobby_test caused > >> action delete in message m2DBtuAu029683" > >> > >> > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >> Julian Field > >> Sent: Thursday, March 13, 2008 4:47 AM > >> To: MailScanner discussion > >> Subject: Re: New beta release 4.68.3 > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> > >> > >> Rose, Bobby wrote: > >> > >> > >>> The logging for SA_Actions is working. But I have a question, is > >>> this > >>> > >>> > >> > >> > >>> to correct action to get such messages to be dropped > >>> "non-delivery,delete" or should just "delete" work? > >>> > >>> > >>> > >> If the Spam Actions included "deliver" then you'll need to include a > >> "non-deliver" or "not-deliver" (or "no-deliver"). It works by > >> massaging the delivery options that are already set. I could make this > >> > > > > > >> a special case I guess if you would prefer. > >> > >> > >>> > >>> > >>> -----Original Message----- > >>> From: mailscanner-bounces@lists.mailscanner.info > >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >>> Julian Field > >>> Sent: Wednesday, March 12, 2008 6:35 PM > >>> To: MailScanner discussion > >>> Subject: New beta release 4.68.3 > >>> > >>> > >>> * PGP Bad Signature, Signed by an unverified key: 03/12/08 at > >>> 22:35:31 > >>> > >>> I have just released a new beta, 4.68.3. > >>> This contains quite a lot of major new things, some of which are very > >>> > > > > > >>> much "behind the scenes" so I would appreciate it if people could > >>> test > >>> > >>> > >> > >> > >>> this out for me. > >>> > >>> The major new changes are mostly these: > >>> - Support for F-Prot version 6 scanning daemon, fpscand. This is very > >>> > > > > > >>> fast. > >>> - Support for Vexira and Esets scanners updated. > >>> - Major new delivery system for Web Bug Replacement image and > >>> phishing.bad.sites.conf file. This now uses an "anycast" content > >>> delivery network graciously provided by Matt Hampton, so big thanks > >>> to > >>> > >>> > >> > >> > >>> him. This should make Distributed Denial of Service attacks (which I > >>> suffered a couple of weeks ago) virtually impossible as the files are > >>> > > > > > >>> provided by a globally-distributed network of hosts all behind the > >>> same URL and IP address. > >>> - New ability to forward messages to a list of email addresses if the > >>> > > > > > >>> messages contain filenames or filetypes matching the rules give in > >>> filename.rules.conf and filetype.rules.conf files. > >>> > >>> Download as usual from www.mailscanner.info. > >>> > >>> Please let me know how you get on with this release. > >>> Thanks folks! > >>> > >>> Jules > >>> > >>> -- > >>> Julian Field MEng CITP CEng > >>> www.MailScanner.info > >>> Buy the MailScanner book at www.MailScanner.info/store > >>> > >>> MailScanner customisation, or any advanced system administration > >>> > > help? > > > >>> Contact me at Jules@Jules.FM > >>> > >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP > >>> public key: http://www.jules.fm/julesfm.asc > >>> > >>> > >>> * Julian Field > >>> * 0x1415B654 - Unverified(L) > >>> > >>> > >>> -- > >>> This message has been scanned for viruses and dangerous content by > >>> MailScanner, and is believed to be clean. > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> -- > >>> MailScanner mailing list > >>> mailscanner@lists.mailscanner.info > >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >>> > >>> Before posting, read http://wiki.mailscanner.info/posting > >>> > >>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> > >> Jules > >> > >> - -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.8.1 (Build 2523) > >> Comment: (pgp-secured) > >> Charset: ISO-8859-1 > >> > >> wj8DBQFH2OoOEfZZRxQVtlQRAiE1AJ9Vg7+KbUpDd1SlTtCAuta+ibXbVgCg1iNT > >> dxvJup3IppeyoGCKfFXqAIs= > >> =uEGl > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and dangerous content by > >> MailScanner, and is believed to be clean. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH2XorEfZZRxQVtlQRAtGqAJ92Owa6g/bhBYxRccmYi2lN7kFtGwCffPNv > RRwDL4K1Sb6Rc1ZZKaFADG4= > =A0ix > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From O.FRANCHET at dominux.net Fri Mar 14 10:06:01 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Fri Mar 14 10:09:51 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: Message-ID: [root@centos postfix]# MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 09:41:33 : > [image supprim?e] > > ERROR::UNKNOWN CLAMD RETURN > > Olivier FRANCHET > > en : > > mailscanner > > 14/03/2008 09:43 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > > Hi everyone > > I installed MailScanner/Postfix/SpamAssassin and I have this error > in the maillog : > > Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 > messages, 3051 bytes > Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content > Scanning: Starting > Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: > UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/ > MailScanner/incoming/17418 > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd > found 1 infections > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 viruses > > Only 1 result from Google (an old thread from this list but no help for me). > > > [root@centos postfix]# MailScanner -v > Running on > Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 > EST 2008 > i686 athlon i386 GNU/Linux > This is CentOS release 5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.67.6 > > > ANY IDEA ? > > Cordialement/Regards, > Olivier > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/6d020989/attachment.html From and at missme.ro Fri Mar 14 10:16:29 2008 From: and at missme.ro (Andrei Steriopol) Date: Fri Mar 14 10:17:07 2008 Subject: Skip RBL checks for authenitcated users References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com><002801c8841f$a8b2ec90$6396e6c1@gugu> <47DA14A0.6070401@vanderkooij.org> Message-ID: <007b01c885bc$78c23b00$6396e6c1@gugu> MailScanner does RBL checks: for instance the the next test message got a spamassassin score of -1.68 but beacaues it was listed in CBL got quarantined. I need a way to whitelist authenticated dial-up users on my server. Any ideas? Mar 14 11:58:36 rr sendmail[20873]: STARTTLS=server, relay=gprs-81-12-224-203.vodafone.ro [81.12.224.203] (may be forged), version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128 Mar 14 11:58:39 rr sendmail[20873]: AUTH=server, relay=gprs-81-12-224-203.vodafone.ro [81.12.224.203] (may be forged), authid=xxx, mech=LOGIN, bits=0 Mar 14 11:58:43 rr sendmail[20873]: m2E9wVVK020873: from=xxx@xxx.xx, size=1141, class=0, nrcpts=1, msgid=000a01c885b9$fc36e880$291b1aac@xxxxxx, proto=ESMTP, daemon=MTA, relay=gprs-81-12-224-203.vodafone.ro [81.12.224.203] (may be forged) Mar 14 11:58:43 rr MailScanner[20085]: New Batch: Scanning 1 messages, 1736 bytes Mar 14 11:58:43 rr MailScanner[20085]: Spam Checks: Starting Mar 14 11:58:43 rr MailScanner[20085]: RBL checks: m2E9wVVK020873 found in spamhaus-ZEN Mar 14 11:58:44 rr MailScanner[20085]: Message m2E9wVVK020873 from 81.12.224.203 (xxx@xxx.xx) to xxx.xx is Mar 14 11:58:44 rr MailScanner[20085]: Spam Checks: Found 1 spam messages Mar 14 11:58:44 rr MailScanner[20085]: Spam Actions: message m2E9wVVK020873 actions are store Mar 14 11:58:45 rr MailScanner[20085]: Spam Checks completed at 999 bytes per second Mar 14 11:58:45 rr MailScanner[20085]: Virus and Content Scanning: Starting Mar 14 11:58:52 rr MailScanner[20085]: Filename Checks: Allowing m2E9wVVK020873 msg-20085-4.txt Mar 14 11:58:52 rr MailScanner[20085]: Filename Checks: Allowing m2E9wVVK020873 msg-20085-5.html (no rule matched) Mar 14 11:58:52 rr MailScanner[20085]: Filetype Checks: Allowing m2E9wVVK020873 msg-20085-4.txt Mar 14 11:58:52 rr MailScanner[20085]: Filetype Checks: Allowing m2E9wVVK020873 msg-20085-5.html Mar 14 11:58:52 rr MailScanner[20085]: Virus Scanning completed at 228 bytes per second Mar 14 11:58:52 rr MailScanner[20085]: Batch completed at 180 bytes per second (1736 / 9) Mar 14 11:58:52 rr MailScanner[20085]: Batch (1 message) processed in 9.63 seconds Mar 14 11:58:52 rr MailScanner[20085]: Logging message m2E9wVVK020873 to SQL Mar 14 11:58:52 rr MailScanner[20018]: m2E9wVVK020873: Logged to MailWatch SQL Mar 14 11:58:52 rr MailScanner[20085]: "Always Looked Up Last" took 0.01 seconds Regards, Andrei ----- Original Message ----- From: "Hugo van der Kooij" To: "MailScanner discussion" Sent: Friday, March 14, 2008 8:01 AM Subject: Re: Skip RBL checks for authenitcated users > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Andrei Steriopol wrote: > | Hello > | > | User's MUA is configured to send mail via SMTP on the server MailScanner > | is running. The MTA is sendmail and accepts mail from authenticated > users. > | > | How can I make MailScanner skip RBL checks for authenticated users? > > Was it "hijack a thread' day yesterday? > > This is a hijack of a hijack by now: > References: > <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> > <47D77CBA.6010706@ddihealth.com> > > MailScanner is not doing any RBL anyway. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFH2hSeBvzDRVjxmYERArzSAJ4qAKmocbm/4V0YvTTRHxn6yS/vjwCfetIu > vc+S19zm8/IuKJ3CJkFdovk= > =Mnkd > -----END PGP SIGNATURE----- > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Mar 14 10:51:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 10:52:27 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: Message-ID: <47DA58BF.60502@ecs.soton.ac.uk> In which case what is your Incoming Work Dir set to in MailScanner.conf? You should not have changed it from the default supplied. To get a working system, you don't need to change any settings in MailScanner.conf at all. Olivier FRANCHET wrote: > > [root@centos postfix]# MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamd > =========================================================================== > > =========================================================================== > > > If any of your virus scanners (clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > Cordialement/Regards, > Olivier @ Dominux > http://www.dominux.net > > mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 > 09:41:33 : > > > [image supprim?e] > > > > ERROR::UNKNOWN CLAMD RETURN > > > > Olivier FRANCHET > > > > en : > > > > mailscanner > > > > 14/03/2008 09:43 > > > > Envoy? par : > > > > mailscanner-bounces@lists.mailscanner.info > > > > Veuillez r?pondre ? MailScanner discussion > > > > > > Hi everyone > > > > I installed MailScanner/Postfix/SpamAssassin and I have this error > > in the maillog : > > > > Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 > > messages, 3051 bytes > > Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content > > Scanning: Starting > > Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: > > UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/ > > MailScanner/incoming/17418 > > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd > > found 1 infections > > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 > viruses > > > > Only 1 result from Google (an old thread from this list but no help > for me). > > > > > > [root@centos postfix]# MailScanner -v > > Running on > > Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 > > EST 2008 > > i686 athlon i386 GNU/Linux > > This is CentOS release 5 (Final) > > This is Perl version 5.008008 (5.8.8) > > > > This is MailScanner version 4.67.6 > > > > > > ANY IDEA ? > > > > Cordialement/Regards, > > Olivier > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From O.FRANCHET at dominux.net Fri Mar 14 11:14:05 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Fri Mar 14 11:14:38 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <47DA58BF.60502@ecs.soton.ac.uk> References: <47DA58BF.60502@ecs.soton.ac.uk> Message-ID: Thank's for your help. Below my Incoming Work Dir : Incoming Work Dir = /var/spool/MailScanner/incoming Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 11:51:43 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Julian Field > > en : > > MailScanner discussion > > 14/03/2008 11:54 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > In which case what is your > Incoming Work Dir > set to in MailScanner.conf? You should not have changed it from the > default supplied. > > To get a working system, you don't need to change any settings in > MailScanner.conf at all. > > Olivier FRANCHET wrote: > > > > [root@centos postfix]# MailScanner --lint > > Trying to setlogsock(unix) > > Checking version numbers... > > Version number in MailScanner.conf (4.67.6) is correct. > > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > > > Checking for SpamAssassin errors (if you use it)... > > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > SpamAssassin reported no errors. > > MailScanner.conf says "Virus Scanners = clamd" > > Found these virus scanners installed: clamd > > =========================================================================== > > > > =========================================================================== > > > > > > If any of your virus scanners (clamd) > > are not listed there, you should check that they are installed correctly > > and that MailScanner is finding them correctly via its > > virus.scanners.conf. > > > > Cordialement/Regards, > > Olivier @ Dominux > > http://www.dominux.net > > > > mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 > > 09:41:33 : > > > > > [image supprim?e] > > > > > > ERROR::UNKNOWN CLAMD RETURN > > > > > > Olivier FRANCHET > > > > > > en : > > > > > > mailscanner > > > > > > 14/03/2008 09:43 > > > > > > Envoy? par : > > > > > > mailscanner-bounces@lists.mailscanner.info > > > > > > Veuillez r?pondre ? MailScanner discussion > > > > > > > > > Hi everyone > > > > > > I installed MailScanner/Postfix/SpamAssassin and I have this error > > > in the maillog : > > > > > > Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 > > > messages, 3051 bytes > > > Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content > > > Scanning: Starting > > > Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: > > > UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/ > > > MailScanner/incoming/17418 > > > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd > > > found 1 infections > > > Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 > > viruses > > > > > > Only 1 result from Google (an old thread from this list but no help > > for me). > > > > > > > > > [root@centos postfix]# MailScanner -v > > > Running on > > > Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 > > > EST 2008 > > > i686 athlon i386 GNU/Linux > > > This is CentOS release 5 (Final) > > > This is Perl version 5.008008 (5.8.8) > > > > > > This is MailScanner version 4.67.6 > > > > > > > > > ANY IDEA ? > > > > > > Cordialement/Regards, > > > Olivier > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean. -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by *MailScanner* , and is > > believed to be clean. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/ac0650bd/attachment.html From theodrake at comcast.net Fri Mar 14 11:20:04 2008 From: theodrake at comcast.net (Ed Bruce) Date: Fri Mar 14 11:21:02 2008 Subject: OT: Re: Skip RBL checks for authenitcated users In-Reply-To: <47DA14A0.6070401@vanderkooij.org> References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <002801c8841f$a8b2ec90$6396e6c1@gugu> <47DA14A0.6070401@vanderkooij.org> Message-ID: <47DA5F64.8080606@comcast.net> Hugo van der Kooij wrote: > Andrei Steriopol wrote: > | Hello > | > | User's MUA is configured to send mail via SMTP on the server MailScanner > | is running. The MTA is sendmail and accepts mail from authenticated > users. > | > | How can I make MailScanner skip RBL checks for authenticated users? > > Was it "hijack a thread' day yesterday? > > This is a hijack of a hijack by now: This had me confused at first. Glad I'm using Thunderbird, else I would stay confused. Ok I'm still confused, just less so... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/bb72f238/signature.bin From glenn.steen at gmail.com Fri Mar 14 11:58:09 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 14 11:58:44 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> Message-ID: <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> On 14/03/2008, Olivier FRANCHET wrote: > > Thank's for your help. Below my Incoming Work Dir : > > Incoming Work Dir = /var/spool/MailScanner/incoming > (snip) What permissions have you on that, what are your Run As User/Group/Permissions settings... And are you by any chance trying to get PF/Clamd(/MailWatch) working? If so, extra attention must be given to group memberships and permissions, since you would need the group clamd is tunning as to be able to access the work directories (and your apache user for the quarantine)... I've seen some advice somewhere for clamd that would be thoroughly unsuitable for Postfix... Can't really remember where though:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rcooper at dwford.com Fri Mar 14 12:05:49 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 14 12:06:29 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: Message-ID: <06d001c885cb$be70d4e0$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Olivier FRANCHET Sent: Friday, March 14, 2008 4:42 AM To: mailscanner@lists.mailscanner.info Subject: ERROR::UNKNOWN CLAMD RETURN Hi everyone I installed MailScanner/Postfix/SpamAssassin and I have this error in the maillog : Mar 14 09:32:54 centos MailScanner[17418]: New Batch: Scanning 1 messages, 3051 bytes Mar 14 09:32:54 centos MailScanner[17418]: Virus and Content Scanning: Starting Mar 14 09:32:54 centos MailScanner[17418]: ClamAVModule::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/MailScanner/incoming/17418 Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Clamd found 1 infections Mar 14 09:32:54 centos MailScanner[17418]: Virus Scanning: Found 1 viruses Only 1 result from Google (an old thread from this list but no help for me). [root@centos postfix]# MailScanner -v Running on Linux centos.xxxx.net 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 2008 i686 athlon i386 GNU/Linux This is CentOS release 5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.67.6 ANY IDEA ? Cordialement/Regards, Olivier [Rick Cooper] Have you checked permissions to ensure that the clamd user/group has access to the incoming directory? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/527002f9/attachment.html From devonharding at gmail.com Fri Mar 14 13:08:29 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 13:09:01 2008 Subject: MailScanner: extracting attachments Message-ID: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> Since I upgraded from 4.66 to 4.67, my MailScanner process has been running at 100% CPU and not processing any messages. Doing a 'ps aux' shows the process 'MailScanner: extracting attachments'. What is the difference between the two versions? What could be causing this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/4c2b4360/attachment.html From rcooper at dwford.com Fri Mar 14 13:25:10 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 14 13:25:48 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> Message-ID: <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> you are the third our fourth unresolved instance of this problem, I have yet to see anyone post an lsof output of the hung process to see if it's doing something funny disk wise when this is happening. Could you list the output of the hung process?It seems to me this happend to me once when I updated MailTools with the latestes rather than the one supplied with MailScanner, and when I reinstalled the MailScanner version all was fine, I could be wrong though it's been a while back but I am sure it had to do with a perl module that Jules patched/provides. Rick _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: Friday, March 14, 2008 9:08 AM To: MailScanner discussion Subject: MailScanner: extracting attachments Since I upgraded from 4.66 to 4.67, my MailScanner process has been running at 100% CPU and not processing any messages. Doing a 'ps aux' shows the process 'MailScanner: extracting attachments'. What is the difference between the two versions? What could be causing this? -Devon -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/c6ad61af/attachment.html From t.d.lee at durham.ac.uk Fri Mar 14 14:32:48 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 14 14:33:55 2008 Subject: Razor via RPM? Message-ID: System: fresh install a few weeks ago: o Centos 5, Intel o MailScanner-4.66.5-3.rpm.tar.gz o install-Clam-0.92-SA-3.2.4.tar.gz I have successfully installed DCC and Pyzor from public RPMs, but am having trouble with Razor from Dag Wieers rpm: # rpm -Uvh /tmp/perl-Razor-Agent-2.84-1.el5.rf.i386.rpm /tmp/razor-agents-2.84-1.el5.rf.i386.rpm warning: /tmp/perl-Razor-Agent-2.84-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6 error: Failed dependencies: perl(Digest::SHA1) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 perl(Net::DNS) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 # The perl installation includes the modules Digest::SHA1 and Net::DNS, because they were added by the Clam/SA package. (And I can see the files under "/usr/lib".) But it seems that rpm doesn't know about them, because the Clam/SA package does them via tar rather than via rpm. ("rpm -qa" finds lots of "perl-Foo-*" things, including modules originating from MS/rpm, but not modules from Clam+SA/tar.) Julian: if the above diagnosis is correct, would it be possible to have the Clam/SA package install its perl sub-packages via RPM rather than via tar (on rpm-based machines)? This is the missing link in a clean automated download/build for RPM-based systems. How does that sound? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Fri Mar 14 15:02:04 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 15:02:52 2008 Subject: Razor via RPM? In-Reply-To: References: Message-ID: <47DA936C.8020205@ecs.soton.ac.uk> David Lee wrote: > error: Failed dependencies: > perl(Digest::SHA1) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 > perl(Net::DNS) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 > I modify the relevant .rpmmacros file to stop Perl putting in requirements like this, they cause more trouble than they're worth. > Julian: if the above diagnosis is correct, would it be possible to have > the Clam/SA package install its perl sub-packages via RPM rather than via > tar (on rpm-based machines)? This is the missing link in a clean > automated download/build for RPM-based systems. How does that sound? > That's quite a lot of work, I've got to build RPMs for a pretty big set of modules. It's going to take quite a few hours work to build that lot, and then I've got to maintain srpm-based and tar-based distributions of the clam+sa package. Another distribution to maintain :-( > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Mar 14 15:24:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 15:25:20 2008 Subject: Razor via RPM? In-Reply-To: <47DA936C.8020205@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> Message-ID: <47DA98B0.6030603@ecs.soton.ac.uk> Julian Field wrote: > > > David Lee wrote: >> error: Failed dependencies: >> perl(Digest::SHA1) is needed by >> perl-Razor-Agent-2.84-1.el5.rf.i386 >> perl(Net::DNS) is needed by >> perl-Razor-Agent-2.84-1.el5.rf.i386 >> > I modify the relevant .rpmmacros file to stop Perl putting in > requirements like this, they cause more trouble than they're worth. >> Julian: if the above diagnosis is correct, would it be possible to have >> the Clam/SA package install its perl sub-packages via RPM rather than >> via >> tar (on rpm-based machines)? This is the missing link in a clean >> automated download/build for RPM-based systems. How does that sound? >> > That's quite a lot of work, I've got to build RPMs for a pretty big > set of modules. > It's going to take quite a few hours work to build that lot, and then > I've got to maintain srpm-based and tar-based distributions of the > clam+sa package. Another distribution to maintain :-( This actually creates a separate problem, that of all the perl modules which react badly with the Perl RPM as they overwrite the same files. Do I just try to find them and --force them like I do in the main MailScanner distro? I've built all the spec files and can build the SRPMs very easily. But I'm not convinced I'm not wasting my time... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dickenson at cfmc.com Fri Mar 14 15:46:33 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Fri Mar 14 15:47:11 2008 Subject: Any Idea about this Message-ID: Early this morning my mail server stopped responding. When I got it restarted there was this in /var/log/messages. Mar 14 04:15:40 mail kernel: Bad page state in process 'MailScanner' Mar 14 04:15:40 mail kernel: page:c978c1c0 flags:0xc0000000 mapping:00000000 mapcount:1 count:1 (Not tainted) Mar 14 04:15:40 mail kernel: Trying to fix it up, but a reboot is needed Mar 14 04:15:40 mail kernel: Backtrace: Mar 14 04:15:40 mail kernel: [] bad_page+0x4a/0x71 Mar 14 04:15:40 mail kernel: [] get_page_from_freelist+0x1f0/0x310 Mar 14 04:15:40 mail kernel: [] do_IRQ+0xa5/0xae Here is some version info. I know I am not running most current but not too old, maybe 6 months or so. Linux mail.cfmc.com 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 12:17:54 EDT 2007 i686 i686 i386 GNU/Linux This is CentOS release 5 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.63.8 Any ideas? -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ From martinh at solidstatelogic.com Fri Mar 14 15:56:06 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 14 15:56:42 2008 Subject: Any Idea about this In-Reply-To: Message-ID: Jim Sounds like bad memory to me.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jim Dickenson > Sent: 14 March 2008 15:47 > To: MailScanner Mail List > Subject: Any Idea about this > > Early this morning my mail server stopped responding. When I got it > restarted there was this in /var/log/messages. > > Mar 14 04:15:40 mail kernel: Bad page state in process 'MailScanner' > Mar 14 04:15:40 mail kernel: page:c978c1c0 flags:0xc0000000 > mapping:00000000 > mapcount:1 count:1 (Not tainted) > Mar 14 04:15:40 mail kernel: Trying to fix it up, but a reboot is needed > Mar 14 04:15:40 mail kernel: Backtrace: > Mar 14 04:15:40 mail kernel: [] bad_page+0x4a/0x71 > Mar 14 04:15:40 mail kernel: [] > get_page_from_freelist+0x1f0/0x310 > Mar 14 04:15:40 mail kernel: [] do_IRQ+0xa5/0xae > > > Here is some version info. I know I am not running most current but not > too > old, maybe 6 months or so. > > Linux mail.cfmc.com 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 12:17:54 EDT 2007 > i686 i686 i386 GNU/Linux > This is CentOS release 5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.63.8 > > Any ideas? > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From t.d.lee at durham.ac.uk Fri Mar 14 16:14:27 2008 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Mar 14 16:15:45 2008 Subject: Razor via RPM? In-Reply-To: <47DA98B0.6030603@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> Message-ID: On Fri, 14 Mar 2008, Julian Field wrote: > This actually creates a separate problem, that of all the perl modules > which react badly with the Perl RPM as they overwrite the same files. Do > I just try to find them and --force them like I do in the main > MailScanner distro? > > I've built all the spec files and can build the SRPMs very easily. But > I'm not convinced I'm not wasting my time... Thanks for the reply. Appreciated. Let me re-word the overall issue at overview level: The aim is to make as easy as is reasonably possible a complete installation, especially on rpm-based systems. Your existing scheme is hugely, hugely helpful in this! Many thanks. o MS is handled well by your distribution(s); o Clam/SA is handled well by your (single) "tar" distribution; o DCC follows well as a "wget ...; rpm -U ..."; o Pyzor follows well as a "wget ...; rpm -U ..."; But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from Dag's repository) almost works, but not quite, because of those two perl packages. The "wget... rpm..." sequence can be neatly automated under tools such as "cfengine". But the Razor build is considerably more awkward and less straightforward. So that (as a high level overview) is the problem I'm trying to address (and before getting bogged down in the techy stuff). So now to the techy bog... Just a thought: suppose those two perl modules (Digest::SHA1 and Net::DNS) were also included in your MS list (where the ".rpmmacros" mechanism is already in place). Might that do the job? Following that MS install, there would be a potential sub-issue: that of a subsequent Clam/SA install trying a re-install over the top. (I guess you'd still want them in Clam/SA because that is where the true dependency graph lies.) Suppose I offered to investigate bundling those two modules into the MS rpm-based install, and the possible knock-on interaction with a subsequent Clam/SA install. Might that have a chance of flying? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From rcooper at dwford.com Fri Mar 14 16:20:42 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 14 16:21:22 2008 Subject: Any Idea about this In-Reply-To: References: Message-ID: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> You may want to investigate how to setup and use memtest86 (which is probably already install on your system) as this is pretty certainly memory related but could be caused by other things, heat, etc. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On > Behalf Of Jim Dickenson > Sent: Friday, March 14, 2008 11:47 AM > To: MailScanner Mail List > Subject: Any Idea about this > > Early this morning my mail server stopped responding. When I got it > restarted there was this in /var/log/messages. > > Mar 14 04:15:40 mail kernel: Bad page state in process 'MailScanner' > Mar 14 04:15:40 mail kernel: page:c978c1c0 flags:0xc0000000 > mapping:00000000 > mapcount:1 count:1 (Not tainted) > Mar 14 04:15:40 mail kernel: Trying to fix it up, but a > reboot is needed > Mar 14 04:15:40 mail kernel: Backtrace: > Mar 14 04:15:40 mail kernel: [] bad_page+0x4a/0x71 > Mar 14 04:15:40 mail kernel: [] > get_page_from_freelist+0x1f0/0x310 > Mar 14 04:15:40 mail kernel: [] do_IRQ+0xa5/0xae > > > Here is some version info. I know I am not running most > current but not too > old, maybe 6 months or so. > > Linux mail.cfmc.com 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 > 12:17:54 EDT 2007 > i686 i686 i386 GNU/Linux > This is CentOS release 5 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.63.8 > > Any ideas? > -- > Jim Dickenson > mailto:dickenson@cfmc.com > > CfMC > http://www.cfmc.com/ > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From O.FRANCHET at dominux.net Fri Mar 14 16:21:32 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Fri Mar 14 16:22:01 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> Message-ID: From my MailScanner.conf : Run As User = postfix Run As Group = postfix Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = Incoming Work Group = clamav Incoming Work Permissions = 0640 and rights from directories : [root@centos MailScanner]# ll total 12 drwxrw---- 8 postfix clamav 4096 mar 14 17:17 incoming drwx------ 4 postfix postfix 4096 mar 13 16:23 quarantine drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin [root@centos MailScanner]# ll incoming/ total 108 drwxrwx--- 2 postfix clamav 4096 mar 14 17:11 25035 drwxrwx--- 2 postfix clamav 4096 mar 14 16:41 25496 drwxrwx--- 2 postfix clamav 4096 mar 14 17:05 25657 drwxrwx--- 2 postfix clamav 4096 mar 14 17:13 25811 drwxrwx--- 2 postfix clamav 4096 mar 14 17:17 26252 -rw-rw---- 1 postfix postfix 81920 mar 14 17:17 SpamAssassin.cache.db drwxrw---- 2 postfix postfix 4096 mar 14 17:17 SpamAssassin-Temp Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 12:58:09 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Glenn Steen > > en : > > MailScanner discussion > > 14/03/2008 13:00 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > On 14/03/2008, Olivier FRANCHET wrote: > > > > Thank's for your help. Below my Incoming Work Dir : > > > > Incoming Work Dir = /var/spool/MailScanner/incoming > > > (snip) > What permissions have you on that, what are your Run As > User/Group/Permissions settings... And are you by any chance trying to > get PF/Clamd(/MailWatch) working? If so, extra attention must be given > to group memberships and permissions, since you would need the group > clamd is tunning as to be able to access the work directories (and > your apache user for the quarantine)... > I've seen some advice somewhere for clamd that would be thoroughly > unsuitable for Postfix... Can't really remember where though:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/e1d2baa1/attachment.html From scrumley at secure-enterprise.com Fri Mar 14 16:37:51 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Fri Mar 14 16:38:23 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <2baac6140803131930j1bed2b37pe66492217acea13c@mail.gmail.com> References: <8775613110ACC349B6CF97F922E670E33F79A9@kronos.secure-enterprise.com> <2baac6140803131930j1bed2b37pe66492217acea13c@mail.gmail.com> Message-ID: <8775613110ACC349B6CF97F922E670E34501D2@kronos.secure-enterprise.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Devon Harding > Sent: Thursday, March 13, 2008 10:30 PM > To: MailScanner discussion > Subject: Re: Upgraded to 4.67.6,MailScanner scans a batch > then hangs at 100 percent CPU > > I'm having the same issue. CPU goes to 100% and getting > 'MailScanner: extracting attachments' from a ps aux. > > What was the fix? > > -Devon > No fix yet. Let's see what our systems have in common. What version of OS/MTA/spamassassin are your running? What do you get from a MailScanner -v -Steve From MailScanner at ecs.soton.ac.uk Fri Mar 14 16:39:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 16:40:05 2008 Subject: Razor via RPM? In-Reply-To: References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> Message-ID: <47DAAA36.7000505@ecs.soton.ac.uk> David Lee wrote: > On Fri, 14 Mar 2008, Julian Field wrote: > > >> This actually creates a separate problem, that of all the perl modules >> which react badly with the Perl RPM as they overwrite the same files. Do >> I just try to find them and --force them like I do in the main >> MailScanner distro? >> >> I've built all the spec files and can build the SRPMs very easily. But >> I'm not convinced I'm not wasting my time... >> > > Thanks for the reply. Appreciated. > > Let me re-word the overall issue at overview level: > > The aim is to make as easy as is reasonably possible a complete > installation, especially on rpm-based systems. Your existing scheme is > hugely, hugely helpful in this! Many thanks. > > o MS is handled well by your distribution(s); > o Clam/SA is handled well by your (single) "tar" distribution; > o DCC follows well as a "wget ...; rpm -U ..."; > o Pyzor follows well as a "wget ...; rpm -U ..."; > > But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from Dag's > repository) almost works, but not quite, because of those two perl > packages. The "wget... rpm..." sequence can be neatly automated under > tools such as "cfengine". But the Razor build is considerably more > awkward and less straightforward. > > > > So that (as a high level overview) is the problem I'm trying to address > (and before getting bogged down in the techy stuff). > > > > > So now to the techy bog... > > Just a thought: suppose those two perl modules (Digest::SHA1 and Net::DNS) > were also included in your MS list (where the ".rpmmacros" mechanism is > already in place). Might that do the job? > > Following that MS install, there would be a potential sub-issue: that of a > subsequent Clam/SA install trying a re-install over the top. (I guess > you'd still want them in Clam/SA because that is where the true dependency > graph lies.) > > Suppose I offered to investigate bundling those two modules into the MS > rpm-based install, and the possible knock-on interaction with a subsequent > Clam/SA install. > > Might that have a chance of flying? > Just adding 2 modules to the MailScanner distribution sounds like a very quick hack to solve the problem. But would people prefer an RPM-based installation of the ClamAV+SpamAssassin installation anyway? I have a feeling it might cause more problems than it solves, as any perl upgrade would be even more complicated that it is now due to all the clashing modules that have to be removed and reinstalled. What are anyone's thoughts? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Fri Mar 14 16:47:10 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 16:47:44 2008 Subject: MailScanner: extracting attachments In-Reply-To: <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> Message-ID: <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> On Fri, Mar 14, 2008 at 9:25 AM, Rick Cooper wrote: > you are the third our fourth unresolved instance of this problem, I have > yet to see anyone post an lsof output of the hung process to see if it's > doing something funny disk wise when this is happening. Could you list the > output of the hung process?It seems to me this happend to me once when I > updated MailTools with the latestes rather than the one supplied with > MailScanner, and when I reinstalled the MailScanner version all was fine, I > could be wrong though it's been a while back but I am sure it had to do with > a perl module that Jules patched/provides. > > Rick > Here is my 'ps aux' What is the diff between the two versions? root 2043 0.0 0.0 1528 404 tty6 Ss+ 03:17 0:00 /sbin/mingetty tty6 root 16229 0.0 0.4 7940 2444 ? Ss 11:09 0:01 sshd: root@pts/0 root 16231 0.0 0.2 4728 1460 pts/0 Ss 11:09 0:00 -bash root 24168 0.0 0.5 8876 2936 ? Ss 12:31 0:00 sendmail: accepting connections smmsp 24172 0.0 0.3 7308 1680 ? Ss 12:31 0:00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue root 24176 0.0 0.3 7308 1756 ? Ss 12:31 0:00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue root 24193 0.0 3.7 25712 19220 ? Ss 12:31 0:00 MailScanner: master waiting for children, sleeping root 24194 38.1 16.8 113952 87000 ? R 12:31 3:41 MailScanner: extracting attachments root 24199 0.0 4.1 28148 21520 ? S 12:31 0:00 MailWatch SQL root 24205 0.0 0.1 4264 728 ? S 12:31 0:00 awk {printf "%s %s\n", strftime("%T"), $0} root 24209 29.3 16.8 114172 87024 ? R 12:31 2:48 MailScanner: extracting attachments root 24217 0.0 0.1 4264 732 ? S 12:31 0:00 awk {printf "%s %s\n", strftime("%T"), $0} root 24225 30.6 16.8 113800 86716 ? R 12:31 2:54 MailScanner: extracting attachments root 24233 0.0 0.1 4268 736 ? S 12:31 0:00 awk {printf "%s %s\n", strftime("%T"), $0} root 24505 1.0 0.1 4288 836 pts/0 R+ 12:41 0:00 ps aux root 31242 0.0 0.4 7940 2456 ? Ss 08:45 0:01 sshd: root@pts/2 root 31244 0.0 0.2 4732 1480 pts/2 Ss+ 08:45 0:00 -bash root 31566 0.0 0.4 7800 2428 ? Ss 08:52 0:00 sshd: root@pts/3 root 31568 0.0 0.2 4732 1460 pts/3 Ss+ 08:52 0:00 -bash -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/6e5b8360/attachment.html From devonharding at gmail.com Fri Mar 14 16:51:46 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 16:52:21 2008 Subject: Upgraded to 4.67.6, MailScanner scans a batch then hangs at 100 percent CPU In-Reply-To: <8775613110ACC349B6CF97F922E670E34501D2@kronos.secure-enterprise.com> References: <8775613110ACC349B6CF97F922E670E33F79A9@kronos.secure-enterprise.com> <2baac6140803131930j1bed2b37pe66492217acea13c@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D2@kronos.secure-enterprise.com> Message-ID: <2baac6140803140951y7743b364g8497d526a362f1bc@mail.gmail.com> > > > > > > What was the fix? > > > > -Devon > > > > No fix yet. Let's see what our systems have in common. What version of > OS/MTA/spamassassin are your running? What do you get from a > MailScanner -v > > -Steve > Running on FC5/sendmail/SA 3.2.4. Here is the Mailscanner -v Running on Linux mars.domain.com 2.6.20-1.2320.fc5 #1 Tue Jun 12 18:20:44 EDT 2007 i686 athlon i386 GNU/Linux This is Fedora Core release 5 (Bordeaux) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.68.3 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.05 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.03 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.09 POSIX 1.18 Scalar::Util 1.78 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.86 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.29 Archive::Tar 0.21 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.14 DBD::SQLite 1.56 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.18 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.37 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.21 Mail::ClamAV 3.002004 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.62 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.32 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7203 version 0.62 YAML -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/2e405ee3/attachment.html From MailScanner at ecs.soton.ac.uk Fri Mar 14 17:03:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 14 17:06:35 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> Message-ID: <47DAAFF4.9090803@ecs.soton.ac.uk> He wanted an lsof from the "extracting attachments" processes, not just a ps listing. Devon Harding wrote: > > > On Fri, Mar 14, 2008 at 9:25 AM, Rick Cooper > wrote: > > you are the third our fourth unresolved instance of this problem, > I have yet to see anyone post an lsof output of the hung process > to see if it's doing something funny disk wise when this is > happening. Could you list the output of the hung process?It seems > to me this happend to me once when I updated MailTools with the > latestes rather than the one supplied with MailScanner, and when I > reinstalled the MailScanner version all was fine, I could be wrong > though it's been a while back but I am sure it had to do with a > perl module that Jules patched/provides. > > Rick > > > > Here is my 'ps aux' What is the diff between the two versions? > > root 2043 0.0 0.0 1528 404 tty6 Ss+ 03:17 0:00 > /sbin/mingetty tty6 > root 16229 0.0 0.4 7940 2444 ? Ss 11:09 0:01 sshd: > root@pts/0 > root 16231 0.0 0.2 4728 1460 pts/0 Ss 11:09 0:00 -bash > root 24168 0.0 0.5 8876 2936 ? Ss 12:31 0:00 > sendmail: accepting connections > smmsp 24172 0.0 0.3 7308 1680 ? Ss 12:31 0:00 > sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue > root 24176 0.0 0.3 7308 1756 ? Ss 12:31 0:00 > sendmail: Queue runner@00:15:00 for /var/spool/mqueue > root 24193 0.0 3.7 25712 19220 ? Ss 12:31 0:00 > MailScanner: master waiting for children, sleeping > root 24194 38.1 16.8 113952 87000 ? R 12:31 3:41 > MailScanner: extracting attachments > root 24199 0.0 4.1 28148 21520 ? S 12:31 0:00 > MailWatch SQL > root 24205 0.0 0.1 4264 728 ? S 12:31 0:00 awk > {printf "%s %s\n", strftime("%T"), $0} > root 24209 29.3 16.8 114172 87024 ? R 12:31 2:48 > MailScanner: extracting attachments > root 24217 0.0 0.1 4264 732 ? S 12:31 0:00 awk > {printf "%s %s\n", strftime("%T"), $0} > root 24225 30.6 16.8 113800 86716 ? R 12:31 2:54 > MailScanner: extracting attachments > root 24233 0.0 0.1 4268 736 ? S 12:31 0:00 awk > {printf "%s %s\n", strftime("%T"), $0} > root 24505 1.0 0.1 4288 836 pts/0 R+ 12:41 0:00 ps aux > root 31242 0.0 0.4 7940 2456 ? Ss 08:45 0:01 sshd: > root@pts/2 > root 31244 0.0 0.2 4732 1480 pts/2 Ss+ 08:45 0:00 -bash > root 31566 0.0 0.4 7800 2428 ? Ss 08:52 0:00 sshd: > root@pts/3 > root 31568 0.0 0.2 4732 1460 pts/3 Ss+ 08:52 0:00 -bash Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dickenson at cfmc.com Fri Mar 14 17:09:09 2008 From: dickenson at cfmc.com (Jim Dickenson) Date: Fri Mar 14 17:09:47 2008 Subject: Any Idea about this In-Reply-To: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> Message-ID: Thanks for the responses. I will check into running memtest86. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ > From: Rick Cooper > Reply-To: MailScanner discussion > Date: Fri, 14 Mar 2008 12:20:42 -0400 > To: 'MailScanner discussion' > Subject: RE: Any Idea about this > > You may want to investigate how to setup and use memtest86 (which is > probably already install on your system) as this is pretty certainly memory > related but could be caused by other things, heat, etc. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On >> Behalf Of Jim Dickenson >> Sent: Friday, March 14, 2008 11:47 AM >> To: MailScanner Mail List >> Subject: Any Idea about this >> >> Early this morning my mail server stopped responding. When I got it >> restarted there was this in /var/log/messages. >> >> Mar 14 04:15:40 mail kernel: Bad page state in process 'MailScanner' >> Mar 14 04:15:40 mail kernel: page:c978c1c0 flags:0xc0000000 >> mapping:00000000 >> mapcount:1 count:1 (Not tainted) >> Mar 14 04:15:40 mail kernel: Trying to fix it up, but a >> reboot is needed >> Mar 14 04:15:40 mail kernel: Backtrace: >> Mar 14 04:15:40 mail kernel: [] bad_page+0x4a/0x71 >> Mar 14 04:15:40 mail kernel: [] >> get_page_from_freelist+0x1f0/0x310 >> Mar 14 04:15:40 mail kernel: [] do_IRQ+0xa5/0xae >> >> >> Here is some version info. I know I am not running most >> current but not too >> old, maybe 6 months or so. >> >> Linux mail.cfmc.com 2.6.18-8.1.10.el5 #1 SMP Thu Sep 13 >> 12:17:54 EDT 2007 >> i686 i686 i386 GNU/Linux >> This is CentOS release 5 (Final) >> This is Perl version 5.008008 (5.8.8) >> >> This is MailScanner version 4.63.8 >> >> Any ideas? >> -- >> Jim Dickenson >> mailto:dickenson@cfmc.com >> >> CfMC >> http://www.cfmc.com/ >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From rcooper at dwford.com Fri Mar 14 17:18:05 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 14 17:18:43 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com><072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> Message-ID: <07a701c885f7$5dc58060$0301a8c0@SAHOMELT> _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: Friday, March 14, 2008 12:47 PM To: MailScanner discussion Subject: Re: MailScanner: extracting attachments On Fri, Mar 14, 2008 at 9:25 AM, Rick Cooper wrote: you are the third our fourth unresolved instance of this problem, I have yet to see anyone post an lsof output of the hung process to see if it's doing something funny disk wise when this is happening. Could you list the output of the hung process?It seems to me this happend to me once when I updated MailTools with the latestes rather than the one supplied with MailScanner, and when I reinstalled the MailScanner version all was fine, I could be wrong though it's been a while back but I am sure it had to do with a perl module that Jules patched/provides. Rick [Rick Cooper] lsof is nothing like ps really. It's looking at op files and file can be pretty much any device, disk or other stream. For instance here is lsof output from one mailscanner process COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME MailScann 14635 root cwd DIR 3,3 4096 24461518 /opt/MailScanner-4.67.6-1/bin MailScann 14635 root rtd DIR 3,3 4096 2 / MailScann 14635 root txt REG 3,3 1000550 330302 /usr/bin/perl MailScann 14635 root mem REG 3,3 85420 3653635 /lib/ld-2.2.5.so MailScann 14635 root mem REG 3,3 104356 35930443 /usr/lib/perl5/5.8.8/i686-linux/auto/POSIX/POSIX.so MailScann 14635 root mem REG 3,3 12497 33751127 /usr/lib/perl5/5.8.8/i686-linux/auto/MIME/Base64/Base64.so MailScann 14635 root mem REG 3,3 85262 3653667 /lib/libnsl-2.2.5.so MailScann 14635 root mem REG 3,3 11728 3653664 /lib/libdl-2.2.5.so MailScann 14635 root mem REG 3,3 173359 4669467 /lib/i686/libm-2.2.5.so MailScann 14635 root mem REG 3,3 22645 3653651 /lib/libcrypt-2.2.5.so MailScann 14635 root mem REG 3,3 10982 3653685 /lib/libutil-2.2.5.so MailScann 14635 root mem REG 3,3 9193 12370085 /usr/lib/perl5/site_perl/5.8.0/i686-linux/auto/Filesys/Df/Df.so MailScann 14635 root mem REG 3,3 17535 35078297 /usr/lib/perl5/5.8.8/i686-linux/auto/IO/IO.so MailScann 14635 root mem REG 3,3 16874 26656909 /usr/lib/perl5/5.8.8/i686-linux/auto/Fcntl/Fcntl.so MailScann 14635 root mem REG 3,3 22941 25755778 /usr/lib/perl5/5.8.8/i686-linux/auto/Time/HiRes/HiRes.so MailScann 14635 root mem REG 3,3 101902 4669465 /lib/i686/libpthread-0.9.so MailScann 14635 root mem REG 3,3 30157 3653681 /lib/librt-2.2.5.so MailScann 14635 root mem REG 3,3 7280 25870570 /usr/lib/perl5/5.8.8/i686-linux/auto/Sys/Hostname/Hostname.so MailScann 14635 root mem REG 3,3 18264 34947217 /usr/lib/perl5/5.8.8/i686-linux/auto/File/Glob/Glob.so MailScann 14635 root mem REG 3,3 25481 28557540 /usr/lib/perl5/5.8.8/i686-linux/auto/Socket/Socket.so MailScann 14635 root mem REG 3,3 46077 26624212 /usr/lib/perl5/5.8.8/i686-linux/auto/DB_File/DB_File.so MailScann 14635 root mem REG 3,3 818785 9830493 /usr/local/BerkeleyDB.4.3/lib/libdb-4.3.so MailScann 14635 root mem REG 3,3 17391 33669192 /usr/lib/perl5/5.8.8/i686-linux/auto/Sys/Syslog/Syslog.so MailScann 14635 root mem REG 3,3 45766 6864988 /usr/lib/perl5/site_perl/5.8.0/i686-linux/auto/HTML/Parser/Parser.so MailScann 14635 root mem REG 3,3 25000 33505286 /usr/lib/perl5/5.8.8/i686-linux/auto/List/Util/Util.so MailScann 14635 root mem REG 3,3 125615 25231604 /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Compress/Raw/Zlib/Zlib.so MailScann 14635 root mem REG 3,3 10829 26656979 /usr/lib/perl5/5.8.8/i686-linux/auto/Cwd/Cwd.so MailScann 14635 root mem REG 3,3 15136 25755769 /usr/lib/perl5/5.8.8/i686-linux/auto/Digest/MD5/MD5.so MailScann 14635 root mem REG 3,3 111561 34783434 /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/DBI/DBI.so MailScann 14635 root mem REG 3,3 30502 33669302 /usr/lib/perl5/5.8.8/i686-linux/auto/Data/Dumper/Dumper.so MailScann 14635 root mem REG 3,3 35111 28557520 /usr/lib/perl5/5.8.8/i686-linux/auto/Encode/Encode.so MailScann 14635 root mem REG 3,3 71681 24281139 /usr/lib/perl5/5.8.8/i686-linux/auto/Storable/Storable.so MailScann 14635 root mem REG 3,3 16323 3653675 /lib/libnss_dns-2.2.5.so MailScann 14635 root mem REG 3,3 42897 3653679 /lib/libnss_files-2.2.5.so MailScann 14635 root mem REG 3,3 1447979 24559767 /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/DBD/mysql/mysql.so MailScann 14635 root mem REG 3,3 64733 3653704 /lib/libresolv-2.2.5.so MailScann 14635 root mem REG 3,3 1401027 4669466 /lib/i686/libc-2.2.5.so MailScann 14635 root 0r CHR 1,3 70897 /dev/null MailScann 14635 root 1w CHR 1,3 70897 /dev/null MailScann 14635 root 2w CHR 1,3 70897 /dev/null MailScann 14635 root 3u unix 0xe2c21580 50320558 socket MailScann 14635 root 4r REG 3,3 58177 17940707 /opt/MailScanner-4.67.6-1/lib/MailScanner/CustomConfig.pm MailScann 14635 root 5r REG 3,3 22207 17940721 /opt/MailScanner-4.67.6-1/lib/MailScanner/ConfigDefs.pl MailScann 14635 root 6r REG 3,3 7867 19202291 /opt/MailScanner-4.67.6-1/lib/MailScanner/CustomFunctions/GenericSpamScanner .pm MailScann 14635 root 7u IPv4 50321024 TCP localhost:11553 (LISTEN) MailScann 14635 root 8u IPv4 50321031 TCP localhost:53362->localhost:mysql (ESTABLISHED) As you can see it shows exactly what modules are open, what devices, files, dirs, etc. man lsof is a good read. For instance if the problem is caused by lstat blocking you would likely lock at that point and need to add -b to the command. +r 5 would cause it to redisplay after 5 seconds so you could see what files are staying open/changing. lsof +r -p pid_of_stuck_process or lsof +r -c MailScanner to watch all MailScanner processes. I have also seen this exact thing happen with a fooBar tnef attachment and (I think) external tnef. If you use a pid and repeat and the information goes away then you know the child is dying without notice and you can use the -c option to see what is common in terms of open files, specifically files in the batch. Also note that lsof is going to show the actually file/dir and not the symlinks (such as the above MailScanner dir) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/3ad65b8c/attachment-0001.html From shuttlebox at gmail.com Fri Mar 14 17:22:52 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 14 17:23:41 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: <625385e30803141022n172ad7cbha27c2270be792a3c@mail.gmail.com> On Fri, Mar 14, 2008 at 5:39 PM, Julian Field wrote: > Just adding 2 modules to the MailScanner distribution sounds like a very > quick hack to solve the problem. But would people prefer an RPM-based > installation of the ClamAV+SpamAssassin installation anyway? I have a > feeling it might cause more problems than it solves, as any perl upgrade > would be even more complicated that it is now due to all the clashing > modules that have to be removed and reinstalled. > > What are anyone's thoughts? I think it's great that you go to such great lengths to support the community, you go far beyond the core MailScanner product and support it more like a complete system. However, I think the demands will just keep rising and a lots of time will be spent packaging for diverging needs. There might come a time when it's infeasible for you to do all these "extra layers" of work besides core MailScanner development and support. Most other software projects only support the source and link to external projects packaging it in different ways on different platform, Clam and SpamAssassin comes to mind. If the need is there, the community should/will pick it up. You have spoiled us silly Julian by doing it yourself! :-) In my opinion the only official thing should be the tar ball of MailScanner, everything else should be links to external packaging efforts. If the need is greater still there's FSL. -- /peter From Kevin_Miller at ci.juneau.ak.us Fri Mar 14 17:24:20 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 14 17:23:58 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk><47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > Just adding 2 modules to the MailScanner distribution sounds like a > very quick hack to solve the problem. But would people prefer an > RPM-based installation of the ClamAV+SpamAssassin installation > anyway? I have a feeling it might cause more problems than it solves, > as any perl upgrade would be even more complicated that it is now due > to all the clashing modules that have to be removed and reinstalled. > > What are anyone's thoughts? A lot of the rpm building stuff goes right past me, as I've never had to look into it, but I don't know that MS really needs to be all things to all men, as the saying goes. One of the best things about MS is the ability to integrate completely separate packages seamlessly in it. Some are easier than others, but for the most part it's not too bad adding each. I use SUSE so only have experience installing that but both clamav and spamassassin are available as rpms in the distro. So are many of the perl modules that are required - they may not be installed by default however. I'm not 100% sure, but I think razor is also bundled. So I guess what I'm saying is that I don't think you really need to bundle the extra programs with MS. Much of it can be installed via whatever mechanism the distro normally uses. If you take notes the first time, it's not that hard to add in the missing packages the next time around. Maybe I'm off on this point, but I generally try to install any perl modules from the SUSE repositories if possible, as presumably they've been tested on that platform. Unless there's a specific version issue, that seems to have worked well for me. I do install spamassassin & clamav from your bundle, as it does the extra configuring which is really handy. I don't recall there being extra stuff for razor2 (but it's been a while). Just have to download the tar balls from the razor2 site and install 'em. The dependencies are listed there so it's not too hard to install missing perl packages from the distro repository or download the razor-agents-sdk. I dunno, maybe it's just me, but I figure you'd be best utilized focusing on MS itself. Whether I type 'rpm -i ' or go through the make routine is really six of one and a half dozen of the other. Between your day job and improving MS, you need some time to just relax and have a life. I'd hate to think of you burning yourself out trying to support a dozen different installation paradigms. Just my tuppence... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From scrumley at secure-enterprise.com Fri Mar 14 17:27:08 2008 From: scrumley at secure-enterprise.com (Steve Crumley) Date: Fri Mar 14 17:27:43 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DAAFF4.9090803@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT><2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> Message-ID: <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> > Subject: Re: MailScanner: extracting attachments > > He wanted an lsof from the "extracting attachments" > processes, not just > a ps listing. > Since he and I seem to be having the same problem, here is the lsof from my system: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME MailScann 5234 root cwd DIR 8,1 1867776 11010049 /var/spool/mqueue.in MailScann 5234 root rtd DIR 8,1 4096 2 / MailScann 5234 root txt REG 8,1 15160 3012983 /usr/bin/perl MailScann 5234 root mem REG 8,1 16424 3047426 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/IO/IO.so MailScann 5234 root mem REG 8,1 117644 3296898 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/POSIX/POSIX.so MailScann 5234 root mem REG 8,1 313720 3310141 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Compress/R aw/Zlib/Zlib.so MailScann 5234 root mem REG 8,1 1263776 3246704 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so MailScann 5234 root mem REG 8,1 845624 6406275 /lib/tls/i686/libdb-4.2.so MailScann 5234 root mem REG 8,1 12280 3296879 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Fcntl/Fcntl.so MailScann 5234 root mem REG 8,1 31240 3296867 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Encode/Encode.so MailScann 5234 root mem REG 8,1 123171 3148265 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/HTML/Parse r/Parser.so MailScann 5234 root mem REG 8,1 63540 3296838 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/DB_File/DB_File.so MailScann 5234 root mem REG 8,1 28476 6407453 /lib/libcrypt-2.3.4.so MailScann 5234 root mem REG 8,1 10028 3296836 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Cwd/Cwd.so MailScann 5234 root mem REG 8,1 44004 3179394 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Filesys/Df /Df.so MailScann 5234 root mem REG 8,1 112168 6406174 /lib/ld-2.3.4.so MailScann 5234 root mem REG 8,1 1529120 6406234 /lib/tls/libc-2.3.4.so MailScann 5234 root mem REG 8,1 213772 6406284 /lib/tls/libm-2.3.4.so MailScann 5234 root mem REG 8,1 16732 6406254 /lib/libdl-2.3.4.so MailScann 5234 root mem REG 8,1 107800 6406257 /lib/tls/libpthread-2.3.4.so MailScann 5234 root mem REG 8,1 81120 6407455 /lib/libresolv-2.3.4.so MailScann 5234 root mem REG 8,1 57964 3473687 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Time/HiRes/H iRes.so MailScann 5234 root mem REG 8,1 18348 3296882 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/File/Glob/Glob.so MailScann 5234 root mem REG 8,1 11504 3326775 /usr/lib/MailScanner/utils/lib/perl5/site_perl/5.8.5/i386-linux-thread-m ulti/auto/MIME/Base64/Base64.so MailScann 5234 root mem REG 8,1 47404 6406258 /lib/libnss_files-2.3.4.so MailScann 5234 root mem REG 8,1 13192 3296852 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Digest/MD5/MD5.so MailScann 5234 root mem REG 8,1 72148 3297063 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Storable/Storable.so MailScann 5234 root mem REG 8,1 101704 6407338 /lib/libnsl-2.3.4.so MailScann 5234 root mem REG 8,1 18624 3047428 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so MailScann 5234 root mem REG 8,1 6368 3297086 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Sys/Hostname/Hostname. so MailScann 5234 root mem REG 8,1 15848 6407458 /lib/libutil-2.3.4.so MailScann 5234 root mem REG 8,1 21164 3297060 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Socket/Socket.so MailScann 5234 root mem REG 8,1 33468 3296894 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/List/Util/Util.so MailScann 5234 root mem REG 8,1 264469 3116095 /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/DBI/DBI.so MailScann 5234 root mem REG 8,1 48516688 3010005 /usr/lib/locale/locale-archive MailScann 5234 root 0u CHR 136,1 3 /dev/pts/1 MailScann 5234 root 1u CHR 136,1 3 /dev/pts/1 MailScann 5234 root 2w FIFO 0,7 100668 pipe MailScann 5234 root 3u unix 0xf71da480 100664 socket MailScann 5234 root 4r REG 8,1 56745 3424307 /usr/lib/MailScanner/MailScanner/CustomConfig.pm MailScann 5234 root 5r REG 8,1 22104 3424260 /usr/lib/MailScanner/MailScanner/ConfigDefs.pl MailScann 5234 root 6r REG 8,1 2727 3424308 /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm MailScann 5234 root 7r REG 8,1 56745 3424307 /usr/lib/MailScanner/MailScanner/CustomConfig.pm MailScann 5234 root 8uW REG 8,1 928 11010123 /var/spool/mqueue.in/qfm2AKTf0B030298 MailScann 5234 root 9uW REG 8,1 102 15712271 /var/spool/mqueue.in/dfm2AKTf0B030298 From rcooper at dwford.com Fri Mar 14 17:30:33 2008 From: rcooper at dwford.com (Rick Cooper) Date: Fri Mar 14 17:30:47 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> Message-ID: <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> First, to make sure it's permissions try running clamd as root (remove the user clamav in clamd.conf). I believe it will. I remember someone using postfix stating they had to setgid on incomming to get clamd to work, and you can always add the clamav user to the postfix group and set "AllowSupplementaryGroups yes" in clamd.conf. I personally think the latter to be the best bet. Rick _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Olivier FRANCHET Sent: Friday, March 14, 2008 12:22 PM To: MailScanner discussion Subject: Re: ERROR::UNKNOWN CLAMD RETURN From my MailScanner.conf : Run As User = postfix Run As Group = postfix Incoming Work Dir = /var/spool/MailScanner/incoming Incoming Work User = Incoming Work Group = clamav Incoming Work Permissions = 0640 and rights from directories : [root@centos MailScanner]# ll total 12 drwxrw---- 8 postfix clamav 4096 mar 14 17:17 incoming drwx------ 4 postfix postfix 4096 mar 13 16:23 quarantine drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin [root@centos MailScanner]# ll incoming/ total 108 drwxrwx--- 2 postfix clamav 4096 mar 14 17:11 25035 drwxrwx--- 2 postfix clamav 4096 mar 14 16:41 25496 drwxrwx--- 2 postfix clamav 4096 mar 14 17:05 25657 drwxrwx--- 2 postfix clamav 4096 mar 14 17:13 25811 drwxrwx--- 2 postfix clamav 4096 mar 14 17:17 26252 -rw-rw---- 1 postfix postfix 81920 mar 14 17:17 SpamAssassin.cache.db drwxrw---- 2 postfix postfix 4096 mar 14 17:17 SpamAssassin-Temp Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 12:58:09 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Glenn Steen > > en : > > MailScanner discussion > > 14/03/2008 13:00 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > On 14/03/2008, Olivier FRANCHET wrote: > > > > Thank's for your help. Below my Incoming Work Dir : > > > > Incoming Work Dir = /var/spool/MailScanner/incoming > > > (snip) > What permissions have you on that, what are your Run As > User/Group/Permissions settings... And are you by any chance trying to > get PF/Clamd(/MailWatch) working? If so, extra attention must be given > to group memberships and permissions, since you would need the group > clamd is tunning as to be able to access the work directories (and > your apache user for the quarantine)... > I've seen some advice somewhere for clamd that would be thoroughly > unsuitable for Postfix... Can't really remember where though:-) > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/0f1712f6/attachment.html From bpirie at rma.edu Fri Mar 14 17:32:07 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Fri Mar 14 17:31:42 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: <47DAB697.8010908@rma.edu> Julian Field wrote: > > > David Lee wrote: >> On Fri, 14 Mar 2008, Julian Field wrote: >> >> >>> This actually creates a separate problem, that of all the perl modules >>> which react badly with the Perl RPM as they overwrite the same files. Do >>> I just try to find them and --force them like I do in the main >>> MailScanner distro? >>> >>> I've built all the spec files and can build the SRPMs very easily. But >>> I'm not convinced I'm not wasting my time... >>> >> >> Thanks for the reply. Appreciated. >> >> Let me re-word the overall issue at overview level: >> >> The aim is to make as easy as is reasonably possible a complete >> installation, especially on rpm-based systems. Your existing scheme is >> hugely, hugely helpful in this! Many thanks. >> >> o MS is handled well by your distribution(s); >> o Clam/SA is handled well by your (single) "tar" distribution; >> o DCC follows well as a "wget ...; rpm -U ..."; >> o Pyzor follows well as a "wget ...; rpm -U ..."; >> >> But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from Dag's >> repository) almost works, but not quite, because of those two perl >> packages. The "wget... rpm..." sequence can be neatly automated under >> tools such as "cfengine". But the Razor build is considerably more >> awkward and less straightforward. >> >> >> >> So that (as a high level overview) is the problem I'm trying to address >> (and before getting bogged down in the techy stuff). >> >> >> >> >> So now to the techy bog... >> >> Just a thought: suppose those two perl modules (Digest::SHA1 and >> Net::DNS) >> were also included in your MS list (where the ".rpmmacros" mechanism is >> already in place). Might that do the job? >> >> Following that MS install, there would be a potential sub-issue: that >> of a >> subsequent Clam/SA install trying a re-install over the top. (I guess >> you'd still want them in Clam/SA because that is where the true >> dependency >> graph lies.) >> >> Suppose I offered to investigate bundling those two modules into the MS >> rpm-based install, and the possible knock-on interaction with a >> subsequent >> Clam/SA install. >> >> Might that have a chance of flying? >> > Just adding 2 modules to the MailScanner distribution sounds like a very > quick hack to solve the problem. But would people prefer an RPM-based > installation of the ClamAV+SpamAssassin installation anyway? I have a > feeling it might cause more problems than it solves, as any perl upgrade > would be even more complicated that it is now due to all the clashing > modules that have to be removed and reinstalled. > > What are anyone's thoughts? > > Jules > With the latest MailScanner running nicely with Clamd, and being that I install Clamd from rpmforge (CentOS), I'm not sure I see the need for the RPM ClamAV+SpamAssasin package. Undoubtedly there are still people who use rpm-based systems and use clamav, but I'd be happy with just a SpamAssassin package. (If rpmforge kept their spamassassin packages more up-to-date I wouldn't even see a desire for that, and if I were more versed on maintaining packages I would volunteer to lend my time.) Just my $0.02 Brendan From gmane at tippingmar.com Fri Mar 14 17:34:48 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 14 17:35:52 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: Just as a side note, I have razor installed from rpmforge on a centos 5 system and I did not see the dependency problem discussed here. Maybe it has something to do with the sequence I installed or something. Also, I tend to use the yum priorities plugin to avoid updating packages that are in the base centOS repos. [mark@tesla ~]$ uname -a Linux tesla.tippingmar.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:02:30 EST 2008 x86_64 x86_64 x86_64 GNU/Linux [mark@tesla ~]$ rpm -qa | grep razor razor-agents-2.84-1.el5.rf Mark From ssilva at sgvwater.com Fri Mar 14 17:34:47 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 14 17:35:53 2008 Subject: Sendmail cannot write to queue In-Reply-To: <2baac6140803131933l31b8ba98n908d413de5b1ac21@mail.gmail.com> References: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> <223f97700803131435m3b14e3d7qd408d991c00ebfb1@mail.gmail.com> <2baac6140803131933l31b8ba98n908d413de5b1ac21@mail.gmail.com> Message-ID: on 3-13-2008 7:33 PM Devon Harding spake the following: > 7:09 mqueue.in > > > > Any Ideas? > > > How about mount and df? > > > I just disabled SElinux and it now works. Not sure what the tie with > the two is? > > -Devon > I think the default selinux policy for sendmail doesn't know anything about the adjusted queue arrangement that MailScanner creates. Someday it will be easier to add selinux policy to packaged software. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/053b6722/signature.bin From ssilva at sgvwater.com Fri Mar 14 17:37:36 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 14 17:40:11 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <47DA58BF.60502@ecs.soton.ac.uk> References: <47DA58BF.60502@ecs.soton.ac.uk> Message-ID: on 3-14-2008 3:51 AM Julian Field spake the following: > In which case what is your > Incoming Work Dir > set to in MailScanner.conf? You should not have changed it from the > default supplied. > > To get a working system, you don't need to change any settings in > MailScanner.conf at all. > Don't you have to make some adjustments when running postfix or exim? I know the defaults work with sendmail. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/3fabaa88/signature.bin From gmane at tippingmar.com Fri Mar 14 17:45:43 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 14 17:46:04 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: Whoops, to be more complete about it: [mark@tesla ~]$ rpm -qa | grep -i razor perl-Razor-Agent-2.84-1.el5.rf razor-agents-2.84-1.el5.rf Mark From devonharding at gmail.com Fri Mar 14 17:47:48 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 17:48:23 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DAAFF4.9090803@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> Message-ID: <2baac6140803141047v6583afcase47de2ecd2a1fd2b@mail.gmail.com> On Fri, Mar 14, 2008 at 1:03 PM, Julian Field wrote: > He wanted an lsof from the "extracting attachments" processes, not just > a ps listing. > > D > Sorry, here lsof output of a MailScanner process that is 'Extracting attachments' [root@mars ~]# lsof +r -p 24194 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME MailScann 24194 root cwd DIR 3,2 73728 36880 /var/spool/mqueue.in MailScann 24194 root rtd DIR 3,2 4096 2 / MailScann 24194 root txt REG 3,2 15076 118827 /usr/bin/perl MailScann 24194 root mem REG 3,2 20868 555706 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Socket/Socket.so MailScann 24194 root mem REG 3,2 37060 555489 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/List/Util/Util.so MailScann 24194 root mem REG 3,2 14156 555455 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Digest/MD5/MD5.so MailScann 24194 root mem REG 3,2 35120 555469 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Encode/Encode.so MailScann 24194 root mem REG 3,2 42556 1076537 /lib/libnss_files-2.4.so MailScann 24194 root mem REG 3,2 80176 555708 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Storable/Storable.so MailScann 24194 root mem REG 3,2 264091 392545 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DBD/mysql/mysql.so MailScann 24194 root mem REG 3,2 230676 228589 /usr/lib/mysql/libmysqlclient.so.10.0.0 MailScann 24194 root mem REG 3,2 95716 282657 /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi/auto/Digest/SHA1/SHA1.so MailScann 24194 root mem REG 3,2 117316 555500 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/POSIX/POSIX.so MailScann 24194 root mem REG 3,2 32044 555451 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Data/Dumper/Dumper.so MailScann 24194 root mem REG 3,2 96260 701167 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/version/vxs/vxs.so MailScann 24194 root mem REG 3,2 77074 701423 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/NetAddr/IP/Util/Util.so MailScann 24194 root mem REG 3,2 84240 724610 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Mail/ClamAV/ClamAV.so MailScann 24194 root mem REG 3,2 6432 555740 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Hostname/Hostname.so MailScann 24194 root mem REG 3,2 560348 749312 /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/auto/DBD/SQLite/SQLite.so MailScann 24194 root mem REG 3,2 15176 1075061 /lib/libutil- 2.4.so MailScann 24194 root mem REG 3,2 7272 668359 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Filesys/Statvfs/Statvfs.so MailScann 24194 root mem REG 3,2 1011020 1076551 /lib/libdb- 4.3.so MailScann 24194 root mem REG 3,2 19596 555750 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Time/HiRes/HiRes.so MailScann 24194 root mem REG 3,2 288170 667932 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Compress/Zlib/Zlib.so MailScann 24194 root mem REG 3,2 16580 554664 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/IO/IO.so MailScann 24194 root mem REG 3,2 120789 668625 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/HTML/Parser/Parser.so MailScann 24194 root mem REG 3,2 9348 555447 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Cwd/Cwd.so MailScann 24194 root mem REG 3,2 21768 1075233 /lib/libnss_dns-2.4.so MailScann 24194 root mem REG 3,2 67784 118313 /usr/lib/libbz2.so.1.0.3 MailScann 24194 root mem REG 3,2 123316 701689 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/DBI/DBI.so MailScann 24194 root mem REG 3,2 1369338 115391 /usr/local/lib/libclamav.so.3.0.4 MailScann 24194 root mem REG 3,2 11312 342056 /usr/lib/MailScanner/utils/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/MIME/Base64/Base64.so MailScann 24194 root mem REG 3,2 24254 115303 /usr/local/lib/libclamunrar_iface.so.3.0.4 MailScann 24194 root mem REG 3,2 12176 555476 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Fcntl/Fcntl.so MailScann 24194 root mem REG 3,2 44005 702302 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Net/DNS/DNS.so MailScann 24194 root mem REG 3,2 842637 151810 /usr/lib/sse2/libgmp.so.3.3.3 MailScann 24194 root mem REG 3,2 58491 668343 /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so MailScann 24194 root mem REG 3,2 74886 392831 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/Socket6/Socket6.so MailScann 24194 root mem REG 3,2 113224 1076548 /lib/ld-2.4.so MailScann 24194 root mem REG 3,2 1479644 1076549 /lib/libc- 2.4.so MailScann 24194 root mem REG 3,2 203836 1076553 /lib/libm- 2.4.so MailScann 24194 root mem REG 3,2 16400 1076552 /lib/libdl- 2.4.so MailScann 24194 root mem REG 3,2 75632 130256 /usr/lib/libz.so.1.2.3 MailScann 24194 root mem REG 3,2 107716 1076550 /lib/libpthread-2.4.so MailScann 24194 root mem REG 3,2 88632 1075086 /lib/libnsl- 2.4.so MailScann 24194 root mem REG 3,2 72244 1076556 /lib/libresolv- 2.4.so MailScann 24194 root mem REG 3,2 1242740 554523 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so MailScann 24194 root mem REG 3,2 18940 555477 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/File/Glob/Glob.so MailScann 24194 root mem REG 3,2 18256 554513 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/Sys/Syslog/Syslog.so MailScann 24194 root mem REG 3,2 27716 1076557 /lib/libcrypt- 2.4.so MailScann 24194 root mem REG 3,2 141648 115286 /usr/local/lib/libclamunrar.so.3.0.4 MailScann 24194 root mem REG 0,0 0 [vdso] (stat: No such file or directory) MailScann 24194 root mem REG 3,2 55132 555448 /usr/lib/perl5/5.8.8/i386-linux-thread-multi/auto/DB_File/DB_File.so MailScann 24194 root mem REG 3,2 54320592 130122 /usr/lib/locale/locale-archive MailScann 24194 root 0r CHR 1,3 1032 /dev/null MailScann 24194 root 1w CHR 1,3 1032 /dev/null MailScann 24194 root 2w FIFO 0,5 159707 pipe MailScann 24194 root 3u unix 0xc8f37280 159687 socket MailScann 24194 root 4r REG 3,2 54524 313748 /usr/lib/MailScanner/MailScanner/CustomConfig.pm MailScann 24194 root 5r REG 3,2 22223 309813 /usr/lib/MailScanner/MailScanner/ConfigDefs.pl MailScann 24194 root 6r REG 3,2 2727 309815 /usr/lib/MailScanner/MailScanner/CustomFunctions/GenericSpamScanner.pm MailScann 24194 root 7u REG 3,2 246784 65169 /var/spool/MailScanner/incoming/SpamAssassin.cache.db MailScann 24194 root 8r REG 3,2 4374 672822 /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/VBounce.pm MailScann 24194 root 9uW REG 3,2 2004 539282 /var/spool/mqueue.in/qfm2ECYRM2000902 MailScann 24194 root 10uW REG 3,2 9212 504959 /var/spool/mqueue.in/dfm2ECYRM2000902 MailScann 24194 root 11uW REG 3,2 1211 539284 /var/spool/mqueue.in/qfm2ECYbPL000904 MailScann 24194 root 12uW REG 3,2 39261 506889 /var/spool/mqueue.in/dfm2ECYbPL000904 MailScann 24194 root 13uW REG 3,2 1557 539288 /var/spool/mqueue.in/qfm2ECa1Wo000913 MailScann 24194 root 14uW REG 3,2 3554 539283 /var/spool/mqueue.in/dfm2ECa1Wo000913 MailScann 24194 root 15uW REG 3,2 1315 539291 /var/spool/mqueue.in/qfm2ECb73n000926 MailScann 24194 root 16uW REG 3,2 7473 539286 /var/spool/mqueue.in/dfm2ECb73n000926 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/b091c8e9/attachment.html From ssilva at sgvwater.com Fri Mar 14 17:57:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 14 17:58:36 2008 Subject: Razor via RPM? In-Reply-To: <47DAAA36.7000505@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: on 3-14-2008 9:39 AM Julian Field spake the following: > > > David Lee wrote: >> On Fri, 14 Mar 2008, Julian Field wrote: >> >> >>> This actually creates a separate problem, that of all the perl modules >>> which react badly with the Perl RPM as they overwrite the same files. Do >>> I just try to find them and --force them like I do in the main >>> MailScanner distro? >>> >>> I've built all the spec files and can build the SRPMs very easily. But >>> I'm not convinced I'm not wasting my time... >>> >> >> Thanks for the reply. Appreciated. >> >> Let me re-word the overall issue at overview level: >> >> The aim is to make as easy as is reasonably possible a complete >> installation, especially on rpm-based systems. Your existing scheme is >> hugely, hugely helpful in this! Many thanks. >> >> o MS is handled well by your distribution(s); >> o Clam/SA is handled well by your (single) "tar" distribution; >> o DCC follows well as a "wget ...; rpm -U ..."; >> o Pyzor follows well as a "wget ...; rpm -U ..."; >> >> But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from Dag's >> repository) almost works, but not quite, because of those two perl >> packages. The "wget... rpm..." sequence can be neatly automated under >> tools such as "cfengine". But the Razor build is considerably more >> awkward and less straightforward. >> >> >> >> So that (as a high level overview) is the problem I'm trying to address >> (and before getting bogged down in the techy stuff). >> >> >> >> >> So now to the techy bog... >> >> Just a thought: suppose those two perl modules (Digest::SHA1 and >> Net::DNS) >> were also included in your MS list (where the ".rpmmacros" mechanism is >> already in place). Might that do the job? >> >> Following that MS install, there would be a potential sub-issue: that >> of a >> subsequent Clam/SA install trying a re-install over the top. (I guess >> you'd still want them in Clam/SA because that is where the true >> dependency >> graph lies.) >> >> Suppose I offered to investigate bundling those two modules into the MS >> rpm-based install, and the possible knock-on interaction with a >> subsequent >> Clam/SA install. >> >> Might that have a chance of flying? >> > Just adding 2 modules to the MailScanner distribution sounds like a very > quick hack to solve the problem. But would people prefer an RPM-based > installation of the ClamAV+SpamAssassin installation anyway? I have a > feeling it might cause more problems than it solves, as any perl upgrade > would be even more complicated that it is now due to all the clashing > modules that have to be removed and reinstalled. > > What are anyone's thoughts? > > Jules > I'm not sure if Dag's repo has an up to date spamassassin, but the atrpms repo has the current version. If you want to stick with pure rpm, it shouldn't be too hard to find a repo that can serve your needs. I don't think Julian is going to want to go through all the trouble to make rpms that will be right for every rpm based system, and who is going to decide which one or two he is going to focus on? We already have gone through the Fedora VS CentOS debate many times. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/a44a8bd6/signature.bin From ssilva at sgvwater.com Fri Mar 14 18:00:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 14 18:05:13 2008 Subject: Any Idea about this In-Reply-To: References: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> Message-ID: on 3-14-2008 10:09 AM Jim Dickenson spake the following: > Thanks for the responses. I will check into running memtest86. If it only happened once, and memtest comes out OK, you could have had a power glitch that the PS couldn't filter out. Is the system on a UPS or other power conditioner? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/d1869bd1/signature.bin From O.FRANCHET at dominux.net Fri Mar 14 18:29:50 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Fri Mar 14 18:30:19 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> Message-ID: OK, it seems to be permissions. I did this : Commented this 2 lines in /etc/clamd.conf : #User clamav #AllowSupplementaryGroups yes Restarted Clamd : service clamd restart Restarted MailScanner : service MailScanner restart ... and I have no more errors on received email! Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 18:30:33 : > [image supprim?e] > > RE: ERROR::UNKNOWN CLAMD RETURN > > Rick Cooper > > en : > > 'MailScanner discussion' > > 14/03/2008 19:05 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > First, to make sure it's permissions try running clamd as root > (remove the user clamav in clamd.conf). I believe it will. I > remember someone using postfix stating they had to setgid on > incomming to get clamd to work, and you can always add the clamav > user to the postfix group and set "AllowSupplementaryGroups yes" in > clamd.conf. I personally think the latter to be the best bet. > > Rick > > From: mailscanner-bounces@lists.mailscanner.info [ > mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > Olivier FRANCHET > Sent: Friday, March 14, 2008 12:22 PM > To: MailScanner discussion > Subject: Re: ERROR::UNKNOWN CLAMD RETURN > > From my MailScanner.conf : > > Run As User = postfix > Run As Group = postfix > > Incoming Work Dir = /var/spool/MailScanner/incoming > > Incoming Work User = > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > > > and rights from directories : > > [root@centos MailScanner]# ll > total 12 > drwxrw---- 8 postfix clamav 4096 mar 14 17:17 incoming > drwx------ 4 postfix postfix 4096 mar 13 16:23 quarantine > drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin > [root@centos MailScanner]# ll incoming/ > total 108 > drwxrwx--- 2 postfix clamav 4096 mar 14 17:11 25035 > drwxrwx--- 2 postfix clamav 4096 mar 14 16:41 25496 > drwxrwx--- 2 postfix clamav 4096 mar 14 17:05 25657 > drwxrwx--- 2 postfix clamav 4096 mar 14 17:13 25811 > drwxrwx--- 2 postfix clamav 4096 mar 14 17:17 26252 > -rw-rw---- 1 postfix postfix 81920 mar 14 17:17 SpamAssassin.cache.db > drwxrw---- 2 postfix postfix 4096 mar 14 17:17 SpamAssassin-Temp > > Cordialement/Regards, > Olivier @ Dominux > http://www.dominux.net > > mailscanner-bounces@lists.mailscanner.info a ?crit sur 14/03/2008 12:58:09 : > > > [image supprim?e] > > > > Re: ERROR::UNKNOWN CLAMD RETURN > > > > Glenn Steen > > > > en : > > > > MailScanner discussion > > > > 14/03/2008 13:00 > > > > Envoy? par : > > > > mailscanner-bounces@lists.mailscanner.info > > > > Veuillez r?pondre ? MailScanner discussion > > > > On 14/03/2008, Olivier FRANCHET wrote: > > > > > > Thank's for your help. Below my Incoming Work Dir : > > > > > > Incoming Work Dir = /var/spool/MailScanner/incoming > > > > > (snip) > > What permissions have you on that, what are your Run As > > User/Group/Permissions settings... And are you by any chance trying to > > get PF/Clamd(/MailWatch) working? If so, extra attention must be given > > to group memberships and permissions, since you would need the group > > clamd is tunning as to be able to access the work directories (and > > your apache user for the quarantine)... > > I've seen some advice somewhere for clamd that would be thoroughly > > unsuitable for Postfix... Can't really remember where though:-) > > > > Cheers > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/87ea59b5/attachment.html From devonharding at gmail.com Fri Mar 14 20:19:59 2008 From: devonharding at gmail.com (Devon Harding) Date: Fri Mar 14 20:20:33 2008 Subject: Remove MailScanner Message-ID: <2baac6140803141319l6b81f44dy71d9756b04bb5ae0@mail.gmail.com> What is the procedure in removing all traces of MailScanner. I need to fix this 'MailScanner: extracting attachments' issue, and the best way I know right now is to reinstall. Any help would be grateful Thanks, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/5c21f08a/attachment-0001.html From gmane at tippingmar.com Fri Mar 14 22:28:38 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 14 22:29:36 2008 Subject: Razor via RPM? In-Reply-To: References: Message-ID: David Lee wrote: > System: fresh install a few weeks ago: > o Centos 5, Intel > o MailScanner-4.66.5-3.rpm.tar.gz > o install-Clam-0.92-SA-3.2.4.tar.gz > > I have successfully installed DCC and Pyzor from public RPMs, but am > having trouble with Razor from Dag Wieers rpm: > > # rpm -Uvh /tmp/perl-Razor-Agent-2.84-1.el5.rf.i386.rpm /tmp/razor-agents-2.84-1.el5.rf.i386.rpm > warning: /tmp/perl-Razor-Agent-2.84-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6 > error: Failed dependencies: > perl(Digest::SHA1) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 > perl(Net::DNS) is needed by perl-Razor-Agent-2.84-1.el5.rf.i386 perl-Digest-SHA1 and perl-Net-DNS are both part of the CentOS base repo. You should be able to get everything you need with yum install perl-Razor-Agent razor-agents Mark From devonharding at gmail.com Sat Mar 15 00:32:11 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 00:32:44 2008 Subject: MailScanner: extracting attachments In-Reply-To: <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> Message-ID: <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> I noticed that if I set "Scan Messages = no" in /etc/MailScanner/MailScanner.conf, messages start to flow, but the process still goes to 100% with 'extracting attachments' Any more help would be appreciated, Thanks, -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080314/d51ffd6f/attachment.html From rob at kettle.org.uk Sat Mar 15 07:35:24 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sat Mar 15 07:36:17 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> Message-ID: <47DB7C3C.1060607@kettle.org.uk> I had this when 4.67 came out and only thing I could do was remove MailScanner and run setup from scratch. I had to manually then add my settings to the mailscanner.conf file. In my case it was some corruption/bad settings in mailscanner.conf that was the issue as if I re-used the previous or upgraded mailscanner.conf then I had the problem but with a clean, brand new mailscanner.conf everything was fine. Devon Harding wrote: > I noticed that if I set "Scan Messages = no" in > /etc/MailScanner/MailScanner.conf, messages start to flow, but the > process still goes to 100% with 'extracting attachments' > > Any more help would be appreciated, > > Thanks, > > -Devon > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 15 09:49:02 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 15 09:49:38 2008 Subject: Any Idea about this In-Reply-To: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> References: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> Message-ID: <223f97700803150249v7eddcfc5i601d38e04d88f214@mail.gmail.com> On 14/03/2008, Rick Cooper wrote: > You may want to investigate how to setup and use memtest86 (which is > probably already install on your system) as this is pretty certainly memory > related but could be caused by other things, heat, etc. > CPUs, memory manager (ie the entire mobo might need a change:-), power regulators, supply ... HW is so much fun:-). But I agree, RAM is the most likely one. Bad thing is that one can have a marginal RAM chip that memtest86 don't ... stress... enough for it to fail, but hour upon hour of normal ops might... Sigh. Once is never, twice...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Mar 15 09:54:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 15 09:54:52 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> Message-ID: <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> On 14/03/2008, Olivier FRANCHET wrote: > > OK, it seems to be permissions. I did this : > > Commented this 2 lines in /etc/clamd.conf : > #User clamav > #AllowSupplementaryGroups yes > > Restarted Clamd : > service clamd restart > > Restarted MailScanner : > service MailScanner restart > > ... and I have no more errors on received email! > Always a bit tricky, with PF:-). Look into Ricks suggestion to use AllowSupplementaryGroups and adding in the user for clamd to your PF group. I too think that should be the simplest/best solution (little work, no root clamd...). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sat Mar 15 10:00:40 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 15 10:01:14 2008 Subject: Remove MailScanner In-Reply-To: <2baac6140803141319l6b81f44dy71d9756b04bb5ae0@mail.gmail.com> References: <2baac6140803141319l6b81f44dy71d9756b04bb5ae0@mail.gmail.com> Message-ID: <223f97700803150300l2ea60d0dwe42b576c7e6b9512@mail.gmail.com> On 14/03/2008, Devon Harding wrote: > What is the procedure in removing all traces of MailScanner. I need to fix > this 'MailScanner: extracting attachments' issue, and the best way I know > right now is to reinstall. Any help would be grateful > > Thanks, > > -Devon > Problem isn't so much MailScanner (that part is rather trivial, especially with the RPM install:-) as all the perl modules... It's not easy to "undo" the upgrades done by the install script. You'd have to go through the list (as found in the install package) and do whatever is appropriate for each... be that a forced downgrade... icky... or ... whatever. It is probably much less work to redo the install... Less risk you miss something:-). Then again, if your problems are due to using a bad set of update sources, mixing perl module sources (Jules package, some "bad" repo, some CPAN ...) then ... it might not help:-/. Then again, with a little ... attention, a few good sources and pretty much the mix above, you can have a very successful and workable setup, so it all depends...:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From peter at farrows.org Sat Mar 15 10:05:19 2008 From: peter at farrows.org (Peter Farrow) Date: Sat Mar 15 10:06:09 2008 Subject: Any Idea about this In-Reply-To: <223f97700803150249v7eddcfc5i601d38e04d88f214@mail.gmail.com> References: <077d01c885ef$59a877b0$0301a8c0@SAHOMELT> <223f97700803150249v7eddcfc5i601d38e04d88f214@mail.gmail.com> Message-ID: <47DB9F5F.4030906@farrows.org> Glenn Steen wrote: > On 14/03/2008, Rick Cooper wrote: > >> You may want to investigate how to setup and use memtest86 (which is >> probably already install on your system) as this is pretty certainly memory >> related but could be caused by other things, heat, etc. >> >> > CPUs, memory manager (ie the entire mobo might need a change:-), power > regulators, supply ... HW is so much fun:-). > But I agree, RAM is the most likely one. Bad thing is that one can > have a marginal RAM chip that memtest86 don't ... stress... enough for > it to fail, but hour upon hour of normal ops might... Sigh. > Once is never, twice...:-) > > Cheers > You might want to check if the cpu fan(s) are clear of dust and contaminents too... P. From devonharding at gmail.com Sat Mar 15 12:43:44 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 12:44:17 2008 Subject: Remove MailScanner In-Reply-To: <223f97700803150300l2ea60d0dwe42b576c7e6b9512@mail.gmail.com> References: <2baac6140803141319l6b81f44dy71d9756b04bb5ae0@mail.gmail.com> <223f97700803150300l2ea60d0dwe42b576c7e6b9512@mail.gmail.com> Message-ID: <2baac6140803150543q41a9c100we63e79e8da2459d9@mail.gmail.com> On Sat, Mar 15, 2008 at 6:00 AM, Glenn Steen wrote: > On 14/03/2008, Devon Harding wrote: > > What is the procedure in removing all traces of MailScanner. I need to > fix > > this 'MailScanner: extracting attachments' issue, and the best way I > know > > right now is to reinstall. Any help would be grateful > > > > Thanks, > > > > -Devon > > > Problem isn't so much MailScanner (that part is rather trivial, > especially with the RPM install:-) as all the perl modules... It's not > easy to "undo" the upgrades done by the install script. You'd have to > go through the list (as found in the install package) and do whatever > is appropriate for each... be that a forced downgrade... icky... or > ... whatever. > It is probably much less work to redo the install... Less risk you > miss something:-). > Then again, if your problems are due to using a bad set of update > sources, mixing perl module sources (Jules package, some "bad" repo, > some CPAN ...) then ... it might not help:-/. Then again, with a > little ... attention, a few good sources and pretty much the mix > above, you can have a very successful and workable setup, so it all > depends...:) > > You're right, I completely removed MailScannner (rpm -e mailscanner) as well as all associated rpms as well as removing the MailScaner dir in /var/lib, /etc and /var/spool and reinstalled. The problem still exists. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/9c047da2/attachment.html From devonharding at gmail.com Sat Mar 15 13:42:30 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 13:43:04 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DB7C3C.1060607@kettle.org.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> Message-ID: <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> On Sat, Mar 15, 2008 at 3:35 AM, Rob Kettle wrote: > I had this when 4.67 came out and only thing I could do was remove > MailScanner and run setup from scratch. I had to manually then add my > settings to the mailscanner.conf file. > > In my case it was some corruption/bad settings in mailscanner.conf that > was the issue as if I re-used the previous or upgraded mailscanner.conf > then I had the problem but with a clean, brand new mailscanner.conf > everything was fine. > Rob, I owe you my first born! Corrupted MailScanner.conf After I reinstalled and added my settings manually, everything worked! Thanks All!! -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/03670f40/attachment.html From rob at kettle.org.uk Sat Mar 15 13:54:21 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sat Mar 15 13:55:05 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> Message-ID: <47DBD50D.3020307@kettle.org.uk> Devon Harding wrote: > > > On Sat, Mar 15, 2008 at 3:35 AM, Rob Kettle > wrote: > > I had this when 4.67 came out and only thing I could do was remove > MailScanner and run setup from scratch. I had to manually then add my > settings to the mailscanner.conf file. > > In my case it was some corruption/bad settings in mailscanner.conf > that > was the issue as if I re-used the previous or upgraded > mailscanner.conf > then I had the problem but with a clean, brand new mailscanner.conf > everything was fine. > > > > Rob, I owe you my first born! Corrupted MailScanner.conf After I > reinstalled and added my settings manually, everything worked! > > Thanks All!! > > -Devon > Glad to be of help. > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Sat Mar 15 14:06:01 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 15 14:06:41 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> Message-ID: <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> On Sat, Mar 15, 2008 at 2:42 PM, Devon Harding wrote: > Rob, I owe you my first born! Corrupted MailScanner.conf After I > reinstalled and added my settings manually, everything worked! And you had no problems updating the file? Lint didn't pick it up? Have you diffed the files to see what the problem is? Would be interesting to know. -- /peter From devonharding at gmail.com Sat Mar 15 14:37:31 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 14:38:05 2008 Subject: MailScanner: extracting attachments In-Reply-To: <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> Message-ID: <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> On Sat, Mar 15, 2008 at 10:06 AM, shuttlebox wrote: > On Sat, Mar 15, 2008 at 2:42 PM, Devon Harding > wrote: > > Rob, I owe you my first born! Corrupted MailScanner.conf After I > > reinstalled and added my settings manually, everything worked! > > And you had no problems updating the file? Lint didn't pick it up? > Have you diffed the files to see what the problem is? Would be > interesting to know. > > -- Nothing stood out...here's a diff of the two. [root@mars ~]# diff /etc/MailScanner/MailScanner.conf ~/MailScanner.conf.rpmsave 115c115 < Run As User = --- > Run As User = 120c120 < Run As Group = --- > Run As Group = 127c127 < Queue Scan Interval = 6 --- > Queue Scan Interval = 5 175c175 < Restart Every = 7200 --- > Restart Every = 14400 219,220c219,220 < Incoming Work User = < Incoming Work Group = --- > Incoming Work User = > Incoming Work Group = 278,279c278,279 < Max Unscanned Bytes Per Scan = 100m < Max Unsafe Bytes Per Scan = 50m --- > Max Unscanned Bytes Per Scan = 100000000 > Max Unsafe Bytes Per Scan = 50000000 309c309 < Scan Messages = yes --- > Scan Messages = no 331c331 < Maximum Attachments Per Message = 200 --- > Maximum Attachments Per Message = 60 388c388 < File Command = /usr/bin/file --- > File Command = #/usr/bin/file 398c398 < Gunzip Command = /bin/gunzip --- > Gunzip Command = /usr/bin/gunzip 434c434 < Maximum Message Size = %rules-dir%/max.message.size.rules --- > Maximum Message Size = 0 490c490 < Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml --- > Attachment Extensions Not To Zip = .zip .rar .gz .tgz .mpg .mpe .mpeg .mp3 .rpm 507c507 < Virus Scanning = yes --- > Virus Scanning = /etc/MailScanner/rules/not.localhost.rules 570c570 < Virus Scanners = clamavmodule --- > Virus Scanners = clamavmodule 634c634 < Still Deliver Silent Viruses = no --- > Still Deliver Silent Viruses = yes 651c651 < Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar --- > Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ 693c693 < Allowed Sophos Error Messages = --- > Allowed Sophos Error Messages = 698c698 < Sophos IDE Dir = /opt/sophos-av/lib/sav --- > Sophos IDE Dir = /usr/local/Sophos/ide 703c703 < Sophos Lib Dir = /opt/sophos-av/lib --- > Sophos Lib Dir = /usr/local/Sophos/lib 710c710 < Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide --- > Monitors For Sophos Updates = /usr/local/Sophos/ide/*ides.zip 730c730 < ClamAVmodule Maximum Recursion Level = 8 --- > ClamAVmodule Maximum Recursion Level = 5 763c763 < ClamAV Full Message Scan = yes --- > ClamAV Full Message Scan = no 785c785 < Dangerous Content Scanning = yes --- > Dangerous Content Scanning = no 794c794 < Allow Partial Messages = no --- > Allow Partial Messages = yes 807c807 < Allow External Message Bodies = no --- > Allow External Message Bodies = yes 886c886 < Allow IFrame Tags = disarm --- > Allow IFrame Tags = no 896c896 < Allow Form Tags = disarm --- > Allow Form Tags = yes 906c906 < Allow Script Tags = disarm --- > Allow Script Tags = no 933c933 < Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim --- > Ignored Web Bug Filenames = 960c960 < Allow Object Codebase Tags = disarm --- > Allow Object Codebase Tags = no 1020c1020 < Allow Filenames = --- > Allow Filenames = 1025c1025 < Deny Filenames = --- > Deny Filenames = 1059c1059 < Allow Filetypes = --- > Allow Filetypes = 1064c1064 < Allow File MIME Types = --- > Allow File MIME Types = 1069c1069 < Deny Filetypes = --- > Deny Filetypes = 1074c1074 < Deny File MIME Types = --- > Deny File MIME Types = 1105c1105 < Quarantine Silent Viruses = no --- > Quarantine Silent Viruses = yes 1145c1145 < Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt --- > Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt 1147,1148c1147,1148 < Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt < Deleted Size Message Report = %report-dir%/deleted.size.message.txt --- > Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt > Deleted Size Message Report = %report-dir%/deleted.size.message.txt 1153c1153 < Stored Bad Content Message Report = %report-dir%/stored.content.message.txt --- > Stored Bad Content Message Report = %report-dir%/stored.content.message.txt 1155,1156c1155,1156 < Stored Virus Message Report = %report-dir%/stored.virus.message.txt < Stored Size Message Report = %report-dir%/stored.size.message.txt --- > Stored Virus Message Report = %report-dir%/stored.virus.message.txt > Stored Size Message Report = %report-dir%/stored.size.message.txt 1189,1190c1189,1190 < Sender Content Report = %report-dir%/sender.content.report.txt < Sender Error Report = %report-dir%/sender.error.report.txt --- > Sender Content Report = %report-dir%/sender.content.report.txt > Sender Error Report = %report-dir%/sender.error.report.txt 1192,1193c1192,1193 < Sender Virus Report = %report-dir%/sender.virus.report.txt < Sender Size Report = %report-dir%/sender.size.report.txt --- > Sender Virus Report = %report-dir%/sender.virus.report.txt > Sender Size Report = %report-dir%/sender.size.report.txt 1253c1253 < Envelope From Header = X-%org-name%-MailScanner-From: --- > Envelope From Header = X-MailScanner-From: 1258c1258 < Envelope To Header = X-%org-name%-MailScanner-To: --- > Envelope To Header = X-MailScanner-To: 1286,1287c1286,1287 < Clean Header Value = Found to be clean < Infected Header Value = Found to be infected --- > Clean Header Value = Found to be clean > Infected Header Value = Found to be infected 1321c1321 < Hostname = the %org-name% ($HOSTNAME) MailScanner --- > Hostname = the %org-name% MailScanner 1333c1333 < Sign Clean Messages = yes --- > Sign Clean Messages = no 1460c1460 < Virus Modify Subject = start --- > Virus Modify Subject = yes 1476c1476 < Filename Modify Subject = start --- > Filename Modify Subject = yes 1494c1494 < Content Modify Subject = start --- > Content Modify Subject = yes 1501c1501 < Content Subject Text = {Dangerous Content?} --- > Content Subject Text = {Blocked Content} 1513c1513 < Size Modify Subject = start --- > Size Modify Subject = yes 1532c1532 < Disarmed Modify Subject = no --- > Disarmed Modify Subject = yes 1562c1562 < Spam Modify Subject = start --- > Spam Modify Subject = yes 1582c1582 < High Scoring Spam Modify Subject = start --- > High Scoring Spam Modify Subject = yes 1615c1615 < Attachment Encoding Charset = ISO-8859-1 --- > Attachment Encoding Charset = us-ascii 1641c1641 < Archive Mail = --- > Archive Mail = 1656c1656 < Notices Include Full Headers = yes --- > Notices Include Full Headers = no 1706c1706 < Spam Checks = yes --- > Spam Checks = /etc/MailScanner/rules/not.localhost.rules 1712c1712 < Spam List = # spamhaus-ZEN # You can un-comment this to enable them --- > Spam List = # ORDB-RBL SBL+XBL # You can un-comment this to enable them 1718c1718 < Spam Domain List = --- > Spam Domain List = 1795c1795 < Max Spam Check Size = 200k --- > Max Spam Check Size = 150000 1913c1913 < Max SpamAssassin Size = 200k --- > Max SpamAssassin Size = 30000 1934c1934 < SpamAssassin Auto Whitelist = yes --- > SpamAssassin Auto Whitelist = no 1938c1938 < SpamAssassin Timeout = 75 --- > SpamAssassin Timeout = 120 1944c1944 < Max SpamAssassin Timeouts = 10 --- > Max SpamAssassin Timeouts = 20 2006c2006 < Rebuild Bayes Every = 0 --- > Rebuild Bayes Every = 0 2038c2038 < Max Custom Spam Scanner Size = 20k --- > Max Custom Spam Scanner Size = 20000 2100c2100 < Spam Actions = store header "X-Spam-Status: Yes" --- > Spam Actions = store 2138c2138 < High Scoring Spam Actions = store header "X-Spam-Status: Yes" --- > High Scoring Spam Actions = store 2164c2164 < Non Spam Actions = deliver header "X-Spam-Status: No" --- > Non Spam Actions = deliver 2207c2207 < SpamAssassin Rule Actions = --- > SpamAssassin Rule Actions = 2216,2217c2216,2217 < Sender Spam Report = %report-dir%/sender.spam.report.txt < Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt --- > Sender Spam Report = %report-dir%/sender.spam.report.txt > Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt 2340c2340 < SpamAssassin User State Dir = --- > SpamAssassin User State Dir = 2348c2348 < SpamAssassin Install Prefix = --- > SpamAssassin Install Prefix = 2363c2363 < SpamAssassin Local Rules Dir = --- > SpamAssassin Local Rules Dir = 2373c2373 < SpamAssassin Local State Dir = # /var/lib/spamassassin --- > SpamAssassin Local State Dir = /var/lib 2380c2380 < SpamAssassin Default Rules Dir = --- > SpamAssassin Default Rules Dir = 2399c2399 < First Check = spam --- > First Check = mcp 2406c2406 < MCP Header = X-%org-name%-MailScanner-MCPCheck: --- > MCP Header = X-MailScanner-MCPCheck: 2408,2409c2408,2409 < MCP Actions = deliver < High Scoring MCP Actions = deliver --- > MCP Actions = store > High Scoring MCP Actions = store 2412c2412 < MCP Modify Subject = start --- > MCP Modify Subject = yes 2414c2414 < High Scoring MCP Modify Subject = start --- > High Scoring MCP Modify Subject = yes 2423c2423 < Log MCP = no --- > Log MCP = yes 2426c2426 < MCP Max SpamAssassin Size = 100k --- > MCP Max SpamAssassin Size = 100000 2430c2430 < MCP SpamAssassin User State Dir = --- > MCP SpamAssassin User State Dir = 2496c2496 < Debug SpamAssassin = no --- > Debug SpamAssassin = yes 2578c2578 < Syslog Socket Type = --- > Syslog Socket Type = 2601d2600 < -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/0765545f/attachment.html From rob at kettle.org.uk Sat Mar 15 14:37:35 2008 From: rob at kettle.org.uk (Rob Kettle) Date: Sat Mar 15 14:38:13 2008 Subject: MailScanner: extracting attachments In-Reply-To: <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> Message-ID: <47DBDF2F.3060305@kettle.org.uk> shuttlebox wrote: > On Sat, Mar 15, 2008 at 2:42 PM, Devon Harding wrote: > >> Rob, I owe you my first born! Corrupted MailScanner.conf After I >> reinstalled and added my settings manually, everything worked! >> > > And you had no problems updating the file? Lint didn't pick it up? > Have you diffed the files to see what the problem is? Would be > interesting to know. > > in my case --lint showed me nothing and no-one on the forums indicated that it showed any problems when I posted the output from it. diff shows a number of value differences for the parameters and some odd (to me anyway) values such as 254,255c254,255 between some lines but again no replies or advice from the forum or Julian so I was non the wiser. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From markee at bandwidthco.com Sat Mar 15 15:20:44 2008 From: markee at bandwidthco.com (markee) Date: Sat Mar 15 15:22:03 2008 Subject: Any Idea about this In-Reply-To: Message-ID: <001901c886b0$2394cea0$0300a8c0@bandwidthco.com> -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jim Dickenson Sent: Friday, March 14, 2008 10:09 AM To: MailScanner Mail List Subject: Re: Any Idea about this Thanks for the responses. I will check into running memtest86. -- Jim Dickenson mailto:dickenson@cfmc.com CfMC http://www.cfmc.com/ Jim - I think Rick has led you in the right direction. Another tool that you can use is Windows Memory Diagnostic. Download the ISO version and boot from that on any machine. The first two tests are all you need to run to find defective memory. You'll find in in less than 5 minutes. http://oca.microsoft.com/en/windiag.asp ######################################################## This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. postmaster@bandwidthco.com MailScanner at Bandwidthco Computer Security is for your absolute protection. ######################################################## From O.FRANCHET at dominux.net Sat Mar 15 15:23:12 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Sat Mar 15 15:23:45 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> Message-ID: So, now I did this : Uncommented this 2 lines in /etc/clamd.conf ;-) : User clamav AllowSupplementaryGroups yes Set the setgid for /var/spool/MailScanner/incoming (2660) : [root@centos MailScanner]# ll total 12 drwxrwS--- 8 postfix clamav 4096 mar 15 16:07 incoming drwx------ 5 postfix postfix 4096 mar 14 19:13 quarantine drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin Config for incoming in MailScanner.conf : Incoming Work User = Incoming Work Group = clamav Incoming Work Permissions = 0640 Again the same error! Only work when clamd is under root !?! Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 15/03/2008 10:54:17 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Glenn Steen > > en : > > MailScanner discussion > > 15/03/2008 11:31 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > On 14/03/2008, Olivier FRANCHET wrote: > > > > OK, it seems to be permissions. I did this : > > > > Commented this 2 lines in /etc/clamd.conf : > > #User clamav > > #AllowSupplementaryGroups yes > > > > Restarted Clamd : > > service clamd restart > > > > Restarted MailScanner : > > service MailScanner restart > > > > ... and I have no more errors on received email! > > > Always a bit tricky, with PF:-). Look into Ricks suggestion to use > AllowSupplementaryGroups and adding in the user for clamd to your PF > group. I too think that should be the simplest/best solution (little > work, no root clamd...). > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/656a7d58/attachment.html From shuttlebox at gmail.com Sat Mar 15 15:48:56 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 15 15:49:32 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DBDF2F.3060305@kettle.org.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <47DBDF2F.3060305@kettle.org.uk> Message-ID: <625385e30803150848y537e4f93r7e244575baaf5ed0@mail.gmail.com> On Sat, Mar 15, 2008 at 3:37 PM, Rob Kettle wrote: > in my case --lint showed me nothing and no-one on the forums indicated > that it showed any problems when I posted the output from it. > > diff shows a number of value differences for the parameters and some odd > (to me anyway) values such as 254,255c254,255 between some lines but > again no replies or advice from the forum or Julian so I was non the wiser. If you have the time you could open the corrupt file in vi and display control characters by setting ":set list". Look for things that look out of place like whitespace that isn't space or ^I (tabs) and line endings that are not a dollar sign. -- /peter From shuttlebox at gmail.com Sat Mar 15 15:58:46 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 15 15:59:19 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> Message-ID: <625385e30803150858j130f8aeycf1efe91e29c7c79@mail.gmail.com> On Sat, Mar 15, 2008 at 4:23 PM, Olivier FRANCHET wrote: > > So, now I did this : > > Uncommented this 2 lines in /etc/clamd.conf ;-) : > > User clamav > AllowSupplementaryGroups yes > > > Set the setgid for /var/spool/MailScanner/incoming (2660) : > > [root@centos MailScanner]# ll > total 12 > drwxrwS--- 8 postfix clamav 4096 mar 15 16:07 incoming > drwx------ 5 postfix postfix 4096 mar 14 19:13 quarantine > drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin > > > Config for incoming in MailScanner.conf : > > Incoming Work User = > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > > > Again the same error! Only work when clamd is under root !?! How are your permissions set all the way from /? # ls -ld /var # ls -ld /var/spool # ls -ld /var/spool/MailScanner -- /peter From glenn.steen at gmail.com Sat Mar 15 16:15:27 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 15 16:16:01 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> Message-ID: <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> On 15/03/2008, Devon Harding wrote: > > > On Sat, Mar 15, 2008 at 10:06 AM, shuttlebox wrote: > > > > On Sat, Mar 15, 2008 at 2:42 PM, Devon Harding > wrote: > > > Rob, I owe you my first born! Corrupted MailScanner.conf After I > > > reinstalled and added my settings manually, everything worked! > > > > And you had no problems updating the file? Lint didn't pick it up? > > Have you diffed the files to see what the problem is? Would be > > interesting to know. > > > > -- > > Nothing stood out...here's a diff of the two. > > [root@mars ~]# diff /etc/MailScanner/MailScanner.conf > ~/MailScanner.conf.rpmsave > 115c115 > < Run As User = > --- > > Run As User = > 120c120 > < Run As Group = > --- > > Run As Group = Devon, There are a lot of lines diffing that plainly shouldn't.... Have you perhaps edited the "bad" one with a windoze editor at some point? If so, you might (with a tool like od, or with the vi thing Peter suggests, or ... well, basically any tool that will display the "non-printable characters) see spurious CR characters on any line you've actually changed (and hit on)... Would explain things nicely:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sat Mar 15 16:32:45 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 15 16:33:30 2008 Subject: Razor via RPM? In-Reply-To: References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> Message-ID: <47DBFA2D.1050904@ecs.soton.ac.uk> Scott Silva wrote: > on 3-14-2008 9:39 AM Julian Field spake the following: >> >> >> David Lee wrote: >>> On Fri, 14 Mar 2008, Julian Field wrote: >>> >>> >>>> This actually creates a separate problem, that of all the perl modules >>>> which react badly with the Perl RPM as they overwrite the same >>>> files. Do >>>> I just try to find them and --force them like I do in the main >>>> MailScanner distro? >>>> >>>> I've built all the spec files and can build the SRPMs very easily. But >>>> I'm not convinced I'm not wasting my time... >>>> >>> >>> Thanks for the reply. Appreciated. >>> >>> Let me re-word the overall issue at overview level: >>> >>> The aim is to make as easy as is reasonably possible a complete >>> installation, especially on rpm-based systems. Your existing scheme is >>> hugely, hugely helpful in this! Many thanks. >>> >>> o MS is handled well by your distribution(s); >>> o Clam/SA is handled well by your (single) "tar" distribution; >>> o DCC follows well as a "wget ...; rpm -U ..."; >>> o Pyzor follows well as a "wget ...; rpm -U ..."; >>> >>> But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from >>> Dag's >>> repository) almost works, but not quite, because of those two perl >>> packages. The "wget... rpm..." sequence can be neatly automated under >>> tools such as "cfengine". But the Razor build is considerably more >>> awkward and less straightforward. >>> >>> >>> >>> So that (as a high level overview) is the problem I'm trying to address >>> (and before getting bogged down in the techy stuff). >>> >>> >>> >>> >>> So now to the techy bog... >>> >>> Just a thought: suppose those two perl modules (Digest::SHA1 and >>> Net::DNS) >>> were also included in your MS list (where the ".rpmmacros" mechanism is >>> already in place). Might that do the job? >>> >>> Following that MS install, there would be a potential sub-issue: >>> that of a >>> subsequent Clam/SA install trying a re-install over the top. (I guess >>> you'd still want them in Clam/SA because that is where the true >>> dependency >>> graph lies.) >>> >>> Suppose I offered to investigate bundling those two modules into the MS >>> rpm-based install, and the possible knock-on interaction with a >>> subsequent >>> Clam/SA install. >>> >>> Might that have a chance of flying? >>> >> Just adding 2 modules to the MailScanner distribution sounds like a >> very quick hack to solve the problem. But would people prefer an >> RPM-based installation of the ClamAV+SpamAssassin installation >> anyway? I have a feeling it might cause more problems than it solves, >> as any perl upgrade would be even more complicated that it is now due >> to all the clashing modules that have to be removed and reinstalled. >> >> What are anyone's thoughts? >> >> Jules >> > I'm not sure if Dag's repo has an up to date spamassassin, but the > atrpms repo has the current version. If you want to stick with pure > rpm, it shouldn't be too hard to find a repo that can serve your > needs. I don't think Julian is going to want to go through all the > trouble to make rpms that will be right for every rpm based system, > and who is going to decide which one or two he is going to focus on? > We already have gone through the Fedora VS CentOS debate many times. > I think it might be worth my while just adding the 2 troublesome modules to the MailScanner distro, as this is a very minor change that shouldn't cause any great problem and should just fix this issue. I've pretty much decided not to start distributing my own RPMs of clamav or spamassassin or all their pre-requisites, that's just too much work and is not really worth the bother. Does anyone have the names of the 2 troublesome modules? I can't find the original list as this thread is getting pretty long :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sat Mar 15 16:34:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Mar 15 16:35:34 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> Message-ID: <223f97700803150934u57803fvd010c8605a014bf6@mail.gmail.com> On 15/03/2008, Olivier FRANCHET wrote: > > So, now I did this : > > Uncommented this 2 lines in /etc/clamd.conf ;-) : > > User clamav > AllowSupplementaryGroups yes > > > Set the setgid for /var/spool/MailScanner/incoming (2660) : > > [root@centos MailScanner]# ll > total 12 > drwxrwS--- 8 postfix clamav 4096 mar 15 16:07 incoming > drwx------ 5 postfix postfix 4096 mar 14 19:13 quarantine > drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin > > > Config for incoming in MailScanner.conf : > > Incoming Work User = > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > > > Again the same error! Only work when clamd is under root !?! > Did you do as Rick suggested and add in the clamav user to the postfix group? For the rest... Do as Peter suggest and check (by use of su) that both postfix and clamav can access the work directories. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From O.FRANCHET at dominux.net Sat Mar 15 17:15:29 2008 From: O.FRANCHET at dominux.net (Olivier FRANCHET) Date: Sat Mar 15 17:15:57 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: <223f97700803150934u57803fvd010c8605a014bf6@mail.gmail.com> References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> <223f97700803150934u57803fvd010c8605a014bf6@mail.gmail.com> Message-ID: OK, I don't know why but I changer permissions for incoming folder to 640 + setgid and all work fine now! Clamd is running under clamav user. I don't remember what the permissions on this folder when I installed my email gateway. Thanks all. Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 15/03/2008 17:34:58 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Glenn Steen > > en : > > MailScanner discussion > > 15/03/2008 17:53 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > On 15/03/2008, Olivier FRANCHET wrote: > > > > So, now I did this : > > > > Uncommented this 2 lines in /etc/clamd.conf ;-) : > > > > User clamav > > AllowSupplementaryGroups yes > > > > > > Set the setgid for /var/spool/MailScanner/incoming (2660) : > > > > [root@centos MailScanner]# ll > > total 12 > > drwxrwS--- 8 postfix clamav 4096 mar 15 16:07 incoming > > drwx------ 5 postfix postfix 4096 mar 14 19:13 quarantine > > drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin > > > > > > Config for incoming in MailScanner.conf : > > > > Incoming Work User = > > Incoming Work Group = clamav > > Incoming Work Permissions = 0640 > > > > > > Again the same error! Only work when clamd is under root !?! > > > Did you do as Rick suggested and add in the clamav user to the postfix group? > > For the rest... Do as Peter suggest and check (by use of su) that both > postfix and clamav can access the work directories. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/513a0240/attachment.html From MailScanner at ecs.soton.ac.uk Sat Mar 15 17:29:09 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 15 17:29:52 2008 Subject: Sendmail cannot write to queue In-Reply-To: References: <2baac6140803131336p5a4df8eq4d52ac1f100078f0@mail.gmail.com> <223f97700803131435m3b14e3d7qd408d991c00ebfb1@mail.gmail.com> <2baac6140803131933l31b8ba98n908d413de5b1ac21@mail.gmail.com> Message-ID: <47DC0765.1000001@ecs.soton.ac.uk> Scott Silva wrote: > on 3-13-2008 7:33 PM Devon Harding spake the following: >> 7:09 mqueue.in >> > >> > Any Ideas? >> > >> How about mount and df? >> >> >> I just disabled SElinux and it now works. Not sure what the tie with >> the two is? >> >> -Devon >> > I think the default selinux policy for sendmail doesn't know anything > about the adjusted queue arrangement that MailScanner creates. Someday > it will be easier to add selinux policy to packaged software. If anyone can work out what is needed to be added to support SELinux, I'll happily write the scripts to add the data to whatever files need tweaking. I've never used SELinux myself. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sat Mar 15 17:40:20 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 17:40:54 2008 Subject: MailScanner: extracting attachments In-Reply-To: <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> Message-ID: <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> > > Devon, > > There are a lot of lines diffing that plainly shouldn't.... Have you > perhaps edited the "bad" one with a windoze editor at some point? If > so, you might (with a tool like od, or with the vi thing Peter > suggests, or ... well, basically any tool that will display the > "non-printable characters) see spurious CR characters on any line > you've actually changed (and hit on)... Would explain things > nicely:-) > > I did a normal upgrade like I've been doing (20+ times). I always use vi, so I'm not sure what could have corrupted the file. Would it be possible to add some file consistency check when doing upgrades? (sorta like what you have with httpd.conf) -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/9d1d8e6c/attachment-0001.html From MailScanner at ecs.soton.ac.uk Sat Mar 15 18:17:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 15 18:18:39 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> Message-ID: <47DC12C0.9090102@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: > > Devon, > > There are a lot of lines diffing that plainly shouldn't.... Have you > perhaps edited the "bad" one with a windoze editor at some point? If > so, you might (with a tool like od, or with the vi thing Peter > suggests, or ... well, basically any tool that will display the > "non-printable characters) see spurious CR characters on any line > you've actually changed (and hit on)... Would explain things > nicely:-) > > > I did a normal upgrade like I've been doing (20+ times). I always use > vi, so I'm not sure what could have corrupted the file. Would it be > possible to add some file consistency check when doing upgrades? > (sorta like what you have with httpd.conf) What do you mean by the "file consistency check"? There are quite a lot of changed parameters in the diff output that was posted earlier on, so it's rather hard to tell what might be the problem. So at least we now have a workaround, if not yet a solution. I would *really* like to find the solution to this one. Thanks folks, and well done for finding a workaround to it! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3BLKEfZZRxQVtlQRAtzyAKCqx8njjj/leVwHwZ2hxDxAJVWC9ACfZDjF 780h0PqwY8bkkFl+nbZtMgQ= =Ky2C -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 15 18:24:16 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 15 18:24:40 2008 Subject: Razor via RPM? In-Reply-To: <47DBFA2D.1050904@ecs.soton.ac.uk> References: <47DA936C.8020205@ecs.soton.ac.uk> <47DA98B0.6030603@ecs.soton.ac.uk> <47DAAA36.7000505@ecs.soton.ac.uk> <47DBFA2D.1050904@ecs.soton.ac.uk> Message-ID: <47DC1450.1070407@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > > > Scott Silva wrote: >> on 3-14-2008 9:39 AM Julian Field spake the following: >>> >>> >>> David Lee wrote: >>>> On Fri, 14 Mar 2008, Julian Field wrote: >>>> >>>> >>>>> This actually creates a separate problem, that of all the perl >>>>> modules >>>>> which react badly with the Perl RPM as they overwrite the same >>>>> files. Do >>>>> I just try to find them and --force them like I do in the main >>>>> MailScanner distro? >>>>> >>>>> I've built all the spec files and can build the SRPMs very easily. >>>>> But >>>>> I'm not convinced I'm not wasting my time... >>>>> >>>> >>>> Thanks for the reply. Appreciated. >>>> >>>> Let me re-word the overall issue at overview level: >>>> >>>> The aim is to make as easy as is reasonably possible a complete >>>> installation, especially on rpm-based systems. Your existing >>>> scheme is >>>> hugely, hugely helpful in this! Many thanks. >>>> >>>> o MS is handled well by your distribution(s); >>>> o Clam/SA is handled well by your (single) "tar" distribution; >>>> o DCC follows well as a "wget ...; rpm -U ..."; >>>> o Pyzor follows well as a "wget ...; rpm -U ..."; >>>> >>>> But Razor doesn't follow as easily. A "wget ...; rpm -U ..." (from >>>> Dag's >>>> repository) almost works, but not quite, because of those two perl >>>> packages. The "wget... rpm..." sequence can be neatly automated under >>>> tools such as "cfengine". But the Razor build is considerably more >>>> awkward and less straightforward. >>>> >>>> >>>> >>>> So that (as a high level overview) is the problem I'm trying to >>>> address >>>> (and before getting bogged down in the techy stuff). >>>> >>>> >>>> >>>> >>>> So now to the techy bog... >>>> >>>> Just a thought: suppose those two perl modules (Digest::SHA1 and >>>> Net::DNS) >>>> were also included in your MS list (where the ".rpmmacros" >>>> mechanism is >>>> already in place). Might that do the job? >>>> >>>> Following that MS install, there would be a potential sub-issue: >>>> that of a >>>> subsequent Clam/SA install trying a re-install over the top. (I guess >>>> you'd still want them in Clam/SA because that is where the true >>>> dependency >>>> graph lies.) >>>> >>>> Suppose I offered to investigate bundling those two modules into >>>> the MS >>>> rpm-based install, and the possible knock-on interaction with a >>>> subsequent >>>> Clam/SA install. >>>> >>>> Might that have a chance of flying? >>>> >>> Just adding 2 modules to the MailScanner distribution sounds like a >>> very quick hack to solve the problem. But would people prefer an >>> RPM-based installation of the ClamAV+SpamAssassin installation >>> anyway? I have a feeling it might cause more problems than it >>> solves, as any perl upgrade would be even more complicated that it >>> is now due to all the clashing modules that have to be removed and >>> reinstalled. >>> >>> What are anyone's thoughts? >>> >>> Jules >>> >> I'm not sure if Dag's repo has an up to date spamassassin, but the >> atrpms repo has the current version. If you want to stick with pure >> rpm, it shouldn't be too hard to find a repo that can serve your >> needs. I don't think Julian is going to want to go through all the >> trouble to make rpms that will be right for every rpm based system, >> and who is going to decide which one or two he is going to focus on? >> We already have gone through the Fedora VS CentOS debate many times. >> > I think it might be worth my while just adding the 2 troublesome > modules to the MailScanner distro, as this is a very minor change that > shouldn't cause any great problem and should just fix this issue. I've > pretty much decided not to start distributing my own RPMs of clamav or > spamassassin or all their pre-requisites, that's just too much work > and is not really worth the bother. > > Does anyone have the names of the 2 troublesome modules? I can't find > the original list as this thread is getting pretty long :-) Correct me if I'm wrong, but I think they are Net-DNS and Digest-SHA1. I have added those 2 to the MailScanner distribution to just fix this little problem. They both install into the site_perl hierarchy, so shouldn't need --force ing to work. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: UTF-8 wj8DBQFH3BRTEfZZRxQVtlQRAiVwAKCRPL/ExuBeHDvoYhvHxILlYah3SQCg/YoE ckqAWTpWp4wW2ZyC6mdbOJ0= =tgDD -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sat Mar 15 19:58:43 2008 From: devonharding at gmail.com (Devon Harding) Date: Sat Mar 15 19:59:17 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DC12C0.9090102@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> Message-ID: <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> > > What do you mean by the "file consistency check"? > If you, for example, forget the in /etc/httpd/conf/httpd.conf, you would get the following error: [root@mars ~]# service httpd start Starting httpd: httpd: Syntax error on line 1014 of /etc/httpd/conf/httpd.conf: /etc/httpd/conf/httpd.conf:1014: was not closed. [FAILED] Just wondering if thats possible with MailScanner. -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080315/5b840840/attachment.html From MailScanner at ecs.soton.ac.uk Sat Mar 15 20:54:03 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 15 20:55:00 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> Message-ID: <47DC376B.1050209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: > > What do you mean by the "file consistency check"? > > > If you, for example, forget the in > /etc/httpd/conf/httpd.conf, you would get the following error: > > [root@mars ~]# service httpd start > Starting httpd: httpd: Syntax error on line 1014 of > /etc/httpd/conf/httpd.conf: /etc/httpd/conf/httpd.conf:1014: > was not closed. > [FAILED] > > Just wondering if thats possible with MailScanner. It already does syntax checking of the MailScanner.conf and complains in the logs about any errors it finds. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3DdwEfZZRxQVtlQRAmoNAKDEMLHhLK+8vJ8TjXDYNhpswZkw9wCg4+3R 6ROBksrR4YDAOX8hrl2yeDk= =uzwx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Mar 16 09:10:34 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 16 09:11:40 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DC376B.1050209@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> Message-ID: <47DCE40A.9010306@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | | | Devon Harding wrote: |> What do you mean by the "file consistency check"? | | |> If you, for example, forget the in |> /etc/httpd/conf/httpd.conf, you would get the following error: | |> [root@mars ~]# service httpd start |> Starting httpd: httpd: Syntax error on line 1014 of |> /etc/httpd/conf/httpd.conf: /etc/httpd/conf/httpd.conf:1014: |> was not closed. |> [FAILED] | |> Just wondering if thats possible with MailScanner. | It already does syntax checking of the MailScanner.conf and complains in | the logs about any errors it finds. The usual way for me to restart MailScanner after a change is service MailScaner restart;tail -f /var/log/maillog Then the output of the syslog file will show wether or not MailScanner was happy or if I had my fingers all thumbled up again and made some horrible typos. Apache does not always tell me what typo I made either. Most of the times I have to dig into the error log to find it. But apache always clearly indicates it did not start and I have seen cases where MailScanner did not report a failure on the command prompt but it was obvious from the logs that it did not startup either. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3OQIBvzDRVjxmYERAs8EAJwNOZ8ktvbn77qOndCu0qW/fxhAhACeLvcs tEvatZPmMHhDZd4+Xe6k4q0= =ZJeb -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sun Mar 16 12:37:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 16 12:38:05 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DCE40A.9010306@vanderkooij.org> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> Message-ID: <47DD1485.5060409@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hugo van der Kooij wrote: > * PGP Signed by an unverified key: 03/16/08 at 09:10:32 > > Julian Field wrote: > | > | > | Devon Harding wrote: > |> What do you mean by the "file consistency check"? > | > | > |> If you, for example, forget the in > |> /etc/httpd/conf/httpd.conf, you would get the following error: > | > |> [root@mars ~]# service httpd start > |> Starting httpd: httpd: Syntax error on line 1014 of > |> /etc/httpd/conf/httpd.conf: /etc/httpd/conf/httpd.conf:1014: > |> was not closed. > |> [FAILED] > | > |> Just wondering if thats possible with MailScanner. > | It already does syntax checking of the MailScanner.conf and > complains in > | the logs about any errors it finds. > > The usual way for me to restart MailScanner after a change is > > service MailScaner restart;tail -f /var/log/maillog > > Then the output of the syslog file will show wether or not MailScanner > was happy or if I had my fingers all thumbled up again and made some > horrible typos. > > Apache does not always tell me what typo I made either. Most of the > times I have to dig into the error log to find it. But apache always > clearly indicates it did not start and I have seen cases where > MailScanner did not report a failure on the command prompt but it was > obvious from the logs that it did not startup either. Unfortunately, I read the config after I've forked, unlike Apache which appears to read it first. So by the time I've read the config it's already too late. I'll take a look, but don't hold out much hope other than reading the conf then throwing it away, just to syntax check it before starting up. That might be possible. > > Hugo. > > -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > * Hugo van der Kooij > * 0x58F19981 - Unverified(L) > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3RSHEfZZRxQVtlQRAmzIAJ9xyXfXiLiGT/IM66nseH3pS5cECgCgmOqS jDdp6LBfKUDUtsDMzsjK+RI= =rqSu -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From devonharding at gmail.com Sun Mar 16 16:26:16 2008 From: devonharding at gmail.com (Devon Harding) Date: Sun Mar 16 16:26:51 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DD1485.5060409@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> Message-ID: <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> > > > > The usual way for me to restart MailScanner after a change is > > > > service MailScaner restart;tail -f /var/log/maillog > > > > Then the output of the syslog file will show wether or not MailScanner > > was happy or if I had my fingers all thumbled up again and made some > > horrible typos. > > > I too have to start MailScanner with tail as sometimes sendmail doesn't dire gracefully and you end up with port in use. > Unfortunately, I read the config after I've forked, unlike Apache which > appears to read it first. So by the time I've read the config it's > already too late. > I'll take a look, but don't hold out much hope other than reading the > conf then throwing it away, just to syntax check it before starting up. > That might be possible. > This would be really slick and save some time troubleshooting. -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080316/a8baa96b/attachment.html From MailScanner at ecs.soton.ac.uk Sun Mar 16 20:47:48 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 16 20:48:35 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> Message-ID: <47DD8774.1060009@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Devon Harding wrote: > > > > The usual way for me to restart MailScanner after a change is > > > > service MailScaner restart;tail -f /var/log/maillog > > > > Then the output of the syslog file will show wether or not > MailScanner > > was happy or if I had my fingers all thumbled up again and made some > > horrible typos. > > > > > I too have to start MailScanner with tail as sometimes sendmail > doesn't dire gracefully and you end up with port in use. > > > Unfortunately, I read the config after I've forked, unlike Apache > which > appears to read it first. So by the time I've read the config it's > already too late. > I'll take a look, but don't hold out much hope other than reading the > conf then throwing it away, just to syntax check it before > starting up. > That might be possible. > > > This would be really slick and save some time troubleshooting. I've just spent the last 3 hours or so trying to implement this :-( Because of the fact that I read the configuration template data from a Perl source file itself, I can't read it in twice, I can't rewind the filehandle as Perl won't let me. So, at the moment, no can do. Sorry. It is surely good practice to do a "MailScanner --lint" after changing stuff anyway, isn't it? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3Yd2EfZZRxQVtlQRApsaAJ975F3Wa1bamwHvYwRO7J7W68kRJQCg+spd wrCzlyeA1U4LJ8os+4T1MzU= =/Oam -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 16 22:28:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 16 22:29:53 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DD8774.1060009@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> <47DD8774.1060009@ecs.soton.ac.uk> Message-ID: <47DD9F2B.9000107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 03/16/08 at 20:47:50 > > > > Devon Harding wrote: >> >> >> > The usual way for me to restart MailScanner after a change is >> > >> > service MailScaner restart;tail -f /var/log/maillog >> > >> > Then the output of the syslog file will show wether or not >> MailScanner >> > was happy or if I had my fingers all thumbled up again and made >> some >> > horrible typos. >> > >> >> >> I too have to start MailScanner with tail as sometimes sendmail >> doesn't dire gracefully and you end up with port in use. >> >> >> Unfortunately, I read the config after I've forked, unlike Apache >> which >> appears to read it first. So by the time I've read the config it's >> already too late. >> I'll take a look, but don't hold out much hope other than reading >> the >> conf then throwing it away, just to syntax check it before >> starting up. >> That might be possible. >> >> >> This would be really slick and save some time troubleshooting. > I've just spent the last 3 hours or so trying to implement this :-( > Because of the fact that I read the configuration template data from a > Perl source file itself, I can't read it in twice, I can't rewind the > filehandle as Perl won't let me. > > So, at the moment, no can do. Sorry. > > It is surely good practice to do a "MailScanner --lint" after changing > stuff anyway, isn't it? My lodger had a good idea on a cheeky way to implement it, and so I've done that. The new "automatic syntax check" setting is set to "yes" by default. It will slightly slow down the startup, and MailScanner *will* still start up, regardless of syntax errors, but it will clearly let you know if it doesn't like your setup. Output goes to the console (STDERR) and the mail log too. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3Z8tEfZZRxQVtlQRAlnVAKDohOniivA2it8tkijVJgcSVApKxgCg2oG1 QSnIUZ726AXWVN0ofNk2UMQ= =eKJt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Mar 16 22:37:53 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 16 22:39:05 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DD8774.1060009@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> <47DD8774.1060009@ecs.soton.ac.uk> Message-ID: <47DDA141.6020306@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | I've just spent the last 3 hours or so trying to implement this :-( | Because of the fact that I read the configuration template data from a | Perl source file itself, I can't read it in twice, I can't rewind the | filehandle as Perl won't let me. | | So, at the moment, no can do. Sorry. | | It is surely good practice to do a "MailScanner --lint" after changing | stuff anyway, isn't it? Is there short way to check the config and use it in the init script? I think that would much easier to to. If I read this right then Nagios does a similar thing. Thi is how Nagios defines the start procedure: ~ start) ~ echo -n "Starting nagios:" ~ $NagiosBin -v $NagiosCfgFile > /dev/null 2>&1; ~ if [ $? -eq 0 ]; then ~ su - $NagiosUser -c "touch $NagiosVarDir/nagios.log $NagiosRetentionFile" ~ rm -f $NagiosCommandFile ~ touch $NagiosRunFile ~ chown $NagiosUser:$NagiosGroup $NagiosRunFile ~ $NagiosBin -d $NagiosCfgFile ~ if [ -d $NagiosLockDir ]; then touch $NagiosLockDir/$NagiosLockFile; fi ~ echo " done." ~ exit 0 ~ else ~ echo "CONFIG ERROR! Start aborted. Check your Nagios configuration." ~ exit 1 ~ fi ~ ;; That way if you make an error you will notice it and it will not start Nagios. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3aFABvzDRVjxmYERAsgqAJ44V30F0rcsJ2ll/gaRcnY6epoNQACePEUi 5ZgROXgSbSP+aVbNy25QL2w= =sErD -----END PGP SIGNATURE----- From allenjiang at clicktosee.com Mon Mar 17 07:12:34 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Mon Mar 17 07:14:00 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47DE19E2.9070901@clicktosee.com> Hello, When i run "MailScanner -debug", i got a wrong In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. I have google it, but not resolved. Anyone can help me? Thank you! MailScanner -v Running on Linux yide2 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 i386 GNU/Linux This is CentOS release 4.4 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.66.5 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.19 File::Temp 0.90 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.86 Math::BigInt 3.07 MIME::Base64 5.425 MIME::Decoder 5.425 MIME::Decoder::UU 5.425 MIME::Head 5.425 MIME::Parser 3.07 MIME::QuotedPrint 5.425 MIME::Tools 0.11 Net::CIDR 1.08 POSIX 1.14 Scalar::Util 1.77 Socket 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.9712 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.38 Archive::Tar 0.21 bignum missing Business::ISBN missing Business::ISBN::Data 0.17 Convert::TNEF missing Data::Dump 1.809 DB_File 1.13 DBD::SQLite 1.56 DBI 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.07 Digest::SHA1 1.00 Encode::Detect 0.17012 Error missing ExtUtils::CBuilder missing ExtUtils::ParseXS missing Inline missing IO::String 1.09 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin v2.005 Mail::SPF 1.999001 Mail::SPF::Query 0.19 Math::BigRat missing Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP 4.007 NetAddr::IP missing Parse::RecDescent missing SAVI 2.42 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.30 URI 0.74 version missing YAML spamassassin -D --lint [32473] dbg: logger: adding facilities: all [32473] dbg: logger: logging level is DBG [32473] dbg: generic: SpamAssassin version 3.2.4 [32473] dbg: config: score set 0 chosen. [32473] dbg: util: running in taint mode? yes [32473] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [32473] dbg: util: PATH included '/usr/kerberos/sbin', keeping [32473] dbg: util: PATH included '/usr/kerberos/bin', keeping [32473] dbg: util: PATH included '/usr/java/jdk1.5.0_09/bin', keeping [32473] dbg: util: PATH included '/usr/local/sbin', keeping [32473] dbg: util: PATH included '/usr/local/bin', keeping [32473] dbg: util: PATH included '/sbin', keeping [32473] dbg: util: PATH included '/bin', keeping [32473] dbg: util: PATH included '/usr/sbin', keeping [32473] dbg: util: PATH included '/usr/bin', keeping [32473] dbg: util: PATH included '/usr/X11R6/bin', keeping [32473] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [32473] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/java/jdk1.5.0_09/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [32473] dbg: dns: is Net::DNS::Resolver available? yes [32473] dbg: dns: Net::DNS version: 0.63 [32473] dbg: diag: perl platform: 5.008005 linux [32473] dbg: diag: module installed: Digest::SHA1, version 2.07 [32473] dbg: diag: module installed: HTML::Parser, version 3.56 [32473] dbg: diag: module installed: Net::DNS, version 0.63 [32473] dbg: diag: module installed: MIME::Base64, version 3.07 [32473] dbg: diag: module installed: DB_File, version 1.809 [32473] dbg: diag: module installed: Net::SMTP, version 2.29 [32473] dbg: diag: module installed: Mail::SPF, version v2.005 [32473] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [32473] dbg: diag: module installed: IP::Country::Fast, version 604.001 [32473] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 [32473] dbg: diag: module installed: Net::Ident, version 1.20 [32473] dbg: diag: module installed: IO::Socket::INET6, version 2.54 [32473] dbg: diag: module installed: IO::Socket::SSL, version 1.13 [32473] dbg: diag: module installed: Compress::Zlib, version 1.41 [32473] dbg: diag: module installed: Time::HiRes, version 1.9712 [32473] dbg: diag: module installed: Mail::DomainKeys, version 1.0 [32473] dbg: diag: module installed: Mail::DKIM, version 0.301 [32473] dbg: diag: module installed: DBI, version 1.56 [32473] dbg: diag: module installed: Getopt::Long, version 2.36 [32473] dbg: diag: module installed: LWP::UserAgent, version 2.031 [32473] dbg: diag: module installed: HTTP::Date, version 1.46 [32473] dbg: diag: module installed: Archive::Tar, version 1.38 [32473] dbg: diag: module installed: IO::Zlib, version 1.09 [32473] dbg: diag: module installed: Encode::Detect, version 1.00 [32473] dbg: ignore: using a test message to lint rules [32473] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [32473] dbg: config: read file /etc/mail/spamassassin/init.pre [32473] dbg: config: read file /etc/mail/spamassassin/v310.pre [32473] dbg: config: read file /etc/mail/spamassassin/v312.pre [32473] dbg: config: read file /etc/mail/spamassassin/v320.pre [32473] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [32473] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf [32473] dbg: config: using "/etc/mail/spamassassin" for site rules dir [32473] dbg: config: read file /etc/mail/spamassassin/local.cf [32473] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [32473] dbg: dcc: local tests only, disabling DCC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [32473] dbg: pyzor: local tests only, disabling Pyzor [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [32473] dbg: razor2: local tests only, skipping Razor [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [32473] dbg: reporter: local tests only, disabling SpamCop [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [32473] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [32473] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf" for included file [32473] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [32473] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [32473] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [32473] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [32473] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [32473] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [32473] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [32473] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [32473] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [32473] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [32473] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [32473] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [32473] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [32473] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [32473] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [32473] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [32473] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [32473] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [32473] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [32473] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [32473] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [32473] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [32473] dbg: conf: finish parsing [32473] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a30d6c) implements 'finish_parsing_end', priority 0 [32473] dbg: replacetags: replacing tags [32473] dbg: replacetags: done replacing tags [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [32473] dbg: bayes: found bayes db version 3 [32473] dbg: bayes: DB journal sync: last sync: 0 [32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 [32473] dbg: bayes: untie-ing [32473] dbg: config: score set 0 chosen. [32473] dbg: message: main message type: text/plain [32473] dbg: message: ---- MIME PARSER START ---- [32473] dbg: message: parsing normal part [32473] dbg: message: ---- MIME PARSER END ---- [32473] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xa72a194) implements 'check_start', priority 0 [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [32473] dbg: bayes: found bayes db version 3 [32473] dbg: bayes: DB journal sync: last sync: 0 [32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 [32473] dbg: bayes: untie-ing [32473] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xa6db4c8) implements 'check_main', priority 0 [32473] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [32473] dbg: metadata: X-Spam-Relays-Trusted: [32473] dbg: metadata: X-Spam-Relays-Untrusted: [32473] dbg: metadata: X-Spam-Relays-Internal: [32473] dbg: metadata: X-Spam-Relays-External: [32473] dbg: message: no encoding detected [32473] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa550450) implements 'parsed_metadata', priority 0 [32473] dbg: dns: is DNS available? 0 [32473] dbg: rules: local tests only, ignoring RBL eval [32473] dbg: check: running tests for priority: -1000 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: eval: all '*From' addrs: [email]ignore@compiling.spamassassin.taint.org[/email] [32473] dbg: eval: all '*To' addrs: [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -950 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -900 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: -400 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=0 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=0 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=0 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=0 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=0 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 0 [32473] dbg: rules: running head tests; score so far=0 [32473] dbg: rules: compiled head tests [32473] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [32473] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [32473] dbg: rules: Message-Id: " [32473] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [32473] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [32473] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1205129328" [32473] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [32473] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1205129328@lint_rules> [32473] dbg: rules: " [32473] dbg: spf: checking to see if the message has a Received-SPF header that we can use [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: cannot get Envelope-From, cannot use SPF [32473] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [32473] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [32473] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [32473] dbg: spf: spf_whitelist_from: could not find useable envelope sender [32473] dbg: rules: running body tests; score so far=1.899 [32473] dbg: rules: compiled body tests [32473] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [32473] dbg: rules: running uri tests; score so far=1.899 [32473] dbg: rules: compiled uri tests [32473] dbg: eval: stock info total: 0 [32473] dbg: rules: running rawbody tests; score so far=1.899 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [32473] dbg: rules: running full tests; score so far=1.899 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=1.899 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 500 [32473] dbg: dns: harvest_dnsbl_queries [32473] dbg: rules: running head tests; score so far=1.899 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=1.899 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=1.899 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=1.899 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=1.899 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=1.899 [32473] dbg: rules: compiled meta tests [32473] dbg: check: running tests for priority: 1000 [32473] dbg: rules: running head tests; score so far=4.205 [32473] dbg: rules: compiled head tests [32473] dbg: rules: running body tests; score so far=4.205 [32473] dbg: rules: compiled body tests [32473] dbg: rules: running uri tests; score so far=4.205 [32473] dbg: rules: compiled uri tests [32473] dbg: rules: running rawbody tests; score so far=4.205 [32473] dbg: rules: compiled rawbody tests [32473] dbg: rules: running full tests; score so far=4.205 [32473] dbg: rules: compiled full tests [32473] dbg: rules: running meta tests; score so far=4.205 [32473] dbg: rules: compiled meta tests [32473] dbg: check: is spam? score=4.205 required=5 [32473] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [32473] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID ======================================================== allenjiang@clicktosee.com http://www.clicktosee.com ======================================================== From J.Ede at birchenallhowden.co.uk Mon Mar 17 07:55:35 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Mar 17 08:01:11 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DD9F2B.9000107@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> <47DD8774.1060009@ecs.soton.ac.uk>,<47DD9F2B.9000107@ecs.soton.ac.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E82@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] Sent: 16 March 2008 22:28 To: MailScanner discussion Subject: Re: MailScanner: extracting attachments -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > * PGP Signed: 03/16/08 at 20:47:50 > > > > Devon Harding wrote: >> >> >> > The usual way for me to restart MailScanner after a change is >> > >> > service MailScaner restart;tail -f /var/log/maillog >> > >> > Then the output of the syslog file will show wether or not >> MailScanner >> > was happy or if I had my fingers all thumbled up again and made >> some >> > horrible typos. >> > >> >> >> I too have to start MailScanner with tail as sometimes sendmail >> doesn't dire gracefully and you end up with port in use. >> >> >> Unfortunately, I read the config after I've forked, unlike Apache >> which >> appears to read it first. So by the time I've read the config it's >> already too late. >> I'll take a look, but don't hold out much hope other than reading >> the >> conf then throwing it away, just to syntax check it before >> starting up. >> That might be possible. >> >> >> This would be really slick and save some time troubleshooting. > I've just spent the last 3 hours or so trying to implement this :-( > Because of the fact that I read the configuration template data from a > Perl source file itself, I can't read it in twice, I can't rewind the > filehandle as Perl won't let me. > > So, at the moment, no can do. Sorry. > > It is surely good practice to do a "MailScanner --lint" after changing > stuff anyway, isn't it? My lodger had a good idea on a cheeky way to implement it, and so I've done that. The new "automatic syntax check" setting is set to "yes" by default. It will slightly slow down the startup, and MailScanner *will* still start up, regardless of syntax errors, but it will clearly let you know if it doesn't like your setup. Output goes to the console (STDERR) and the mail log too. Jules Jules, Could you make the upgrade_mailscanner_conf file do a --lint on the new config file it generates automatically after doing the upgrade? It wouldn't then stop people from messing it up, but would make sure at that stage that it was correct? Jason From MailScanner at ecs.soton.ac.uk Mon Mar 17 09:04:51 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 09:05:34 2008 Subject: MailScanner: extracting attachments In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E82@server02.bhl.local> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> <47DD8774.1060009@ecs.soton.ac.uk>, <47DD9F2B.9000107@ecs.soton.ac.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E82@server02.bhl.local> Message-ID: <47DE3433.6090208@ecs.soton.ac.uk> Jason Ede wrote: > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field [MailScanner@ecs.soton.ac.uk] > Sent: 16 March 2008 22:28 > To: MailScanner discussion > Subject: Re: MailScanner: extracting attachments > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Julian Field wrote: > >> * PGP Signed: 03/16/08 at 20:47:50 >> >> >> >> Devon Harding wrote: >> >>> > The usual way for me to restart MailScanner after a change is >>> > >>> > service MailScaner restart;tail -f /var/log/maillog >>> > >>> > Then the output of the syslog file will show wether or not >>> MailScanner >>> > was happy or if I had my fingers all thumbled up again and made >>> some >>> > horrible typos. >>> > >>> >>> >>> I too have to start MailScanner with tail as sometimes sendmail >>> doesn't dire gracefully and you end up with port in use. >>> >>> >>> Unfortunately, I read the config after I've forked, unlike Apache >>> which >>> appears to read it first. So by the time I've read the config it's >>> already too late. >>> I'll take a look, but don't hold out much hope other than reading >>> the >>> conf then throwing it away, just to syntax check it before >>> starting up. >>> That might be possible. >>> >>> >>> This would be really slick and save some time troubleshooting. >>> >> I've just spent the last 3 hours or so trying to implement this :-( >> Because of the fact that I read the configuration template data from a >> Perl source file itself, I can't read it in twice, I can't rewind the >> filehandle as Perl won't let me. >> >> So, at the moment, no can do. Sorry. >> >> It is surely good practice to do a "MailScanner --lint" after changing >> stuff anyway, isn't it? >> > My lodger had a good idea on a cheeky way to implement it, and so I've > done that. The new "automatic syntax check" setting is set to "yes" by > default. It will slightly slow down the startup, and MailScanner *will* > still start up, regardless of syntax errors, but it will clearly let you > know if it doesn't like your setup. Output goes to the console (STDERR) > and the mail log too. > > Jules > > Jules, > > Could you make the upgrade_mailscanner_conf file do a --lint on the new config file it generates automatically after doing the upgrade? It wouldn't then stop people from messing it up, but would make sure at that stage that it was correct? > No, because the output of upgrade_MailScanner_conf goes into a filename of your choosing after a ">" on the command-line. The script can't get at the name of that file you have chosen, so there is no way to run MailScanner on it at all. Sorry. You'll just have to type "MailScanner --lint" yourself :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ram at netcore.co.in Mon Mar 17 09:11:38 2008 From: ram at netcore.co.in (ram) Date: Mon Mar 17 09:12:28 2008 Subject: different stages of MailScanner scan process Message-ID: <1205745098.14498.28.camel@localhost.localdomain> Hi, On my servers I run MailScanner 4.59.4 with 17 Child processes ( 4GB Ram dual Xeon Machines ) If I do a "ps" I can see that a MailScanner child process is doing one particular operation. ( changing the process name in PS is an excellent idea ) Under normal times I can see that most processes are doing spamcheck and mails are getting cleared But sometimes all child processes are stuck at doing "compressing attachments" or "cleaning messages" and the mailq keeps piling. I either have to wait quiet long for it to clear or I restart MailScanner and then the mailq disappears I want to debug these conditions What are the different stages of Mailscanner scanning and what do each mean Thanks Ram From martinh at solidstatelogic.com Mon Mar 17 09:42:20 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Mon Mar 17 09:43:18 2008 Subject: different stages of MailScanner scan process In-Reply-To: <1205745098.14498.28.camel@localhost.localdomain> Message-ID: Ram http://www.mailscanner.info/MailScanner.conf.index.html#Zip%20Attachments -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of ram > Sent: 17 March 2008 09:12 > To: MailScanner discussion > Subject: different stages of MailScanner scan process > > Hi, > > On my servers I run MailScanner 4.59.4 with 17 Child processes ( 4GB > Ram dual Xeon Machines ) > If I do a "ps" I can see that a MailScanner child process is doing one > particular operation. ( changing the process name in PS is an excellent > idea ) > > Under normal times I can see that most processes are doing spamcheck and > mails are getting cleared > > > But sometimes all child processes are stuck at doing "compressing > attachments" or "cleaning messages" and the mailq keeps piling. I either > have to wait quiet long for it to clear or I restart MailScanner and > then the mailq disappears > > I want to debug these conditions > What are the different stages of Mailscanner scanning and what do each > mean > > > Thanks > Ram > > > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Mon Mar 17 12:28:19 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 12:29:19 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DE3433.6090208@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> <2baac6140803160926t1e466fe0ic2fe050ba032854d@mail.gmail.com> <47DD8774.1060009@ecs.soton.ac.uk>, <47DD9F2B.9000107@ecs.soton.ac.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E82@server02.bhl.local> <47DE3433.6090208@ecs.soton.ac.uk> Message-ID: <47DE63E3.8090702@ecs.soton.ac.uk> Julian Field wrote: > > > Jason Ede wrote: >> ________________________________________ >> From: mailscanner-bounces@lists.mailscanner.info >> [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian >> Field [MailScanner@ecs.soton.ac.uk] >> Sent: 16 March 2008 22:28 >> To: MailScanner discussion >> Subject: Re: MailScanner: extracting attachments >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Julian Field wrote: >> >>> * PGP Signed: 03/16/08 at 20:47:50 >>> >>> >>> >>> Devon Harding wrote: >>> >>>> > The usual way for me to restart MailScanner after a change is >>>> > >>>> > service MailScaner restart;tail -f /var/log/maillog >>>> > >>>> > Then the output of the syslog file will show wether or not >>>> MailScanner >>>> > was happy or if I had my fingers all thumbled up again and made >>>> some >>>> > horrible typos. >>>> > >>>> >>>> >>>> I too have to start MailScanner with tail as sometimes sendmail >>>> doesn't dire gracefully and you end up with port in use. >>>> >>>> >>>> Unfortunately, I read the config after I've forked, unlike Apache >>>> which >>>> appears to read it first. So by the time I've read the config it's >>>> already too late. >>>> I'll take a look, but don't hold out much hope other than reading >>>> the >>>> conf then throwing it away, just to syntax check it before >>>> starting up. >>>> That might be possible. >>>> >>>> >>>> This would be really slick and save some time troubleshooting. >>>> >>> I've just spent the last 3 hours or so trying to implement this :-( >>> Because of the fact that I read the configuration template data from a >>> Perl source file itself, I can't read it in twice, I can't rewind the >>> filehandle as Perl won't let me. >>> >>> So, at the moment, no can do. Sorry. >>> >>> It is surely good practice to do a "MailScanner --lint" after changing >>> stuff anyway, isn't it? >>> >> My lodger had a good idea on a cheeky way to implement it, and so I've >> done that. The new "automatic syntax check" setting is set to "yes" by >> default. It will slightly slow down the startup, and MailScanner *will* >> still start up, regardless of syntax errors, but it will clearly let you >> know if it doesn't like your setup. Output goes to the console (STDERR) >> and the mail log too. >> >> Jules >> >> Jules, >> >> Could you make the upgrade_mailscanner_conf file do a --lint on the >> new config file it generates automatically after doing the upgrade? >> It wouldn't then stop people from messing it up, but would make sure >> at that stage that it was correct? >> > No, because the output of upgrade_MailScanner_conf goes into a > filename of your choosing after a ">" on the command-line. The script > can't get at the name of that file you have chosen, so there is no way > to run MailScanner on it at all. > > Sorry. You'll just have to type "MailScanner --lint" yourself :-) By the way, I published a new beta last night with the 'automatic syntax check' stuff all in it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jplorier at montecarlotv.com.uy Mon Mar 17 13:05:29 2008 From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier) Date: Mon Mar 17 13:08:20 2008 Subject: Razor via RPM? In-Reply-To: <200803142055.m2EKqNcJ013504@safir.blacknight.ie> Message-ID: Hi Julian, I agree with other posts that you are already giving us more than a great support the same time you enhance MailScanner. I'm not an expert and I also agree that rpm packages help a lot when installing anything without much experience, but if that means less time to get mailscanner doing better things and helping guys in trouble, then I go for the tar distro as the official one and let us to do the contribute for the "all cooked" rpms in the new section of the wiki. As I see in the list, there are some guys with experience in the room to give a hand in things like updating rpms with the last version of mailscanner and tools or maybe srpms to avoid having an rpm for every distro. Your doing great this way :-), don't mess up trying to help us all because we have to do some work also (not telling anyone isn't, just pointing we must also contribute) Regards, Juan Pablo Lorier From richard at seveninternet.co.uk Mon Mar 17 13:55:22 2008 From: richard at seveninternet.co.uk (Richard Walker - Seven Internet Ltd) Date: Mon Mar 17 13:55:54 2008 Subject: Inbound inline.sig.html Message-ID: <01c001c88836$8b4a1a00$0400a8c0@sevenu6l0qf6zz> Hi Folks I want to know is possible to stop the inline.sig.html & inline.sig.txt on inbound emails only? I just want to put the Sig on outgoing emails? If it's possible how do you do it? Cheers Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/aaa6c1c5/attachment.html From MailScanner at ecs.soton.ac.uk Mon Mar 17 14:03:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 14:04:02 2008 Subject: Razor via RPM? In-Reply-To: References: Message-ID: <47DE7A23.8040507@ecs.soton.ac.uk> Juan Pablo Lorier wrote: > Hi Julian, > > I agree with other posts that you are already giving us more than a > great support the same time you enhance MailScanner. > I'm not an expert and I also agree that rpm packages help a lot when > installing anything without much experience, but if that means less time > to get mailscanner doing better things and helping guys in trouble, then > I go for the tar distro as the official one and let us to do the > contribute for the "all cooked" rpms in the new section of the wiki. > As I see in the list, there are some guys with experience in the room to > give a hand in things like updating rpms with the last version of > mailscanner and tools or maybe srpms to avoid having an rpm for every > distro. > Your doing great this way :-), don't mess up trying to help us all > because we have to do some work also (not telling anyone isn't, just > pointing we must also contribute) > Much appreciated :-) But it was a pretty simple job to add those 2 RPMs to the MailScanner install just to solve this problem this time. But I won't make a habit of it, promise :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Mon Mar 17 15:04:53 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Mar 17 15:05:33 2008 Subject: Inbound inline.sig.html In-Reply-To: <01c001c88836$8b4a1a00$0400a8c0@sevenu6l0qf6zz> References: <01c001c88836$8b4a1a00$0400a8c0@sevenu6l0qf6zz> Message-ID: <625385e30803170804s327e3f61l200832586a237bf5@mail.gmail.com> On Mon, Mar 17, 2008 at 2:55 PM, Richard Walker - Seven Internet Ltd wrote: > Hi Folks > > I want to know is possible to stop the inline.sig.html & inline.sig.txt on > inbound emails only? I just want to put the Sig on outgoing emails? > > If it's possible how do you do it? Set up a ruleset with the ip:s of your servers. If it's from one of those ip:s it's outgoing. -- /peter From johnnyb at marlboro.edu Mon Mar 17 15:26:51 2008 From: johnnyb at marlboro.edu (John Baker) Date: Mon Mar 17 15:27:35 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix Message-ID: <47DE8DBB.30702@marlboro.edu> Hi all, I've been trying to get Mailscanner set up to work so that postfix and Mailwatch will cooperate and ran into a confusing permission issue. You'd think this one would have been addressed here before but I could not find an answer in the archives. I seemed as thought the logical way to work around Mailwatch's desire to write to the quarantine as root was to join the postfix user to apache www-data group and give that group ownership of the quarantine. So I did that and went with the recommended 0660 permissions. But Mailscanner started throwing "cannot write to directory /var/spool/MailScanner/quarantine" I switched everything in the configuration back but found that the errors were still being thrown. I had noticed while setting up that the default permission for the que was 755 and had changed it to the fit the 0660 permissions in the mailscanner.con file. I finally added +x and then it seemed to work. So it appears as though despite the numbers in permissions in the mailscanner.conf file it need +x on the owner, and then presumably group if not the same as owner. Why does it need execute permission? Or I'm I missing something else? Does anybody have a successful and secure mailscanner/postfix/mailwatch recipe they can share? Thanks -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From MailScanner at ecs.soton.ac.uk Mon Mar 17 15:40:55 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 15:41:39 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DE8DBB.30702@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> Message-ID: <47DE9107.8040804@ecs.soton.ac.uk> If someone can fix this one for John, please can you put it in the Wiki if it isn't already there? Thanks folks! Jules. John Baker wrote: > Hi all, > > I've been trying to get Mailscanner set up to work so that postfix and > Mailwatch will cooperate and ran into a confusing permission issue. > > You'd think this one would have been addressed here before but I could > not find an answer in the archives. > > I seemed as thought the logical way to work around Mailwatch's desire > to write to the quarantine as root was to join the postfix user to > apache www-data group and give that group ownership of the quarantine. > > So I did that and went with the recommended 0660 permissions. But > Mailscanner started throwing "cannot write to directory > /var/spool/MailScanner/quarantine" > > I switched everything in the configuration back but found that the > errors were still being thrown. I had noticed while setting up that > the default permission for the que was 755 and had changed it to the > fit the 0660 permissions in the mailscanner.con file. I finally added > +x and then it seemed to work. So it appears as though despite the > numbers in permissions in the mailscanner.conf file it need +x on the > owner, and then presumably group if not the same as owner. Why does it > need execute permission? Or I'm I missing something else? > > Does anybody have a successful and secure > mailscanner/postfix/mailwatch recipe they can share? > > Thanks Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Mon Mar 17 15:49:09 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Mar 17 15:50:03 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DE8DBB.30702@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> Message-ID: <1205768949.5657.12.camel@gblades-suse.linguaphone-intranet.co.uk> You need x permissions on a directory in order to be able to read a directory listing. On Mon, 2008-03-17 at 15:26, John Baker wrote: > Hi all, > > I've been trying to get Mailscanner set up to work so that postfix and > Mailwatch will cooperate and ran into a confusing permission issue. > > You'd think this one would have been addressed here before but I could > not find an answer in the archives. > > I seemed as thought the logical way to work around Mailwatch's desire to > write to the quarantine as root was to join the postfix user to apache > www-data group and give that group ownership of the quarantine. > > So I did that and went with the recommended 0660 permissions. But > Mailscanner started throwing "cannot write to directory > /var/spool/MailScanner/quarantine" > > I switched everything in the configuration back but found that the > errors were still being thrown. I had noticed while setting up that the > default permission for the que was 755 and had changed it to the fit the > 0660 permissions in the mailscanner.con file. I finally added +x and > then it seemed to work. So it appears as though despite the numbers in > permissions in the mailscanner.conf file it need +x on the owner, and > then presumably group if not the same as owner. Why does it need execute > permission? Or I'm I missing something else? > > Does anybody have a successful and secure mailscanner/postfix/mailwatch > recipe they can share? > > Thanks > -- > John Baker > Network Systems Administrator > Marlboro College > Phone: 451-7551 off campus; 551 on campus From iarteaga at cwpanama.net Mon Mar 17 15:55:44 2008 From: iarteaga at cwpanama.net (Ivan Arteaga) Date: Mon Mar 17 15:56:22 2008 Subject: Question about Internal spam In-Reply-To: <47DE8DBB.30702@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> Message-ID: <47DE9480.6070105@cwpanama.net> Hello, I would like to know why the mail users (server: centOS+sendmail+mailscanner) are receiving mails from their own address i,e: mail from: user1@domain.com mail to: user1@domain.com subject: stock options.... Also I would like to know if you have any recomendation in order ot avoid this? Best Regards, --Ivan. From glenn.steen at gmail.com Mon Mar 17 15:56:47 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 15:57:25 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DE9107.8040804@ecs.soton.ac.uk> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> Message-ID: <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> On 17/03/2008, Julian Field wrote: > If someone can fix this one for John, please can you put it in the Wiki > if it isn't already there? > Thanks folks! > Jules. AFAICS there is no need for this to be in the Wiki, since it seems to me that John has done a few "faux pas"...:-): -For a process to be able to create a directory you need hold the execute bit for the directory in which the new directory is created. Unix 101. - John might have mistakenly changed the _owner_ of the top quarantine directory to root. This is wrong for most postfix installations. Leads me to thing He's been following some other docs than the ones already in the MS wiki. If one is to change any Wiki information I'd hazard it'd be best to change the MW one. Cheers -- Glenn > John Baker wrote: > > Hi all, > > > > I've been trying to get Mailscanner set up to work so that postfix and > > Mailwatch will cooperate and ran into a confusing permission issue. > > > > You'd think this one would have been addressed here before but I could > > not find an answer in the archives. > > > > I seemed as thought the logical way to work around Mailwatch's desire > > to write to the quarantine as root was to join the postfix user to > > apache www-data group and give that group ownership of the quarantine. > > > > So I did that and went with the recommended 0660 permissions. But > > Mailscanner started throwing "cannot write to directory > > /var/spool/MailScanner/quarantine" > > > > I switched everything in the configuration back but found that the > > errors were still being thrown. I had noticed while setting up that > > the default permission for the que was 755 and had changed it to the > > fit the 0660 permissions in the mailscanner.con file. I finally added > > +x and then it seemed to work. So it appears as though despite the > > numbers in permissions in the mailscanner.conf file it need +x on the > > owner, and then presumably group if not the same as owner. Why does it > > need execute permission? Or I'm I missing something else? > > > > Does anybody have a successful and secure > > mailscanner/postfix/mailwatch recipe they can share? > > > > Thanks > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From list-mailscanner at linguaphone.com Mon Mar 17 16:09:38 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Mon Mar 17 16:10:15 2008 Subject: Question about Internal spam In-Reply-To: <47DE9480.6070105@cwpanama.net> References: <47DE8DBB.30702@marlboro.edu> <47DE9480.6070105@cwpanama.net> Message-ID: <1205770178.5655.14.camel@gblades-suse.linguaphone-intranet.co.uk> Reason: Some people stupidly whitelist their own domain name so the spammers do this in order to get through. Fix: Implement SPF On Mon, 2008-03-17 at 15:55, Ivan Arteaga wrote: > Hello, > > I would like to know why the mail users (server: > centOS+sendmail+mailscanner) are receiving mails from their own address > i,e: > > mail from: user1@domain.com > mail to: user1@domain.com > subject: stock options.... > > Also I would like to know if you have any recomendation in order ot > avoid this? > > Best Regards, > > --Ivan. From uxbod at splatnix.net Mon Mar 17 16:16:07 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Mar 17 16:17:33 2008 Subject: Question about Internal spam In-Reply-To: <47DE9480.6070105@cwpanama.net> Message-ID: <16084180.1151205770567119.JavaMail.root@office.splatnix.net> Its just forged mail. Do a google of some of your users and see if they appear ;) one step to avoid this, especially when using mailing lists etc, is to obscure your own email address. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ivan Arteaga" wrote: > Hello, > > I would like to know why the mail users (server: > centOS+sendmail+mailscanner) are receiving mails from their own > address > i,e: > > mail from: user1@domain.com > mail to: user1@domain.com > subject: stock options.... > > Also I would like to know if you have any recomendation in order ot > avoid this? > > Best Regards, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From johnnyb at marlboro.edu Mon Mar 17 17:10:27 2008 From: johnnyb at marlboro.edu (John Baker) Date: Mon Mar 17 17:11:07 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> Message-ID: <47DEA603.3080507@marlboro.edu> I did indeed forget that you need to execute bit on for a process to create a directory. Hey, its been a while since Unix 101. :) But the source of confusion here for me as much as the Mailwatch wiki ,which I did take the directions from, is that the default Mailscanner.conf file has Quarantine Permissions = 0600 leading one to believe that the execute bit is not necessary. This is in the Mailscanner book as well. What is the function of this line in the file? It seems to be ignored by the actual process. Glenn Steen wrote: > On 17/03/2008, Julian Field wrote: >> If someone can fix this one for John, please can you put it in the Wiki >> if it isn't already there? >> Thanks folks! >> Jules. > > AFAICS there is no need for this to be in the Wiki, since it seems to > me that John has done a few "faux pas"...:-): > -For a process to be able to create a directory you need hold the > execute bit for the directory in which the new directory is created. > Unix 101. > - John might have mistakenly changed the _owner_ of the top quarantine > directory to root. This is wrong for most postfix installations. > > Leads me to thing He's been following some other docs than the ones > already in the MS wiki. > If one is to change any Wiki information I'd hazard it'd be best to > change the MW one. > Cheers > -- Glenn > >> John Baker wrote: >> > Hi all, >> > >> > I've been trying to get Mailscanner set up to work so that postfix and >> > Mailwatch will cooperate and ran into a confusing permission issue. >> > >> > You'd think this one would have been addressed here before but I could >> > not find an answer in the archives. >> > >> > I seemed as thought the logical way to work around Mailwatch's desire >> > to write to the quarantine as root was to join the postfix user to >> > apache www-data group and give that group ownership of the quarantine. >> > >> > So I did that and went with the recommended 0660 permissions. But >> > Mailscanner started throwing "cannot write to directory >> > /var/spool/MailScanner/quarantine" >> > >> > I switched everything in the configuration back but found that the >> > errors were still being thrown. I had noticed while setting up that >> > the default permission for the que was 755 and had changed it to the >> > fit the 0660 permissions in the mailscanner.con file. I finally added >> > +x and then it seemed to work. So it appears as though despite the >> > numbers in permissions in the mailscanner.conf file it need +x on the >> > owner, and then presumably group if not the same as owner. Why does it >> > need execute permission? Or I'm I missing something else? >> > >> > Does anybody have a successful and secure >> > mailscanner/postfix/mailwatch recipe they can share? >> > >> > Thanks >> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From philippe at beau.nom.fr Mon Mar 17 17:12:30 2008 From: philippe at beau.nom.fr (Philippe BEAU) Date: Mon Mar 17 17:13:07 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DE9107.8040804@ecs.soton.ac.uk> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> Message-ID: <004c01c88852$15882980$40987c80$@nom.fr> Hi All, For my side, it's working perfectly for mailwatch/mailscanner/postfix ... John, if you want to contact me in pv, we can find the solution and next put this on the wiki Regards Philippe -----Message d'origine----- De?: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] De la part de Julian Field Envoy??: lundi 17 mars 2008 16:41 ??: MailScanner discussion Objet?: Re: getting Mailscanner to work with Mailwatch/Postfix If someone can fix this one for John, please can you put it in the Wiki if it isn't already there? Thanks folks! Jules. John Baker wrote: > Hi all, > > I've been trying to get Mailscanner set up to work so that postfix and > Mailwatch will cooperate and ran into a confusing permission issue. > > You'd think this one would have been addressed here before but I could > not find an answer in the archives. > > I seemed as thought the logical way to work around Mailwatch's desire > to write to the quarantine as root was to join the postfix user to > apache www-data group and give that group ownership of the quarantine. > > So I did that and went with the recommended 0660 permissions. But > Mailscanner started throwing "cannot write to directory > /var/spool/MailScanner/quarantine" > > I switched everything in the configuration back but found that the > errors were still being thrown. I had noticed while setting up that > the default permission for the que was 755 and had changed it to the > fit the 0660 permissions in the mailscanner.con file. I finally added > +x and then it seemed to work. So it appears as though despite the > numbers in permissions in the mailscanner.conf file it need +x on the > owner, and then presumably group if not the same as owner. Why does it > need execute permission? Or I'm I missing something else? > > Does anybody have a successful and secure > mailscanner/postfix/mailwatch recipe they can share? > > Thanks Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From sandro at e-den.it Mon Mar 17 18:16:17 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Mon Mar 17 18:16:56 2008 Subject: mailscanner, queue & nfs Message-ID: <20080317181617.GA31222@ubuntu> Hi, can I keep the postfix queues on NFS so that 2 concurrent host run mailscanner on the same queue? Which kind of problems... am I looking for? I'm looking for this solution as I have other problems that I need solve that result in bin queues (12/13.000 mail). When this happens, load raises to 8/10 and it's not possible to diminish the queue in dayli hours... Thanks in advance sandro From hvdkooij at vanderkooij.org Mon Mar 17 18:20:07 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 17 18:21:52 2008 Subject: Question about Internal spam In-Reply-To: <47DE9480.6070105@cwpanama.net> References: <47DE8DBB.30702@marlboro.edu> <47DE9480.6070105@cwpanama.net> Message-ID: <47DEB657.2020806@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ivan Arteaga wrote: | I would like to know why the mail users (server: | centOS+sendmail+mailscanner) are receiving mails from their own address | i,e: | | mail from: user1@domain.com | mail to: user1@domain.com | subject: stock options.... | | Also I would like to know if you have any recomendation in order ot | avoid this? I think not replying to a message if you want to start a new thread would be a good start. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3rZTBvzDRVjxmYERAlLCAJ9GCwZbcaCogNKZ92wmbvB1QBBBgACfVTFA Sp1DAOxReuyP9iZpoPPJce4= =hav3 -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Mar 17 18:56:30 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 17 18:57:28 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47DE19E2.9070901@clicktosee.com> References: <47DE19E2.9070901@clicktosee.com> Message-ID: on 3-17-2008 12:12 AM Allen Jiang spake the following: > Hello, > > When i run "MailScanner -debug", i got a wrong > > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > check: no loaded plugin implements 'check_main': cannot scan! at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. > > I have google it, but not resolved. Anyone can help me? > Thank you! > Did Glenn's answer not solve it for you? I didn't see a response from you either way. The following lines must appear in v320.pre, as well as a whole load of other loadplugin lines: # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check Otherwise SpamAssassin won't actually do anything! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/7b1df8da/signature.bin From jonas at vrt.dk Mon Mar 17 18:58:07 2008 From: jonas at vrt.dk (Jonas A. Larsen) Date: Mon Mar 17 18:58:53 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47DE19E2.9070901@clicktosee.com> References: <47DE19E2.9070901@clicktosee.com> Message-ID: <00eb01c88860$d700f020$8502d060$@dk> I actually had this when trying to upgrade one of my scanners. I you try to remove spamassassin completely from your system (make sure manually that all SA related files are gone) And then reinstall it should work. Best Regards Jonas A. Larsen >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Allen Jiang >Sent: 17. marts 2008 08:13 >To: mailscanner@lists.mailscanner.info >Subject: no loaded plugin implements 'check_main' > >Hello, > >When i run "MailScanner -debug", i got a wrong > >In Debugging mode, not forking... >Trying to setlogsock(unix) >SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >check: no loaded plugin implements 'check_main': cannot scan! at >/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line >164. > >I have google it, but not resolved. Anyone can help me? >Thank you! > >MailScanner -v > >Running on >Linux yide2 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 >i386 GNU/Linux >This is CentOS release 4.4 (Final) >This is Perl version 5.008005 (5.8.5) > >This is MailScanner version 4.66.5 >Module versions are: >1.00 AnyDBM_File >1.16 Archive::Zip >1.03 Carp >1.119 Convert::BinHex >2.27 Date::Parse >1.00 DirHandle >1.05 Fcntl >2.73 File::Basename >2.08 File::Copy >2.01 FileHandle >1.06 File::Path >0.19 File::Temp >0.90 Filesys::Df >1.35 HTML::Entities >3.56 HTML::Parser >2.37 HTML::TokeParser >1.23 IO >1.14 IO::File >1.13 IO::Pipe >2.02 Mail::Header >1.86 Math::BigInt >3.07 MIME::Base64 >5.425 MIME::Decoder >5.425 MIME::Decoder::UU >5.425 MIME::Head >5.425 MIME::Parser >3.07 MIME::QuotedPrint >5.425 MIME::Tools >0.11 Net::CIDR >1.08 POSIX >1.14 Scalar::Util >1.77 Socket >1.4 Sys::Hostname::Long >0.18 Sys::Syslog >1.9712 Time::HiRes >1.02 Time::localtime > >Optional module versions are: >1.38 Archive::Tar >0.21 bignum >missing Business::ISBN >missing Business::ISBN::Data >0.17 Convert::TNEF >missing Data::Dump >1.809 DB_File >1.13 DBD::SQLite >1.56 DBI >1.08 Digest >1.01 Digest::HMAC >2.33 Digest::MD5 >2.07 Digest::SHA1 >1.00 Encode::Detect >0.17012 Error >missing ExtUtils::CBuilder >missing ExtUtils::ParseXS >missing Inline >missing IO::String >1.09 IO::Zlib >2.23 IP::Country >missing Mail::ClamAV >3.002004 Mail::SpamAssassin >v2.005 Mail::SPF >1.999001 Mail::SPF::Query >0.19 Math::BigRat >missing Module::Build >0.20 Net::CIDR::Lite >0.63 Net::DNS >missing Net::DNS::Resolver::Programmable >missing Net::LDAP >4.007 NetAddr::IP >missing Parse::RecDescent >missing SAVI >2.42 Test::Harness >missing Test::Manifest >1.95 Text::Balanced >1.30 URI >0.74 version >missing YAML > >spamassassin -D --lint > >[32473] dbg: logger: adding facilities: all >[32473] dbg: logger: logging level is DBG >[32473] dbg: generic: SpamAssassin version 3.2.4 >[32473] dbg: config: score set 0 chosen. >[32473] dbg: util: running in taint mode? yes >[32473] dbg: util: taint mode: deleting unsafe environment variables, >resetting PATH >[32473] dbg: util: PATH included '/usr/kerberos/sbin', keeping >[32473] dbg: util: PATH included '/usr/kerberos/bin', keeping >[32473] dbg: util: PATH included '/usr/java/jdk1.5.0_09/bin', keeping >[32473] dbg: util: PATH included '/usr/local/sbin', keeping >[32473] dbg: util: PATH included '/usr/local/bin', keeping >[32473] dbg: util: PATH included '/sbin', keeping >[32473] dbg: util: PATH included '/bin', keeping >[32473] dbg: util: PATH included '/usr/sbin', keeping >[32473] dbg: util: PATH included '/usr/bin', keeping >[32473] dbg: util: PATH included '/usr/X11R6/bin', keeping >[32473] dbg: util: PATH included '/root/bin', which doesn't exist, >dropping >[32473] dbg: util: final PATH set to: >/usr/kerberos/sbin:/usr/kerberos/bin:/usr/java/jdk1.5.0_09/bin:/usr/local >/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin >[32473] dbg: dns: is Net::DNS::Resolver available? yes >[32473] dbg: dns: Net::DNS version: 0.63 >[32473] dbg: diag: perl platform: 5.008005 linux >[32473] dbg: diag: module installed: Digest::SHA1, version 2.07 >[32473] dbg: diag: module installed: HTML::Parser, version 3.56 >[32473] dbg: diag: module installed: Net::DNS, version 0.63 >[32473] dbg: diag: module installed: MIME::Base64, version 3.07 >[32473] dbg: diag: module installed: DB_File, version 1.809 >[32473] dbg: diag: module installed: Net::SMTP, version 2.29 >[32473] dbg: diag: module installed: Mail::SPF, version v2.005 >[32473] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 >[32473] dbg: diag: module installed: IP::Country::Fast, version 604.001 >[32473] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 >[32473] dbg: diag: module installed: Net::Ident, version 1.20 >[32473] dbg: diag: module installed: IO::Socket::INET6, version 2.54 >[32473] dbg: diag: module installed: IO::Socket::SSL, version 1.13 >[32473] dbg: diag: module installed: Compress::Zlib, version 1.41 >[32473] dbg: diag: module installed: Time::HiRes, version 1.9712 >[32473] dbg: diag: module installed: Mail::DomainKeys, version 1.0 >[32473] dbg: diag: module installed: Mail::DKIM, version 0.301 >[32473] dbg: diag: module installed: DBI, version 1.56 >[32473] dbg: diag: module installed: Getopt::Long, version 2.36 >[32473] dbg: diag: module installed: LWP::UserAgent, version 2.031 >[32473] dbg: diag: module installed: HTTP::Date, version 1.46 >[32473] dbg: diag: module installed: Archive::Tar, version 1.38 >[32473] dbg: diag: module installed: IO::Zlib, version 1.09 >[32473] dbg: diag: module installed: Encode::Detect, version 1.00 >[32473] dbg: ignore: using a test message to lint rules >[32473] dbg: config: using "/etc/mail/spamassassin" for site rules pre >files >[32473] dbg: config: read file /etc/mail/spamassassin/init.pre >[32473] dbg: config: read file /etc/mail/spamassassin/v310.pre >[32473] dbg: config: read file /etc/mail/spamassassin/v312.pre >[32473] dbg: config: read file /etc/mail/spamassassin/v320.pre >[32473] dbg: config: using "/var/lib/spamassassin/3.002004" for sys >rules pre files >[32473] dbg: config: using "/var/lib/spamassassin/3.002004" for default >rules dir >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org.cf >[32473] dbg: config: using "/etc/mail/spamassassin" for site rules dir >[32473] dbg: config: read file /etc/mail/spamassassin/local.cf >[32473] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC >[32473] dbg: dcc: local tests only, disabling DCC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC >[32473] dbg: pyzor: local tests only, disabling Pyzor >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC >[32473] dbg: razor2: local tests only, skipping Razor >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from >@INC >[32473] dbg: reporter: local tests only, disabling SpamCop >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC >[32473] dbg: plugin: loading >Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC >[32473] dbg: plugin: loading >Mail::SpamAssassin::Plugin::WhiteListSubject from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags >from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch >from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from >@INC >[32473] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from >@INC >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs. >cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs >.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs. >cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.c >f" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.c >f" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_test >s.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tes >ts.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_test >s.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for >included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.c >f >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit. >cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.c >f >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.c >f >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk. >cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.c >f >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim >.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dki >m.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim >.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf. >cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf >.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf. >cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subj >ect.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_sub >ject.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subj >ect.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf >[32473] dbg: config: fixed relative path: >/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf >[32473] dbg: config: using >"/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf >" >for included file >[32473] dbg: config: read file >/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf >[32473] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA >[32473] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E >[32473] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E >__MO_OL_F3B05 >[32473] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 >__XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF >__XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 >[32473] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA >[32473] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: >HS_SUBJ_NEW_SOFTWARE >[32473] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI >[32473] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A >[32473] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C >__XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 >__XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 >[32473] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 >__MO_OL_CF0C0 >[32473] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 >KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 >[32473] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 >__MO_OL_ADFF7 >[32473] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 >[32473] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB >__MO_OL_7533E >[32473] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 >[32473] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI >[32473] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B >[32473] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: >BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF >DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 >HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE >URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS >URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED >XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY >YOUR_CRD_RATING >[32473] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E >[32473] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 >[32473] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 >[32473] dbg: conf: finish parsing >[32473] dbg: plugin: >Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9a30d6c) implements >'finish_parsing_end', priority 0 >[32473] dbg: replacetags: replacing tags >[32473] dbg: replacetags: done replacing tags >[32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks >[32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen >[32473] dbg: bayes: found bayes db version 3 >[32473] dbg: bayes: DB journal sync: last sync: 0 >[32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes >DB < 200 >[32473] dbg: bayes: untie-ing >[32473] dbg: config: score set 0 chosen. >[32473] dbg: message: main message type: text/plain >[32473] dbg: message: ---- MIME PARSER START ---- >[32473] dbg: message: parsing normal part >[32473] dbg: message: ---- MIME PARSER END ---- >[32473] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0xa72a194) >implements 'check_start', priority 0 >[32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks >[32473] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen >[32473] dbg: bayes: found bayes db version 3 >[32473] dbg: bayes: DB journal sync: last sync: 0 >[32473] dbg: bayes: not available for scanning, only 0 spam(s) in bayes >DB < 200 >[32473] dbg: bayes: untie-ing >[32473] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0xa6db4c8) >implements 'check_main', priority 0 >[32473] dbg: conf: trusted_networks are not configured; it is >recommended that you configure trusted_networks manually >[32473] dbg: metadata: X-Spam-Relays-Trusted: >[32473] dbg: metadata: X-Spam-Relays-Untrusted: >[32473] dbg: metadata: X-Spam-Relays-Internal: >[32473] dbg: metadata: X-Spam-Relays-External: >[32473] dbg: message: no encoding detected >[32473] dbg: plugin: >Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa550450) implements >'parsed_metadata', priority 0 >[32473] dbg: dns: is DNS available? 0 >[32473] dbg: rules: local tests only, ignoring RBL eval >[32473] dbg: check: running tests for priority: -1000 >[32473] dbg: rules: running head tests; score so far=0 >[32473] dbg: rules: compiled head tests >[32473] dbg: eval: all '*From' addrs: >[email]ignore@compiling.spamassassin.taint.org[/email] >[32473] dbg: eval: all '*To' addrs: >[32473] dbg: rules: running body tests; score so far=0 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=0 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=0 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=0 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=0 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: -950 >[32473] dbg: rules: running head tests; score so far=0 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: running body tests; score so far=0 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=0 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=0 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=0 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=0 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: -900 >[32473] dbg: rules: running head tests; score so far=0 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: running body tests; score so far=0 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=0 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=0 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=0 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=0 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: -400 >[32473] dbg: rules: running head tests; score so far=0 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: running body tests; score so far=0 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=0 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=0 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=0 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=0 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: 0 >[32473] dbg: rules: running head tests; score so far=0 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: ran header rule __MISSING_REF ======> got hit: >"UNSET" >[32473] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got >hit: " >[32473] dbg: rules: Message-Id: " >[32473] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" >[32473] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: >"@lint_rules>" >[32473] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: >"1205129328" >[32473] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" >[32473] dbg: rules: ran header rule __SANE_MSGID ======> got hit: >"<1205129328@lint_rules> >[32473] dbg: rules: " >[32473] dbg: spf: checking to see if the message has a Received-SPF >header that we can use >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: spf: cannot get Envelope-From, cannot use SPF >[32473] dbg: spf: def_spf_whitelist_from: could not find useable >envelope sender >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: spf: already checked for Received-SPF headers, proceeding >with DNS based checks >[32473] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) >[32473] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) >[32473] dbg: spf: spf_whitelist_from: could not find useable envelope >sender >[32473] dbg: rules: running body tests; score so far=1.899 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" >[32473] dbg: rules: running uri tests; score so far=1.899 >[32473] dbg: rules: compiled uri tests >[32473] dbg: eval: stock info total: 0 >[32473] dbg: rules: running rawbody tests; score so far=1.899 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" >[32473] dbg: rules: running full tests; score so far=1.899 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=1.899 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: 500 >[32473] dbg: dns: harvest_dnsbl_queries >[32473] dbg: rules: running head tests; score so far=1.899 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: running body tests; score so far=1.899 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=1.899 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=1.899 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=1.899 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=1.899 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: running tests for priority: 1000 >[32473] dbg: rules: running head tests; score so far=4.205 >[32473] dbg: rules: compiled head tests >[32473] dbg: rules: running body tests; score so far=4.205 >[32473] dbg: rules: compiled body tests >[32473] dbg: rules: running uri tests; score so far=4.205 >[32473] dbg: rules: compiled uri tests >[32473] dbg: rules: running rawbody tests; score so far=4.205 >[32473] dbg: rules: compiled rawbody tests >[32473] dbg: rules: running full tests; score so far=4.205 >[32473] dbg: rules: compiled full tests >[32473] dbg: rules: running meta tests; score so far=4.205 >[32473] dbg: rules: compiled meta tests >[32473] dbg: check: is spam? score=4.205 required=5 >[32473] dbg: check: >tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS >[32473] dbg: check: >subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MS >OE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGI >D > > >======================================================== >allenjiang@clicktosee.com > http://www.clicktosee.com >======================================================== > > > > > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Mon Mar 17 20:08:22 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 17 20:09:39 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317181617.GA31222@ubuntu> References: <20080317181617.GA31222@ubuntu> Message-ID: <47DECFB6.1080803@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: | Hi, | | can I keep the postfix queues on NFS so that 2 concurrent host run | mailscanner on the same queue? | | Which kind of problems... am I looking for? How are you managing locks? If you have two hosts then distribute the mail with SMTP on both hosts. That way you can lose one system and still get something done. That NFS ploy is just looking for more trouble instead of solving an issue. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3s+xBvzDRVjxmYERArm5AJ9n02cEPuyFN39y+A6l0MbIT7G7kwCghyGW 0gZ5Ggq1/lZlz6kX8r3r20o= =yW1+ -----END PGP SIGNATURE----- From glenn.steen at gmail.com Mon Mar 17 21:22:11 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 21:22:49 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DEA603.3080507@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> Message-ID: <223f97700803171422v487ffb04ob1cdaf774b23d842@mail.gmail.com> On 17/03/2008, John Baker wrote: > I did indeed forget that you need to execute bit on for a process to > create a directory. Hey, its been a while since Unix 101. :) :-) > > But the source of confusion here for me as much as the Mailwatch wiki > ,which I did take the directions from, is that the default > Mailscanner.conf file has Quarantine Permissions = 0600 leading one to > believe that the execute bit is not necessary. This is in the > Mailscanner book as well. But the line is correct for the files created.... IIRC (been a while since I looked) any needed execute bits are added as needed for created directories... I might be wrong, but I don't think so:-) > What is the function of this line in the file? It seems to be ignored by > the actual process. Definitely not ignored, no. Anyway, AFAIU you have all your problems resolved now, right? All chugging along nicely...? Cheers -- Glenn > > Glenn Steen wrote: > > On 17/03/2008, Julian Field wrote: > >> If someone can fix this one for John, please can you put it in the Wiki > >> if it isn't already there? > >> Thanks folks! > >> Jules. > > > > AFAICS there is no need for this to be in the Wiki, since it seems to > > me that John has done a few "faux pas"...:-): > > -For a process to be able to create a directory you need hold the > > execute bit for the directory in which the new directory is created. > > Unix 101. > > - John might have mistakenly changed the _owner_ of the top quarantine > > directory to root. This is wrong for most postfix installations. > > > > Leads me to thing He's been following some other docs than the ones > > already in the MS wiki. > > If one is to change any Wiki information I'd hazard it'd be best to > > change the MW one. > > Cheers > > -- Glenn > > > >> John Baker wrote: > >> > Hi all, > >> > > >> > I've been trying to get Mailscanner set up to work so that postfix and > >> > Mailwatch will cooperate and ran into a confusing permission issue. > >> > > >> > You'd think this one would have been addressed here before but I could > >> > not find an answer in the archives. > >> > > >> > I seemed as thought the logical way to work around Mailwatch's desire > >> > to write to the quarantine as root was to join the postfix user to > >> > apache www-data group and give that group ownership of the quarantine. > >> > > >> > So I did that and went with the recommended 0660 permissions. But > >> > Mailscanner started throwing "cannot write to directory > >> > /var/spool/MailScanner/quarantine" > >> > > >> > I switched everything in the configuration back but found that the > >> > errors were still being thrown. I had noticed while setting up that > >> > the default permission for the que was 755 and had changed it to the > >> > fit the 0660 permissions in the mailscanner.con file. I finally added > >> > +x and then it seemed to work. So it appears as though despite the > >> > numbers in permissions in the mailscanner.conf file it need +x on the > >> > owner, and then presumably group if not the same as owner. Why does it > >> > need execute permission? Or I'm I missing something else? > >> > > >> > Does anybody have a successful and secure > >> > mailscanner/postfix/mailwatch recipe they can share? > >> > > >> > Thanks > >> > >> > >> Jules > >> > >> -- > >> Julian Field MEng CITP CEng > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> > >> Need help customising MailScanner? > >> Contact me! > >> Need help fixing or optimising your systems? > >> Contact me! > >> Need help getting you started solving new requirements from your boss? > >> Contact me! > >> > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> > > > > > > > -- > > John Baker > Network Systems Administrator > Marlboro College > Phone: 451-7551 off campus; 551 on campus > -- > > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 17 21:32:49 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 21:33:24 2008 Subject: mailscanner, queue & nfs In-Reply-To: <47DECFB6.1080803@vanderkooij.org> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> Message-ID: <223f97700803171432g1e94156bk51c279c49e1203a6@mail.gmail.com> On 17/03/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Alessandro Dentella wrote: > | Hi, > | > | can I keep the postfix queues on NFS so that 2 concurrent host run > | mailscanner on the same queue? > | > | Which kind of problems... am I looking for? > > > How are you managing locks? > > If you have two hosts then distribute the mail with SMTP on both hosts. > That way you can lose one system and still get something done. > > That NFS ploy is just looking for more trouble instead of solving an issue. > > Hugo > Couldn't agree more. When you get hammered... Does log analysis or similar give any kind of... indication, what type of spam/badware they'er lugging your way? If so, I'd aim at some type of postfix trck to target t just that (worst case... header/body rules... worst, since then you'd already have accepted the message... best would be if you can find something really simple to filter on). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From sandro at e-den.it Mon Mar 17 21:37:39 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Mon Mar 17 21:38:17 2008 Subject: mailscanner, queue & nfs In-Reply-To: <47DECFB6.1080803@vanderkooij.org> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> Message-ID: <20080317213739.GA32093@ubuntu> On Mon, Mar 17, 2008 at 09:08:22PM +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alessandro Dentella wrote: > | Hi, > | > | can I keep the postfix queues on NFS so that 2 concurrent host run > | mailscanner on the same queue? > | > | Which kind of problems... am I looking for? > > How are you managing locks? > > If you have two hosts then distribute the mail with SMTP on both hosts. > That way you can lose one system and still get something done. > > That NFS ploy is just looking for more trouble instead of solving an issue. I'm not yet doing this, so I'm not managing locks! This setup would olny be an intermediate way to migrate a system that is always under too hight load to a newer one (same hw, really). I'like to understand how different blocks are impacting on load so I wanted to isolate mailscanner, while at it I also wandered if it would be possible to go in parallel. (the same box has also imap/pop and we receive around 150.000 mail a day) And what about haveing (temporarily) postfix on a box and mailscanner on a different box that works on an NFS exported spool directory. Would that be again looking for troubles or not (since there should not be concurrency between different MailScanner processes.) My understanding (please correct me if I'm wrong) is that mailScanner only acts on mails in the queue with HOLD flag and postfix won't touch those files. My guess is that non lock problem shou arise, but I'm /really/ not en expert un this issue. sandro *:-) From sandro at e-den.it Mon Mar 17 21:55:18 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Mon Mar 17 21:56:02 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <1205768949.5657.12.camel@gblades-suse.linguaphone-intranet.co.uk> References: <47DE8DBB.30702@marlboro.edu> <1205768949.5657.12.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <20080317215518.GB32093@ubuntu> On Mon, Mar 17, 2008 at 03:49:09PM +0000, Gareth wrote: > You need x permissions on a directory in order to be able to read a > directory listing. not really. x bit will allow you to 'get into' or 'cross'not to list files: $ mkdir test1 $ touch test1/a test1/b $ chmod 111 test1 $ ls test1 ls: test1: Permesso negato # x is not enought $ cd test1 # but is enoyght to ge in /test1$ ls ls: .: Permesso negato /test1$ /test1$ cd ../ $ chmod 444 test1 # read is ok for listing files $ ls test1 test1/a test1/b $ cd test1 # not to get in bash: cd: test1: Permesso negato sandro *:-) From ssilva at sgvwater.com Mon Mar 17 22:09:26 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 17 22:10:05 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> Message-ID: on 3-15-2008 6:42 AM Devon Harding spake the following: > > > On Sat, Mar 15, 2008 at 3:35 AM, Rob Kettle > wrote: > > I had this when 4.67 came out and only thing I could do was remove > MailScanner and run setup from scratch. I had to manually then add my > settings to the mailscanner.conf file. > > In my case it was some corruption/bad settings in mailscanner.conf that > was the issue as if I re-used the previous or upgraded mailscanner.conf > then I had the problem but with a clean, brand new mailscanner.conf > everything was fine. > > > > Rob, I owe you my first born! Corrupted MailScanner.conf After I > reinstalled and added my settings manually, everything worked! > > Thanks All!! > > -Devon > That first born offer could be more expensive than it sounds. What with the price of college the way it is! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/5781cd41/signature.bin From MailScanner at ecs.soton.ac.uk Mon Mar 17 22:09:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 22:10:48 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317213739.GA32093@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> Message-ID: <47DEEC32.2000308@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: > On Mon, Mar 17, 2008 at 09:08:22PM +0100, Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Alessandro Dentella wrote: >> | Hi, >> | >> | can I keep the postfix queues on NFS so that 2 concurrent host run >> | mailscanner on the same queue? >> | >> | Which kind of problems... am I looking for? >> >> How are you managing locks? >> >> If you have two hosts then distribute the mail with SMTP on both hosts. >> That way you can lose one system and still get something done. >> >> That NFS ploy is just looking for more trouble instead of solving an issue. >> > > I'm not yet doing this, so I'm not managing locks! > This setup would olny be an intermediate way to migrate a system that is > always under too hight load to a newer one (same hw, really). > > I'like to understand how different blocks are impacting on load so I wanted > to isolate mailscanner, while at it I also wandered if it would be possible > to go in parallel. (the same box has also imap/pop and we receive around > 150.000 mail a day) > > And what about haveing (temporarily) postfix on a box and mailscanner on a > different box that works on an NFS exported spool directory. > > Would that be again looking for troubles or not (since there should not be > concurrency between different MailScanner processes.) > You *are* looking for trouble here. > My understanding (please correct me if I'm wrong) is that mailScanner only > acts on mails in the queue with HOLD flag and postfix won't touch those > files. My guess is that non lock problem shou arise, but I'm /really/ not en > expert un this issue. > :-) The problems are two-fold: 1) MailScanner mustn't start processing a mail until Postfix has finished writing it. It can still be writing it after it has decided to put it into the HOLD queue. So you need locking between MailScanner and Postfix. 2) MailScanner processes (of which there are "Max Children" in MailScanner.conf) compete for access to the same messages, and must lock each other out. So you need locking between competing MailScanner children. (2) is a solved problem (except for 1 poor user at the moment who is having problems which I haven't cracked yet). (1) is difficult due to the way Postfix is written. I have done it, but it is not NFS-safe. There is only 1 locking method that is really NFS-safe, and it's not the one Postfix uses (someone will surely correct me here if I'm wrong). You *really* don't want to get into the game of NFS-mounting Postfix mail queues. You are asking for a world of pain. You have 2 boxes (your intended Postfix box and your intended MailScanner box). Why not just run Postfix+MailScanner on them both and have 2 identically-weighted MX records pointing to them? Uses the same amount of hardware for the same number of messages, gets rid of all your locking problems, and will work :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3uw0EfZZRxQVtlQRAmbLAKDE7edODvy9BoefEwadaO3hF5WFIACg1WL+ JW+HX/G2URTE6rbxcblBSkw= =+GnW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 17 22:14:33 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 17 22:14:54 2008 Subject: MailScanner: extracting attachments In-Reply-To: <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> Message-ID: on 3-15-2008 7:37 AM Devon Harding spake the following: > > > On Sat, Mar 15, 2008 at 10:06 AM, shuttlebox > wrote: > > On Sat, Mar 15, 2008 at 2:42 PM, Devon Harding > > wrote: > > Rob, I owe you my first born! Corrupted MailScanner.conf After I > > reinstalled and added my settings manually, everything worked! > > And you had no problems updating the file? Lint didn't pick it up? > Have you diffed the files to see what the problem is? Would be > interesting to know. > > -- > > > Nothing stood out...here's a diff of the two. > > [root@mars ~]# diff /etc/MailScanner/MailScanner.conf > ~/MailScanner.conf.rpmsave > 115c115 It could have been anything from the different location of gunzip, to the shortened numeric parameters (20000 as opposed to 20k). Even the spamassassin user state directory is different. You could try adding in one at a time and re-checking until it barfs again. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/91988783/signature.bin From ssilva at sgvwater.com Mon Mar 17 22:17:12 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 17 22:20:15 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DD1485.5060409@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <625385e30803150706q48814a87m26fc0130f82a647b@mail.gmail.com> <2baac6140803150737i4cad1589v10fb46f256299b52@mail.gmail.com> <223f97700803150915t5df06fd5uf2cb4954ad6b2054@mail.gmail.com> <2baac6140803151040u48419ca2y7047fa70816df4c9@mail.gmail.com> <47DC12C0.9090102@ecs.soton.ac.uk> <2baac6140803151258k254af649g9695470589c575ff@mail.gmail.com> <47DC376B.1050209@ecs.soton.ac.uk> <47DCE40A.9010306@vanderkooij.org> <47DD1485.5060409@ecs.soton.ac.uk> Message-ID: on 3-16-2008 5:37 AM Julian Field spake the following: > > > Hugo van der Kooij wrote: >> * PGP Signed by an unverified key: 03/16/08 at 09:10:32 > >> Julian Field wrote: >> | >> | >> | Devon Harding wrote: >> |> What do you mean by the "file consistency check"? >> | >> | >> |> If you, for example, forget the in >> |> /etc/httpd/conf/httpd.conf, you would get the following error: >> | >> |> [root@mars ~]# service httpd start >> |> Starting httpd: httpd: Syntax error on line 1014 of >> |> /etc/httpd/conf/httpd.conf: /etc/httpd/conf/httpd.conf:1014: >> |> was not closed. >> |> [FAILED] >> | >> |> Just wondering if thats possible with MailScanner. >> | It already does syntax checking of the MailScanner.conf and >> complains in >> | the logs about any errors it finds. > >> The usual way for me to restart MailScanner after a change is > >> service MailScaner restart;tail -f /var/log/maillog > >> Then the output of the syslog file will show wether or not MailScanner >> was happy or if I had my fingers all thumbled up again and made some >> horrible typos. > >> Apache does not always tell me what typo I made either. Most of the >> times I have to dig into the error log to find it. But apache always >> clearly indicates it did not start and I have seen cases where >> MailScanner did not report a failure on the command prompt but it was >> obvious from the logs that it did not startup either. > Unfortunately, I read the config after I've forked, unlike Apache which > appears to read it first. So by the time I've read the config it's > already too late. > I'll take a look, but don't hold out much hope other than reading the > conf then throwing it away, just to syntax check it before starting up. > That might be possible. > Or a test prog like samba's testparm. That way you don't have to modify the main progs. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/883d1dba/signature.bin From MailScanner at ecs.soton.ac.uk Mon Mar 17 22:26:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 17 22:27:38 2008 Subject: MailScanner: extracting attachments In-Reply-To: References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> Message-ID: <47DEF023.6090105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 3-15-2008 6:42 AM Devon Harding spake the following: >> >> >> On Sat, Mar 15, 2008 at 3:35 AM, Rob Kettle > > wrote: >> >> I had this when 4.67 came out and only thing I could do was remove >> MailScanner and run setup from scratch. I had to manually then >> add my >> settings to the mailscanner.conf file. >> >> In my case it was some corruption/bad settings in >> mailscanner.conf that >> was the issue as if I re-used the previous or upgraded >> mailscanner.conf >> then I had the problem but with a clean, brand new mailscanner.conf >> everything was fine. >> >> >> >> Rob, I owe you my first born! Corrupted MailScanner.conf After I >> reinstalled and added my settings manually, everything worked! >> >> Thanks All!! >> >> -Devon >> > That first born offer could be more expensive than it sounds. What > with the price of college the way it is! ;-P I would still like to know what the root cause of this problem was. We got it down to something in a very long list of diffs, but that's it. Anyone got any new thoughts on this subject? Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: UTF-8 wj8DBQFH3vAlEfZZRxQVtlQRAqjNAJ97ZrPBJGmcCjbA598OsNwBbdxcjQCgqhUg mBtHSH9et7H+s+bBzcuUuBY= =dqrA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 17 22:30:41 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 17 22:31:20 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DEA603.3080507@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> Message-ID: on 3-17-2008 10:10 AM John Baker spake the following: > I did indeed forget that you need to execute bit on for a process to > create a directory. Hey, its been a while since Unix 101. :) > > But the source of confusion here for me as much as the Mailwatch wiki > ,which I did take the directions from, is that the default > Mailscanner.conf file has Quarantine Permissions = 0600 leading one to > believe that the execute bit is not necessary. This is in the > Mailscanner book as well. > > What is the function of this line in the file? It seems to be ignored by > the actual process. > Remember, Julian originally wrote MailScanner to run with sendmail as root, so it didn't have the permission changes that newer MTA's require to NOT run as root. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/3556d4b3/signature.bin From sandro at e-den.it Mon Mar 17 22:46:21 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Mon Mar 17 22:47:01 2008 Subject: mailscanner, queue & nfs In-Reply-To: <47DEEC32.2000308@ecs.soton.ac.uk> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <47DEEC32.2000308@ecs.soton.ac.uk> Message-ID: <20080317224621.GB32492@ubuntu> > You *really* don't want to get into the game of NFS-mounting Postfix > mail queues. You are asking for a world of pain. ok, got it... > You have 2 boxes (your intended Postfix box and your intended > MailScanner box). Why not just run Postfix+MailScanner on them both and > have 2 identically-weighted MX records pointing to them? Uses the same > amount of hardware for the same number of messages, gets rid of all your > locking problems, and will work :-) just to explain. I have 2 boxes *now* not at the end, unless I understand I definitely need them. And I need to get to a solution before tomorrow... I really want to get to a situation out of emergency in which to study better why if I enable dns (spamassassin settings) everything goes so slow, MailScanner processes Checking with spam list and so on. Tha's the only reason why I wanted to split *temporarily* the services. Would the same problems arise with imap server if I have a server for postfix/mailscanner dropping files in an nfs mounted dir for courier imap/pop? sandro *:-) From glenn.steen at gmail.com Mon Mar 17 23:09:44 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 23:10:19 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317213739.GA32093@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> Message-ID: <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> On 17/03/2008, Alessandro Dentella wrote: > On Mon, Mar 17, 2008 at 09:08:22PM +0100, Hugo van der Kooij wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Alessandro Dentella wrote: > > | Hi, > > | > > | can I keep the postfix queues on NFS so that 2 concurrent host run > > | mailscanner on the same queue? > > | > > | Which kind of problems... am I looking for? > > > > How are you managing locks? > > > > If you have two hosts then distribute the mail with SMTP on both hosts. > > That way you can lose one system and still get something done. > > > > That NFS ploy is just looking for more trouble instead of solving an issue. > > > I'm not yet doing this, so I'm not managing locks! > This setup would olny be an intermediate way to migrate a system that is > always under too hight load to a newer one (same hw, really). I'm pretty certain it is the "wrong" way to go. Much better to make the new one act as a GW to the old one, disable MS on the old one, config/enable MS on the new one... Less risks, less time spent on solving "the wrong" type of problems. > I'like to understand how different blocks are impacting on load so I wanted > to isolate mailscanner, while at it I also wandered if it would be possible > to go in parallel. (the same box has also imap/pop and we receive around > 150.000 mail a day) Separation is good, yes, but having one or two GWs in front of your mail store is a much simpler thing to handle... If the GWs are too loaded... And you can't seem to find a reasonable "easyblock", then ... just add more GWs:-). > > And what about haveing (temporarily) postfix on a box and mailscanner on a > different box that works on an NFS exported spool directory. I always shy away from this type of thing... NFS isn't exactly the epitome of performance (other than compared to other "network filesystems":-), and it isn't really that likely that your problem is with PF taking too much resources from MS... More likely that all the other things you might have there (IMAP software, webmail, database(s)...) are the problem. All "solved" if you make the new host a GW to the old one. > Would that be again looking for troubles or not (since there should not be > concurrency between different MailScanner processes.) Well, I can't really see that you'd be gaining anything by it. > My understanding (please correct me if I'm wrong) is that mailScanner only > acts on mails in the queue with HOLD flag and postfix won't touch those > files. My guess is that non lock problem shou arise, but I'm /really/ not en > expert un this issue. Quite true, but ... why make it that messy? Simpler to set things up on the new one (PF and MS in "relay mode":-), then just futs your MX records to "slide" it in before the old one, disable MS on the old one and start normal PF (without the HOLD header check), perhaps set that one to use the GW as a smart host ... and you're set... That's probably what I'd do anyway:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 17 23:21:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 23:21:55 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317224621.GB32492@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <47DEEC32.2000308@ecs.soton.ac.uk> <20080317224621.GB32492@ubuntu> Message-ID: <223f97700803171621j715ddedch1854cda2f141b007@mail.gmail.com> On 17/03/2008, Alessandro Dentella wrote: > > You *really* don't want to get into the game of NFS-mounting Postfix > > mail queues. You are asking for a world of pain. > > > ok, got it... > > > > You have 2 boxes (your intended Postfix box and your intended > > MailScanner box). Why not just run Postfix+MailScanner on them both and > > have 2 identically-weighted MX records pointing to them? Uses the same > > amount of hardware for the same number of messages, gets rid of all your > > locking problems, and will work :-) > > > just to explain. I have 2 boxes *now* not at the end, unless I understand I > definitely need them. And I need to get to a solution before tomorrow... > Ok. I'd spend a buck on having things split over a few boxes. Saves you trouble in the end.:-) > > I really want to get to a situation out of emergency in which to study > better why if I enable dns (spamassassin settings) everything goes so slow, > MailScanner processes Checking with spam list and so on. > Ah. Now we see a real problem!:-). Do you run a caching only DNS on the box? Does it work? Really sure you use it, not only have it running? ( Couldn't be experience talking there.... now could it...:-) Advice: Minimize the number of lists you check in MailScanner... They are done in serial fashion, so at the most use one or two that you know are a) reliable and b) fast. Best is to use none (if you want a simple yes/no, use it in Posttfix, else use SA to score them instead). Above all else make sure you aren't using a dead one. That will surely kill your performance big time. > Tha's the only reason why I wanted to split *temporarily* the services. Then lets look at that problem instead of aquiring new ones, shall we?:-D > > Would the same problems arise with imap server if I have a server for > postfix/mailscanner dropping files in an nfs mounted dir for courier imap/pop? Depends on the imap SW used. I'd not go there... See my previous post:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 17 23:25:11 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 17 23:25:47 2008 Subject: mailscanner, queue & nfs In-Reply-To: <223f97700803171621j715ddedch1854cda2f141b007@mail.gmail.com> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <47DEEC32.2000308@ecs.soton.ac.uk> <20080317224621.GB32492@ubuntu> <223f97700803171621j715ddedch1854cda2f141b007@mail.gmail.com> Message-ID: <223f97700803171625t37d5e6aaj17ceac3def999fdc@mail.gmail.com> On 18/03/2008, Glenn Steen wrote: > On 17/03/2008, Alessandro Dentella wrote: > > > > You *really* don't want to get into the game of NFS-mounting Postfix > > > mail queues. You are asking for a world of pain. > > > > > > ok, got it... > > > > > > > You have 2 boxes (your intended Postfix box and your intended > > > MailScanner box). Why not just run Postfix+MailScanner on them both and > > > have 2 identically-weighted MX records pointing to them? Uses the same > > > amount of hardware for the same number of messages, gets rid of all your > > > locking problems, and will work :-) > > > > > > just to explain. I have 2 boxes *now* not at the end, unless I understand I > > definitely need them. And I need to get to a solution before tomorrow... > > > > Ok. > I'd spend a buck on having things split over a few boxes. Saves you > trouble in the end.:-) > > > > > I really want to get to a situation out of emergency in which to study > > better why if I enable dns (spamassassin settings) everything goes so slow, > > MailScanner processes Checking with spam list and so on. > > > > Ah. Now we see a real problem!:-). > Do you run a caching only DNS on the box? Does it work? Really sure > you use it, not only have it running? ( Couldn't be experience > talking there.... now could it...:-) > > Advice: Minimize the number of lists you check in MailScanner... They > are done in serial fashion, so at the most use one or two that you > know are a) reliable and b) fast. Best is to use none (if you want a > simple yes/no, use it in Posttfix, else use SA to score them instead). > Above all else make sure you aren't using a dead one. That will surely > kill your performance big time. > > > > Tha's the only reason why I wanted to split *temporarily* the services. > > > Then lets look at that problem instead of aquiring new ones, shall we?:-D > > > > > > Would the same problems arise with imap server if I have a server for > > postfix/mailscanner dropping files in an nfs mounted dir for courier imap/pop? > > Depends on the imap SW used. I'd not go there... See my previous post:-). FFW reading there... Courier, hmmm, Should probably work. But then... That one is pretty light. Unless the system is seriously starved on IO resources... And your users have trillions of messages littering it:-). Anyway, do the simple thing: Make a GW, make sure it isn't having teh same problems wrt DNS as the current one, slide it in...:-) BTW, you do reject unknown recipients and all that? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Mar 18 00:03:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 18 00:04:11 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> Message-ID: <47DF06C9.4090004@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Scott Silva wrote: > on 3-17-2008 10:10 AM John Baker spake the following: >> I did indeed forget that you need to execute bit on for a process to >> create a directory. Hey, its been a while since Unix 101. :) >> >> But the source of confusion here for me as much as the Mailwatch wiki >> ,which I did take the directions from, is that the default >> Mailscanner.conf file has Quarantine Permissions = 0600 leading one >> to believe that the execute bit is not necessary. This is in the >> Mailscanner book as well. >> >> What is the function of this line in the file? It seems to be ignored >> by the actual process. >> > Remember, Julian originally wrote MailScanner to run with sendmail as > root, so it didn't have the permission changes that newer MTA's > require to NOT run as root. > But I wrote in the non-root support for the other MTA's quite a long time ago. It should all work okay. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: UTF-8 wj4DBQFH3wbMEfZZRxQVtlQRAtjIAJUSoNb73yM1vnSJV2aPB+qJEtFFAJ4jLt72 BlL4DuN/QAhkkeFUhzBZzg== =MvJS -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Mar 18 00:00:29 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 18 00:05:41 2008 Subject: MailScanner: extracting attachments In-Reply-To: <47DEF023.6090105@ecs.soton.ac.uk> References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <072201c885d6$d3dd2440$0301a8c0@SAHOMELT> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> Message-ID: on 3-17-2008 3:26 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 3-15-2008 6:42 AM Devon Harding spake the following: >>> >>> On Sat, Mar 15, 2008 at 3:35 AM, Rob Kettle >> > wrote: >>> >>> I had this when 4.67 came out and only thing I could do was remove >>> MailScanner and run setup from scratch. I had to manually then >>> add my >>> settings to the mailscanner.conf file. >>> >>> In my case it was some corruption/bad settings in >>> mailscanner.conf that >>> was the issue as if I re-used the previous or upgraded >>> mailscanner.conf >>> then I had the problem but with a clean, brand new mailscanner.conf >>> everything was fine. >>> >>> >>> >>> Rob, I owe you my first born! Corrupted MailScanner.conf After I >>> reinstalled and added my settings manually, everything worked! >>> >>> Thanks All!! >>> >>> -Devon >>> >> That first born offer could be more expensive than it sounds. What >> with the price of college the way it is! ;-P > I would still like to know what the root cause of this problem was. We > got it down to something in a very long list of diffs, but that's it. > Anyone got any new thoughts on this subject? > > Jules > I know I had a problem last year with the shortened numbers like 20k instead of 20000, but who knows? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/09d020d5/signature.bin From sandro at e-den.it Tue Mar 18 00:05:40 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Tue Mar 18 00:06:19 2008 Subject: mailscanner, queue & nfs In-Reply-To: <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> Message-ID: <20080318000540.GA321@ubuntu> Thanks Glenn for your suggestions, but I haven't understood some of yor hints... > I'm pretty certain it is the "wrong" way to go. Much better to make > the new one act as a GW to the old one, disable MS on the old one, > config/enable MS on the new one... Less risks, less time spent on > solving "the wrong" type of problems. not sure what you mean here when you say one box being gw to the other. > Simpler to set things up on the new one (PF and MS in "relay mode":-), isn't 'relay mode' when you have more that one MailScanner installations? ('Check Watermarks To Skip Spam Checks') > then just futs your MX records to "slide" it in before the old one, "futs"? (not sure what that means) i guess forwarding the port would work equally well, but how can I configure postfix to finally deliver (cleaned) mails to the old box? (I guess this is the gw setup...) a link to the gateway configration would also be appreciated. Thanks again sandro From MailScanner at ecs.soton.ac.uk Tue Mar 18 00:09:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 18 00:09:46 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317224621.GB32492@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <47DEEC32.2000308@ecs.soton.ac.uk> <20080317224621.GB32492@ubuntu> Message-ID: <47DF0836.70902@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: > Would the same problems arise with imap server if I have a server for > postfix/mailscanner dropping files in an nfs mounted dir for courier imap/pop? > Does courier use maildir format? If so, you're okay for doing that, as maildir is designed to be NFS-safe. If it's not maildir, but something closer to mbox, then don't do it. We used to do that here, and the program that effectively just "cat"s a message onto the end of their mailbox is an enormous very carefully written piece of code (about 50k of C source if I remember rightly), to be sure that it was done correctly. Don't go there, it hurts :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH3wg4EfZZRxQVtlQRAq9OAJ47LH/ks0GUBOXd8kCBNQa60f/ymwCfWgDG B0ZWH3/8O0lOMbBLG7tFZDk= =spGo -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 18 00:26:19 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 00:26:55 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DF06C9.4090004@ecs.soton.ac.uk> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> <47DF06C9.4090004@ecs.soton.ac.uk> Message-ID: <223f97700803171726u78801d0aq18bfa301bdebaac3@mail.gmail.com> On 18/03/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > > Scott Silva wrote: > > on 3-17-2008 10:10 AM John Baker spake the following: > >> I did indeed forget that you need to execute bit on for a process to > >> create a directory. Hey, its been a while since Unix 101. :) > >> > >> But the source of confusion here for me as much as the Mailwatch wiki > >> ,which I did take the directions from, is that the default > >> Mailscanner.conf file has Quarantine Permissions = 0600 leading one > >> to believe that the execute bit is not necessary. This is in the > >> Mailscanner book as well. > >> > >> What is the function of this line in the file? It seems to be ignored > >> by the actual process. > >> > > Remember, Julian originally wrote MailScanner to run with sendmail as > > root, so it didn't have the permission changes that newer MTA's > > require to NOT run as root. > > > > But I wrote in the non-root support for the other MTA's quite a long > time ago. It should all work okay. > Works. Not should work.;-). (someone is bound to start the MUST and SHOULD definition war all over again... :-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brose at med.wayne.edu Tue Mar 18 00:44:27 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Tue Mar 18 00:45:12 2008 Subject: FYI on MailScanner 4.68.5 beta and clamd logging In-Reply-To: References: <1205745098.14498.28.camel@localhost.localdomain> Message-ID: <610C64469748E84DB6BDD5BD23F01A76119EBF@MED-CORE03-MS1.med.wayne.edu> The duplicate log entry is gone with the current beta but should the log entry include the word FOUND clamavmodule -> ClamAVModule::INFECTED:: Email.Spam.Gen2577.Sanesecurity.08021523:: ./m2HJ64OT030813/ clamd -> ClamAVModule::INFECTED:: Email.Spam.Sanesecurity.Url_242 FOUND :: ./m2HNCgXl007819/ Not sure if it's supposed to be trimmed or not. -=B From eersana at yahoo.com Tue Mar 18 03:41:41 2008 From: eersana at yahoo.com (anas asree) Date: Tue Mar 18 03:42:17 2008 Subject: How to stop this spam Message-ID: <82403.84862.qm@web39515.mail.mud.yahoo.com> Hi all... Our servers are getting this kind of spam that have this kind of content uu zjqji qf, sexy er Shemale f http://www.truebsexfilms.cn lv uk bhq eqli. dny cygum nsqzf zocnd w w olm. xyh lu phsi u bha, efoca isea c yy ytv jkpvn y xpxo. oc m, beautiful vvkqb wk Daughters emzr http://www.xideohot.cn h oku. nn ptbv rep bwxx wdo ifogr. dzi dwrw lqpk s wst kynd, k bfxm b f o rq. Our Mailscanner did not detect these mail as SPAM. The spam report show nothing except for Bayes_00. This kind of spam comes from yahoo mail and is kind of difficult to block the IP because it comes from Yahoo. We've been getting quite a lot of this kind of Spam.. We have also installed DCC, Razor2, SARE in our mailscanner but that did'nt help --------------------------------- Never miss a thing. Make Yahoo your homepage. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080317/1cd00795/attachment.html From itlist at gmail.com Tue Mar 18 04:12:50 2008 From: itlist at gmail.com (Cheng Bruce) Date: Tue Mar 18 04:13:40 2008 Subject: How to stop this spam In-Reply-To: <82403.84862.qm@web39515.mail.mud.yahoo.com> References: <82403.84862.qm@web39515.mail.mud.yahoo.com> Message-ID: Hi, I am not sure if you turn on RBL list. I got 12.4 points. Content analysis details: (12.4 points, 7.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [83.98.192.7 listed in list.dnswl.org] 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: xideohot.cn] 2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: xideohot.cn] 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: xideohot.cn] 2.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: xideohot.cn] On Tue, Mar 18, 2008 at 11:41 AM, anas asree wrote: > Hi all... > > Our servers are getting this kind of spam that have this kind of content > > uu zjqji qf, sexy er Shemale f http://www.truebsexfilms.cn lv uk bhq eqli. > dny cygum nsqzf zocnd w w olm. > xyh lu phsi u bha, efoca isea c yy ytv jkpvn y xpxo. > > oc m, beautiful vvkqb wk Daughters emzr http://www.xideohot.cn h oku. nn > ptbv rep bwxx wdo ifogr. > dzi dwrw lqpk s wst kynd, k bfxm b f o rq. > > Our Mailscanner did not detect these mail as SPAM. The spam report show nothing > except for Bayes_00. This kind of spam comes from yahoo mail and is kind of difficult > > to block the IP because it comes from Yahoo. We've been getting quite a lot of this kind of Spam.. > > We have also installed DCC, Razor2, SARE in our mailscanner but that did'nt help > > > ------------------------------ > Never miss a thing. Make Yahoo your homepage. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/ed278ed3/attachment-0001.html From devonharding at gmail.com Tue Mar 18 04:54:46 2008 From: devonharding at gmail.com (Devon Harding) Date: Tue Mar 18 04:55:20 2008 Subject: MailScanner: extracting attachments In-Reply-To: References: <2baac6140803140608i7f7db0a6w4939e1f0473f7751@mail.gmail.com> <2baac6140803140947v49c0e530w5534574922423741@mail.gmail.com> <47DAAFF4.9090803@ecs.soton.ac.uk> <8775613110ACC349B6CF97F922E670E34501D4@kronos.secure-enterprise.com> <2baac6140803141732t54494754h90963680b0574c27@mail.gmail.com> <47DB7C3C.1060607@kettle.org.uk> <2baac6140803150642i5e6ef7bdmf50edabece1ede10@mail.gmail.com> <47DEF023.6090105@ecs.soton.ac.uk> Message-ID: <2baac6140803172154o571a3efaseeac170c2267c9db@mail.gmail.com> > > > > I would still like to know what the root cause of this problem was. We > > got it down to something in a very long list of diffs, but that's it. > > Anyone got any new thoughts on this subject? > > > > Jules > > > I know I had a problem last year with the shortened numbers like 20k > instead > of 20000, but who knows? > I know, really odd, just did the upgrade from 4.66 to 4.67 and converted the MailScanner.conf. Then again, my system has been upgrading since version 3.xx so who knows. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/0142b4a2/attachment.html From agross at gcpsite.com Tue Mar 18 04:59:02 2008 From: agross at gcpsite.com (Adam Gross) Date: Tue Mar 18 04:59:53 2008 Subject: How to stop this spam References: <82403.84862.qm@web39515.mail.mud.yahoo.com> Message-ID: <4487B1717589544792AD581CC5D2EC2E775D@GCPMASTER.gpocorp.local> Edit /opt/MailScanner/etc/spam.assassin.prefs.conf and add the following: /---------- Score RAZOR2_CF_RANGE_51_100 6.0 Score RAZOR2_CHECK 6.0 ----------/ Then restart MailScanner. Anything that trips those rules in the future will get 6 points added to the score, automatically dumping them in the spam bin, problem solved. You can do the same for any other rule. -Adam From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Cheng Bruce Sent: Tuesday, March 18, 2008 12:13 AM To: MailScanner discussion Subject: Re: How to stop this spam Hi, I am not sure if you turn on RBL list. I got 12.4 points. Content analysis details: (12.4 points, 7.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [MailScanner warning: numerical links are often malicious: 83.98.192.7 listed in list.dnswl.org] 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 2.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: xideohot.cn] 2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: xideohot.cn] 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: xideohot.cn] 2.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: xideohot.cn] On Tue, Mar 18, 2008 at 11:41 AM, anas asree wrote: Hi all... Our servers are getting this kind of spam that have this kind of content uu zjqji qf, sexy er Shemale f http://www.truebsexfilms.cn lv uk bhq eqli. dny cygum nsqzf zocnd w w olm. xyh lu phsi u bha, efoca isea c yy ytv jkpvn y xpxo. oc m, beautiful vvkqb wk Daughters emzr http://www.xideohot.cn h oku. nn ptbv rep bwxx wdo ifogr. dzi dwrw lqpk s wst kynd, k bfxm b f o rq. Our Mailscanner did not detect these mail as SPAM. The spam report show nothing except for Bayes_00. This kind of spam comes from yahoo mail and is kind of difficult to block the IP because it comes from Yahoo. We've been getting quite a lot of this kind of Spam.. We have also installed DCC, Razor2, SARE in our mailscanner but that did'nt help ________________________________ Never miss a thing. Make Yahoo your homepage. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ------------------------------------------------------------ ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/dc2945dd/attachment.html From J.Ede at birchenallhowden.co.uk Tue Mar 18 08:06:35 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Mar 18 08:11:40 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080317181617.GA31222@ubuntu> References: <20080317181617.GA31222@ubuntu> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E88@server02.bhl.local> Just a quick sanity check since I've not seen it asked elsewhere... (apologies if I've missed the email where someone asked. This is written pre-caffeine). Do you do any form of filtering on the mails you accept with postfix? With RBL's such as spamhaus, spamcop, abuseat? what about recipient verification (reject_unverified_recipient) can be very handy depending on your setup... Maybe some form of greylisting? What about reject_unauth_pipelining? Rejecting on no/bad DNS/RDNS? Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro@e-den.it] Sent: 17 March 2008 18:16 To: mailscanner@lists.mailscanner.info Subject: mailscanner, queue & nfs Hi, can I keep the postfix queues on NFS so that 2 concurrent host run mailscanner on the same queue? Which kind of problems... am I looking for? I'm looking for this solution as I have other problems that I need solve that result in bin queues (12/13.000 mail). When this happens, load raises to 8/10 and it's not possible to diminish the queue in dayli hours... Thanks in advance sandro -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From allenjiang at clicktosee.com Tue Mar 18 08:42:39 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Tue Mar 18 08:44:25 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47DF807F.7040309@clicktosee.com> on /Wed Mar 12 09:45:09 GMT 2008/,*Glenn Steen* glenn.steen at gmail.com wrote: >So then it is only when run from within MailScanner... Do you by any chance run Postfix? If so, could you >try that SA lint as your postfix user (Do "su - postfix -s /bin/bash" to get a valid shell...)? Does that >show the same error? If so, your PF user likely can't get at the /etc/mail/spamassassin/* files, for some >reason. I try that MailScanner -debug as postfix user got the same wrong! [root@yide2 ~]# su - postfix -s /bin/bash -bash-3.00$ MailScanner -debug -bash: MailScanner: command not found -bash-3.00$ /usr/sbin/MailScanner -debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 164. Here is my MailScanner.conf [root@yide2 ~]#grep -v -E '^#|^$' /etc/MailScanner/MailScanner.conf %org-name% = yoursite %org-long-name% = Your Organisation Name Here %web-site% = www.your-organisation.com %etc-dir% = /etc/MailScanner %report-dir% = /etc/MailScanner/reports/en %rules-dir% = /etc/MailScanner/rules %mcp-dir% = /etc/MailScanner/mcp Max Children = 5 Run As User = postfix Run As Group = postfix Queue Scan Interval = 6 Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine PID file = /var/run/MailScanner.pid Restart Every = 7200 MTA = postfix Sendmail = /usr/sbin/sendmail Sendmail2 = /usr/sbin/sendmail Incoming Work User = Incoming Work Group = Incoming Work Permissions = 0600 Quarantine User = Quarantine Group = Quarantine Permissions = 0600 Max Unscanned Bytes Per Scan = 100m Max Unsafe Bytes Per Scan = 50m Max Unscanned Messages Per Scan = 30 Max Unsafe Messages Per Scan = 30 Max Normal Queue Size = 800 Scan Messages = yes Reject Message = no Maximum Attachments Per Message = 200 Expand TNEF = yes Use TNEF Contents = replace Deliver Unparsable TNEF = no TNEF Expander = /usr/bin/tnef --maxsize=100000000 TNEF Timeout = 120 File Command = /usr/bin/file File Timeout = 20 Gunzip Command = /bin/gunzip Gunzip Timeout = 50 Unrar Command = /usr/bin/unrar Unrar Timeout = 50 Find UU-Encoded Files = no Maximum Message Size = %rules-dir%/max.message.size.rules Maximum Attachment Size = -1 Minimum Attachment Size = -1 Maximum Archive Depth = 2 Find Archives By Content = yes Zip Attachments = no Attachments Zip Filename = MessageAttachments.zip Attachments Min Total Size To Zip = 100k Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Virus Scanning = yes Virus Scanners = f-prot Virus Scanner Timeout = 300 Deliver Disinfected Files = no Silent Viruses = HTML-IFrame All-Viruses Still Deliver Silent Viruses = no Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar Block Encrypted Messages = no Block Unencrypted Messages = no Allow Password-Protected Archives = no Check Filenames In Password-Protected Archives = yes Allowed Sophos Error Messages = Sophos IDE Dir = /opt/sophos-av/lib/sav Sophos Lib Dir = /opt/sophos-av/lib Monitors For Sophos Updates = /opt/sophos-av/lib/sav/*.ide Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* /usr/local/share/clamav/*.cvd ClamAVmodule Maximum Recursion Level = 8 ClamAVmodule Maximum Files = 1000 ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes) ClamAVmodule Maximum Compression Ratio = 250 Clamd Port = 3310 Clamd Socket = /tmp/clamd Clamd Lock File = # /var/lock/subsys/clamd Clamd Use Threads = no ClamAV Full Message Scan = yes Dangerous Content Scanning = yes Allow Partial Messages = no Allow External Message Bodies = no Find Phishing Fraud = yes Also Find Numeric Phishing = yes Use Stricter Phishing Net = yes Highlight Phishing Fraud = yes Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf Country Sub-Domains List = %etc-dir%/country.domains.conf Allow IFrame Tags = disarm Allow Form Tags = disarm Allow Script Tags = disarm Allow WebBugs = disarm Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap Known Web Bug Servers = msgtag.com Web Bug Replacement = http://www.sng.ecs.soton.ac.uk/mailscanner/images/1x1spacer.gif Allow Object Codebase Tags = disarm Convert Dangerous HTML To Text = no Convert HTML To Text = no Allow Filenames = Deny Filenames = Filename Rules = %etc-dir%/filename.rules.conf Allow Filetypes = Deny Filetypes = Filetype Rules = %etc-dir%/filetype.rules.conf Quarantine Infections = yes Quarantine Silent Viruses = no Quarantine Modified Body = no Quarantine Whole Message = no Quarantine Whole Messages As Queue Files = no Keep Spam And MCP Archive Clean = no Language Strings = %report-dir%/languages.conf Rejection Report = %report-dir%/rejection.report.txt Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt Deleted Size Message Report = %report-dir%/deleted.size.message.txt Stored Bad Content Message Report = %report-dir%/stored.content.message.txt Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt Stored Virus Message Report = %report-dir%/stored.virus.message.txt Stored Size Message Report = %report-dir%/stored.size.message.txt Disinfected Report = %report-dir%/disinfected.report.txt Inline HTML Signature = %report-dir%/inline.sig.html Inline Text Signature = %report-dir%/inline.sig.txt Signature Image Filename = %report-dir%/sig.jpg Signature Image Filename = signature.jpg Inline HTML Warning = %report-dir%/inline.warning.html Inline Text Warning = %report-dir%/inline.warning.txt Sender Content Report = %report-dir%/sender.content.report.txt Sender Error Report = %report-dir%/sender.error.report.txt Sender Bad Filename Report = %report-dir%/sender.filename.report.txt Sender Virus Report = %report-dir%/sender.virus.report.txt Sender Size Report = %report-dir%/sender.size.report.txt Hide Incoming Work Dir = yes Include Scanner Name In Reports = yes Mail Header = X-%org-name%-MailScanner: Spam Header = X-%org-name%-MailScanner-SpamCheck: Spam Score Header = X-%org-name%-MailScanner-SpamScore: Information Header = X-%org-name%-MailScanner-Information: Add Envelope From Header = yes Add Envelope To Header = no Envelope From Header = X-%org-name%-MailScanner-From: Envelope To Header = X-%org-name%-MailScanner-To: Spam Score Character = s SpamScore Number Instead Of Stars = no Minimum Stars If On Spam List = 0 Clean Header Value = Found to be clean Infected Header Value = Found to be infected Disinfected Header Value = Disinfected Information Header Value = Please contact the ISP for more information Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Multiple Headers = append Hostname = the %org-name% ($HOSTNAME) MailScanner Sign Messages Already Processed = no Sign Clean Messages = yes Attach Image To Signature = no Attach Image To HTML Message Only = yes Mark Infected Messages = yes Mark Unscanned Messages = yes Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2: Deliver Cleaned Messages = yes Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = no Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk Scanned Modify Subject = no # end Scanned Subject Text = {Scanned} Virus Modify Subject = start Virus Subject Text = {Virus?} Filename Modify Subject = start Filename Subject Text = {Filename?} Content Modify Subject = start Content Subject Text = {Dangerous Content?} Size Modify Subject = start Size Subject Text = {Size} Disarmed Modify Subject = start Disarmed Subject Text = {Disarmed} Phishing Modify Subject = no Phishing Subject Text = {Fraud?} Spam Modify Subject = start Spam Subject Text = {Spam?} High Scoring Spam Modify Subject = start High Scoring Spam Subject Text = {Spam?} Warning Is Attachment = yes Attachment Warning Filename = %org-name%-Attachment-Warning.txt Attachment Encoding Charset = ISO-8859-1 Archive Mail = Send Notices = yes Notices Include Full Headers = yes Hide Incoming Work Dir in Notices = no Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info Notices From = MailScanner Notices To = postmaster Local Postmaster = postmaster Spam List Definitions = %etc-dir%/spam.lists.conf Virus Scanner Definitions = %etc-dir%/virus.scanners.conf Spam Checks = yes Spam List = # spamhaus-ZEN # You can un-comment this to enable them Spam Domain List = Spam Lists To Be Spam = 1 Spam Lists To Reach High Score = 3 Spam List Timeout = 10 Max Spam List Timeouts = 7 Spam List Timeouts History = 10 Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules Is Definitely Spam = no Definite Spam Is High Scoring = no Ignore Spam Whitelist If Recipients Exceed = 20 Max Spam Check Size = 200k Use Watermarking = no Add Watermark = yes Check Watermarks With No Sender = yes Treat Invalid Watermarks With No Sender as Spam = nothing Check Watermarks To Skip Spam Checks = yes Watermark Secret = %org-name%-Secret Watermark Lifetime = 604800 Watermark Header = X-%org-name%-MailScanner-Watermark: Use SpamAssassin = yes Max SpamAssassin Size = 200k Required SpamAssassin Score = 4 High SpamAssassin Score = 10 SpamAssassin Auto Whitelist = yes SpamAssassin Timeout = 75 Max SpamAssassin Timeouts = 10 SpamAssassin Timeouts History = 30 Check SpamAssassin If On Spam List = yes Include Binary Attachments In SpamAssassin = no Spam Score = yes Cache SpamAssassin Results = yes SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db Rebuild Bayes Every = 0 Wait During Bayes Rebuild = no Use Custom Spam Scanner = no Max Custom Spam Scanner Size = 20k Custom Spam Scanner Timeout = 20 Max Custom Spam Scanner Timeouts = 10 Custom Spam Scanner Timeout History = 20 Spam Actions = deliver header "X-Spam-Status: Yes" High Scoring Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" SpamAssassin Rule Actions = Sender Spam Report = %report-dir%/sender.spam.report.txt Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt Inline Spam Warning = %report-dir%/inline.spam.warning.txt Recipient Spam Report = %report-dir%/recipient.spam.report.txt Enable Spam Bounce = %rules-dir%/bounce.rules Bounce Spam As Attachment = no Syslog Facility = mail Log Speed = no Log Spam = no Log Non Spam = no Log Permitted Filenames = no Log Permitted Filetypes = no Log Silent Viruses = no Log Dangerous HTML Tags = no SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = /usr/bin SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = /etc/MailScanner SpamAssassin Local State Dir = # /var/lib/spamassassin SpamAssassin Default Rules Dir = MCP Checks = no First Check = spam MCP Required SpamAssassin Score = 1 MCP High SpamAssassin Score = 10 MCP Error Score = 1 MCP Header = X-%org-name%-MailScanner-MCPCheck: Non MCP Actions = deliver MCP Actions = deliver High Scoring MCP Actions = deliver Bounce MCP As Attachment = no MCP Modify Subject = start MCP Subject Text = {MCP?} High Scoring MCP Modify Subject = start High Scoring MCP Subject Text = {MCP?} Is Definitely MCP = no Is Definitely Not MCP = no Definite MCP Is High Scoring = no Always Include MCP Report = no Detailed MCP Report = yes Include Scores In MCP Report = no Log MCP = no MCP Max SpamAssassin Timeouts = 20 MCP Max SpamAssassin Size = 100k MCP SpamAssassin Timeout = 10 MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf MCP SpamAssassin User State Dir = MCP SpamAssassin Local Rules Dir = %mcp-dir% MCP SpamAssassin Default Rules Dir = %mcp-dir% MCP SpamAssassin Install Prefix = %mcp-dir% Recipient MCP Report = %report-dir%/recipient.mcp.report.txt Sender MCP Report = %report-dir%/sender.mcp.report.txt Use Default Rules With Multiple Recipients = no Spam Score Number Format = %d MailScanner Version Number = 4.66.5 SpamAssassin Cache Timings = 1800,300,10800,172800,600 Debug = no Debug SpamAssassin = no Run In Foreground = no Always Looked Up Last = no Always Looked Up Last After Batch = no Deliver In Background = yes Delivery Method = batch Split Exim Spool = no Lockfile Dir = /tmp Custom Functions Dir = /usr/lib/MailScanner/MailScanner/CustomFunctions Lock Type = Syslog Socket Type = Minimum Code Status = supported -- ======================================================== ½¯Ñ§Áú ÍøÂç¼¼Êõ·þÎñ¾­Àí ÖйúÉϺ£»ÆÚ鱱·227ºÅÖÐÇø¹ã³¡503ÊÒ 200003 µç»°: 8621-63758088-285 ´«Õ棺8621-63758107 ÊÖ»ú: 13916617402 µç×ÓÓʼþ: allenjiang@clicktosee.com msn: long976@hotmail.com ÍøÖ·: http://www.clicktosee.com ======================================================== From R.Sterenborg at netsourcing.nl Tue Mar 18 09:08:16 2008 From: R.Sterenborg at netsourcing.nl (Rob Sterenborg) Date: Tue Mar 18 09:08:59 2008 Subject: Question about Internal spam In-Reply-To: <47DE9480.6070105@cwpanama.net> References: <47DE8DBB.30702@marlboro.edu> <47DE9480.6070105@cwpanama.net> Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2405D95058@WISENT.dcyb.net> > Hello, > > I would like to know why the mail users (server: > centOS+sendmail+mailscanner) are receiving mails from their > own address > i,e: > > mail from: user1@domain.com > mail to: user1@domain.com > subject: stock options.... Do the "Received: " headers of the emails tell you that the email originates from the internet instead of your LAN? > Also I would like to know if you have any recomendation in order ot > avoid this? If this email comes from the internet, don't accept email (from the internet) that has your domain in the sender email address. IMO, if *your* MTA is the only one on the internet that sends email for *your* domein, you can do this. If there are other mailserver that send email for your domein, you might/will lose email doing this and you must think of another solution. Since I don't use Sendmail, I can't help you there. Grts, Rob From MailScanner at ecs.soton.ac.uk Tue Mar 18 09:19:18 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 18 09:20:10 2008 Subject: FYI on MailScanner 4.68.5 beta and clamd logging In-Reply-To: <610C64469748E84DB6BDD5BD23F01A76119EBF@MED-CORE03-MS1.med.wayne.edu> References: <1205745098.14498.28.camel@localhost.localdomain> <610C64469748E84DB6BDD5BD23F01A76119EBF@MED-CORE03-MS1.med.wayne.edu> Message-ID: <47DF8916.4080600@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rose, Bobby wrote: > The duplicate log entry is gone with the current beta but should the log > entry include the word FOUND > > clamavmodule -> ClamAVModule::INFECTED:: > Email.Spam.Gen2577.Sanesecurity.08021523:: ./m2HJ64OT030813/ > clamd -> ClamAVModule::INFECTED:: Email.Spam.Sanesecurity.Url_242 FOUND > :: ./m2HNCgXl007819/ > > Not sure if it's supposed to be trimmed or not. > Found and fixed. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH34kXEfZZRxQVtlQRAt5SAKC6WEXpAGjT04SdrSZCpkKUVgmEfACg3K3y kI57wqj4mXxGaMJ9zDtpToc= =3MDQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 18 11:55:26 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 11:56:01 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080318000540.GA321@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> <20080318000540.GA321@ubuntu> Message-ID: <223f97700803180455m5f05b344od6e5c344f53f701c@mail.gmail.com> On 18/03/2008, Alessandro Dentella wrote: > Thanks Glenn for your suggestions, but I haven't understood some of yor > hints... > Thats OK, sometimes I have trouble following my own line of reasoning:-):-) > > > I'm pretty certain it is the "wrong" way to go. Much better to make > > the new one act as a GW to the old one, disable MS on the old one, > > config/enable MS on the new one... Less risks, less time spent on > > solving "the wrong" type of problems. > > > > not sure what you mean here when you say one box being gw to the other. > Simple "sketch": Prior to change you basically have an SMTP "chain" something like (very simplistic example): "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "Your mailserver" What you want to do is to "insert" the new mail gateway before your old mailserver (called mailstore below), so the "chain" looks like: "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "mail gateway" <-> "mailstore" To make this so, you can do several things: - For outbound traffic to be made to go through the new box, set "relayhost = {address.of.gateway]" in main.cf, or use a transport map like: yourdomain.com : .yourdomain.com : * smtp:[address.of.gateway] - For inbound traffic, you need change the public MX records (or firewall NAT, or ...) so that mail is sent to the new gateway host. On that host you then have a transport map that point to the mailstore host, and you enable relaying for the relevant domain(s) perhaps as simple as "relay_domains = yourdomain.tld" and "relay_recipient_maps = hash:/etc/postfix/relay_recipients", where the latter is simply a textfile with all your recipients (one/line, format something like "user1@yourdomain.tld 1")... Postmap that, and don't forget the transport map: yourdomain.com smtp:[address.of.mailstore] .yourdomain.com smtp:[address.of.mailstore] ... and you're pretty much set to go. One could use a split view DNS setup instead, but... we'll go there if needed:-). With this setup, your new box will be the acting gateway for the old box. Of course you need setup and configure a lot more on the new box (more anti-UCE postfix things, like the things mentioned by Jason... and me:-)... Most notably MailScanner itself. On the mailstore, MailScanner shouldn't be needed, unless you really don't trust your users... Hm. Perhaps best to keep it there too, users being as they are:-):-). For more verbose and well-explained examples, please do check the postfix site... Especially http://www.postfix.org/STANDARD_CONFIGURATION_README.html has some really relevant and nicely explained examples... I think it's pretty obvious which apply:). > > > Simpler to set things up on the new one (PF and MS in "relay mode":-), > > > isn't 'relay mode' when you have more that one MailScanner installations? > ('Check Watermarks To Skip Spam Checks') > See above. What I meant has nothing really to do with MailScanner:-). > > > then just futs your MX records to "slide" it in before the old one, > > > "futs"? (not sure what that means) i guess forwarding the port would work > equally well, but how can I configure postfix to finally deliver (cleaned) > mails to the old box? (I guess this is the gw setup...) Futs... To change in a normal fat-fingering way:-). At least what I mean here... Sorry for the obtuseness. For the rest.... well, see above for a start. > a link to the gateway configration would also be appreciated. > > Thanks again > > sandro > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 18 12:04:25 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 12:05:01 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47DF807F.7040309@clicktosee.com> References: <47DF807F.7040309@clicktosee.com> Message-ID: <223f97700803180504j22bb957at5f42ddbbb8460b05@mail.gmail.com> On 18/03/2008, Allen Jiang wrote: > on /Wed Mar 12 09:45:09 GMT 2008/,*Glenn Steen* glenn.steen at > gmail.com > > wrote: > > >So then it is only when run from within MailScanner... Do you by any > chance run Postfix? If so, could you >try that SA lint as your postfix > user (Do "su - postfix -s /bin/bash" to get a valid shell...)? Does that > >show the same error? If so, your PF user likely can't get at the > /etc/mail/spamassassin/* files, for some >reason. > > I try that MailScanner -debug as postfix user got the same wrong! > > [root@yide2 ~]# su - postfix -s /bin/bash > -bash-3.00$ MailScanner -debug > -bash: MailScanner: command not found > -bash-3.00$ /usr/sbin/MailScanner -debug > (snip) Thanks for checking back with us Allen. Could you try the "spamassassin --lint -D" as the postfix user as well? Might be as simple as having the wrong permissions on the SA .pre file containing the LoadPlugin line I mentioned. Also check (with less, or similar paginator) that you can read all the .pre files... Something like "less -e /etc/mail/spamassassin/*.pre", also as the postfix user... Hopefully it'll be that sinple:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Tue Mar 18 16:11:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 18 16:12:56 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47DF06C9.4090004@ecs.soton.ac.uk> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> <47DF06C9.4090004@ecs.soton.ac.uk> Message-ID: on 3-17-2008 5:03 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 3-17-2008 10:10 AM John Baker spake the following: >>> I did indeed forget that you need to execute bit on for a process to >>> create a directory. Hey, its been a while since Unix 101. :) >>> >>> But the source of confusion here for me as much as the Mailwatch wiki >>> ,which I did take the directions from, is that the default >>> Mailscanner.conf file has Quarantine Permissions = 0600 leading one >>> to believe that the execute bit is not necessary. This is in the >>> Mailscanner book as well. >>> >>> What is the function of this line in the file? It seems to be ignored >>> by the actual process. >>> >> Remember, Julian originally wrote MailScanner to run with sendmail as >> root, so it didn't have the permission changes that newer MTA's >> require to NOT run as root. > > But I wrote in the non-root support for the other MTA's quite a long > time ago. It should all work okay. > > Jules > I was just leading the poster to not making assumptions on how the permissions should be handled and follow the instructions available. If only other things worked as well as mailscanner does! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/7d77cf16/signature.bin From adc at dc-uoit.net Tue Mar 18 16:21:52 2008 From: adc at dc-uoit.net (Andrei) Date: Tue Mar 18 16:22:36 2008 Subject: yet another UNKNOWN CLAMD RETURN: ./OUTGOING/Unable to open file or directory ERROR Message-ID: <20080318162152.GA27668@logger.dc-uoit.net> Hello all! Has anyone seen anything like this: Mar 18 11:57:22 mailgw MailScanner[4691]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./OUTGOING/Unable to open file or directory ERROR :: /tmp/SA-Temp/4691 This started to show up in syslog after I've upgraded my Debian MailScanner to the version in lenny/testing (that is 4.66.5). I run clamd, of course. In MailScanner.conf I have The Incoming Work Dir = /tmp/SA-Temp Incoming Work User = clamav Incoming Work Group = clamav Incoming Work Permissions = 0660 (note the liberal perms of 0660!) However, I find these OUTGOING files under /tmp/SA-Temp: # ls -lt /tmp/SA-Temp/*/OUTGOING -rw------- 1 root clamav 0 2008-03-18 11:45 /tmp/SA-Temp/11336/OUTGOING -rw------- 1 root clamav 0 2008-03-18 09:19 /tmp/SA-Temp/4980/OUTGOING -rw------- 1 root clamav 0 2008-03-18 09:03 /tmp/SA-Temp/4796/OUTGOING Clamd runs as clamav, and since these files are root owned, they can't have been created by clamd. MailScanner is instructed to use clamav as both user and group under the Incoming Work Dir, and also to create files with mode 0660, so it'd seem some other process creates them. Does anyone have any insight into this? Is there any additional info that I should provide? Thanks, adc From sandro at e-den.it Tue Mar 18 16:47:33 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Tue Mar 18 16:48:40 2008 Subject: mailscanner, queue & nfs In-Reply-To: <223f97700803180455m5f05b344od6e5c344f53f701c@mail.gmail.com> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> <20080318000540.GA321@ubuntu> <223f97700803180455m5f05b344od6e5c344f53f701c@mail.gmail.com> Message-ID: <20080318164733.GA10116@ubuntu> On Tue, Mar 18, 2008 at 12:55:26PM +0100, Glenn Steen wrote: > On 18/03/2008, Alessandro Dentella wrote: > > Thanks Glenn for your suggestions, but I haven't understood some of yor > > hints... > > > Thats OK, sometimes I have trouble following my own line of reasoning:-):-) > > > > > > I'm pretty certain it is the "wrong" way to go. Much better to make > > > the new one act as a GW to the old one, disable MS on the old one, > > > config/enable MS on the new one... Less risks, less time spent on > > > solving "the wrong" type of problems. > > > > > > > > not sure what you mean here when you say one box being gw to the other. > > > Simple "sketch": > Prior to change you basically have an SMTP "chain" something like > (very simplistic example): > "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "Your mailserver" > > What you want to do is to "insert" the new mail gateway before your > old mailserver (called mailstore below), so the "chain" looks like: > "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "mail > gateway" <-> "mailstore" > > To make this so, you can do several things: > - For outbound traffic to be made to go through the new box, set > "relayhost = {address.of.gateway]" in main.cf, or use a transport map > like: > yourdomain.com : > .yourdomain.com : > * smtp:[address.of.gateway] > > - For inbound traffic, you need change the public MX records (or > firewall NAT, or ...) so that mail is sent to the new gateway host. On > that host you then have a transport map that point to the mailstore > host, and you enable relaying for the relevant domain(s) perhaps as > simple as "relay_domains = yourdomain.tld" and "relay_recipient_maps = > hash:/etc/postfix/relay_recipients", where the latter is simply a > textfile with all your recipients (one/line, format something like > "user1@yourdomain.tld 1")... Postmap that, and don't forget the > transport map: > yourdomain.com smtp:[address.of.mailstore] > .yourdomain.com smtp:[address.of.mailstore] > > ... and you're pretty much set to go. One could use a split view DNS > setup instead, but... we'll go there if needed:-). > > With this setup, your new box will be the acting gateway for the old box. > Of course you need setup and configure a lot more on the new box (more > anti-UCE postfix things, like the things mentioned by Jason... and > me:-)... Most notably MailScanner itself. > On the mailstore, MailScanner shouldn't be needed, unless you really > don't trust your users... Hm. Perhaps best to keep it there too, users > being as they are:-):-). > > For more verbose and well-explained examples, please do check the > postfix site... Especially > http://www.postfix.org/STANDARD_CONFIGURATION_README.html has some > really relevant and nicely explained examples... I think it's pretty > obvious which apply:). Thanks to all of you for the very helpfull remarks on my setup. I have now a system that is reacting *much* better and I'm more relaxed and can think to tune the anti-spam features. I'll open a new thread to comment on some performance issues since "NFS" is no longer the point. sandro *:-) From ssilva at sgvwater.com Tue Mar 18 17:08:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 18 17:09:10 2008 Subject: mailscanner, queue & nfs In-Reply-To: <20080318000540.GA321@ubuntu> References: <20080317181617.GA31222@ubuntu> <47DECFB6.1080803@vanderkooij.org> <20080317213739.GA32093@ubuntu> <223f97700803171609wb1c0fa9ob96cd78a59b0f306@mail.gmail.com> <20080318000540.GA321@ubuntu> Message-ID: on 3-17-2008 5:05 PM Alessandro Dentella spake the following: > Thanks Glenn for your suggestions, but I haven't understood some of yor > hints... > >> I'm pretty certain it is the "wrong" way to go. Much better to make >> the new one act as a GW to the old one, disable MS on the old one, >> config/enable MS on the new one... Less risks, less time spent on >> solving "the wrong" type of problems. > > > not sure what you mean here when you say one box being gw to the other. > >> Simpler to set things up on the new one (PF and MS in "relay mode":-), > > isn't 'relay mode' when you have more that one MailScanner installations? > ('Check Watermarks To Skip Spam Checks') > >> then just futs your MX records to "slide" it in before the old one, > > "futs"? (not sure what that means) i guess forwarding the port would work > equally well, but how can I configure postfix to finally deliver (cleaned) > mails to the old box? (I guess this is the gw setup...) > > a link to the gateway configration would also be appreciated. > > Thanks again > sandro > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:setup_a_gateway&s=gateway for a postfix gateway howto. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/01ce9fd6/signature.bin From ssilva at sgvwater.com Tue Mar 18 17:22:57 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 18 17:23:10 2008 Subject: How to stop this spam In-Reply-To: References: <82403.84862.qm@web39515.mail.mud.yahoo.com> Message-ID: on 3-17-2008 9:12 PM Cheng Bruce spake the following: > Hi, > > I am not sure if you turn on RBL list. I got 12.4 points. > > Content analysis details: (12.4 points, 7.0 required) > Probably because it was reported and showed up on the RBL's later. Can you provide a complete copy of the message, with headers intact for testing? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/d3fa900c/signature.bin From sandro at e-den.it Tue Mar 18 17:43:50 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Tue Mar 18 17:44:52 2008 Subject: How do you count e-mail? Message-ID: <20080318174350.GA10701@ubuntu> Hi, yesterday some of you helped me out tuning a server. I always considered it a 50-70.000 e-mail/day server (6000 domains), and for this reason, I didn't set up a rbldnsd (they suggest to only set it up when you go over 250.00 mail/day.) Today I tried pflogsumm and found completely different nubers: 48052 received 36004 delivered 0 forwarded 939 deferred (6049 deferrals) 1288 bounced 1046k rejected (96%) 0 reject warnings 96125 held 0 discarded (0%) That's mode that 1 million messages received in a day and 96% rejected! In the 48.00 received there is a 43% spam recognized and some more 5% that I should menage to cut. So some simple questions: 1. how do you consider the volume of a server: reading the rejected or the received? 2. which is the average % spam that is 'fisiological' to accept in a fine tuned server? for the curious ones. Yesterday was a nightmare with up to 12.000 messages in the queue. Today no more than 200. I moved rbl at the postfix level and I reduced to just 3 rbl. I had to raise the postfix process to 500 (350/400 used). Previously I tried putting rbl in postfix but since I didn't raise the postfix processes I had too many rejected connections. sandro *:-) From sandro at e-den.it Tue Mar 18 18:45:51 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Tue Mar 18 18:46:56 2008 Subject: rbl and timeout Message-ID: <20080318184551.GB10701@ubuntu> Hi again, and now the questions related to rbl and dns. At the moment I'm using bind9 on the mail server (on debian). Is that a casching nameserver, is there a way to test if it is working correctly? I'm confused as for how rbldnsd should get into the setup. After I set it up should I substitute it to bind? should I declare it in MailScanner.conf / spamassassin? TIA %-\ From glenn.steen at gmail.com Tue Mar 18 18:50:03 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 18:50:49 2008 Subject: How do you count e-mail? In-Reply-To: <20080318174350.GA10701@ubuntu> References: <20080318174350.GA10701@ubuntu> Message-ID: <223f97700803181150y6f28df3bx8cb63afaa57ffd7a@mail.gmail.com> On 18/03/2008, Alessandro Dentella wrote: > Hi, > > yesterday some of you helped me out tuning a server. I always considered > it a 50-70.000 e-mail/day server (6000 domains), and for this reason, I > didn't set up a rbldnsd (they suggest to only set it up when you go over > 250.00 mail/day.) > > Today I tried pflogsumm and found completely different nubers: > > 48052 received > 36004 delivered > 0 forwarded > 939 deferred (6049 deferrals) > 1288 bounced > 1046k rejected (96%) > 0 reject warnings > 96125 held > 0 discarded (0%) > Pflogsumm is a bit confusing when used with MailScanner, since we HOLD everything we accept, sort of. The fun thing is that there is no realway to add the rejects (since that could be one message tried over and over again) with what you accept/deliver... And how do you count the multi-recipient mails? As one message or (if for example you do per-recipient splitting, to make sure the MailScanenr rulesets work correctly for all recipients, not just the first one) as one/recipient? Where should one count them? There is no one truth in this. Just a half-measure or two that, of course, fit your purposes best:-). I'd likely inform the one reported to (PHB or customer) of the different types of figures one has, then blithely equate them...:-). So in your case I'd add in the figures as seen by MailScanner/MailWatch (if you use that) and the figures for the rejects... So your "ratio" would be the comparision (more or less) between ~1.1 million message "attempts" and the actual delivered messages. Paints a pretty picture;-). Just out of curiosity... what are the top rejections? > That's mode that 1 million messages received in a day and 96% rejected! > In the 48.00 received there is a 43% spam recognized and some more 5% > that I should menage to cut. > > So some simple questions: > > 1. how do you consider the volume of a server: reading the rejected or > the received? See above:-) > 2. which is the average % spam that is 'fisiological' to accept in a fine > tuned server? Sorry, don't really know what you mean with "fisiological"... "healthy"? Your figures look fine, provided you have a failly low FP rate... Trouble is evaluating exactly what that is:-). > > for the curious ones. Yesterday was a nightmare with up to 12.000 messages in > the queue. Today no more than 200. I moved rbl at the postfix level and I > reduced to just 3 rbl. I had to raise the postfix process to 500 (350/400 > used). Previously I tried putting rbl in postfix but since I didn't raise the > postfix processes I had too many rejected connections. Ah. Good for you! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Mar 18 19:17:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 18 19:18:34 2008 Subject: rbl and timeout In-Reply-To: <20080318184551.GB10701@ubuntu> References: <20080318184551.GB10701@ubuntu> Message-ID: <47E0155E.2090603@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: > Hi again, > > and now the questions related to rbl and dns. > > At the moment I'm using bind9 on the mail server (on debian). Is that a > casching nameserver, is there a way to test if it is working correctly? > Start with something like this: dig @127.0.0.1 www.microsoft.com > I'm confused as for how rbldnsd should get into the setup. After I set it > up should I substitute it to bind? should I declare it in MailScanner.conf > / spamassassin? > It's your /etc/resolv.conf that specifies the list of IP addresses of nameservers to be used. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH4BVgEfZZRxQVtlQRAmDHAKDYq193gvXHCd3lSogvVfqJMBUt4gCfRCvh 1O9vG7pYCwPF9+ZDoOzo+sg= =vBMO -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From johnnyb at marlboro.edu Tue Mar 18 19:25:39 2008 From: johnnyb at marlboro.edu (John Baker) Date: Tue Mar 18 19:26:20 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <223f97700803171726u78801d0aq18bfa301bdebaac3@mail.gmail.com> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> <47DF06C9.4090004@ecs.soton.ac.uk> <223f97700803171726u78801d0aq18bfa301bdebaac3@mail.gmail.com> Message-ID: <47E01733.2090406@marlboro.edu> Yeah, I'm seeing what happened here now. I didn't differentiate between the permissions on the directories and those on the files and did a mass chmod -R 660 on the quarantine directory. The default for the quarantine directory appears to be 751 but the subdirectories are 700 while the files get written as whatever is in the Mailscanner.conf. It looks like the solution is to share group ownership with www-data and give the directories 770 permission. Can anyone explain what decides the subdirectory permissions when new ones are created? The only worry I have now is that the new one tomorrow and its subdirectories are still written to 700 rather than the 770 that I changed the rest to. Thanks Glenn Steen wrote: > On 18/03/2008, Julian Field wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> >> Scott Silva wrote: >> > on 3-17-2008 10:10 AM John Baker spake the following: >> >> I did indeed forget that you need to execute bit on for a process to >> >> create a directory. Hey, its been a while since Unix 101. :) >> >> >> >> But the source of confusion here for me as much as the Mailwatch wiki >> >> ,which I did take the directions from, is that the default >> >> Mailscanner.conf file has Quarantine Permissions = 0600 leading one >> >> to believe that the execute bit is not necessary. This is in the >> >> Mailscanner book as well. >> >> >> >> What is the function of this line in the file? It seems to be ignored >> >> by the actual process. >> >> >> > Remember, Julian originally wrote MailScanner to run with sendmail as >> > root, so it didn't have the permission changes that newer MTA's >> > require to NOT run as root. >> > >> >> But I wrote in the non-root support for the other MTA's quite a long >> time ago. It should all work okay. >> > Works. Not should work.;-). > > (someone is bound to start the MUST and SHOULD definition war all over > again... :-) > Cheers -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus From mkettler at evi-inc.com Tue Mar 18 19:29:52 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 18 19:31:42 2008 Subject: rbl and timeout In-Reply-To: <20080318184551.GB10701@ubuntu> References: <20080318184551.GB10701@ubuntu> Message-ID: <47E01830.7080703@evi-inc.com> Alessandro Dentella wrote: > Hi again, > > and now the questions related to rbl and dns. > > At the moment I'm using bind9 on the mail server (on debian). Is that a > casching nameserver, is there a way to test if it is working correctly? > > I'm confused as for how rbldnsd should get into the setup. After I set it > up should I substitute it to bind? should I declare it in MailScanner.conf > / spamassassin? > Generally I'd suggest using a forward zone declaration in your resolving named. This way anything using your resolving named for lookup will recurse to the rbldnsd instead of the interent. in named.conf you'd do something like this: zone "somerbl.com" { type forward; forwarders { 192.168.1.2; }; }; Where 192.168.1.2 is your server running rbldnsd. If it's running on a nonstandard port, such as 5353 just change to: zone "somerbl.com" { type forward; forwarders { 192.168.1.2 port 5353; }; }; From agross at gcpsite.com Tue Mar 18 19:47:37 2008 From: agross at gcpsite.com (Adam Gross) Date: Tue Mar 18 19:48:29 2008 Subject: pflogsumm References: <20080318184551.GB10701@ubuntu> <47E01830.7080703@evi-inc.com> Message-ID: <4487B1717589544792AD581CC5D2EC2E7763@GCPMASTER.gpocorp.local> Anyone know how to take the output of pflogsumm and dump it into a nightly e-mail? Just wanted to ask a quick short one (hopefully). Thanks in advance. -Adam ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ From oliver at linux-kernel.at Tue Mar 18 20:01:03 2008 From: oliver at linux-kernel.at (Oliver Falk) Date: Tue Mar 18 20:01:15 2008 Subject: AW: pflogsumm Message-ID: <200803182000.m2IK0DRd007326@mail.linux-kernel.at> What about pflogsum 2>&1|mail root ? In a crontab entry of course... -of ----- Urspr?ngliche Nachricht ----- Von: Adam Gross Gesendet: Dienstag, 18. M?rz 2008 20:47 An: MailScanner discussion Betreff: pflogsumm Anyone know how to take the output of pflogsumm and dump it into a nightly e-mail? Just wanted to ask a quick short one (hopefully). Thanks in advance. -Adam ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Tue Mar 18 20:06:49 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 18 20:07:40 2008 Subject: [OT] pflogsumm In-Reply-To: <4487B1717589544792AD581CC5D2EC2E7763@GCPMASTER.gpocorp.local> References: <20080318184551.GB10701@ubuntu> <47E01830.7080703@evi-inc.com> <4487B1717589544792AD581CC5D2EC2E7763@GCPMASTER.gpocorp.local> Message-ID: <47E020D9.7000101@evi-inc.com> Adam Gross wrote: > Anyone know how to take the output of pflogsumm and dump it into a > nightly e-mail? Just wanted to ask a quick short one (hopefully). > Thanks in advance. > (ot tag added, because this really isn't related to mailscanner) google: pflogsum nightly email 2nd hit: http://archives.neohapsis.com/archives/postfix/2003-04/3200.html Which is really suggesting doing this in a cron.daily script: pflogsumm.pl [arguments] | mail -s "Nightly Pflogsum Report for $(hostname -f)" you@example.com That's the same basic tactic you'd use for dumping anything into a nightly email. From ecasarero at gmail.com Tue Mar 18 20:17:46 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Mar 18 20:18:20 2008 Subject: Vulnerability in Archive Formats Message-ID: <7d9b3cf20803181317x7139167am437fcf5b9db6f206@mail.gmail.com> Hi everybody, does anyone has issues with this? https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html What is Affected? The vulnerabilities described in this advisory can potentially affect programs that handle the archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO. The Test Suite contains a set of fuzzed archive files in different formats, some of which may cause and some that are known to cause problems in common tools processing archived content. These include: * Content inspection products such as anti-virus and stateful firewalls * Encryption products (VPN, PGP) * Backup software * Office programs * Operating systems and libraries I have not found to much information, does anyone has more info? Regards, From shuttlebox at gmail.com Tue Mar 18 20:19:04 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 18 20:19:39 2008 Subject: pflogsumm In-Reply-To: <200803182000.m2IK0DRd007326@mail.linux-kernel.at> References: <200803182000.m2IK0DRd007326@mail.linux-kernel.at> Message-ID: <625385e30803181319j7a944ca5oeb308cdcda5769d0@mail.gmail.com> On Tue, Mar 18, 2008 at 9:01 PM, Oliver Falk wrote: > What about > pflogsum 2>&1|mail root > ? In a crontab entry of course... Then you don't have to pipe it to mail. ;-) -- /peter From oliver at linux-kernel.at Tue Mar 18 21:45:31 2008 From: oliver at linux-kernel.at (Oliver Falk) Date: Tue Mar 18 21:46:26 2008 Subject: pflogsumm In-Reply-To: <625385e30803181319j7a944ca5oeb308cdcda5769d0@mail.gmail.com> References: <200803182000.m2IK0DRd007326@mail.linux-kernel.at> <625385e30803181319j7a944ca5oeb308cdcda5769d0@mail.gmail.com> Message-ID: <47E037FB.6010607@linux-kernel.at> shuttlebox schrieb: > On Tue, Mar 18, 2008 at 9:01 PM, Oliver Falk wrote: >> What about >> pflogsum 2>&1|mail root >> ? In a crontab entry of course... > > Then you don't have to pipe it to mail. ;-) Got me. Right! MAILTO in cron could do the job as well. :-) -of From jim.barber at ddihealth.com Tue Mar 18 22:30:22 2008 From: jim.barber at ddihealth.com (Jim Barber) Date: Tue Mar 18 22:31:31 2008 Subject: Clamd and problems with some TNEF attachments. In-Reply-To: References: <610C64469748E84DB6BDD5BD23F01A76119C2F@MED-CORE03-MS1.med.wayne.edu> <47D77CBA.6010706@ddihealth.com> <47D82D63.9040301@ecs.soton.ac.uk> <47D873F0.4000007@ddihealth.com> Message-ID: <47E0427E.3070406@ddihealth.com> Scott Silva wrote: >> Incoming Work Permissions = 0640 > Try 0770 here for a test so the group can have a little more room in > working with the files Thanks Scott. I set this on Friday, but it took a while before someone sent an email with the format that trips clamd up. I now have: Incoming Work Permissions = 0770 Everything else is set as I described it before. But unfortunately the error still isn't fixed. Mar 18 16:15:11 mail MailScanner[13929]: Expanding TNEF archive at /var/spool/MailScanner/incoming/13929/1JbW22-0006WL-7j/winmail.dat Mar 18 16:15:12 mail MailScanner[13929]: Message 1JbW22-0006WL-7j added TNEF contents SeriousEngine.zip,image001.gif Mar 18 16:15:12 mail MailScanner[13929]: Message 1JbW22-0006WL-7j has had TNEF winmail.dat removed Mar 18 16:15:12 mail MailScanner[13929]: Virus and Content Scanning: Starting Mar 18 16:15:13 mail MailScanner[13929]: Clamd::ERROR:: Unable to open file or directory ERROR :: ./1JbW22-0006WL-7j/bx2GMmRIAc Mar 18 16:15:13 mail MailScanner[13929]: Clamd::ERROR:: Unable to open file or directory ERROR :: ./1JbW22-0006WL-7j/nmtOp4BvH8 Mar 18 16:15:13 mail MailScanner[13929]: Virus Scanning: Clamd found 2 infections Mar 18 16:15:13 mail MailScanner[13929]: Virus Scanning: Found 2 viruses Mar 18 16:15:14 mail MailScanner[13929]: Virus Scanning completed at 16457 bytes per second Is there any more information that I should supply you with? Regards, -- ---------- Jim Barber DDI Health From glenn.steen at gmail.com Tue Mar 18 22:32:03 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 22:32:39 2008 Subject: getting Mailscanner to work with Mailwatch/Postfix In-Reply-To: <47E01733.2090406@marlboro.edu> References: <47DE8DBB.30702@marlboro.edu> <47DE9107.8040804@ecs.soton.ac.uk> <223f97700803170856p2e6c060em9638710942049c0e@mail.gmail.com> <47DEA603.3080507@marlboro.edu> <47DF06C9.4090004@ecs.soton.ac.uk> <223f97700803171726u78801d0aq18bfa301bdebaac3@mail.gmail.com> <47E01733.2090406@marlboro.edu> Message-ID: <223f97700803181532p2bf3a063t1a9d4dee3de4a01@mail.gmail.com> On 18/03/2008, John Baker wrote: > Yeah, I'm seeing what happened here now. I didn't differentiate between > the permissions on the directories and those on the files and did a mass > chmod -R 660 on the quarantine directory. The default for the quarantine > directory appears to be 751 but the subdirectories are 700 while the > files get written as whatever is in the Mailscanner.conf. > > It looks like the solution is to share group ownership with www-data and > give the directories 770 permission. > > Can anyone explain what decides the subdirectory permissions when new > ones are created? The only worry I have now is that the new one > tomorrow and its subdirectories are still written to 700 rather than the > 770 that I changed the rest to. > This is the relevant piece of code from a system not too far away from me... It is in the WorkArea.pm file... The slightly different names are... normal... Look at ConfigDefs.pl to see how they are translated (and for defaults) from the "Quarantine Permissions" -> quarantinepermissions -> quarantineperms ... Anyway, here is the snippet: ---- my($perms, $dirumask, $fileumask); $perms = MailScanner::Config::Value('workperms') || '0600'; $perms = sprintf "0%lo", $perms unless $perms =~ /^0/; # Make it octal $dirumask = $perms; $dirumask =~ s/[1-7]/$&|1/ge; # If they want r or w give them x too $this->{dirumask} = oct($dirumask) ^ 0777; $fileumask = $perms; $this->{fileumask} = oct($fileumask) ^ 0777; ---- Pretty self-explanatory (well-commented code, and sanely written IMO... As always with Jules:). With a "mask" of 0660, this will translate to 0770 for directories... At least if I'm reading it right:-). My system agrees with me:-):-). > Thanks > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 18 22:42:49 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 18 22:43:25 2008 Subject: pflogsumm In-Reply-To: <4487B1717589544792AD581CC5D2EC2E7763@GCPMASTER.gpocorp.local> References: <20080318184551.GB10701@ubuntu> <47E01830.7080703@evi-inc.com> <4487B1717589544792AD581CC5D2EC2E7763@GCPMASTER.gpocorp.local> Message-ID: <223f97700803181542x467f606bg7334d1a194dac478@mail.gmail.com> On 18/03/2008, Adam Gross wrote: > Anyone know how to take the output of pflogsumm and dump it into a > nightly e-mail? Just wanted to ask a quick short one (hopefully). > Thanks in advance. > > -Adam > As have been answered already a very simple cron-job will handle this... If you look in the archives to this list, or possibly the MailWatch one (... bad memory on my part...:) you can find a simple cron and php-script combo I've made to dump this to a file and present on a very basic webpage. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From eersana at yahoo.com Wed Mar 19 01:59:02 2008 From: eersana at yahoo.com (anas asree) Date: Wed Mar 19 01:59:38 2008 Subject: How to stop this spam In-Reply-To: Message-ID: <188841.47267.qm@web39510.mail.mud.yahoo.com> The spam header Received: from n2.bullet.mail.re3.yahoo.com (n2.bullet.mail.re3.yahoo.com [68.142.237.109]) by abc.ptm.my (Postfix) with SMTP id 7BF664928B4 for <7aff2004@ptm.com>; Mon, 17 Mar 2008 03:13:18 +0800 (MYT) Received: from [68.142.237.87] by n2.bullet.mail.re3.yahoo.com with NNFMP; 16 Mar 2008 11:02:30 -0000 Received: from [66.196.97.135] by t3.bullet.re3.yahoo.com with NNFMP; 16 Mar 2008 19:06:33 -0000 Received: from [127.0.0.1] by omp108.mail.re3.yahoo.com with NNFMP; 16 Mar 2008 19:06:33 -0000 X-Yahoo-Newman-Id: 419020.11902.bm@omp108.mail.re3.yahoo.com Message-ID: <419020.11902.bm@omp108.mail.re3.yahoo.com> Received: (qmail 22582 invoked from network); 16 Mar 2008 19:06:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:From:To:Reply-To:Subject:Date:MIME-Version:Content-type:Content-transfer-encoding; b=dyaMqEvTfAGfBq2uhN9YUggoN1kArAxKdYokNv5+/LzeoFTeKnsIyR43hDdSh2pF/JGSXhI95UehfP/N6NLKo3z1qkF7RUvF11+6++tCbVlx/wAiYloCenWURyO9XV0KviqAke6pAp6/RgoROJQ1UnC0E9WLlvVQNU1DuJDlAOk= ; Received: from unknown (HELO www.microsoft.com) (danniepennington2774@211.74.94.168 with login) by smtp115.plus.mail.re1.yahoo.com with SMTP; 16 Mar 2008 19:06:01 -0000 X-YMail-OSG: psvhvSMVM1njT8UHFY4ICCqUf3VawsKR4VElwwIXv2g.5pv13BAg58V0GFm.nZJsyGH1_5LzAa48FpAf9JHtiGXYdDrevXTJXWJDzg-- X-Yahoo-Newman-Property: ymail-5 From: danniepennington2774@yahoo.co.uk To: 7acidgroove@arnet.com.ar Reply-To: danniepennington2774@yahoo.co.uk Subject: lovely ojg Shemales pvx uu vtn. Date: Sun, 16 Mar 2008 20:22:02 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=windows-1251 Content-transfer-encoding: 8bit with spam record score 1.00 BAYES_00Bayesian spam probability is 0 to 1% 0.50 RAZOR2_CF_RANGE_51_100Razor2 gives confidence level above 50% 1.50 RAZOR2_CF_RANGE_E8_51_100Razor2 gives engine 8 confidence level above 50% 0.50 RAZOR2_CHECKListed in Razor2 (http://razor.sf.net/) Sometimes it got hit with the above rules and other rules such as URIBL_BLACK, URIBL_JP_SURBL, but sometimes the spam was not caught by any rule except for Bayes_00 Scott Silva wrote: on 3-17-2008 9:12 PM Cheng Bruce spake the following: > Hi, > > I am not sure if you turn on RBL list. I got 12.4 points. > > Content analysis details: (12.4 points, 7.0 required) > Probably because it was reported and showed up on the RBL's later. Can you provide a complete copy of the message, with headers intact for testing? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! --------------------------------- Looking for last minute shopping deals? Find them fast with Yahoo! Search. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080318/d972bfdf/attachment.html From hvdkooij at vanderkooij.org Wed Mar 19 06:21:42 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Mar 19 06:22:55 2008 Subject: [SPAM: 5.90] Re: How to stop this spam In-Reply-To: <82403.84862.qm@web39515.mail.mud.yahoo.com> References: <82403.84862.qm@web39515.mail.mud.yahoo.com> Message-ID: <47E0B0F6.6050302@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 anas asree wrote: | Hi all... | | Our servers are getting this kind of spam that have this kind of content | | uu zjqji qf, sexy er Shemale f http://www.truebsexfilms.cn lv uk bhq eqli. | dny cygum nsqzf zocnd w w olm. | xyh lu phsi u bha, efoca isea c yy ytv jkpvn y xpxo. | | oc m, beautiful vvkqb wk Daughters emzr http://www.xideohot.cn h oku. nn | ptbv rep bwxx wdo ifogr. | dzi dwrw lqpk s wst kynd, k bfxm b f o rq. | | Our Mailscanner did not detect these mail as SPAM. The spam report show nothing | except for Bayes_00. This kind of spam comes from yahoo mail and is kind of difficult | | to block the IP because it comes from Yahoo. We've been getting quite a lot of this kind of Spam.. | | We have also installed DCC, Razor2, SARE in our mailscanner but that did'nt help Actually. I have given up all hope that a Yahoo adress will be anything but spam. I very strongly suggest you move to somewhere else and forget about Yahoo if you wish your email to be read. Wether or not it is a deliberate decision by Yahoo is not known to me but I see Yahoo involved in anything I can think of that is spam related. Like using it to collect address, Testing relay abilities, you name it. So in my book that makes them totally unreliable and something that should be avoided as much as possible. If you keep getting low bayesian scores then you do not properly educate your bayesian database. I suggest you address that issue. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH4LD0BvzDRVjxmYERArUJAJ9UhQmQlTIjKc04fFkYNHKuSCf4wQCgnJrk lhV5NJSPX3EQr1Z44u3SYGU= =6mU2 -----END PGP SIGNATURE----- From sandro at e-den.it Wed Mar 19 09:06:03 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Wed Mar 19 09:06:43 2008 Subject: How do you count e-mail? In-Reply-To: <223f97700803181150y6f28df3bx8cb63afaa57ffd7a@mail.gmail.com> References: <20080318174350.GA10701@ubuntu> <223f97700803181150y6f28df3bx8cb63afaa57ffd7a@mail.gmail.com> Message-ID: <20080319090603.GA14137@ubuntu> > Pflogsumm is a bit confusing when used with MailScanner, since we HOLD > everything we accept, sort of. sure, we can just disreguard that information > So your "ratio" would be the comparision (more or less) between ~1.1 > million message "attempts" and the actual delivered messages. > Paints a pretty picture;-). amaizing ratio, to me. But I think that the 1.1 million attempts is the base to calculate how many times I will make dns request, to that that's probably the number to compare with 250.000 mail/day suggester as a turning point by rbldnsd website. > > Just out of curiosity... what are the top rejections? message reject detail --------------------- RCPT Helo command rejected: need fully-qualified hostname (total: 536368) 7235 telesp.net.br 5312 ono.com 4455 vtr.net 2990 veloxzone.com.br 2814 89.104.106.98 2698 211.173.152.57 2696 ntl.com 2480 ppp91-76-9-202.pppoe.mtu-net.ru 2347 91.146.59.228 2337 211.179.104.107 2292 211.228.99.206 2286 122.43.109.217 2272 fibertel.com.ar 2208 qualitynet.net 2190 brasiltelecom.net.br 2158 ctbcnetsuper.com.br 2120 volia.net 2103 211.105.59.248 2065 asianet.co.th 2061 blueyonder.co.uk > > 2. which is the average % spam that is 'fisiological' to accept in a fine> > tuned server? > Sorry, don't really know what you mean with "fisiological"... spam that even if I finely tune my antispam machinery I'll never stop. One for all. I had for some weeks some very low control but I had autowitelist on. Bayes started giving negative score to spam. Just switching bayes off I could get mush better filters. sandro *:-) From J.Ede at birchenallhowden.co.uk Wed Mar 19 10:17:38 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Mar 19 10:19:25 2008 Subject: How do you count e-mail? In-Reply-To: <20080318174350.GA10701@ubuntu> References: <20080318174350.GA10701@ubuntu> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E8C@server02.bhl.local> ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro@e-den.it] Sent: 18 March 2008 17:43 To: mailscanner@lists.mailscanner.info Subject: How do you count e-mail? Hi, yesterday some of you helped me out tuning a server. I always considered it a 50-70.000 e-mail/day server (6000 domains), and for this reason, I didn't set up a rbldnsd (they suggest to only set it up when you go over 250.00 mail/day.) Today I tried pflogsumm and found completely different nubers: 48052 received 36004 delivered 0 forwarded 939 deferred (6049 deferrals) 1288 bounced 1046k rejected (96%) 0 reject warnings 96125 held 0 discarded (0%) That's mode that 1 million messages received in a day and 96% rejected! In the 48.00 received there is a 43% spam recognized and some more 5% that I should menage to cut. So some simple questions: 1. how do you consider the volume of a server: reading the rejected or the received? 2. which is the average % spam that is 'fisiological' to accept in a fine tuned server? for the curious ones. Yesterday was a nightmare with up to 12.000 messages in the queue. Today no more than 200. I moved rbl at the postfix level and I reduced to just 3 rbl. I had to raise the postfix process to 500 (350/400 used). Previously I tried putting rbl in postfix but since I didn't raise the postfix processes I had too many rejected connections. sandro *:-) If you have that number of postfix processes you definitely need a local version of rbldnsd running if you want to keep your response times sensible... The spamhaus feed is well worth the money (we use it) and it makes quite a difference in response times for the RBL lookups with it all being local. Also for when you reject emails its a good idea to set the reject wait time to 0 (it defaults to waiting for I think 1 second) before rejecting email. Details on that setting is in one of the postfix tuning links that have been posted previously. We find that around 90% of our attempted rejections are because of the spamhaus blacklists (be careful with using the pbl one depending on where the email is coming from) and then about 5%-6% with the other rbl's, receipt verification and greylisting. We only average about 1million attempted connections a month though. Jason From glenn.steen at gmail.com Wed Mar 19 11:33:33 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 19 11:34:08 2008 Subject: How do you count e-mail? In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E8C@server02.bhl.local> References: <20080318174350.GA10701@ubuntu> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E8C@server02.bhl.local> Message-ID: <223f97700803190433v3a3aafb8g6b3532d0ebb5d984@mail.gmail.com> On 19/03/2008, Jason Ede wrote: > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro@e-den.it] > Sent: 18 March 2008 17:43 > To: mailscanner@lists.mailscanner.info > Subject: How do you count e-mail? > > > Hi, > > yesterday some of you helped me out tuning a server. I always considered > it a 50-70.000 e-mail/day server (6000 domains), and for this reason, I > didn't set up a rbldnsd (they suggest to only set it up when you go over > 250.00 mail/day.) > > Today I tried pflogsumm and found completely different nubers: > > 48052 received > 36004 delivered > 0 forwarded > 939 deferred (6049 deferrals) > 1288 bounced > 1046k rejected (96%) > 0 reject warnings > 96125 held > 0 discarded (0%) > > That's mode that 1 million messages received in a day and 96% rejected! > In the 48.00 received there is a 43% spam recognized and some more 5% > that I should menage to cut. > > So some simple questions: > > 1. how do you consider the volume of a server: reading the rejected or > the received? > > 2. which is the average % spam that is 'fisiological' to accept in a fine > tuned server? > > > for the curious ones. Yesterday was a nightmare with up to 12.000 messages in > the queue. Today no more than 200. I moved rbl at the postfix level and I > reduced to just 3 rbl. I had to raise the postfix process to 500 (350/400 > used). Previously I tried putting rbl in postfix but since I didn't raise the > postfix processes I had too many rejected connections. > > > sandro > *:-) > > > If you have that number of postfix processes you definitely need a local version of rbldnsd running if you want to keep your response times sensible... The spamhaus feed is well worth the money (we use it) and it makes quite a difference in response times for the RBL lookups with it all being local. Also for when you reject emails its a good idea to set the reject wait time to 0 (it defaults to waiting for I think 1 second) before rejecting email. Details on that setting is in one of the postfix tuning links that have been posted previously. > ~500K of the rejects are from invalid HELO/EHLO... So they don't reach any rbl checking... But if a sizeable part of the others do... Not saying "don't do rbldnsd", on the contrary... Just pointing out that those specific rejects wouldn't "count":-). > We find that around 90% of our attempted rejections are because of the spamhaus blacklists (be careful with using the pbl one depending on where the email is coming from) and then about 5%-6% with the other rbl's, receipt verification and greylisting. We only average about 1million attempted connections a month though. > > > Jason > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From sandro at e-den.it Wed Mar 19 12:17:50 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Wed Mar 19 12:18:26 2008 Subject: rbl and timeout In-Reply-To: <47E01830.7080703@evi-inc.com> References: <20080318184551.GB10701@ubuntu> <47E01830.7080703@evi-inc.com> Message-ID: <20080319121750.GB14137@ubuntu> On Tue, Mar 18, 2008 at 03:29:52PM -0400, Matt Kettler wrote: > Alessandro Dentella wrote: > >Hi again, > > > > and now the questions related to rbl and dns. > > > > At the moment I'm using bind9 on the mail server (on debian). Is that a > > casching nameserver, is there a way to test if it is working correctly? > > > > I'm confused as for how rbldnsd should get into the setup. After I set it > > up should I substitute it to bind? should I declare it in > > MailScanner.conf > > / spamassassin? > > > > Generally I'd suggest using a forward zone declaration in your resolving > named. This way anything using your resolving named for lookup will recurse > to the rbldnsd instead of the interent. > > in named.conf you'd do something like this: > > > zone "somerbl.com" { > type forward; > forwarders { > 192.168.1.2; > }; > }; > > > Where 192.168.1.2 is your server running rbldnsd. If it's running on a > nonstandard port, such as 5353 just change to: > > zone "somerbl.com" { > type forward; > forwarders { > 192.168.1.2 port 5353; > }; > }; Thanks for this hint. There's a point I missed and now I got (I think) . I thought that a check toward an rbl was similar to what on a shell would be: $ host ip_to_be_checked my.preferred.rbl.org while enabling named querylog and using rblcheck I see that is like this: $ host ip_to_be_checked.my.preferred.rbl.org so now I understand your configuration. Thanks sandro *:-) PS: as far as using rbldnsd or not... reading spamhouse FAQ it seems that we are not even entitled to use the free servers from spamhouse... From wayne at nightsol.net Wed Mar 19 13:01:00 2008 From: wayne at nightsol.net (Wayne) Date: Wed Mar 19 13:01:47 2008 Subject: corrupt zip files Message-ID: Hi Guys, We have another site which is using software based on JavaMail to send some emails to us. But when an attached zip gets passed through MailScanner it wont open. When it goes through another server which does not use MailScanner it is fine. Out MTA is postfix and AV is clamav. Anybody have any ideas on what could be causing this or how to get around it? When I try to unzip an attachment that comes through MailScanner I get the following: # unzip Test.zip Archive: Test.zip End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. unzip: cannot find zipfile directory in one of Test.zip or Test.zip.zip, and cannot find Test.zip.ZIP, period. TIA, Wayne -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/73aa8976/attachment.html From J.Ede at birchenallhowden.co.uk Wed Mar 19 13:39:19 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Wed Mar 19 13:43:33 2008 Subject: How do you count e-mail? In-Reply-To: <223f97700803190433v3a3aafb8g6b3532d0ebb5d984@mail.gmail.com> References: <20080318174350.GA10701@ubuntu> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E8C@server02.bhl.local>, <223f97700803190433v3a3aafb8g6b3532d0ebb5d984@mail.gmail.com> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89E8E@server02.bhl.local> From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen [glenn.steen@gmail.com] Sent: 19 March 2008 11:33 To: MailScanner discussion Subject: Re: How do you count e-mail? => > If you have that number of postfix processes you definitely need a local version of rbldnsd running if you want to keep your response times sensible... The spamhaus feed is well worth the money (we use it) and it makes quite a difference in response times for the RBL lookups with it all being local. Also for when you reject emails its a good idea to set the reject wait time to 0 (it defaults to waiting for I think 1 second) before rejecting email. Details on that setting is in one of the postfix tuning links that have been posted previously. > ~500K of the rejects are from invalid HELO/EHLO... So they don't reach any rbl checking... But if a sizeable part of the others do... Not saying "don't do rbldnsd", on the contrary... Just pointing out that those specific rejects wouldn't "count":-). > We find that around 90% of our attempted rejections are because of the spamhaus blacklists (be careful with using the pbl one depending on where the email is coming from) and then about 5%-6% with the other rbl's, receipt verification and greylisting. We only average about 1million attempted connections a month though. > > > Jason > Cheers -- -- Glenn True... I'm guessing of the emails that do get accepted and turn out to be spam a significant percentage would have been blocked by RBL's... Jason From mkettler at evi-inc.com Wed Mar 19 14:02:25 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 19 14:03:59 2008 Subject: rbl and timeout In-Reply-To: <20080319121750.GB14137@ubuntu> References: <20080318184551.GB10701@ubuntu> <47E01830.7080703@evi-inc.com> <20080319121750.GB14137@ubuntu> Message-ID: <47E11CF1.6020901@evi-inc.com> Alessandro Dentella wrote: > > Thanks for this hint. There's a point I missed and now I got (I think) . > I thought that a check toward an rbl was similar to what on a shell would > be: > > $ host ip_to_be_checked my.preferred.rbl.org > > while enabling named querylog and using rblcheck I see that is like this: > > $ host ip_to_be_checked.my.preferred.rbl.org Actually, the IP should be backwards, in-addr.arpa style.. ie: if I wanted to look up 1.2.3.4 in my.preferred.rbl.org I'd look up 4.3.2.1.my.preferred.rbl.org > so now I understand your configuration. > > Thanks > sandro > *:-) > > PS: as far as using rbldnsd or not... reading spamhouse FAQ it seems that we > are not even entitled to use the free servers from spamhouse... From paul at welshfamily.com Wed Mar 19 14:45:52 2008 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 19 14:47:22 2008 Subject: Mailscanner not tagging spam Message-ID: <53bf35d9b43b51d765ff6bf4203ba8e2@212.159.81.141> Hi I'm using version 4.64.3 of MailScanner with Spamassassin 3.2.3 with Exim. At around 4am yesterday MailScanner stopped detecting spam. Looking through the maillog, the "Found x spam messages" stopped at around 4am. I restarted MailScanner and Exim and this seemed to fix it. However, today although MailScanner says it is detecting spam, it's still coming through. If I test some of the messages that are getting through using SpamAssassin in debug mode, the messages are clearly high scoring spam. I've received no messages with a modified subject line, ie, with the {Spam?} prefix and the Internet headers show the messages have not been classified as spam by MailScanner. I've set "Always Include SpamAssassin Report" to yes from no so I can get a bit more detail and I'm waiting for MailScanner to do one of its periodic restarts. Any ideas what could be going wrong or what I can do to debug the problem? The server in question has been up for 417 days, do you think a reboot may solve the issue? ________________________________________________ Message sent using UebiMiau 2.7.9 From ja at conviator.com Wed Mar 19 15:10:44 2008 From: ja at conviator.com (Jan Agermose) Date: Wed Mar 19 15:11:51 2008 Subject: manual resent Message-ID: Hi Im trying to resent a mail that was blocked because of the attached BMP files. Even though the log says it was logged to the database it really was not :-| so I cannot release using mailwatch and now im trying to do it using CLI [root@scanner4 m2JA1Ibk017046]# pwd /var/spool/MailScanner/quarantine/20080319/m2JA1Ibk017046 [root@scanner4 m2JA1Ibk017046]# ls -l total 4880 -rw-rw---- 1 root apache 1054674 Mar 19 11:09 0229 og 0240.bmp -rw-rw---- 1 root apache 1034550 Mar 19 11:09 0578 og 0579.bmp -rw-rw---- 1 root apache 2888957 Mar 19 11:09 message sendmail -toi m2JA1Ibk017046 it looks like it simply stalls - don't know if it does not work like this or it simply takes for ever to handle this? Regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/7fdda8ab/attachment.html From martinh at solidstatelogic.com Wed Mar 19 15:50:28 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Mar 19 15:51:19 2008 Subject: Mailscanner not tagging spam In-Reply-To: <53bf35d9b43b51d765ff6bf4203ba8e2@212.159.81.141> Message-ID: Paul Check spamassassin isn't timing out, this is the usual cause... Also check what the action is for high scoring spam. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Paul Welsh > Sent: 19 March 2008 14:46 > To: mailscanner@lists.mailscanner.info > Subject: Mailscanner not tagging spam > > Hi > I'm using version 4.64.3 of MailScanner with Spamassassin 3.2.3 with Exim. > At around 4am yesterday MailScanner stopped detecting spam. Looking > through > the maillog, the "Found x spam messages" stopped at around 4am. I > restarted > MailScanner and Exim and this seemed to fix it. > > However, today although MailScanner says it is detecting spam, it's still > coming through. If I test some of the messages that are getting through > using SpamAssassin in debug mode, the messages are clearly high scoring > spam. I've received no messages with a modified subject line, ie, with > the > {Spam?} prefix and the Internet headers show the messages have not been > classified as spam by MailScanner. I've set "Always Include SpamAssassin > Report" to yes from no so I can get a bit more detail and I'm waiting for > MailScanner to do one of its periodic restarts. > > Any ideas what could be going wrong or what I can do to debug the problem? > The server in question has been up for 417 days, do you think a reboot may > solve the issue? > > ________________________________________________ > Message sent using UebiMiau 2.7.9 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Wed Mar 19 16:05:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 16:06:18 2008 Subject: How to stop this spam In-Reply-To: <188841.47267.qm@web39510.mail.mud.yahoo.com> References: <188841.47267.qm@web39510.mail.mud.yahoo.com> Message-ID: on 3-18-2008 6:59 PM anas asree spake the following: > The spam header > > Received: from n2.bullet.mail.re3.yahoo.com > (n2.bullet.mail.re3.yahoo.com [68.142.237.109]) > by abc.ptm.my (Postfix) with SMTP id 7BF664928B4 > for <7aff2004@ptm.com>; Mon, 17 Mar 2008 03:13:18 +0800 (MYT) > Received: from [68.142.237.87] by n2.bullet.mail.re3.yahoo.com with > NNFMP; 16 Mar 2008 11:02:30 -0000 > Received: from [66.196.97.135] by t3.bullet.re3.yahoo.com with NNFMP; 16 > Mar 2008 19:06:33 -0000 > Received: from [127.0.0.1] by omp108.mail.re3.yahoo.com with NNFMP; 16 > Mar 2008 19:06:33 -0000 > X-Yahoo-Newman-Id: 419020.11902.bm@omp108.mail.re3.yahoo.com > Message-ID: <419020.11902.bm@omp108.mail.re3.yahoo.com> > Received: (qmail 22582 invoked from network); 16 Mar 2008 19:06:02 -0000 > Do mainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > s=s1024; d=yahoo.co.uk; > h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:From:To:Reply-To:Subject:Date:MIME-Version:Content-type:Content-transfer-encoding; > b=dyaMqEvTfAGfBq2uhN9YUggoN1kArAxKdYokNv5+/LzeoFTeKnsIyR43hDdSh2pF/JGSXhI95UehfP/N6NLKo3z1qkF7RUvF11+6++tCbVlx/wAiYloCenWURyO9XV0KviqAke6pAp6/RgoROJQ1UnC0E9WLlvVQNU1DuJDlAOk= > ; > Received: from unknown (HELO www.microsoft.com) > (danniepennington2774@211.74.94.168 with login) > by smtp115.plus.mail.re1.yahoo.com with SMTP; 16 Mar 2008 19:06:01 -0000 > X-YMail-OSG: > psvhvSMVM1njT8UHFY4ICCqUf3VawsKR4VElwwIXv2g.5pv13BAg58V0GFm.nZJsyGH1_5LzAa48FpAf9JHtiGXYdDrevXTJXWJDzg-- > X-Yahoo-Newman-Property: ymail-5 > From: danniepennington2774@yahoo.co.uk > To: 7acidgroove@arnet.com.ar > Reply-To: danniepennington2774@yahoo.co.uk > Subject: lovely ojg She males pvx uu vtn. > Date: Sun, 16 Mar 2008 20:22:02 +0100 > MIME-Version: 1.0 > Content-type: text/plain; charset=windows-1251 > Content-transfer-encoding: 8bit > That is the headers, but still not a complete copy of the message. Still I also managed to hit a score from spamcannibal with just the headers. I have some custom blacklists with low scores, but they add up quite often. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/49151b57/signature.bin From MailScanner at ecs.soton.ac.uk Wed Mar 19 16:06:30 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 19 16:07:21 2008 Subject: Mailscanner not tagging spam In-Reply-To: <53bf35d9b43b51d765ff6bf4203ba8e2@212.159.81.141> References: <53bf35d9b43b51d765ff6bf4203ba8e2@212.159.81.141> Message-ID: <47E13A06.2090503@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sounds like you've got mail that isn't getting processed by MailScanner, as it's bypassing it. In the rogue messages, start by looking for any MailScanner headers, and work from there. Paul Welsh wrote: > Hi > I'm using version 4.64.3 of MailScanner with Spamassassin 3.2.3 with Exim. > At around 4am yesterday MailScanner stopped detecting spam. Looking through > the maillog, the "Found x spam messages" stopped at around 4am. I restarted > MailScanner and Exim and this seemed to fix it. > > However, today although MailScanner says it is detecting spam, it's still > coming through. If I test some of the messages that are getting through > using SpamAssassin in debug mode, the messages are clearly high scoring > spam. I've received no messages with a modified subject line, ie, with the > {Spam?} prefix and the Internet headers show the messages have not been > classified as spam by MailScanner. I've set "Always Include SpamAssassin > Report" to yes from no so I can get a bit more detail and I'm waiting for > MailScanner to do one of its periodic restarts. > > Any ideas what could be going wrong or what I can do to debug the problem? > The server in question has been up for 417 days, do you think a reboot may > solve the issue? > > ________________________________________________ > Message sent using UebiMiau 2.7.9 > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: ISO-8859-1 wj8DBQFH4ToGEfZZRxQVtlQRAjWRAJ0fpAFLoV3VoP/cf01WvREsenvjuQCg6poU wd8zlooMXXBL2VFrJGp0EHg= =AJHl -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 19 16:07:59 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 19 16:08:19 2008 Subject: manual resent In-Reply-To: References: Message-ID: <47E13A5F.1060702@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Agermose wrote: > > Hi > > Im trying to resent a mail that was blocked because of the attached > BMP files. Even though the log says it was logged to the database it > really was not K so I cannot release using mailwatch and now im trying > to do it using CLI > > [root@scanner4 m2JA1Ibk017046]# pwd > > /var/spool/MailScanner/quarantine/20080319/m2JA1Ibk017046 > > [root@scanner4 m2JA1Ibk017046]# ls -l > > total 4880 > > -rw-rw---- 1 root apache 1054674 Mar 19 11:09 0229 og 0240.bmp > > -rw-rw---- 1 root apache 1034550 Mar 19 11:09 0578 og 0579.bmp > > -rw-rw---- 1 root apache 2888957 Mar 19 11:09 message > > sendmail -toi m2JA1Ibk017046 > That command won't do anything. It hasn't stalled, it's waiting for you to type in the message you want to send to "m2JA1lbk017046" which isn't a very sensible email address anyway, so it probably won't work :-) Try sendmail -toi < message as that might actually do something! > > it looks like it simply stalls ? don?t know if it does not work like > this or it simply takes for ever to handle this? > > Regards > > Jan > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: (pgp-secured) Charset: windows-1252 wj8DBQFH4TpgEfZZRxQVtlQRAtf7AKD0ogqTqeDOG7BfEdQoiZje7EjlfwCg9zxB Y1fU0wgUdWwVx88f9K2/f6o= =3tsI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Wed Mar 19 16:10:07 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Mar 19 16:10:37 2008 Subject: manual resent In-Reply-To: References: Message-ID: <118401c889db$b3492ea0$19db8be0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Agermose > Sent: Wednesday, March 19, 2008 11:11 AM > To: mailscanner@lists.mailscanner.info > Subject: manual resent > > Hi > > Im trying to resent a mail that was blocked because of the attached BMP > files. Even though the log says it was logged to the database it really > was not :| so I cannot release using mailwatch and now im trying to do > it using CLI > > [root@scanner4 m2JA1Ibk017046]# pwd > /var/spool/MailScanner/quarantine/20080319/m2JA1Ibk017046 > [root@scanner4 m2JA1Ibk017046]# ls -l > total 4880 > -rw-rw----? 1 root apache 1054674 Mar 19 11:09 0229 og 0240.bmp > -rw-rw----? 1 root apache 1034550 Mar 19 11:09 0578 og 0579.bmp > -rw-rw----? 1 root apache 2888957 Mar 19 11:09 message > > sendmail -toi m2JA1Ibk017046 > > it looks like it simply stalls ? don?t know if it does not work like > this or it simply takes for ever to handle this? > > Regards > Jan One simple enough for me to reply to :) sendmail -toi < m2JA1Ibk017046 Steve Steve Swaney Fort Systems Ltd. Steve@fsl.com www.fsl.com From paul at welshfamily.com Wed Mar 19 16:09:07 2008 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 19 16:10:48 2008 Subject: Mailscanner not tagging spam Message-ID: Thanks for the reply, Martin. I can't see any SpamAssassin timeouts going on in the maillog and High Scoring Spam Actions has always been set to delete. --------- Original Message -------- From: "MailScanner discussion" To: "MailScanner discussion" Subject: RE: Mailscanner not tagging spam Date: 19/03/08 14:59 Paul Check spamassassin isn't timing out, this is the usual cause... Also check what the action is for high scoring spam. ________________________________________________ Message sent using UebiMiau 2.7.9 From ssilva at sgvwater.com Wed Mar 19 16:36:32 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 16:37:04 2008 Subject: manual resent In-Reply-To: References: Message-ID: on 3-19-2008 8:10 AM Jan Agermose spake the following: > Hi > > > > Im trying to resent a mail that was blocked because of the attached BMP > files. Even though the log says it was logged to the database it really > was not K so I cannot release using mailwatch and now im trying to do it > using CLI > > > > [root@scanner4 m2JA1Ibk017046]# pwd > > /var/spool/MailScanner/quarantine/20080319/m2JA1Ibk017046 > > [root@scanner4 m2JA1Ibk017046]# ls -l > > total 4880 > > -rw-rw---- 1 root apache 1054674 Mar 19 11:09 0229 og 0240.bmp > > -rw-rw---- 1 root apache 1034550 Mar 19 11:09 0578 og 0579.bmp > > -rw-rw---- 1 root apache 2888957 Mar 19 11:09 message > > > > sendmail -toi m2JA1Ibk017046 > > > > it looks like it simply stalls ? don?t know if it does not work like > this or it simply takes for ever to handle this? > > That is not the proper command. You are trying to release the directory. try this; cd /var/spool/MailScanner/quarantine/20080319/m2JA1Ibk017046 sendmail -toi user@domain < message -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/78d25fa5/signature.bin From paul at welshfamily.com Wed Mar 19 16:40:43 2008 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 19 16:41:44 2008 Subject: Mailscanner not tagging spam Message-ID: <666bf3b2b4e7d45cd271cc05d9fdf95b@212.159.81.141> OK, the problem is that SpamAssassin doesn't seem to be working properly. The spam messages that are being found appear to be found in the SpamAssassin cache. Internet headers show a score of 0 for what are clearly spam mesages. Spamassassin works in debug mode, ie, "spamassassin -tD < spam.msg" works. ________________________________________________ Message sent using UebiMiau 2.7.9 From ssilva at sgvwater.com Wed Mar 19 18:22:29 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 18:22:54 2008 Subject: Mailscanner not tagging spam In-Reply-To: <666bf3b2b4e7d45cd271cc05d9fdf95b@212.159.81.141> References: <666bf3b2b4e7d45cd271cc05d9fdf95b@212.159.81.141> Message-ID: on 3-19-2008 9:40 AM Paul Welsh spake the following: > OK, the problem is that SpamAssassin doesn't seem to be working properly. > The spam messages that are being found appear to be found in the > SpamAssassin cache. Internet headers show a score of 0 for what are clearly > spam mesages. > > Spamassassin works in debug mode, ie, "spamassassin -tD < spam.msg" works. > > ________________________________________________ > Message sent using UebiMiau 2.7.9 > > But do the messages that aren't tagged as spam have mailscanner headers in them like "X-MailScanner-ID:"? That will tell you if spamassassin is not working, or if mail is bypassing mailscanner completely. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/8cccfdf8/signature.bin From paul at welshfamily.com Wed Mar 19 18:47:44 2008 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 19 18:49:00 2008 Subject: Mailscanner not tagging spam In-Reply-To: Message-ID: <200803191848.m2JImQ8b031370@safir.blacknight.ie> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf > Of Scott Silva > Sent: 19 March 2008 18:22 > To: mailscanner@lists.mailscanner.info > Subject: Re: Mailscanner not tagging spam > But do the messages that aren't tagged as spam have > mailscanner headers in > them like "X-MailScanner-ID:"? That will tell you if > spamassassin is not > working, or if mail is bypassing mailscanner completely. > OK, some more results. Received 260 odd messages today, most of them spam that hadn't been tagged. Here's a sample of an Internet Header: X-myMail-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, required 6, autolearn=) X-myMail-MailScanner-From: _gilbert@abbeywebdesign.com X-Spam-Status: No I have noticed, however, that all of 6 messages do have the {Spam?} subject line modification and has this: X-myMail-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.223, required 6, BAYES_50 0.00, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST 0.13, MIME_QP_LONG_LINE 1.40, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 3.00, RDNS_NONE 0.10, SPF_NEUTRAL 0.69) X-myMail-MailScanner-SpamScore: 6 From paul at welshfamily.com Wed Mar 19 19:45:02 2008 From: paul at welshfamily.com (Paul Welsh) Date: Wed Mar 19 19:45:56 2008 Subject: Mailscanner not tagging spam In-Reply-To: <200803191848.m2JImQ8b031370@safir.blacknight.ie> Message-ID: <200803191945.m2JJjM1B001846@safir.blacknight.ie> Just rebooted. No difference. From ssilva at sgvwater.com Wed Mar 19 19:51:09 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 19:51:59 2008 Subject: Mailscanner not tagging spam In-Reply-To: <200803191848.m2JImQ8b031370@safir.blacknight.ie> References: <200803191848.m2JImQ8b031370@safir.blacknight.ie> Message-ID: on 3-19-2008 11:47 AM Paul Welsh spake the following: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Scott Silva >> Sent: 19 March 2008 18:22 >> To: mailscanner@lists.mailscanner.info >> Subject: Re: Mailscanner not tagging spam >> But do the messages that aren't tagged as spam have >> mailscanner headers in >> them like "X-MailScanner-ID:"? That will tell you if >> spamassassin is not >> working, or if mail is bypassing mailscanner completely. >> > OK, some more results. Received 260 odd messages today, most of them spam > that hadn't been tagged. Here's a sample of an Internet Header: > > X-myMail-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, > required 6, autolearn=) > X-myMail-MailScanner-From: _gilbert@abbeywebdesign.com > X-Spam-Status: No > > I have noticed, however, that all of 6 messages do have the {Spam?} subject > line modification and has this: > > X-myMail-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.223, > required 6, BAYES_50 0.00, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST > 0.13, > MIME_QP_LONG_LINE 1.40, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 3.00, > RDNS_NONE 0.10, SPF_NEUTRAL 0.69) > X-myMail-MailScanner-SpamScore: 6 > That sure looks like they are passing through Mailscanner. Were there any system updates right before this stopped working? Are you using mailwatch and the database is full or corrupted? Maybe you could stop MailScanner and delete the spamassassin-cache db and restart to rule out any corruption there. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/da096820/signature.bin From ssilva at sgvwater.com Wed Mar 19 19:52:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 19:55:12 2008 Subject: Mailscanner not tagging spam In-Reply-To: <200803191848.m2JImQ8b031370@safir.blacknight.ie> References: <200803191848.m2JImQ8b031370@safir.blacknight.ie> Message-ID: on 3-19-2008 11:47 AM Paul Welsh spake the following: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf >> Of Scott Silva >> Sent: 19 March 2008 18:22 >> To: mailscanner@lists.mailscanner.info >> Subject: Re: Mailscanner not tagging spam >> But do the messages that aren't tagged as spam have >> mailscanner headers in >> them like "X-MailScanner-ID:"? That will tell you if >> spamassassin is not >> working, or if mail is bypassing mailscanner completely. >> > OK, some more results. Received 260 odd messages today, most of them spam > that hadn't been tagged. Here's a sample of an Internet Header: > > X-myMail-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0, > required 6, autolearn=) > X-myMail-MailScanner-From: _gilbert@abbeywebdesign.com > X-Spam-Status: No > > I have noticed, however, that all of 6 messages do have the {Spam?} subject > line modification and has this: > > X-myMail-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=6.223, > required 6, BAYES_50 0.00, HTML_MESSAGE 0.00, HTTP_ESCAPED_HOST > 0.13, > MIME_QP_LONG_LINE 1.40, RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 3.00, > RDNS_NONE 0.10, SPF_NEUTRAL 0.69) > X-myMail-MailScanner-SpamScore: 6 > Also ... Try and run a mailscanner --lint and see if it spots anything. You can try mailscanner --debug --debug-sa also. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/ebf109bd/signature.bin From temp at perm.it Wed Mar 19 21:21:34 2008 From: temp at perm.it (adam) Date: Wed Mar 19 21:22:51 2008 Subject: Installation order Message-ID: <47E183DE.5090802@perm.it> Hi, I want to install MailScanner on CentOS 5.1, but after a couple of attempts I'm confused about what order I should be installing in. I assumed that the best approach would be Razor & DCC, then SpamAssassin and Clam from the developer's packages, then MailScanner rpms. The messages output by MailScanner and the SA set seem to conflict though. Additionally, it looks like when you yum update CentOS 5.1 some of the perl module packages are removed as they've been incorporated into the main perl packages, which confuses the MailScanner installer! Little help please? :) Thanks, adam From agross at gcpsite.com Wed Mar 19 21:41:02 2008 From: agross at gcpsite.com (Adam Gross) Date: Wed Mar 19 21:41:52 2008 Subject: Installation order References: <47E183DE.5090802@perm.it> Message-ID: <4487B1717589544792AD581CC5D2EC2E7776@GCPMASTER.gpocorp.local> The order you mention is the order I install everything on my boxes. For best results I recommend installing SpamAssassin using cpan. I don't use CentOS so I don't know that it has cpan, but I can't imagine that it wouldn't. #cpan Install Mail::SpamAssassin So far as doing distro upgrades after installation, I personally recommend against it simply because it's a 50/50 shot as to whether or not something that gets installed will break MailScanner. Also -- "If it ain't broke, don't fix it." MS takes care of its own dependencies during installation, so worst case scenario of a yum upgrade breaking it, just re-run the installer and it'll fix whatever yum breaks. -Adam -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of adam Sent: Wednesday, March 19, 2008 5:22 PM To: mailscanner@lists.mailscanner.info Subject: Installation order Hi, I want to install MailScanner on CentOS 5.1, but after a couple of attempts I'm confused about what order I should be installing in. I assumed that the best approach would be Razor & DCC, then SpamAssassin and Clam from the developer's packages, then MailScanner rpms. The messages output by MailScanner and the SA set seem to conflict though. Additionally, it looks like when you yum update CentOS 5.1 some of the perl module packages are removed as they've been incorporated into the main perl packages, which confuses the MailScanner installer! Little help please? :) Thanks, adam -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ From MailScanner at ecs.soton.ac.uk Wed Mar 19 22:04:15 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 19 22:05:04 2008 Subject: Installation order In-Reply-To: <47E183DE.5090802@perm.it> References: <47E183DE.5090802@perm.it> Message-ID: <47E18DDF.5020205@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 adam wrote: > Hi, > > I want to install MailScanner on CentOS 5.1, but after a couple of > attempts I'm confused about what order I should be installing in. > > I assumed that the best approach would be Razor & DCC, then SpamAssassin > and Clam from the developer's packages, then MailScanner rpms. The > messages output by MailScanner and the SA set seem to conflict though. That's pretty much completely backwards. Install MailScanner first. Then either ClamAV+SpamAssassin from my combined package, or else ClamAV from RPMs at dag.wieers.com/rpm/packages/clamav and then SpamAssassin alone from my combined package (it will ask you if you want it to install ClamAV when you run it, just say "n"). Then DCC. Then Razor. Using my package to install SpamAssassin will do a lot of the configuration of it for you, along with installing all the pre-requisites automatically. > > Additionally, it looks like when you yum update CentOS 5.1 some of the > perl module packages are removed as they've been incorporated into the > main perl packages, which confuses the MailScanner installer! Do a "yum update" before you start doing anything. When you later want to upgrade Perl (which doesn't mean doing every little patch they produce), uninstall the clashing RPMs (yum update will tell you what they are), then "yum update" then reinstall MailScanner, which will replace the RPMs you removed. Fairly simple really :-) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH4Y3lEfZZRxQVtlQRAuhVAJ0Uj4hMQHEIJu6clbxm3VWx3o1OOgCbBtgT rM9YQRdM6wcvP3/KyGKec/Q= =ET0N -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Mar 19 22:11:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 19 22:11:25 2008 Subject: Installation order In-Reply-To: <47E183DE.5090802@perm.it> References: <47E183DE.5090802@perm.it> Message-ID: <47E18F76.2050300@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One more thing. Back last July, I wrote a HOWTO on the subject of good extra rulesets to add to a basic SpamAssassin installation. I still install pretty much the same set on installations I do for people now. It works very well, and noticeably improves the performance of SpamAssassin as far as its detection rate goes. Look in the mailing list archives for a message from me with "HOWTO" in the Subject line, posted July 2007. You might find it helps. I've done a few hundred installations... Jules. adam wrote: > Hi, > > I want to install MailScanner on CentOS 5.1, but after a couple of > attempts I'm confused about what order I should be installing in. > > I assumed that the best approach would be Razor & DCC, then SpamAssassin > and Clam from the developer's packages, then MailScanner rpms. The > messages output by MailScanner and the SA set seem to conflict though. > > Additionally, it looks like when you yum update CentOS 5.1 some of the > perl module packages are removed as they've been incorporated into the > main perl packages, which confuses the MailScanner installer! > > Little help please? :) > > Thanks, > adam > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH4Y97EfZZRxQVtlQRArQeAKDNEB4sH7pF6jrkYet0huxsmHeBywCgyIM4 j2lcWxRlCIaugPIStyesq/k= =lbnC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 19 22:52:44 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 19 22:54:05 2008 Subject: Installation order In-Reply-To: <47E18F76.2050300@ecs.soton.ac.uk> References: <47E183DE.5090802@perm.it> <47E18F76.2050300@ecs.soton.ac.uk> Message-ID: on 3-19-2008 3:11 PM Julian Field spake the following: > One more thing. > Back last July, I wrote a HOWTO on the subject of good extra rulesets to > add to a basic SpamAssassin installation. I still install pretty much > the same set on installations I do for people now. It works very well, > and noticeably improves the performance of SpamAssassin as far as its > detection rate goes. > > Look in the mailing list archives for a message from me with "HOWTO" in > the Subject line, posted July 2007. > > You might find it helps. > I've done a few hundred installations... > > Jules. > > adam wrote: >> Hi, > >> I want to install MailScanner on CentOS 5.1, but after a couple of >> attempts I'm confused about what order I should be installing in. > >> I assumed that the best approach would be Razor & DCC, then SpamAssassin >> and Clam from the developer's packages, then MailScanner rpms. The >> messages output by MailScanner and the SA set seem to conflict though. > >> Additionally, it looks like when you yum update CentOS 5.1 some of the >> perl module packages are removed as they've been incorporated into the >> main perl packages, which confuses the MailScanner installer! > >> Little help please? :) > >> Thanks, >> adam > > > > > Jules > Posted on the wiki; http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:julians_howto -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080319/e7ad5ad2/signature.bin From allenjiang at clicktosee.com Thu Mar 20 09:39:49 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Thu Mar 20 09:41:14 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47E230E5.8080107@clicktosee.com> On Tue, 18 Mar 2008 Glenn Steen wrote: >Thanks for checking back with us Allen. >Could you try the "spamassassin --lint -D" as the postfix user as well? >Might be as simple as having the wrong permissions on the SA .pre file >containing the LoadPlugin line I mentioned. Also check (with less, or >similar paginator) that you can read all the .pre files... Something >like "less -e /etc/mail/spamassassin/*.pre", also as the postfix >user... Hopefully it'll be that sinple:-). Thanks for all! I try the "spamassassin --lint -D" as the postfix user, but i haven't see any wrong. I can read all the .pre files as the postfix user. I have installed two postfix servers, but encount this same wrong! -bash-3.00$ spamassassin --lint -D [18506] dbg: logger: adding facilities: all [18506] dbg: logger: logging level is DBG [18506] dbg: generic: SpamAssassin version 3.2.4 [18506] dbg: config: score set 0 chosen. [18506] dbg: util: running in taint mode? yes [18506] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [18506] dbg: util: PATH included '/usr/kerberos/bin', keeping [18506] dbg: util: PATH included '/usr/java/jdk1.5.0_09/bin', keeping [18506] dbg: util: PATH included '/usr/local/bin', keeping [18506] dbg: util: PATH included '/bin', keeping [18506] dbg: util: PATH included '/usr/bin', keeping [18506] dbg: util: PATH included '/usr/X11R6/bin', keeping [18506] dbg: util: final PATH set to: /usr/kerberos/bin:/usr/java/jdk1.5.0_09/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin [18506] dbg: dns: is Net::DNS::Resolver available? yes [18506] dbg: dns: Net::DNS version: 0.63 [18506] dbg: diag: perl platform: 5.008005 linux [18506] dbg: diag: module installed: Digest::SHA1, version 2.07 [18506] dbg: diag: module installed: HTML::Parser, version 3.56 [18506] dbg: diag: module installed: Net::DNS, version 0.63 [18506] dbg: diag: module installed: MIME::Base64, version 3.07 [18506] dbg: diag: module installed: DB_File, version 1.809 [18506] dbg: diag: module installed: Net::SMTP, version 2.29 [18506] dbg: diag: module installed: Mail::SPF, version v2.005 [18506] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [18506] dbg: diag: module installed: IP::Country::Fast, version 604.001 [18506] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 [18506] dbg: diag: module installed: Net::Ident, version 1.20 [18506] dbg: diag: module installed: IO::Socket::INET6, version 2.54 [18506] dbg: diag: module installed: IO::Socket::SSL, version 1.13 [18506] dbg: diag: module installed: Compress::Zlib, version 1.41 [18506] dbg: diag: module installed: Time::HiRes, version 1.9712 [18506] dbg: diag: module installed: Mail::DomainKeys, version 1.0 [18506] dbg: diag: module installed: Mail::DKIM, version 0.301 [18506] dbg: diag: module installed: DBI, version 1.56 [18506] dbg: diag: module installed: Getopt::Long, version 2.36 [18506] dbg: diag: module installed: LWP::UserAgent, version 2.031 [18506] dbg: diag: module installed: HTTP::Date, version 1.46 [18506] dbg: diag: module installed: Archive::Tar, version 1.38 [18506] dbg: diag: module installed: IO::Zlib, version 1.09 [18506] dbg: diag: module installed: Encode::Detect, version 1.00 [18506] dbg: ignore: using a test message to lint rules [18506] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [18506] dbg: config: read file /etc/mail/spamassassin/init.pre [18506] dbg: config: read file /etc/mail/spamassassin/v310.pre [18506] dbg: config: read file /etc/mail/spamassassin/v312.pre [18506] dbg: config: read file /etc/mail/spamassassin/v320.pre [18506] dbg: config: using "/var/lib/spamassassin/3.002004" for sys rules pre files [18506] dbg: config: using "/var/lib/spamassassin/3.002004" for default rules dir [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org.cf [18506] dbg: config: using "/etc/mail/spamassassin" for site rules dir [18506] dbg: config: read file /etc/mail/spamassassin/local.cf [18506] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [18506] dbg: dcc: local tests only, disabling DCC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [18506] dbg: pyzor: local tests only, disabling Pyzor [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [18506] dbg: razor2: local tests only, skipping Razor [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [18506] dbg: reporter: local tests only, disabling SpamCop [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [18506] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/10_default_prefs.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_advance_fee.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_body_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_compensate.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dnsbl_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_drugs.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_dynrdns.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_fake_helo_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_head_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_html_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_imageinfo.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_meta_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_net_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_phrases.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_porn.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_ratware.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_uri_tests.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/20_vbounce.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/23_bayes.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_accessdb.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_antivirus.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_asn.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dcc.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_dkim.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_domainkeys.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_hashcash.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_pyzor.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_razor2.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_replace.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_spf.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_textcat.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/25_uribl.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_de.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_fr.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_it.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_nl.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pl.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/30_text_pt_br.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/50_scores.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_awl.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_shortcircuit.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dk.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_dkim.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_spf.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/60_whitelist_subject.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_active.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_removed.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/72_scores.cf [18506] dbg: config: fixed relative path: /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [18506] dbg: config: using "/var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf" for included file [18506] dbg: config: read file /var/lib/spamassassin/3.002004/updates_spamassassin_org/80_additional.cf [18506] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [18506] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [18506] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [18506] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [18506] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [18506] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [18506] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [18506] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [18506] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [18506] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [18506] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [18506] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [18506] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [18506] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [18506] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [18506] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [18506] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [18506] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [18506] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [18506] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [18506] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [18506] dbg: conf: finish parsing [18506] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8f48a38) implements 'finish_parsing_end', priority 0 [18506] dbg: replacetags: replacing tags [18506] dbg: replacetags: done replacing tags [18506] dbg: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks [18506] dbg: config: score set 0 chosen. [18506] dbg: message: main message type: text/plain [18506] dbg: message: ---- MIME PARSER START ---- [18506] dbg: message: parsing normal part [18506] dbg: message: ---- MIME PARSER END ---- [18506] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x9c41ce8) implements 'check_start', priority 0 [18506] dbg: bayes: no dbs present, cannot tie DB R/O: /var/spool/postfix/.spamassassin/bayes_toks [18506] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x9bf2f64) implements 'check_main', priority 0 [18506] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [18506] dbg: metadata: X-Spam-Relays-Trusted: [18506] dbg: metadata: X-Spam-Relays-Untrusted: [18506] dbg: metadata: X-Spam-Relays-Internal: [18506] dbg: metadata: X-Spam-Relays-External: [18506] dbg: message: no encoding detected [18506] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a697f8) implements 'parsed_metadata', priority 0 [18506] dbg: dns: is DNS available? 0 [18506] dbg: rules: local tests only, ignoring RBL eval [18506] dbg: check: running tests for priority: -1000 [18506] dbg: rules: running head tests; score so far=0 [18506] dbg: rules: compiled head tests [18506] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [18506] dbg: eval: all '*To' addrs: [18506] dbg: rules: running body tests; score so far=0 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=0 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=0 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=0 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=0 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: -950 [18506] dbg: rules: running head tests; score so far=0 [18506] dbg: rules: compiled head tests [18506] dbg: rules: running body tests; score so far=0 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=0 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=0 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=0 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=0 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: -900 [18506] dbg: rules: running head tests; score so far=0 [18506] dbg: rules: compiled head tests [18506] dbg: rules: running body tests; score so far=0 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=0 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=0 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=0 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=0 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: -400 [18506] dbg: rules: running head tests; score so far=0 [18506] dbg: rules: compiled head tests [18506] dbg: rules: running body tests; score so far=0 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=0 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=0 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=0 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=0 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: 0 [18506] dbg: rules: running head tests; score so far=0 [18506] dbg: rules: compiled head tests [18506] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [18506] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [18506] dbg: rules: Message-Id: " [18506] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [18506] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [18506] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1206002633" [18506] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [18506] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1206002633@lint_rules> [18506] dbg: rules: " [18506] dbg: spf: checking to see if the message has a Received-SPF header that we can use [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: spf: cannot get Envelope-From, cannot use SPF [18506] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [18506] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [18506] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [18506] dbg: spf: spf_whitelist_from: could not find useable envelope sender [18506] dbg: rules: running body tests; score so far=1.899 [18506] dbg: rules: compiled body tests [18506] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [18506] dbg: rules: running uri tests; score so far=1.899 [18506] dbg: rules: compiled uri tests [18506] dbg: eval: stock info total: 0 [18506] dbg: rules: running rawbody tests; score so far=1.899 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [18506] dbg: rules: running full tests; score so far=1.899 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=1.899 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: 500 [18506] dbg: dns: harvest_dnsbl_queries [18506] dbg: rules: running head tests; score so far=1.899 [18506] dbg: rules: compiled head tests [18506] dbg: rules: running body tests; score so far=1.899 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=1.899 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=1.899 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=1.899 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=1.899 [18506] dbg: rules: compiled meta tests [18506] dbg: check: running tests for priority: 1000 [18506] dbg: rules: running head tests; score so far=4.205 [18506] dbg: rules: compiled head tests [18506] dbg: rules: running body tests; score so far=4.205 [18506] dbg: rules: compiled body tests [18506] dbg: rules: running uri tests; score so far=4.205 [18506] dbg: rules: compiled uri tests [18506] dbg: rules: running rawbody tests; score so far=4.205 [18506] dbg: rules: compiled rawbody tests [18506] dbg: rules: running full tests; score so far=4.205 [18506] dbg: rules: compiled full tests [18506] dbg: rules: running meta tests; score so far=4.205 [18506] dbg: rules: compiled meta tests [18506] dbg: check: is spam? score=4.205 required=5 [18506] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [18506] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID ======================================================== long976@hotmail.com http://www.clicktosee.com ======================================================== From ismail at ismailozatay.net Thu Mar 20 10:13:39 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Thu Mar 20 10:14:27 2008 Subject: About spamassassin Message-ID: <012301c88a73$115e8b60$65cba8c0@pc> Hi friends , i am in a trouble with spamassassin.i have just installed a new centos5 pc and setup mailscanner.everything is good exept spamassassin lint test.here is the problem , [2411] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency 'FH_HOST_EQ_D_D_D_D' 0.00357 [2411] dbg: rules: meta test FM_SEX_HOSTDDDD has undefined dependency 'FH_HOST_EQ_D_D_D_D' subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID 0.00016 [2411] warn: lint: 2 issues detected, please rerun with debug enabled for more information how can i fix it ? thanks ismail -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/811f7feb/attachment.html From glenn.steen at gmail.com Thu Mar 20 10:24:20 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 20 10:24:54 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47E230E5.8080107@clicktosee.com> References: <47E230E5.8080107@clicktosee.com> Message-ID: <223f97700803200324jd8584bfwfa8202a76def90f8@mail.gmail.com> On 20/03/2008, Allen Jiang wrote: > On Tue, 18 Mar 2008 Glenn Steen wrote: > > >Thanks for checking back with us Allen. > >Could you try the "spamassassin --lint -D" as the postfix user as well? > >Might be as simple as having the wrong permissions on the SA .pre file > >containing the LoadPlugin line I mentioned. Also check (with less, or > >similar paginator) that you can read all the .pre files... Something > >like "less -e /etc/mail/spamassassin/*.pre", also as the postfix > >user... Hopefully it'll be that sinple:-). > > > Thanks for all! > I try the "spamassassin --lint -D" as the postfix user, but i haven't see any wrong. > I can read all the .pre files as the postfix user. > I have installed two postfix servers, but encount this same wrong! > > > -bash-3.00$ spamassassin --lint -D (snip) Hm. Not that then (why can't things be simple:-). Two things come to mind... Either you might have two different spamassassin installations (one of which is broken), or .... else there is some problem with your SA (obviously when called from MS:-)... The first is rather simple to check: make sure there is only one SpamAssassin.pm on the system... Something like locate SpamAssassin.pm or find / -name SpamAssassin.pm -print would show that ... How to clean up... well, that depends on method of install... Which leads us to the second: Where did you get the SpamAssassin you are using? From some repository, or Jules easy installation package? If the former, copuld you remove it and try install Jules package? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Thu Mar 20 10:47:17 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 20 10:48:22 2008 Subject: About spamassassin In-Reply-To: <012301c88a73$115e8b60$65cba8c0@pc> Message-ID: <11853017.331206010037958.JavaMail.root@office.splatnix.net> What are the warn messages in the lint ? we need to see them. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ismail OZATAY" wrote: > Hi friends , > > i am in a trouble with spamassassin.i have just installed a new > centos5 pc and setup mailscanner.everything is good exept spamassassin > lint test.here is the problem , > > > [2411] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency > 'FH_HOST_EQ_D_D_D_D' 0.00357 > [2411] dbg: rules: meta test FM_SEX_HOSTDDDD has undefined dependency > 'FH_HOST_EQ_D_D_D_D' > > subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID > 0.00016 > [2411] warn: lint: 2 issues detected, please rerun with debug enabled > for more information > > how can i fix it ? > > thanks > > ismail -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ms-list at alexb.ch Thu Mar 20 11:13:12 2008 From: ms-list at alexb.ch (Alex Broens) Date: Thu Mar 20 11:14:08 2008 Subject: About spamassassin In-Reply-To: <012301c88a73$115e8b60$65cba8c0@pc> References: <012301c88a73$115e8b60$65cba8c0@pc> Message-ID: <47E246C8.2080601@alexb.ch> On 3/20/2008 11:13 AM, Ismail OZATAY wrote: > Hi friends , > > i am in a trouble with spamassassin.i have just installed a new centos5 pc and setup mailscanner.everything is good exept spamassassin lint test.here is the problem , > > > [2411] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency 'FH_HOST_EQ_D_D_D_D' 0.00357 > [2411] dbg: rules: meta test FM_SEX_HOSTDDDD has undefined dependency 'FH_HOST_EQ_D_D_D_D' > > subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID 0.00016 > [2411] warn: lint: 2 issues detected, please rerun with debug enabled for more information > how can i fix it ? dependecies don't cause lint errors - they're just warnings due to borked meta rules. you'll find the real lint errors further up in the dbg data. Alex PS: this is more something for the SA list as its not a MailScanner issue. From ismail at ismailozatay.net Thu Mar 20 11:35:04 2008 From: ismail at ismailozatay.net (Ismail OZATAY) Date: Thu Mar 20 11:35:34 2008 Subject: About spamassassin References: <012301c88a73$115e8b60$65cba8c0@pc> <47E246C8.2080601@alexb.ch> Message-ID: <013701c88a7e$71538330$65cba8c0@pc> Thanks ----- Original Message ----- From: "Alex Broens" To: "MailScanner discussion" Sent: Thursday, March 20, 2008 1:13 PM Subject: Re: About spamassassin > On 3/20/2008 11:13 AM, Ismail OZATAY wrote: >> Hi friends , >> >> i am in a trouble with spamassassin.i have just installed a new centos5 >> pc and setup mailscanner.everything is good exept spamassassin lint >> test.here is the problem , >> >> >> [2411] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency >> 'FH_HOST_EQ_D_D_D_D' 0.00357 [2411] dbg: rules: meta test FM_SEX_HOSTDDDD >> has undefined dependency 'FH_HOST_EQ_D_D_D_D' >> >> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >> 0.00016 [2411] warn: lint: 2 issues detected, please rerun with debug >> enabled for more information >> how can i fix it ? > > dependecies don't cause lint errors - they're just warnings due to borked > meta rules. > > you'll find the real lint errors further up in the dbg data. > > Alex > PS: this is more something for the SA list as its not a MailScanner issue. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mkettler at evi-inc.com Thu Mar 20 14:45:35 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 20 14:46:22 2008 Subject: About spamassassin In-Reply-To: <47E246C8.2080601@alexb.ch> References: <012301c88a73$115e8b60$65cba8c0@pc> <47E246C8.2080601@alexb.ch> Message-ID: <47E2788F.8040209@evi-inc.com> Alex Broens wrote: > On 3/20/2008 11:13 AM, Ismail OZATAY wrote: >> Hi friends , >> >> i am in a trouble with spamassassin.i have just installed a new >> centos5 pc and setup mailscanner.everything is good exept spamassassin >> lint test.here is the problem , >> >> >> [2411] dbg: rules: meta test FM_DDDD_TIMES_2 has undefined dependency >> 'FH_HOST_EQ_D_D_D_D' 0.00357 [2411] dbg: rules: meta test >> FM_SEX_HOSTDDDD has undefined dependency 'FH_HOST_EQ_D_D_D_D' >> >> subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID >> 0.00016 [2411] warn: lint: 2 issues detected, please rerun with debug >> enabled for more information >> how can i fix it ? > > dependecies don't cause lint errors - they're just warnings due to > borked meta rules. > > you'll find the real lint errors further up in the dbg data. > > Alex > PS: this is more something for the SA list as its not a MailScanner issue. > And FYI, there's a SpamAssassin bug up about it: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5779 Looks like this was resolved in january, so a run of sa-update should clear it out. Unless someone screwed up and re-published an old rule... but that could never happen :-) From andreab at guttadauro.com Thu Mar 20 15:05:36 2008 From: andreab at guttadauro.com (Andrea Bazzanini) Date: Thu Mar 20 15:23:15 2008 Subject: How Many Rbl ?? Message-ID: <47E27D40.2010701@guttadauro.com> Hello Guys.. Realy esay question ... How many RBL ... in your opinion must be check by MS ??? I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... Thanks !!! -- _ ?v? Andrea Bazzanini, Guttadauro Sistemi /(_)\ Linux and Post Sales Suppport ^ ^ ZABBIX Certified Specialist T: 0331 - 245680 F: 0331 - 245608 -- Il messaggio e' stato analizzato alla ricerca di virus o contenuti pericolosi, ed e' risultato non infetto. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/920f4bc4/attachment.html From merkel at metalink.net Thu Mar 20 15:24:26 2008 From: merkel at metalink.net (Eric Merkel) Date: Thu Mar 20 15:25:19 2008 Subject: Spamhaus Message-ID: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> I got a letter today from spamhaus stating that we are using their DNSBL and need to start paying for it. I wasn't even aware we were using it but then remembered that mailscanner is setup to use. I have a call into them to see what their pricing is so I am not sure it is even worth it at this point. So if I want to disable using spamhaus, do I just need to comment out the following lines in the spam.lists.conf? spamhaus.org sbl.spamhaus.org. spamhaus-XBL xbl.spamhaus.org. spamhaus-PBL pbl.spamhaus.org. spamhaus-ZEN zen.spamhaus.org. SBL+XBL sbl-xbl.spamhaus.org. If I am also using spamassassin, do I need to change it's config to stop using it? I am running a recent copy of MailScanner on Centos 5.1. Thanks! ==== Eric Merkel MetaLINK Technologies, Inc -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/e80c41d6/attachment.html From rcooper at dwford.com Thu Mar 20 15:34:01 2008 From: rcooper at dwford.com (Rick Cooper) Date: Thu Mar 20 15:34:42 2008 Subject: ERROR::UNKNOWN CLAMD RETURN In-Reply-To: References: <47DA58BF.60502@ecs.soton.ac.uk> <223f97700803140458o1c66c2feue6f56f9077884d90@mail.gmail.com> <07af01c885f9$1bf0b590$0301a8c0@SAHOMELT> <223f97700803150254t18d8b20bm98f2298c1402c3d6@mail.gmail.com> <223f97700803150934u57803fvd010c8605a014bf6@mail.gmail.com> Message-ID: <030201c88a9f$d27b2ca0$0301a8c0@SAHOMELT> First of all sorry for disappearing last week but I got called away Fri afternoon and had surgery Monday so this is the first I felt up to trying to type. My personal opinion is that adding the clamav user and setting the supplementary groups option would have worked. When you setgid on tha directory it will create and access files with permissions inherited by the directory group (pretty much same as setuid) so that is why it works now. I recalled someone stating that is how they got around the issue but the supplementary groups option would have probably been the one I would have chose. _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Olivier FRANCHET Sent: Saturday, March 15, 2008 1:15 PM To: MailScanner discussion Subject: Re: ERROR::UNKNOWN CLAMD RETURN OK, I don't know why but I changer permissions for incoming folder to 640 + setgid and all work fine now! Clamd is running under clamav user. I don't remember what the permissions on this folder when I installed my email gateway. Thanks all. Cordialement/Regards, Olivier @ Dominux http://www.dominux.net mailscanner-bounces@lists.mailscanner.info a ?crit sur 15/03/2008 17:34:58 : > [image supprim?e] > > Re: ERROR::UNKNOWN CLAMD RETURN > > Glenn Steen > > en : > > MailScanner discussion > > 15/03/2008 17:53 > > Envoy? par : > > mailscanner-bounces@lists.mailscanner.info > > Veuillez r?pondre ? MailScanner discussion > > On 15/03/2008, Olivier FRANCHET wrote: > > > > So, now I did this : > > > > Uncommented this 2 lines in /etc/clamd.conf ;-) : > > > > User clamav > > AllowSupplementaryGroups yes > > > > > > Set the setgid for /var/spool/MailScanner/incoming (2660) : > > > > [root@centos MailScanner]# ll > > total 12 > > drwxrwS--- 8 postfix clamav 4096 mar 15 16:07 incoming > > drwx------ 5 postfix postfix 4096 mar 14 19:13 quarantine > > drwx------ 2 postfix postfix 4096 mar 11 23:46 spamassassin > > > > > > Config for incoming in MailScanner.conf : > > > > Incoming Work User = > > Incoming Work Group = clamav > > Incoming Work Permissions = 0640 > > > > > > Again the same error! Only work when clamd is under root !?! > > > Did you do as Rick suggested and add in the clamav user to the postfix group? > > For the rest... Do as Peter suggest and check (by use of su) that both > postfix and clamav can access the work directories. > > Cheers > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/8765ebe7/attachment.html From mailscanner at slackadelic.com Thu Mar 20 15:34:19 2008 From: mailscanner at slackadelic.com (Matt Hayes) Date: Thu Mar 20 15:35:07 2008 Subject: How Many Rbl ?? In-Reply-To: <47E27D40.2010701@guttadauro.com> References: <47E27D40.2010701@guttadauro.com> Message-ID: <47E283FB.1010009@slackadelic.com> Andrea Bazzanini wrote: > Hello Guys.. > > Realy esay question ... > > How many RBL ... in your opinion must be check by MS ??? > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > Thanks !!! > > -- > _ > ?v? Andrea Bazzanini, Guttadauro Sistemi > /(_)\ Linux and Post Sales Suppport > ^ ^ ZABBIX Certified Specialist > T: 0331 - 245680 F: 0331 - 245608 > > > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi, ed e' risultato non infetto. > I use two. But I don't do the RBL checks in Mailscanner.. I do them at the MTA level. -Matt From shuttlebox at gmail.com Thu Mar 20 15:54:49 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 20 15:55:24 2008 Subject: Spamhaus In-Reply-To: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> Message-ID: <625385e30803200854k57ce47f7yb5d293bd94fce6db@mail.gmail.com> On Thu, Mar 20, 2008 at 4:24 PM, Eric Merkel wrote: > > > I got a letter today from spamhaus stating that we are using their DNSBL and > need to start paying for it. I wasn't even aware we were using it but then > remembered that mailscanner is setup to use. I have a call into them to see > what their pricing is so I am not sure it is even worth it at this point. Check that you have DNS caching in your network so you don't call them unnecessary. > So if I want to disable using spamhaus, do I just need to comment out the > following lines in the spam.lists.conf? > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. No, that's just the file that defines the spam lists, it's the option "Spam List" in MailScanner.conf you want to check. It should be an empty line if you're checking RBLs in SA. > If I am also using spamassassin, do I need to change it's config to stop > using it? I am running a recent copy of MailScanner on Centos 5.1. Add this to mailscanner.cf (usually in /etc/mail/spamassassin): score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 You may have more of these, grep for RCVD in the file 50_scores.cf in the SA rule dir (might be something like /usr/share/spamassassin). -- /peter From list-mailscanner at linguaphone.com Thu Mar 20 15:46:54 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Thu Mar 20 16:08:04 2008 Subject: Spamhaus In-Reply-To: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> Message-ID: <1206028014.15296.10.camel@gblades-suse.linguaphone-intranet.co.uk> Spamhaus costs $500/year per 100 users. So if you have 150 users it is $1000/year. On Thu, 2008-03-20 at 15:24, Eric Merkel wrote: > I got a letter today from spamhaus stating that we are using their > DNSBL and need to start paying for it. I wasn't even aware we were > using it but then remembered that mailscanner is setup to use. I have > a call into them to see what their pricing is so I am not sure it is > even worth it at this point. > > So if I want to disable using spamhaus, do I just need to comment out > the following lines in the spam.lists.conf? > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. > > If I am also using spamassassin, do I need to change it's config to > stop using it? I am running a recent copy of MailScanner on Centos > 5.1. > > Thanks! > > ==== > Eric Merkel > MetaLINK Technologies, Inc > > > > ______________________________________________________________________ > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From temp at perm.it Thu Mar 20 16:12:43 2008 From: temp at perm.it (adam) Date: Thu Mar 20 16:13:48 2008 Subject: Installation order In-Reply-To: <47E18DDF.5020205@ecs.soton.ac.uk> References: <47E183DE.5090802@perm.it> <47E18DDF.5020205@ecs.soton.ac.uk> Message-ID: <47E28CFB.1050905@perm.it> Thanks Julian, and Scott for the link to the HOWTO. adam Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > adam wrote: >> Hi, >> >> I want to install MailScanner on CentOS 5.1, but after a couple of >> attempts I'm confused about what order I should be installing in. >> >> I assumed that the best approach would be Razor & DCC, then SpamAssassin >> and Clam from the developer's packages, then MailScanner rpms. The >> messages output by MailScanner and the SA set seem to conflict though. > That's pretty much completely backwards. > Install MailScanner first. > Then either ClamAV+SpamAssassin from my combined package, or else ClamAV > from RPMs at dag.wieers.com/rpm/packages/clamav and then SpamAssassin > alone from my combined package (it will ask you if you want it to > install ClamAV when you run it, just say "n"). > Then DCC. > Then Razor. > Using my package to install SpamAssassin will do a lot of the > configuration of it for you, along with installing all the > pre-requisites automatically. > >> Additionally, it looks like when you yum update CentOS 5.1 some of the >> perl module packages are removed as they've been incorporated into the >> main perl packages, which confuses the MailScanner installer! > Do a "yum update" before you start doing anything. When you later want > to upgrade Perl (which doesn't mean doing every little patch they > produce), uninstall the clashing RPMs (yum update will tell you what > they are), then "yum update" then reinstall MailScanner, which will > replace the RPMs you removed. Fairly simple really :-) > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH4Y3lEfZZRxQVtlQRAuhVAJ0Uj4hMQHEIJu6clbxm3VWx3o1OOgCbBtgT > rM9YQRdM6wcvP3/KyGKec/Q= > =ET0N > -----END PGP SIGNATURE----- > From bpirie at rma.edu Thu Mar 20 16:48:05 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Thu Mar 20 16:47:25 2008 Subject: Spamhaus In-Reply-To: <625385e30803200854k57ce47f7yb5d293bd94fce6db@mail.gmail.com> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> <625385e30803200854k57ce47f7yb5d293bd94fce6db@mail.gmail.com> Message-ID: <47E29545.4020500@rma.edu> I set this up recently on a new mail gateway, with: score RCVD_IN_SBL 0.0 score RCVD_IN_XBL 0.0 score RCVD_IN_PBL 0.0 in spam.assassin.prefs.conf (mailscanner.cf is a symlink to this file) (the whitespace is spaces, not tabs, if it matters, but that appears to be the way other entries in the file are formatted) After reading this, on a whim, I decided to run a mailwatch report on each of these rules, via "Spam Report contains 'RCVD_IN_PBL'" and lo and behold I got thousands of results for each of the three tests. I'm confused. Shouldn't these tests be disabled with the above settings? Brendan shuttlebox wrote: > On Thu, Mar 20, 2008 at 4:24 PM, Eric Merkel wrote: >> >> I got a letter today from spamhaus stating that we are using their DNSBL and >> need to start paying for it. I wasn't even aware we were using it but then >> remembered that mailscanner is setup to use. I have a call into them to see >> what their pricing is so I am not sure it is even worth it at this point. > > Check that you have DNS caching in your network so you don't call them > unnecessary. > >> So if I want to disable using spamhaus, do I just need to comment out the >> following lines in the spam.lists.conf? >> >> spamhaus.org sbl.spamhaus.org. >> spamhaus-XBL xbl.spamhaus.org. >> spamhaus-PBL pbl.spamhaus.org. >> spamhaus-ZEN zen.spamhaus.org. >> SBL+XBL sbl-xbl.spamhaus.org. > > No, that's just the file that defines the spam lists, it's the option > "Spam List" in MailScanner.conf you want to check. It should be an > empty line if you're checking RBLs in SA. > >> If I am also using spamassassin, do I need to change it's config to stop >> using it? I am running a recent copy of MailScanner on Centos 5.1. > > Add this to mailscanner.cf (usually in /etc/mail/spamassassin): > > score RCVD_IN_SBL 0 > score RCVD_IN_XBL 0 > score RCVD_IN_PBL 0 > > You may have more of these, grep for RCVD in the file 50_scores.cf in > the SA rule dir (might be something like /usr/share/spamassassin). > From mkettler at evi-inc.com Thu Mar 20 17:23:22 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 20 17:24:11 2008 Subject: How Many Rbl ?? In-Reply-To: <47E27D40.2010701@guttadauro.com> References: <47E27D40.2010701@guttadauro.com> Message-ID: <47E29D8A.6090707@evi-inc.com> Andrea Bazzanini wrote: > Hello Guys.. > > Realy esay question ... > > How many RBL ... in your opinion must be check by MS ??? > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > Thanks !!! The answer depends a lot on how bad FPs are for you. I trust zero RBLs enough to use for outright blacklisting. At the MTA layer, I use 3 RBLs to trigger greylisting. (yes, unlike most greylist configs, I don't greylist by default, but use milter-greylist's access lists to selectively greylist email that's highly likely to be spam). This is acceptable to me, as the only consequence of false positive is late email. At the MailScanner layer, I use 0 RBLs, as I trust no RBL completely. At the SpamAssassin layer, I use all the default RBLs. That's acceptable to me because the scoring mechanism makes it very unlikely the RBL will cause a FP, as it would also have to match other spam rules. From mkettler at evi-inc.com Thu Mar 20 17:43:56 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 20 17:44:50 2008 Subject: Spamhaus In-Reply-To: <625385e30803200854k57ce47f7yb5d293bd94fce6db@mail.gmail.com> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> <625385e30803200854k57ce47f7yb5d293bd94fce6db@mail.gmail.com> Message-ID: <47E2A25C.9000807@evi-inc.com> shuttlebox wrote: > On Thu, Mar 20, 2008 at 4:24 PM, Eric Merkel wrote: >> If I am also using spamassassin, do I need to change it's config to stop >> using it? I am running a recent copy of MailScanner on Centos 5.1. > > Add this to mailscanner.cf (usually in /etc/mail/spamassassin): > > score RCVD_IN_SBL 0 > score RCVD_IN_XBL 0 > score RCVD_IN_PBL 0 > > You may have more of these, grep for RCVD in the file 50_scores.cf in > the SA rule dir (might be something like /usr/share/spamassassin). That won't work. Well, it will stop the rules from matching, but won't stop the DNS lookups from happening. The way to completely disable an RBL is to assign a zero score to the base rule for that RBL, not the sub-rules. Look in 20_dnsbl.cf for the corresponding rule that uses check_rbl, instead of check_rbl_sub. (and yes, this works even when the base rule isn't scored due to it's name starting with double underscore) Assuming a reasonably recent version of SpamAssassin you'd use: score __RCVD_IN_ZEN 0 In older versions it would be: score __RCVD_IN_SBL_XBL 0 From MailScanner at ecs.soton.ac.uk Thu Mar 20 18:00:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 20 18:01:58 2008 Subject: How Many Rbl ?? In-Reply-To: <47E27D40.2010701@guttadauro.com> References: <47E27D40.2010701@guttadauro.com> Message-ID: <47E2A637.1090204@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1 or 2 at most. I just use spamhaus-ZEN. Many people put none in there at all, and leave SpamAssassin to do all the work, or else block by blacklist at the MTA level. Andrea Bazzanini wrote: > Hello Guys.. > > Realy esay question ... > > How many RBL ... in your opinion must be check by MS ??? > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > Thanks !!! > -- > _ > ?v? Andrea Bazzanini, Guttadauro Sistemi > /(_)\ Linux and Post Sales Suppport > ^ ^ ZABBIX Certified Specialist > T: 0331 - 245680 F: 0331 - 245608 > > > > -- > Il messaggio e' stato analizzato alla ricerca di virus o > contenuti pericolosi, ed e' risultato non infetto. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-15 wj8DBQFH4qY6EfZZRxQVtlQRAh+2AJsG5KE97WkipxDDPVZssR4tT05TZACghLVE NZ9pITqlu/quJzZD2lbF+8k= =jGzt -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 20 18:03:40 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 20 18:04:02 2008 Subject: Spamhaus In-Reply-To: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> Message-ID: <47E2A6FC.1090807@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Merkel wrote: > I got a letter today from spamhaus stating that we are using their > DNSBL and need to start paying for it. I wasn't even aware we were > using it but then remembered that mailscanner is setup to use. I have > a call into them to see what their pricing is so I am not sure it is > even worth it at this point. > > So if I want to disable using spamhaus, do I just need to comment out > the following lines in the spam.lists.conf? > > spamhaus.org sbl.spamhaus.org. > spamhaus-XBL xbl.spamhaus.org. > spamhaus-PBL pbl.spamhaus.org. > spamhaus-ZEN zen.spamhaus.org. > SBL+XBL sbl-xbl.spamhaus.org. No, take them out of your "Spam Lists = " setting in MailScanner.conf. > If I am also using spamassassin, do I need to change it's config to > stop using it? I am running a recent copy of MailScanner on Centos 5.1. Yes, you do. In you spam.assassin.prefs.conf add these lines: score RCVD_IN_SBL 0 score RCVD_IN_PBL 0 score RCVD_IN_XBL 0 and restart MailScanner. Personally, I think the lists are well worth the money, but I get the educational discount :-) > > Thanks! > > ==== > Eric Merkel > MetaLINK Technologies, Inc > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.1 (Build 2523) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH4qb/EfZZRxQVtlQRArUVAJ0YUzNfcBIsquaMjXO9R+bY9W1pJQCg0YX0 iwP65RRh6nfhUYDj3fEtJW0= =Ax6W -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ccrymes at gmail.com Thu Mar 20 18:26:48 2008 From: ccrymes at gmail.com (Chris Crymes) Date: Thu Mar 20 18:27:33 2008 Subject: Spamhaus In-Reply-To: <47E2A6FC.1090807@ecs.soton.ac.uk> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> <47E2A6FC.1090807@ecs.soton.ac.uk> Message-ID: <657642c50803201126q66f5735did016c1f4ca7b0564@mail.gmail.com> You can check here to see if you meet the free or paid usage. http://www.spamhaus.org/organization/dnsblusage.html On Thu, Mar 20, 2008 at 1:03 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Eric Merkel wrote: > > I got a letter today from spamhaus stating that we are using their > > DNSBL and need to start paying for it. I wasn't even aware we were > > using it but then remembered that mailscanner is setup to use. I have > > a call into them to see what their pricing is so I am not sure it is > > even worth it at this point. > > > > So if I want to disable using spamhaus, do I just need to comment out > > the following lines in the spam.lists.conf? > > > > spamhaus.org sbl.spamhaus.org. > > spamhaus-XBL xbl.spamhaus.org. > > spamhaus-PBL pbl.spamhaus.org. > > spamhaus-ZEN zen.spamhaus.org. > > SBL+XBL sbl-xbl.spamhaus.org. > No, take them out of your "Spam Lists = " setting in MailScanner.conf. > > If I am also using spamassassin, do I need to change it's config to > > stop using it? I am running a recent copy of MailScanner on Centos 5.1. > Yes, you do. In you spam.assassin.prefs.conf add these lines: > score RCVD_IN_SBL 0 > score RCVD_IN_PBL 0 > score RCVD_IN_XBL 0 > and restart MailScanner. > > Personally, I think the lists are well worth the money, but I get the > educational discount :-) > > > > > Thanks! > > > > ==== > > Eric Merkel > > MetaLINK Technologies, Inc > > > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.1 (Build 2523) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH4qb/EfZZRxQVtlQRArUVAJ0YUzNfcBIsquaMjXO9R+bY9W1pJQCg0YX0 > iwP65RRh6nfhUYDj3fEtJW0= > =Ax6W > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Chris Crymes ccrymes@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/e0921a96/attachment.html From jaearick at colby.edu Thu Mar 20 18:36:26 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 20 18:37:05 2008 Subject: Spamhaus In-Reply-To: <657642c50803201126q66f5735did016c1f4ca7b0564@mail.gmail.com> References: <013201c88a9e$7bc93970$27c8a8c0@staff.metalink.net> <47E2A6FC.1090807@ecs.soton.ac.uk> <657642c50803201126q66f5735did016c1f4ca7b0564@mail.gmail.com> Message-ID: Our site got dinged for the pay-for-use in December. I grumbled, but SpamHaus is well worth the money. We block between 150K and 200K connections a day with it, far more than the legit email that we get. Jeff Earickson Colby College On Thu, 20 Mar 2008, Chris Crymes wrote: > Date: Thu, 20 Mar 2008 13:26:48 -0500 > From: Chris Crymes > Reply-To: MailScanner discussion > To: MailScanner discussion > Subject: Re: Spamhaus > > You can check here to see if you meet the free or paid usage. > > http://www.spamhaus.org/organization/dnsblusage.html > > > > On Thu, Mar 20, 2008 at 1:03 PM, Julian Field > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Eric Merkel wrote: >>> I got a letter today from spamhaus stating that we are using their >>> DNSBL and need to start paying for it. I wasn't even aware we were >>> using it but then remembered that mailscanner is setup to use. I have >>> a call into them to see what their pricing is so I am not sure it is >>> even worth it at this point. >>> >>> So if I want to disable using spamhaus, do I just need to comment out >>> the following lines in the spam.lists.conf? >>> >>> spamhaus.org sbl.spamhaus.org. >>> spamhaus-XBL xbl.spamhaus.org. >>> spamhaus-PBL pbl.spamhaus.org. >>> spamhaus-ZEN zen.spamhaus.org. >>> SBL+XBL sbl-xbl.spamhaus.org. >> No, take them out of your "Spam Lists = " setting in MailScanner.conf. >>> If I am also using spamassassin, do I need to change it's config to >>> stop using it? I am running a recent copy of MailScanner on Centos 5.1. >> Yes, you do. In you spam.assassin.prefs.conf add these lines: >> score RCVD_IN_SBL 0 >> score RCVD_IN_PBL 0 >> score RCVD_IN_XBL 0 >> and restart MailScanner. >> >> Personally, I think the lists are well worth the money, but I get the >> educational discount :-) >> >>> >>> Thanks! >>> >>> ==== >>> Eric Merkel >>> MetaLINK Technologies, Inc >>> >> >> Jules >> >> - -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.8.1 (Build 2523) >> Comment: Use Thunderbird Enigmail to verify this message >> Charset: ISO-8859-1 >> >> wj8DBQFH4qb/EfZZRxQVtlQRArUVAJ0YUzNfcBIsquaMjXO9R+bY9W1pJQCg0YX0 >> iwP65RRh6nfhUYDj3fEtJW0= >> =Ax6W >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > > > > -- > Chris Crymes > ccrymes@gmail.com > From devonharding at gmail.com Thu Mar 20 19:26:45 2008 From: devonharding at gmail.com (Devon Harding) Date: Thu Mar 20 19:27:19 2008 Subject: BAYES_00 Message-ID: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> I seemed to be getting obvious spam lately and the root cause seems to be BAYES_00, which is giving the message a score of -2.60. Now I recently rebuilt bayes from the starter db from fsl.com. What could be causing this? -Devon -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/124342ec/attachment.html From ssilva at sgvwater.com Thu Mar 20 19:43:42 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 20 19:43:18 2008 Subject: BAYES_00 In-Reply-To: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> Message-ID: on 3-20-2008 12:26 PM Devon Harding spake the following: > I seemed to be getting obvious spam lately and the root cause seems to > be BAYES_00, which is giving the message a score of -2.60. Now I > recently rebuilt bayes from the starter db from fsl.com > . What could be causing this? > > -Devon > With a fresh bayes db it will take some time to train. Try and submit all the spam you find to sa-learn and start training it better. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/548fafa0/signature.bin From shuttlebox at gmail.com Thu Mar 20 20:02:07 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 20 20:02:43 2008 Subject: BAYES_00 In-Reply-To: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> Message-ID: <625385e30803201302m7f5ca435mdea5e27897891f49@mail.gmail.com> On Thu, Mar 20, 2008 at 8:26 PM, Devon Harding wrote: > I seemed to be getting obvious spam lately and the root cause seems to be > BAYES_00, which is giving the message a score of -2.60. Now I recently > rebuilt bayes from the starter db from fsl.com. What could be causing this? It's pretty easy to circumvent Bayes by including some lines of text from a book for example. Either you can spend time training Bayes all the time or you can lower the negative scores. I have something like -0.5 for BAYES_00. -- /peter From devonharding at gmail.com Thu Mar 20 20:03:39 2008 From: devonharding at gmail.com (Devon Harding) Date: Thu Mar 20 20:04:12 2008 Subject: BAYES_00 In-Reply-To: References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> Message-ID: <2baac6140803201303m6f8f590fj4679a46433c08641@mail.gmail.com> On Thu, Mar 20, 2008 at 3:43 PM, Scott Silva wrote: > on 3-20-2008 12:26 PM Devon Harding spake the following: > > I seemed to be getting obvious spam lately and the root cause seems to > > be BAYES_00, which is giving the message a score of -2.60. Now I > > recently rebuilt bayes from the starter db from fsl.com > > . What could be causing this? > > > > -Devon > > > With a fresh bayes db it will take some time to train. Try and submit all > the > spam you find to sa-learn and start training it better. > > -- > What's the process in doing this as the message has already passed as clean? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/d4e71008/attachment.html From glenn.steen at gmail.com Thu Mar 20 20:12:30 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 20 20:13:05 2008 Subject: How Many Rbl ?? In-Reply-To: <47E29D8A.6090707@evi-inc.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> Message-ID: <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> On 20/03/2008, Matt Kettler wrote: > Andrea Bazzanini wrote: > > Hello Guys.. > > > > Realy esay question ... > > > > How many RBL ... in your opinion must be check by MS ??? > > > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > > > Thanks !!! > > > The answer depends a lot on how bad FPs are for you. > > I trust zero RBLs enough to use for outright blacklisting. > > At the MTA layer, I use 3 RBLs to trigger greylisting. (yes, unlike most > greylist configs, I don't greylist by default, but use milter-greylist's access > lists to selectively greylist email that's highly likely to be spam). This is (Aside: I'm meaning to implement this, since it would be OK with the current Swedish laws.... AICS... and would help... You're not the only one sitting up and paying attention Matt:-):-)) > acceptable to me, as the only consequence of false positive is late email. > > At the MailScanner layer, I use 0 RBLs, as I trust no RBL completely. Actually... If you want a block, but not a reject..... This is where I'd put the very few (1, perhaps 2)... But only if your spamactions include "store"... or are only labling as SPAM. > At the SpamAssassin layer, I use all the default RBLs. That's acceptable to me > because the scoring mechanism makes it very unlikely the RBL will cause a FP, as > it would also have to match other spam rules. > Same here. Cheers & Happy Easter! -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mikael at syska.dk Thu Mar 20 20:15:51 2008 From: mikael at syska.dk (Mikael Syska) Date: Thu Mar 20 20:16:38 2008 Subject: How Many Rbl ?? In-Reply-To: <47E29D8A.6090707@evi-inc.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> Message-ID: <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> Hi, That sounds like a interesting setup, that we also might want to use here ... ATM we have: Postfix + MS + SA + AV 1 RBL at Postfix .... What MTA are you using ? Sendmail or Postfix ? Seems like a good idea to use rbl and if 2 or more hits, do postgrey ..... havent thought of it .... If you are not using postfix, you know a way to do it with postfix ? // ouT On Thu, Mar 20, 2008 at 6:23 PM, Matt Kettler wrote: > Andrea Bazzanini wrote: > > Hello Guys.. > > > > Realy esay question ... > > > > How many RBL ... in your opinion must be check by MS ??? > > > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > > > Thanks !!! > > The answer depends a lot on how bad FPs are for you. > > I trust zero RBLs enough to use for outright blacklisting. > > At the MTA layer, I use 3 RBLs to trigger greylisting. (yes, unlike most > greylist configs, I don't greylist by default, but use milter-greylist's access > lists to selectively greylist email that's highly likely to be spam). This is > acceptable to me, as the only consequence of false positive is late email. > > At the MailScanner layer, I use 0 RBLs, as I trust no RBL completely. > > At the SpamAssassin layer, I use all the default RBLs. That's acceptable to me > because the scoring mechanism makes it very unlikely the RBL will cause a FP, as > it would also have to match other spam rules. > > > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From devonharding at gmail.com Thu Mar 20 20:20:29 2008 From: devonharding at gmail.com (Devon Harding) Date: Thu Mar 20 20:21:03 2008 Subject: BAYES_00 In-Reply-To: <625385e30803201302m7f5ca435mdea5e27897891f49@mail.gmail.com> References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> <625385e30803201302m7f5ca435mdea5e27897891f49@mail.gmail.com> Message-ID: <2baac6140803201320v2a4c26behf22068bf137b63bd@mail.gmail.com> On Thu, Mar 20, 2008 at 4:02 PM, shuttlebox wrote: > On Thu, Mar 20, 2008 at 8:26 PM, Devon Harding > wrote: > > I seemed to be getting obvious spam lately and the root cause seems to > be > > BAYES_00, which is giving the message a score of -2.60. Now I recently > > rebuilt bayes from the starter db from fsl.com. What could be causing > this? > > It's pretty easy to circumvent Bayes by including some lines of text > from a book for example. Either you can spend time training Bayes all > the time or you can lower the negative scores. > > I have something like -0.5 for BAYES_00. > > -- > /peter > Gotcha, and just change this in spam.assassin.prefs.conf? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/990dec39/attachment-0001.html From shuttlebox at gmail.com Thu Mar 20 20:32:29 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 20 20:33:09 2008 Subject: How Many Rbl ?? In-Reply-To: <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> Message-ID: <625385e30803201332k2f0a7502h61910342d5dce6a2@mail.gmail.com> On Thu, Mar 20, 2008 at 9:12 PM, Glenn Steen wrote: > (Aside: I'm meaning to implement this, since it would be OK with the > current Swedish laws.... AICS... and would help... You're not the only > one sitting up and paying attention Matt:-):-)) Look into milter-greylist, I know there are some Postfix users. It's extremely flexible, like another software we like. :-) More info on the wiki I have just set up: http://milter-greylist.wikidot.com. Maybe you can write some about Postfix. ;-) -- /peter From shuttlebox at gmail.com Thu Mar 20 20:39:31 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 20 20:40:14 2008 Subject: BAYES_00 In-Reply-To: <2baac6140803201320v2a4c26behf22068bf137b63bd@mail.gmail.com> References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> <625385e30803201302m7f5ca435mdea5e27897891f49@mail.gmail.com> <2baac6140803201320v2a4c26behf22068bf137b63bd@mail.gmail.com> Message-ID: <625385e30803201339w28e68acbm26854916e5611cc3@mail.gmail.com> On Thu, Mar 20, 2008 at 9:20 PM, Devon Harding wrote: > Gotcha, and just change this in spam.assassin.prefs.conf? Yes, that would override the defaults. Something like: score BAYES_00 -0.5 You probably need to change most of the BAYES_?? scores so you get reasonable increments from BAYES_00 to BAYES_99. -- /peter From hvdkooij at vanderkooij.org Thu Mar 20 21:15:10 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 20 21:16:24 2008 Subject: About spamassassin In-Reply-To: <47E2788F.8040209@evi-inc.com> References: <012301c88a73$115e8b60$65cba8c0@pc> <47E246C8.2080601@alexb.ch> <47E2788F.8040209@evi-inc.com> Message-ID: <47E2D3DE.6050905@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: | Looks like this was resolved in january, so a run of sa-update should | clear it out. Unless someone screwed up and re-published an old rule... | but that could never happen :-) And pigs get FAA certifications all the time ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH4tPcBvzDRVjxmYERAojWAJ49gpHyWToMpzsUyTIh4XtcPB/VigCgkkKd By+OWlJTAhPelNIkK+HxGag= =KX69 -----END PGP SIGNATURE----- From agross at gcpsite.com Thu Mar 20 21:31:37 2008 From: agross at gcpsite.com (Adam Gross) Date: Thu Mar 20 21:32:26 2008 Subject: BAYES_00 References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> <2baac6140803201303m6f8f590fj4679a46433c08641@mail.gmail.com> Message-ID: <4487B1717589544792AD581CC5D2EC2E7778@GCPMASTER.gpocorp.local> Easiest thing... Go into your respective non-spam and spam directories... Non-spam directories, run: Sa-learn -ham *.* Spam directories, run: Sa-learn -spam *.* Anything you still have that this new bayes db doesn't know about is new, so far as bayes is concerned. -Adam From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Devon Harding Sent: Thursday, March 20, 2008 4:04 PM To: MailScanner discussion Subject: Re: BAYES_00 On Thu, Mar 20, 2008 at 3:43 PM, Scott Silva wrote: on 3-20-2008 12:26 PM Devon Harding spake the following: > I seemed to be getting obvious spam lately and the root cause seems to > be BAYES_00, which is giving the message a score of -2.60. Now I > recently rebuilt bayes from the starter db from fsl.com > . What could be causing this? > > -Devon > With a fresh bayes db it will take some time to train. Try and submit all the spam you find to sa-learn and start training it better. -- What's the process in doing this as the message has already passed as clean? ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. ------------------------------------------------------------ ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/00888f31/attachment.html From mkettler at evi-inc.com Thu Mar 20 21:36:44 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 20 21:37:37 2008 Subject: How Many Rbl ?? In-Reply-To: <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> Message-ID: <47E2D8EC.8040308@evi-inc.com> Mikael Syska wrote: > Hi, > > That sounds like a interesting setup, that we also might want to use here ... > > ATM we have: > Postfix + MS + SA + AV > > 1 RBL at Postfix .... > > What MTA are you using ? Sendmail or Postfix ? Seems like a good idea > to use rbl and if 2 or more hits, do postgrey ..... havent thought of > it .... I'm using Sendmail, with milter-greylist to implement the greylist. milter-greylist's ACLs are really very flexible, and can even do posix basic regular expressions on host names or email addresses. (or if you turn on an option, they'll use posix extended regex, but that's off by default for compatibility reasons.) The whole thing has really evolved into a powerful ACL system, that just happens to have greylist as a possible action on ACL match in addition to whitelist and blacklist. > If you are not using postfix, you know a way to do it with postfix ? AFAIK, milter-greylist is also compatible with postfix, at least the milter-greylist hompage claims it works with postfix 2.3. It's just a milter, and postfix supports milters, so that seems like a reasonable claim. milter-greylist's homepage: http://hcpnet.free.fr/milter-greylist/ From peter at farrows.org Thu Mar 20 21:42:26 2008 From: peter at farrows.org (Peter Farrow) Date: Thu Mar 20 21:43:16 2008 Subject: How Many Rbl ?? In-Reply-To: <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> Message-ID: <47E2DA42.7040001@farrows.org> Glenn Steen wrote: > On 20/03/2008, Matt Kettler wrote: > >> Andrea Bazzanini wrote: >> > Hello Guys.. >> > >> > Realy esay question ... >> > >> > How many RBL ... in your opinion must be check by MS ??? >> > >> > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... >> > >> > Thanks !!! >> >> >> The answer depends a lot on how bad FPs are for you. >> >> I trust zero RBLs enough to use for outright blacklisting. >> >> At the MTA layer, I use 3 RBLs to trigger greylisting. (yes, unlike most >> greylist configs, I don't greylist by default, but use milter-greylist's access >> lists to selectively greylist email that's highly likely to be spam). This is >> > (Aside: I'm meaning to implement this, since it would be OK with the > current Swedish laws.... AICS... and would help... You're not the only > one sitting up and paying attention Matt:-):-)) > >> acceptable to me, as the only consequence of false positive is late email. >> >> At the MailScanner layer, I use 0 RBLs, as I trust no RBL completely. >> > Actually... If you want a block, but not a reject..... This is where > I'd put the very few (1, perhaps 2)... But only if your spamactions > include "store"... or are only labling as SPAM. > > >> At the SpamAssassin layer, I use all the default RBLs. That's acceptable to me >> because the scoring mechanism makes it very unlikely the RBL will cause a FP, as >> it would also have to match other spam rules. >> >> > Same here. > > Cheers & Happy Easter! > I do all my RBL blacklisting at MTA level, I use the main ones such as Spamcop and Spamhaus plus a few others, if you're on a blacklist I don't accept email from you period....no ifs no buts, I process a few million emails a month for my clients and get no complaints! It reduces the load dramatically on the MailScanners because its a black and white decision made at MTA level. Works flawlessly for me and my clients... Regards Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080320/cee1f4f3/attachment.html From allenjiang at clicktosee.com Fri Mar 21 09:41:17 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Fri Mar 21 09:43:04 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47E382BD.50309@clicktosee.com> on Thu, 20 Mar 2008 Glenn Steen wrote£º >Hm. Not that then (why can't things be simple:-). >Two things come to mind... Either you might have two different >spamassassin installations (one of which is broken), or .... else >there is some problem with your SA (obviously when called from >MS:-)... The first is rather simple to check: >make sure there is only one SpamAssassin.pm on the system... Something like >locate SpamAssassin.pm >or >find / -name SpamAssassin.pm -print >would show that ... >How to clean up... well, that depends on method of install... Which >leads us to the second: >Where did you get the SpamAssassin you are using? From some >repository, or Jules easy installation package? If the former, copuld >you remove it and try install Jules package? Successed! I used yum install SpamAssassin in centos 4.4. Today, I download the SpamAssassin from spamassassin.apache.org and run it, find the wrong is disapear! Thank you, Glenn! -- ======================================================== msn: long976@hotmail.com http://www.clicktosee.com ======================================================== From glenn.steen at gmail.com Fri Mar 21 11:02:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 21 11:02:54 2008 Subject: How Many Rbl ?? In-Reply-To: <47E2D8EC.8040308@evi-inc.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> <47E2D8EC.8040308@evi-inc.com> Message-ID: <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> On 20/03/2008, Matt Kettler wrote: > Mikael Syska wrote: > > Hi, > > > > That sounds like a interesting setup, that we also might want to use here ... > > > > ATM we have: > > Postfix + MS + SA + AV > > > > 1 RBL at Postfix .... > > > > What MTA are you using ? Sendmail or Postfix ? Seems like a good idea > > to use rbl and if 2 or more hits, do postgrey ..... havent thought of > > it .... > > > I'm using Sendmail, with milter-greylist to implement the greylist. > > milter-greylist's ACLs are really very flexible, and can even do posix basic > regular expressions on host names or email addresses. (or if you turn on an > option, they'll use posix extended regex, but that's off by default for > compatibility reasons.) > > The whole thing has really evolved into a powerful ACL system, that just happens > to have greylist as a possible action on ACL match in addition to whitelist and > blacklist. > > > > > If you are not using postfix, you know a way to do it with postfix ? > > > AFAIK, milter-greylist is also compatible with postfix, at least the > milter-greylist hompage claims it works with postfix 2.3. > > It's just a milter, and postfix supports milters, so that seems like a > reasonable claim. > > milter-greylist's homepage: > > http://hcpnet.free.fr/milter-greylist/ > milter-greylist was the reason we fixed up MailScanners postfix support to handle milters correctly ... We have at leats one happy customer (Nerijus Baliunas)... I think this is where I'll go eventually, when other work let up a bit. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Mar 21 11:05:42 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 21 11:06:18 2008 Subject: How Many Rbl ?? In-Reply-To: <47E2DA42.7040001@farrows.org> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <223f97700803201312l569586eq3eb5efcc9426b233@mail.gmail.com> <47E2DA42.7040001@farrows.org> Message-ID: <223f97700803210405pc9b4286x597f216fc323b65b@mail.gmail.com> On 20/03/2008, Peter Farrow wrote: > > Glenn Steen wrote: > On 20/03/2008, Matt Kettler wrote: > > > Andrea Bazzanini wrote: > > Hello Guys.. > > > > Realy esay question ... > > > > How many RBL ... in your opinion must be check by MS ??? > > > > I have added 5 rbl into my MS config file .... spamcop, spamhouse etc.... > > > > Thanks !!! > > > The answer depends a lot on how bad FPs are for you. > > I trust zero RBLs enough to use for outright blacklisting. > > At the MTA layer, I use 3 RBLs to trigger greylisting. (yes, unlike most > greylist configs, I don't greylist by default, but use milter-greylist's > access > lists to selectively greylist email that's highly likely to be spam). This > is > > (Aside: I'm meaning to implement this, since it would be OK with the > current Swedish laws.... AICS... and would help... You're not the only > one sitting up and paying attention Matt:-):-)) > > > acceptable to me, as the only consequence of false positive is late email. > > At the MailScanner layer, I use 0 RBLs, as I trust no RBL completely. > > Actually... If you want a block, but not a reject..... This is where > I'd put the very few (1, perhaps 2)... But only if your spamactions > include "store"... or are only labling as SPAM. > > > > At the SpamAssassin layer, I use all the default RBLs. That's acceptable to > me > because the scoring mechanism makes it very unlikely the RBL will cause a > FP, as > it would also have to match other spam rules. > > > Same here. > > Cheers & Happy Easter! > > I do all my RBL blacklisting at MTA level, I use the main ones such as > Spamcop and Spamhaus plus a few others, if you're on a blacklist I don't > accept email from you period....no ifs no buts, I process a few million > emails a month for my clients and get no complaints! > > It reduces the load dramatically on the MailScanners because its a black > and white decision made at MTA level. > > Works flawlessly for me and my clients... > > Regards > > Pete > Good for you! If there is a point to my ramblings, it'd probably be that everyones situation is different... More policy than technology... as usual:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Fri Mar 21 15:14:57 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 15:15:43 2008 Subject: Email.Phishing.RB-3083 tripping FPs Message-ID: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> Hello All, Having problems with this one particular Phishing rule deleting off email. I thought that this mail would be quarantined, but it is not. I've not revisited my rules to figure why it is being deleted.. doing that now. However, this phishing rule is tagging way too many emails from valid users (most of which are from and to domain users, but not all). >The following e-mails were found to have: Virus Detected > > Sender: someone@mydomain.com >IP Address: 69.250.4.68 > Recipient: someoneelse@mydomian.com > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We > received your Compete-At inqu... > MessageID: m2KN5TCt032450 >Quarantine: /var/spool/mqueue.arc > Report: ClamAVModule: message was infected: Email.Phishing.RB-3083 > >Full headers are: Any suggestions on how to deal with this one phishing rule? None of the others trigger FPs. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Fri Mar 21 15:35:49 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Mar 21 15:36:33 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> Message-ID: <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> What clamav signature file is that from? I don't see it in any of mine including the sanesecurity ones. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 21, 2008 11:15 AM To: MailScanner mailing list Subject: Email.Phishing.RB-3083 tripping FPs Hello All, Having problems with this one particular Phishing rule deleting off email. I thought that this mail would be quarantined, but it is not. I've not revisited my rules to figure why it is being deleted.. doing that now. However, this phishing rule is tagging way too many emails from valid users (most of which are from and to domain users, but not all). >The following e-mails were found to have: Virus Detected > > Sender: someone@mydomain.com >IP Address: 69.250.4.68 > Recipient: someoneelse@mydomian.com > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received >your Compete-At inqu... > MessageID: m2KN5TCt032450 >Quarantine: /var/spool/mqueue.arc > Report: ClamAVModule: message was infected: >Email.Phishing.RB-3083 > >Full headers are: Any suggestions on how to deal with this one phishing rule? None of the others trigger FPs. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From brose at med.wayne.edu Fri Mar 21 16:03:35 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Mar 21 16:04:13 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> Message-ID: <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> Run freshclam because they must have pulled it because I don't have it. I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not Email.Phishing.RB-3083 and freshclam says I'm current. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Friday, March 21, 2008 11:36 AM To: MailScanner discussion Subject: RE: Email.Phishing.RB-3083 tripping FPs What clamav signature file is that from? I don't see it in any of mine including the sanesecurity ones. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 21, 2008 11:15 AM To: MailScanner mailing list Subject: Email.Phishing.RB-3083 tripping FPs Hello All, Having problems with this one particular Phishing rule deleting off email. I thought that this mail would be quarantined, but it is not. I've not revisited my rules to figure why it is being deleted.. doing that now. However, this phishing rule is tagging way too many emails from valid users (most of which are from and to domain users, but not all). >The following e-mails were found to have: Virus Detected > > Sender: someone@mydomain.com >IP Address: 69.250.4.68 > Recipient: someoneelse@mydomian.com > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received >your Compete-At inqu... > MessageID: m2KN5TCt032450 >Quarantine: /var/spool/mqueue.arc > Report: ClamAVModule: message was infected: >Email.Phishing.RB-3083 > >Full headers are: Any suggestions on how to deal with this one phishing rule? None of the others trigger FPs. Thanks, Glenn -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From greg at blastzone.com Fri Mar 21 16:19:18 2008 From: greg at blastzone.com (Greg Deputy) Date: Fri Mar 21 16:20:02 2008 Subject: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log Message-ID: <081501c88b6f$5084cb90$f18e62b0$@com> I'm running debian etch, just upgraded to MailScanner 4.67.6 from 4.66.5. I suddenly stopped seeing MailScanner logging in my /var/log/mail.log file a few weeks back in 4.66.5 and could never find out why. I thought maybe upgrading to the latest version would fix it, but no go. I could use some help to figure out why. I do get the startup messages when MailScanner starts, like below: Mar 21 09:04:01 mx1 MailScanner[17339]: MailScanner E-Mail Virus Scanner version 4.67.6 starting... Mar 21 09:04:02 mx1 MailScanner[17339]: Read 814 hostnames from the phishing whitelist Mar 21 09:04:02 mx1 MailScanner[17339]: Could not read phishing blacklist file Mar 21 09:04:02 mx1 MailScanner[17339]: Config: calling custom init function ByDomainSpamBlacklist Mar 21 09:04:02 mx1 MailScanner[17339]: Starting up by-domain spam blacklist, reading from /etc/MailScanner/spam.bydomain/blacklist Mar 21 09:04:02 mx1 MailScanner[17339]: Read blacklist for 6 domains Mar 21 09:04:02 mx1 MailScanner[17339]: Config: calling custom init function ByDomainSpamWhitelist Mar 21 09:04:02 mx1 MailScanner[17339]: Starting up by-domain spam whitelist, reading from /etc/MailScanner/spam.bydomain/whitelist Mar 21 09:04:02 mx1 MailScanner[17339]: Read whitelist for 64 domains Mar 21 09:04:02 mx1 MailScanner[17339]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp Mar 21 09:04:02 mx1 MailScanner[17339]: Using SpamAssassin results cache Mar 21 09:04:02 mx1 MailScanner[17339]: Connected to SpamAssassin cache database But that's it. I used to get all the logging on messages being scanned, spamassasin rules hit, etc, and I'm really missing that. Any suggestions on what to check would be greatly appreciated. From dnsadmin at 1bigthink.com Fri Mar 21 16:31:44 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 16:32:29 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med. wayne.edu> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> Message-ID: <200803211631.m2LGVrvi024348@mxt.1bigthink.com> Hello All, Nothing exotic here. MailScanner 4.65.3 with default clamav module and default clamav settings from Julian's RPM install. Thanks, Glenn Parsons At 11:35 AM 3/21/2008, you wrote: >What clamav signature file is that from? I don't see it in any of mine >including the sanesecurity ones. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >dnsadmin 1bigthink.com >Sent: Friday, March 21, 2008 11:15 AM >To: MailScanner mailing list >Subject: Email.Phishing.RB-3083 tripping FPs > >Hello All, > >Having problems with this one particular Phishing rule deleting off >email. I thought that this mail would be quarantined, but it is not. >I've not revisited my rules to figure why it is being deleted.. doing >that now. > >However, this phishing rule is tagging way too many emails from valid >users (most of which are from and to domain users, but not all). > > >The following e-mails were found to have: Virus Detected > > > > Sender: someone@mydomain.com > >IP Address: 69.250.4.68 > > Recipient: someoneelse@mydomian.com > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received > >your Compete-At inqu... > > MessageID: m2KN5TCt032450 > >Quarantine: /var/spool/mqueue.arc > > Report: ClamAVModule: message was infected: > >Email.Phishing.RB-3083 > > > >Full headers are: > >Any suggestions on how to deal with this one phishing rule? None of the >others trigger FPs. > >Thanks, >Glenn > > >-- >No virus found in this outgoing message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Fri Mar 21 16:34:53 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 16:35:14 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med. wayne.edu> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> Message-ID: <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> Hello All, Thanks Bobby! Yep. Must have been deprecated. I'm running version 0.91.2 and freshclam recommends 0.92.1. Looks like I'll be installing Julian's updated RPM today. Thanks, Glenn At 12:03 PM 3/21/2008, you wrote: >Run freshclam because they must have pulled it because I don't have it. >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not >Email.Phishing.RB-3083 and freshclam says I'm current. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >Bobby >Sent: Friday, March 21, 2008 11:36 AM >To: MailScanner discussion >Subject: RE: Email.Phishing.RB-3083 tripping FPs > >What clamav signature file is that from? I don't see it in any of mine >including the sanesecurity ones. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >dnsadmin 1bigthink.com >Sent: Friday, March 21, 2008 11:15 AM >To: MailScanner mailing list >Subject: Email.Phishing.RB-3083 tripping FPs > >Hello All, > >Having problems with this one particular Phishing rule deleting off >email. I thought that this mail would be quarantined, but it is not. >I've not revisited my rules to figure why it is being deleted.. doing >that now. > >However, this phishing rule is tagging way too many emails from valid >users (most of which are from and to domain users, but not all). > > >The following e-mails were found to have: Virus Detected > > > > Sender: someone@mydomain.com > >IP Address: 69.250.4.68 > > Recipient: someoneelse@mydomian.com > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We received > >your Compete-At inqu... > > MessageID: m2KN5TCt032450 > >Quarantine: /var/spool/mqueue.arc > > Report: ClamAVModule: message was infected: > >Email.Phishing.RB-3083 > > > >Full headers are: > >Any suggestions on how to deal with this one phishing rule? None of the >others trigger FPs. > >Thanks, >Glenn > > >-- >No virus found in this outgoing message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamlists at coders.co.uk Fri Mar 21 16:37:29 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Fri Mar 21 16:39:10 2008 Subject: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log In-Reply-To: <081501c88b6f$5084cb90$f18e62b0$@com> References: <081501c88b6f$5084cb90$f18e62b0$@com> Message-ID: <47E3E449.9020703@coders.co.uk> Greg Deputy wrote: > > But that's it. I used to get all the logging on messages being scanned, > spamassasin rules hit, etc, and I'm really missing that. Any suggestions on > what to check would be greatly appreciated. > > can you try running it in the foreground MailScanner --debug see what that does? matt From brose at med.wayne.edu Fri Mar 21 17:02:55 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Mar 21 17:03:50 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com><610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu><610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> Message-ID: <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> You shouldn't need to update ClamAV, just the virus definitions. If you manually run freshclam, then you'll get the latest defs at that point in time. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 21, 2008 12:35 PM To: MailScanner discussion Subject: RE: Email.Phishing.RB-3083 tripping FPs Hello All, Thanks Bobby! Yep. Must have been deprecated. I'm running version 0.91.2 and freshclam recommends 0.92.1. Looks like I'll be installing Julian's updated RPM today. Thanks, Glenn At 12:03 PM 3/21/2008, you wrote: >Run freshclam because they must have pulled it because I don't have it. >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not >Email.Phishing.RB-3083 and freshclam says I'm current. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >Bobby >Sent: Friday, March 21, 2008 11:36 AM >To: MailScanner discussion >Subject: RE: Email.Phishing.RB-3083 tripping FPs > >What clamav signature file is that from? I don't see it in any of mine >including the sanesecurity ones. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >dnsadmin 1bigthink.com >Sent: Friday, March 21, 2008 11:15 AM >To: MailScanner mailing list >Subject: Email.Phishing.RB-3083 tripping FPs > >Hello All, > >Having problems with this one particular Phishing rule deleting off >email. I thought that this mail would be quarantined, but it is not. >I've not revisited my rules to figure why it is being deleted.. doing >that now. > >However, this phishing rule is tagging way too many emails from valid >users (most of which are from and to domain users, but not all). > > >The following e-mails were found to have: Virus Detected > > > > Sender: someone@mydomain.com > >IP Address: 69.250.4.68 > > Recipient: someoneelse@mydomian.com > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We > >received your Compete-At inqu... > > MessageID: m2KN5TCt032450 > >Quarantine: /var/spool/mqueue.arc > > Report: ClamAVModule: message was infected: > >Email.Phishing.RB-3083 > > > >Full headers are: > >Any suggestions on how to deal with this one phishing rule? None of the >others trigger FPs. > >Thanks, >Glenn > > >-- >No virus found in this outgoing message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From greg at blastzone.com Fri Mar 21 17:17:12 2008 From: greg at blastzone.com (Greg Deputy) Date: Fri Mar 21 17:18:19 2008 Subject: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log In-Reply-To: <47E3E449.9020703@coders.co.uk> References: <081501c88b6f$5084cb90$f18e62b0$@com> <47E3E449.9020703@coders.co.uk> Message-ID: <083301c88b77$67e74d00$37b5e700$@com> Thanks for your time. Here's what I get: mx1:/opt/MailScanner/etc# /opt/MailScanner/bin/MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Building a message batch to scan... Have a batch of 5 messages. max message size is '30000' max message size is '30000' max message size is '30000' max message size is '30000' max message size is '30000' Stopping now as you are debugging me. mx1:/opt/MailScanner/etc# -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Hampton Sent: Friday, March 21, 2008 9:37 AM To: MailScanner discussion Subject: Re: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log Greg Deputy wrote: > > But that's it. I used to get all the logging on messages being scanned, > spamassasin rules hit, etc, and I'm really missing that. Any suggestions on > what to check would be greatly appreciated. > > can you try running it in the foreground MailScanner --debug see what that does? matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From dnsadmin at 1bigthink.com Fri Mar 21 18:17:00 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 18:18:00 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med. wayne.edu> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> Message-ID: <200803211817.m2LIHInK007502@mxt.1bigthink.com> Hello Bobby, Okay, since I've run into this problem, I decided to upgrade, but I can only do that to one server at a time and verify each one. I've upgraded one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two have install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner 4.65.3 by rpm install. Using clamavmodule on all. Now I've decided I really need to understand better what is happening. Where are my virus definitions? I ran freshclam. It said it updated, but I go to look for main.cvd and daily.cvd and they aren't there; anywhere! What am I missing? I thought I understood this setup, but apparently not? Thanks, Glenn Parsons Thanks, Glenn Parsons At 01:02 PM 3/21/2008, you wrote: >You shouldn't need to update ClamAV, just the virus definitions. If you >manually run freshclam, then you'll get the latest defs at that point in >time. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >dnsadmin 1bigthink.com >Sent: Friday, March 21, 2008 12:35 PM >To: MailScanner discussion >Subject: RE: Email.Phishing.RB-3083 tripping FPs > >Hello All, > >Thanks Bobby! Yep. Must have been deprecated. I'm running version >0.91.2 and freshclam recommends 0.92.1. > >Looks like I'll be installing Julian's updated RPM today. > >Thanks, >Glenn > >At 12:03 PM 3/21/2008, you wrote: > > >Run freshclam because they must have pulled it because I don't have it. > >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not > >Email.Phishing.RB-3083 and freshclam says I'm current. > > > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info > >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, > >Bobby > >Sent: Friday, March 21, 2008 11:36 AM > >To: MailScanner discussion > >Subject: RE: Email.Phishing.RB-3083 tripping FPs > > > >What clamav signature file is that from? I don't see it in any of mine > > >including the sanesecurity ones. > > > >-----Original Message----- > >From: mailscanner-bounces@lists.mailscanner.info > >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of > >dnsadmin 1bigthink.com > >Sent: Friday, March 21, 2008 11:15 AM > >To: MailScanner mailing list > >Subject: Email.Phishing.RB-3083 tripping FPs > > > >Hello All, > > > >Having problems with this one particular Phishing rule deleting off > >email. I thought that this mail would be quarantined, but it is not. > >I've not revisited my rules to figure why it is being deleted.. doing > >that now. > > > >However, this phishing rule is tagging way too many emails from valid > >users (most of which are from and to domain users, but not all). > > > > >The following e-mails were found to have: Virus Detected > > > > > > Sender: someone@mydomain.com > > >IP Address: 69.250.4.68 > > > Recipient: someoneelse@mydomian.com > > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We > > >received your Compete-At inqu... > > > MessageID: m2KN5TCt032450 > > >Quarantine: /var/spool/mqueue.arc > > > Report: ClamAVModule: message was infected: > > >Email.Phishing.RB-3083 > > > > > >Full headers are: > > > >Any suggestions on how to deal with this one phishing rule? None of the > > >others trigger FPs. > > > >Thanks, > >Glenn > > > > > >-- > >No virus found in this outgoing message. > >Checked by AVG. > >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: > >3/20/2008 8:10 PM > > > > > > > >-- > >This message has been scanned for viruses and dangerous content by > >MailScanner, and is believed to be clean. > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > >-- > >MailScanner mailing list > >mailscanner@lists.mailscanner.info > >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >Before posting, read http://wiki.mailscanner.info/posting > > > >Support MailScanner development - buy the book off the website! > > > >-- > >This message has been scanned for viruses and dangerous content by > >MailScanner, and is believed to be clean. > > > > > > > >-- > >No virus found in this incoming message. > >Checked by AVG. > >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: > >3/20/2008 8:10 PM > > > > > > > > > >-- > >No virus found in this incoming message. > >Checked by AVG. > >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: > >3/20/2008 8:10 PM > > >-- >No virus found in this outgoing message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM > > > > >-- >No virus found in this incoming message. >Checked by AVG. >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Fri Mar 21 19:01:19 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 19:02:06 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211817.m2LIHInK007502@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> Message-ID: <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> Answering my own questions.. My databases are where they are supposed to be, in /usr/local/share/clamav. I've done some reading since my last post and feel a little better grasp on this. ..But, how do I go about verifying that my freshclam update has purged this phishing rule (RB-3083). Any example on sigtool to read the database now that I know how to find it? Thanks, Glenn At 02:17 PM 3/21/2008, you wrote: >Hello Bobby, > >Okay, since I've run into this problem, I decided to upgrade, but I >can only do that to one server at a time and verify each one. I've >upgraded one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two >have install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner >4.65.3 by rpm install. Using clamavmodule on all. > >Now I've decided I really need to understand better what is happening. > >Where are my virus definitions? I ran freshclam. It said it updated, >but I go to look for main.cvd and daily.cvd and they aren't there; >anywhere! What am I missing? I thought I understood this setup, but >apparently not? > >Thanks, >Glenn Parsons > > >Thanks, >Glenn Parsons > >At 01:02 PM 3/21/2008, you wrote: > >>You shouldn't need to update ClamAV, just the virus definitions. If you >>manually run freshclam, then you'll get the latest defs at that point in >>time. >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>dnsadmin 1bigthink.com >>Sent: Friday, March 21, 2008 12:35 PM >>To: MailScanner discussion >>Subject: RE: Email.Phishing.RB-3083 tripping FPs >> >>Hello All, >> >>Thanks Bobby! Yep. Must have been deprecated. I'm running version >>0.91.2 and freshclam recommends 0.92.1. >> >>Looks like I'll be installing Julian's updated RPM today. >> >>Thanks, >>Glenn >> >>At 12:03 PM 3/21/2008, you wrote: >> >> >Run freshclam because they must have pulled it because I don't have it. >> >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not >> >Email.Phishing.RB-3083 and freshclam says I'm current. >> > >> >-----Original Message----- >> >From: mailscanner-bounces@lists.mailscanner.info >> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >> >Bobby >> >Sent: Friday, March 21, 2008 11:36 AM >> >To: MailScanner discussion >> >Subject: RE: Email.Phishing.RB-3083 tripping FPs >> > >> >What clamav signature file is that from? I don't see it in any of mine >> >> >including the sanesecurity ones. >> > >> >-----Original Message----- >> >From: mailscanner-bounces@lists.mailscanner.info >> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> >dnsadmin 1bigthink.com >> >Sent: Friday, March 21, 2008 11:15 AM >> >To: MailScanner mailing list >> >Subject: Email.Phishing.RB-3083 tripping FPs >> > >> >Hello All, >> > >> >Having problems with this one particular Phishing rule deleting off >> >email. I thought that this mail would be quarantined, but it is not. >> >I've not revisited my rules to figure why it is being deleted.. doing >> >that now. >> > >> >However, this phishing rule is tagging way too many emails from valid >> >users (most of which are from and to domain users, but not all). >> > >> > >The following e-mails were found to have: Virus Detected >> > > >> > > Sender: someone@mydomain.com >> > >IP Address: 69.250.4.68 >> > > Recipient: someoneelse@mydomian.com >> > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We >> > >received your Compete-At inqu... >> > > MessageID: m2KN5TCt032450 >> > >Quarantine: /var/spool/mqueue.arc >> > > Report: ClamAVModule: message was infected: >> > >Email.Phishing.RB-3083 >> > > >> > >Full headers are: >> > >> >Any suggestions on how to deal with this one phishing rule? None of the >> >> >others trigger FPs. >> > >> >Thanks, >> >Glenn >> > >> > >> >-- >> >No virus found in this outgoing message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> > >> > >> > >> >-- >> >This message has been scanned for viruses and dangerous content by >> >MailScanner, and is believed to be clean. >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >This message has been scanned for viruses and dangerous content by >> >MailScanner, and is believed to be clean. >> > >> > >> > >> >-- >> >No virus found in this incoming message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> > >> > >> > >> > >> >-- >> >No virus found in this incoming message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> >> >>-- >>No virus found in this outgoing message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM >> >> >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >> >> >>-- >>No virus found in this incoming message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM >> >> >> >> >>-- >>No virus found in this incoming message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM > > >-- >No virus found in this outgoing message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >No virus found in this incoming message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Mar 21 19:09:13 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 21 19:09:49 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211817.m2LIHInK007502@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> Message-ID: <223f97700803211209t482107dcx5310457ac210e83c@mail.gmail.com> On 21/03/2008, dnsadmin 1bigthink.com wrote: > Hello Bobby, > > Okay, since I've run into this problem, I decided to upgrade, but I > can only do that to one server at a time and verify each one. I've > upgraded one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two > have install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner > 4.65.3 by rpm install. Using clamavmodule on all. > > Now I've decided I really need to understand better what is happening. > > Where are my virus definitions? I ran freshclam. It said it updated, > but I go to look for main.cvd and daily.cvd and they aren't there; > anywhere! What am I missing? I thought I understood this setup, but > apparently not? Hello Glenn, After a successful run of freshclam you might have had your .cvd files replaced with .inc (incremental...) directories containing your signature DBs.... Or do you mean you don't have any such either? > Thanks, > Glenn Parsons > I'm not sure if your version of MS has the fix posted to the list a while back ... specifically to call clamavmodule without the (equivalent) --no-phishong-restrictedscan ... posted by Gareth. It should be fixed in a newish version (of MailScanner), but I just can't remember what version that was... Search for his modification to SweepViruses.pm, or simply upgrade to the latest and see if that helps... As usual... I might be terribly wrong:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Fri Mar 21 19:09:27 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 21 19:10:02 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211817.m2LIHInK007502@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> Message-ID: <625385e30803211209u618a4346u9e639be92b1d7ef7@mail.gmail.com> On Fri, Mar 21, 2008 at 7:17 PM, dnsadmin 1bigthink.com wrote: > Where are my virus definitions? I ran freshclam. It said it updated, > but I go to look for main.cvd and daily.cvd and they aren't there; > anywhere! What am I missing? I thought I understood this setup, but > apparently not? Try "freshclam -v" and it will tell you what path it uses. -- /peter From shuttlebox at gmail.com Fri Mar 21 19:13:34 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 21 19:14:09 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> Message-ID: <625385e30803211213w43815049q2113748beae4f747@mail.gmail.com> On Fri, Mar 21, 2008 at 8:01 PM, dnsadmin 1bigthink.com wrote: > Answering my own questions.. My databases are where they are supposed > to be, in /usr/local/share/clamav. I've done some reading since my > last post and feel a little better grasp on this. > > ..But, how do I go about verifying that my freshclam update has > purged this phishing rule (RB-3083). Any example on sigtool to read > the database now that I know how to find it? # sigtool -l | grep RB-3083 If you grep for 3084 or 3082 you will get results but you shouldn't for 3083. -- /peter From glenn.steen at gmail.com Fri Mar 21 19:17:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Mar 21 19:18:24 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> Message-ID: <223f97700803211217tedddbc8u334371761305272@mail.gmail.com> On 21/03/2008, dnsadmin 1bigthink.com wrote: > Answering my own questions.. My databases are where they are supposed > to be, in /usr/local/share/clamav. I've done some reading since my > last post and feel a little better grasp on this. > > ..But, how do I go about verifying that my freshclam update has > purged this phishing rule (RB-3083). Any example on sigtool to read > the database now that I know how to find it? > > Thanks, > Glenn > Stop MailScanner, remove the signature files, run a freshclam -v, start MailScanner... or similar:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dnsadmin at 1bigthink.com Fri Mar 21 19:22:39 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Fri Mar 21 19:23:26 2008 Subject: Email.Phishing.RB-3083 tripping FPs -- SOLVED In-Reply-To: <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu> <610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu> <200803211635.m2LGZ2VM024765@mxt.1bigthink.com> <610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu> <200803211817.m2LIHInK007502@mxt.1bigthink.com> <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> Message-ID: <200803211922.m2LJModa017331@mxt.1bigthink.com> Hello All, Bobby, thanks! I solved it myself. I still don't know why that sig got stuck in clam. Problem: using clamavmodule, Email.Phishing.RB-3083 was throwing false-positives on quite a bit of email. I was using clam 0.91.2. freshclam was set to update daily(cron) Solution: but until I ran freshclam -v manually, and then verified, sigtool -l /usr/local/share/clamav/daily.inc |grep RB-3083 I couldn't tell whether the problem was cleared. Should be okay, now. Thanks for bearing with me! Cheers, Glenn At 03:01 PM 3/21/2008, you wrote: >Answering my own questions.. My databases are where they are >supposed to be, in /usr/local/share/clamav. I've done some reading >since my last post and feel a little better grasp on this. > >..But, how do I go about verifying that my freshclam update has >purged this phishing rule (RB-3083). Any example on sigtool to read >the database now that I know how to find it? > >Thanks, >Glenn > >At 02:17 PM 3/21/2008, you wrote: >>Hello Bobby, >> >>Okay, since I've run into this problem, I decided to upgrade, but I >>can only do that to one server at a time and verify each one. I've >>upgraded one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two >>have install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner >>4.65.3 by rpm install. Using clamavmodule on all. >> >>Now I've decided I really need to understand better what is happening. >> >>Where are my virus definitions? I ran freshclam. It said it >>updated, but I go to look for main.cvd and daily.cvd and they >>aren't there; anywhere! What am I missing? I thought I understood >>this setup, but apparently not? >> >>Thanks, >>Glenn Parsons >> >> >>Thanks, >>Glenn Parsons >> >>At 01:02 PM 3/21/2008, you wrote: >> >>>You shouldn't need to update ClamAV, just the virus definitions. If you >>>manually run freshclam, then you'll get the latest defs at that point in >>>time. >>> >>>-----Original Message----- >>>From: mailscanner-bounces@lists.mailscanner.info >>>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>>dnsadmin 1bigthink.com >>>Sent: Friday, March 21, 2008 12:35 PM >>>To: MailScanner discussion >>>Subject: RE: Email.Phishing.RB-3083 tripping FPs >>> >>>Hello All, >>> >>>Thanks Bobby! Yep. Must have been deprecated. I'm running version >>>0.91.2 and freshclam recommends 0.92.1. >>> >>>Looks like I'll be installing Julian's updated RPM today. >>> >>>Thanks, >>>Glenn >>> >>>At 12:03 PM 3/21/2008, you wrote: >>> >>> >Run freshclam because they must have pulled it because I don't have it. >>> >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not >>> >Email.Phishing.RB-3083 and freshclam says I'm current. >>> > >>> >-----Original Message----- >>> >From: mailscanner-bounces@lists.mailscanner.info >>> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, >>> >Bobby >>> >Sent: Friday, March 21, 2008 11:36 AM >>> >To: MailScanner discussion >>> >Subject: RE: Email.Phishing.RB-3083 tripping FPs >>> > >>> >What clamav signature file is that from? I don't see it in any of mine >>> >>> >including the sanesecurity ones. >>> > >>> >-----Original Message----- >>> >From: mailscanner-bounces@lists.mailscanner.info >>> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> >dnsadmin 1bigthink.com >>> >Sent: Friday, March 21, 2008 11:15 AM >>> >To: MailScanner mailing list >>> >Subject: Email.Phishing.RB-3083 tripping FPs >>> > >>> >Hello All, >>> > >>> >Having problems with this one particular Phishing rule deleting off >>> >email. I thought that this mail would be quarantined, but it is not. >>> >I've not revisited my rules to figure why it is being deleted.. doing >>> >that now. >>> > >>> >However, this phishing rule is tagging way too many emails from valid >>> >users (most of which are from and to domain users, but not all). >>> > >>> > >The following e-mails were found to have: Virus Detected >>> > > >>> > > Sender: someone@mydomain.com >>> > >IP Address: 69.250.4.68 >>> > > Recipient: someoneelse@mydomian.com >>> > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We >>> > >received your Compete-At inqu... >>> > > MessageID: m2KN5TCt032450 >>> > >Quarantine: /var/spool/mqueue.arc >>> > > Report: ClamAVModule: message was infected: >>> > >Email.Phishing.RB-3083 >>> > > >>> > >Full headers are: >>> > >>> >Any suggestions on how to deal with this one phishing rule? None of the >>> >>> >others trigger FPs. >>> > >>> >Thanks, >>> >Glenn >>> > >>> > >>> >-- >>> >No virus found in this outgoing message. >>> >Checked by AVG. >>> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>> >3/20/2008 8:10 PM >>> > >>> > >>> > >>> >-- >>> >This message has been scanned for viruses and dangerous content by >>> >MailScanner, and is believed to be clean. >>> > >>> >-- >>> >MailScanner mailing list >>> >mailscanner@lists.mailscanner.info >>> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> >Before posting, read http://wiki.mailscanner.info/posting >>> > >>> >Support MailScanner development - buy the book off the website! >>> > >>> >-- >>> >MailScanner mailing list >>> >mailscanner@lists.mailscanner.info >>> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> >Before posting, read http://wiki.mailscanner.info/posting >>> > >>> >Support MailScanner development - buy the book off the website! >>> > >>> >-- >>> >MailScanner mailing list >>> >mailscanner@lists.mailscanner.info >>> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> > >>> >Before posting, read http://wiki.mailscanner.info/posting >>> > >>> >Support MailScanner development - buy the book off the website! >>> > >>> >-- >>> >This message has been scanned for viruses and dangerous content by >>> >MailScanner, and is believed to be clean. >>> > >>> > >>> > >>> >-- >>> >No virus found in this incoming message. >>> >Checked by AVG. >>> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>> >3/20/2008 8:10 PM >>> > >>> > >>> > >>> > >>> >-- >>> >No virus found in this incoming message. >>> >Checked by AVG. >>> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>> >3/20/2008 8:10 PM >>> >>> >>>-- >>>No virus found in this outgoing message. >>>Checked by AVG. >>>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>>3/20/2008 8:10 PM >>> >>> >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>>-- >>>MailScanner mailing list >>>mailscanner@lists.mailscanner.info >>>http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>>Before posting, read http://wiki.mailscanner.info/posting >>> >>>Support MailScanner development - buy the book off the website! >>> >>>-- >>>This message has been scanned for viruses and >>>dangerous content by MailScanner, and is >>>believed to be clean. >>> >>> >>> >>>-- >>>No virus found in this incoming message. >>>Checked by AVG. >>>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>>3/20/2008 8:10 PM >>> >>> >>> >>> >>>-- >>>No virus found in this incoming message. >>>Checked by AVG. >>>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>>3/20/2008 8:10 PM >> >> >>-- >>No virus found in this outgoing message. >>Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >>Release Date: 3/20/2008 8:10 PM >> >> >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>-- >>No virus found in this incoming message. >>Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >>Release Date: 3/20/2008 8:10 PM > > >-- >No virus found in this outgoing message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >No virus found in this incoming message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Fri Mar 21 19:23:00 2008 From: brose at med.wayne.edu (Rose, Bobby) Date: Fri Mar 21 19:23:51 2008 Subject: Email.Phishing.RB-3083 tripping FPs In-Reply-To: <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> References: <200803211515.m2LFF2Op011367@mxt.1bigthink.com><610C64469748E84DB6BDD5BD23F01A7611A0A6@MED-CORE03-MS1.med.wayne.edu><610C64469748E84DB6BDD5BD23F01A7611A0B0@MED-CORE03-MS1.med.wayne.edu><200803211635.m2LGZ2VM024765@mxt.1bigthink.com><610C64469748E84DB6BDD5BD23F01A7611A0C9@MED-CORE03-MS1.med.wayne.edu><200803211817.m2LIHInK007502@mxt.1bigthink.com> <200803211901.m2LJ1Uvu014021@mxt.1bigthink.com> Message-ID: <610C64469748E84DB6BDD5BD23F01A7611A0DE@MED-CORE03-MS1.med.wayne.edu> egrep -r -e"Email.Phishing.RB-3083" /usr/local/share/clamav/* -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Friday, March 21, 2008 3:01 PM To: MailScanner discussion Subject: RE: Email.Phishing.RB-3083 tripping FPs Answering my own questions.. My databases are where they are supposed to be, in /usr/local/share/clamav. I've done some reading since my last post and feel a little better grasp on this. ..But, how do I go about verifying that my freshclam update has purged this phishing rule (RB-3083). Any example on sigtool to read the database now that I know how to find it? Thanks, Glenn At 02:17 PM 3/21/2008, you wrote: >Hello Bobby, > >Okay, since I've run into this problem, I decided to upgrade, but I can >only do that to one server at a time and verify each one. I've upgraded >one to install-Clam-0.92.1-SA-3.2.4.tar.gz. My other two have >install-Clam-0.91.1-SA-3.2.1.tar.gz installed All MailScanner >4.65.3 by rpm install. Using clamavmodule on all. > >Now I've decided I really need to understand better what is happening. > >Where are my virus definitions? I ran freshclam. It said it updated, >but I go to look for main.cvd and daily.cvd and they aren't there; >anywhere! What am I missing? I thought I understood this setup, but >apparently not? > >Thanks, >Glenn Parsons > > >Thanks, >Glenn Parsons > >At 01:02 PM 3/21/2008, you wrote: > >>You shouldn't need to update ClamAV, just the virus definitions. If >>you manually run freshclam, then you'll get the latest defs at that >>point in time. >> >>-----Original Message----- >>From: mailscanner-bounces@lists.mailscanner.info >>[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>dnsadmin 1bigthink.com >>Sent: Friday, March 21, 2008 12:35 PM >>To: MailScanner discussion >>Subject: RE: Email.Phishing.RB-3083 tripping FPs >> >>Hello All, >> >>Thanks Bobby! Yep. Must have been deprecated. I'm running version >>0.91.2 and freshclam recommends 0.92.1. >> >>Looks like I'll be installing Julian's updated RPM today. >> >>Thanks, >>Glenn >> >>At 12:03 PM 3/21/2008, you wrote: >> >> >Run freshclam because they must have pulled it because I don't have it. >> >I have Email.Phishing.RB-3082 and Email.Phishing.RB-3084 but not >> >Email.Phishing.RB-3083 and freshclam says I'm current. >> > >> >-----Original Message----- >> >From: mailscanner-bounces@lists.mailscanner.info >> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> >Rose, Bobby >> >Sent: Friday, March 21, 2008 11:36 AM >> >To: MailScanner discussion >> >Subject: RE: Email.Phishing.RB-3083 tripping FPs >> > >> >What clamav signature file is that from? I don't see it in any of >> >mine >> >> >including the sanesecurity ones. >> > >> >-----Original Message----- >> >From: mailscanner-bounces@lists.mailscanner.info >> >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> >dnsadmin 1bigthink.com >> >Sent: Friday, March 21, 2008 11:15 AM >> >To: MailScanner mailing list >> >Subject: Email.Phishing.RB-3083 tripping FPs >> > >> >Hello All, >> > >> >Having problems with this one particular Phishing rule deleting off >> >email. I thought that this mail would be quarantined, but it is not. >> >I've not revisited my rules to figure why it is being deleted.. >> >doing that now. >> > >> >However, this phishing rule is tagging way too many emails from >> >valid users (most of which are from and to domain users, but not all). >> > >> > >The following e-mails were found to have: Virus Detected >> > > >> > > Sender: someone@mydomain.com >> > >IP Address: 69.250.4.68 >> > > Recipient: someoneelse@mydomian.com >> > > Subject: FW: {Disarmed} RE: {Disarmed} RE: Thank you. We >> > >received your Compete-At inqu... >> > > MessageID: m2KN5TCt032450 >> > >Quarantine: /var/spool/mqueue.arc >> > > Report: ClamAVModule: message was infected: >> > >Email.Phishing.RB-3083 >> > > >> > >Full headers are: >> > >> >Any suggestions on how to deal with this one phishing rule? None of >> >the >> >> >others trigger FPs. >> > >> >Thanks, >> >Glenn >> > >> > >> >-- >> >No virus found in this outgoing message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> > >> > >> > >> >-- >> >This message has been scanned for viruses and dangerous content by >> >MailScanner, and is believed to be clean. >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >MailScanner mailing list >> >mailscanner@lists.mailscanner.info >> >http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> >Before posting, read http://wiki.mailscanner.info/posting >> > >> >Support MailScanner development - buy the book off the website! >> > >> >-- >> >This message has been scanned for viruses and dangerous content by >> >MailScanner, and is believed to be clean. >> > >> > >> > >> >-- >> >No virus found in this incoming message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> > >> > >> > >> > >> >-- >> >No virus found in this incoming message. >> >Checked by AVG. >> >Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >> >3/20/2008 8:10 PM >> >> >>-- >>No virus found in this outgoing message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM >> >> >> >>-- >>This message has been scanned for viruses and dangerous content by >>MailScanner, and is believed to be clean. >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>-- >>MailScanner mailing list >>mailscanner@lists.mailscanner.info >>http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >>Before posting, read http://wiki.mailscanner.info/posting >> >>Support MailScanner development - buy the book off the website! >> >>-- >>This message has been scanned for viruses and dangerous content by >>MailScanner, and is believed to be clean. >> >> >> >>-- >>No virus found in this incoming message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM >> >> >> >> >>-- >>No virus found in this incoming message. >>Checked by AVG. >>Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: >>3/20/2008 8:10 PM > > >-- >No virus found in this outgoing message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM > > > >-- >This message has been scanned for viruses and dangerous content by >MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! > >-- >No virus found in this incoming message. >Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - >Release Date: 3/20/2008 8:10 PM -- No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1337 - Release Date: 3/20/2008 8:10 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From paul at welshfamily.com Fri Mar 21 22:52:40 2008 From: paul at welshfamily.com (Paul Welsh) Date: Fri Mar 21 22:53:42 2008 Subject: Mailscanner not tagging spam In-Reply-To: <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> <47E2D8EC.8040308@evi-inc.com> <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> Message-ID: <47E43C38.3000005@welshfamily.com> After upgrading to the latest stable MailScanner (4.67.6) and the ClamAV 0.92.1 /SpamAssassin 3.2.4 bundle from the MailScanner site, I still had problems so in the end I disabled the bayes filtering and hey presto, spam started to be tagged properly again. I've tried setting the value of the low bayes scores to 0 but to no avail. So, now I need to wipe the bayes db and start again. Could someone point me in the right direction? Cheers Paul From paul at welshfamily.com Fri Mar 21 23:14:14 2008 From: paul at welshfamily.com (Paul Welsh) Date: Fri Mar 21 23:14:56 2008 Subject: Recommended antivirus scanners In-Reply-To: <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> <47E2D8EC.8040308@evi-inc.com> <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> Message-ID: <47E44146.1060909@welshfamily.com> I see that bitdefender has a new version and that it's no longer free except for personal use. I'm using the old version which, presumably, will stop being able to handle the updates if it hasn't already stopped. Does anyone know? I'm also using Clam. Having done a search of the sites of the supported products, only f-prot (which I was using before I found out about bitdefender) appears to offer server based licensing for $300 pa. Since Clam is as good as anything else, I suppose the question is whether it's worth using f-prot as a second scanner and if so, which one? From shuttlebox at gmail.com Fri Mar 21 23:50:39 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Mar 21 23:51:13 2008 Subject: Mailscanner not tagging spam In-Reply-To: <47E43C38.3000005@welshfamily.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> <47E2D8EC.8040308@evi-inc.com> <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> <47E43C38.3000005@welshfamily.com> Message-ID: <625385e30803211650m132fba7bo4be22e257c805ce7@mail.gmail.com> On Fri, Mar 21, 2008 at 11:52 PM, Paul Welsh wrote: > So, now I need to wipe the bayes db and start again. Could someone > point me in the right direction? You can delete the bayes files at any time, SA will just start over creating blanks. Remember that it will not score until the db is populated with a few hundred spam and ham so depending on your traffic it might take an hour or so before you see any BAYES-scores. -- /peter From Timo.Jacobs at partners.de Sat Mar 22 08:46:11 2008 From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de) Date: Sat Mar 22 08:46:07 2008 Subject: Timo Jacobs is out of the office. Message-ID: I will be out of the office starting 22.03.2008 and will not return until 01.04.2008. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 Geschäftsführer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 From hvdkooij at vanderkooij.org Sat Mar 22 09:32:31 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 22 09:33:33 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <47E4D22F.8000200@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Timo.Jacobs@partners.de wrote: | I will be out of the office starting 22.03.2008 and will not return until | 01.04.2008. Jules, may we assume you will take appropriate measures to stop Mr. Jacobs from repeatedly informing us of his traveling plans? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH5NItBvzDRVjxmYERArqqAKC2Xx185gRvr7jah5Lhc4xf5UlZVQCfe/PY t2xxh9fCXIBeOI17FryQDRU= =V5LD -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat Mar 22 11:38:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 22 11:39:13 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: <47E4EFB3.9090908@ecs.soton.ac.uk> He won't be getting any more list postings until he re-enables himself or contacts me. Timo.Jacobs@partners.de wrote: > I will be out of the office starting 22.03.2008 and will not return until > 01.04.2008. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > > Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 Gesch?ftsf?hrer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sat Mar 22 11:53:12 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 22 11:54:13 2008 Subject: Timo Jacobs is out of the office. In-Reply-To: <47E4EFB3.9090908@ecs.soton.ac.uk> References: <47E4EFB3.9090908@ecs.soton.ac.uk> Message-ID: <47E4F328.1080400@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | He won't be getting any more list postings until he re-enables himself | or contacts me. ROTFWL: His listed alternative contact points back to him: I will be out of the office starting 17.03.2008 and will not return until 25.03.2008. if urgent pls contact timo.jacobs@partners.de or angelika.christensen@partners.de - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH5PMmBvzDRVjxmYERAts2AJsFT/dcbBrLn/jjs8rpZG1HOzK5bgCgt1QV PuRUgoRbsp6ZCwXLVSBWRJw= =rMWO -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 22 12:13:20 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 22 12:14:12 2008 Subject: Detecting improper Received: path Message-ID: <47E4F7E0.8020107@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Is there code to track the Received: headers and see if a ADSL user has used his/her smarthost? I see quite a bit of relaying going on like shown below: Received: from lists-outbound.sourceforge.net (lists-outbound.sourceforge.net [66.35.250.225]) ~ by balin.waakhond.net (Postfix) with ESMTP id 564F417E8F92 ~ for ; Sat, 22 Mar 2008 04:06:55 +0100 (CET) Received: from sc8-sf-list1-new.sourceforge.net (sc8-sf-list1-new-b.sourceforge.net [10.3.1.93]) ~ by sc8-sf-spam2.sourceforge.net (Postfix) with ESMTP ~ id 597FE127B0; Fri, 21 Mar 2008 19:06:53 -0800 (PST) Received: from sc8-sf-mx2-b.sourceforge.net ([10.3.1.92] ~ helo=mail.sourceforge.net) ~ by sc8-sf-list1-new.sourceforge.net with esmtp (Exim 4.43) ~ id 1Jcu4J-0003zq-Si ~ for ddj-users@lists.sourceforge.net; Fri, 21 Mar 2008 20:06:51 -0700 Received: from [59.92.245.155] (helo=[59.92.245.155]) ~ by mail.sourceforge.net with esmtp (Exim 4.44) id 1Jcu4H-0006ue-Ox ~ for ddj-users@lists.sourceforge.net; Fri, 21 Mar 2008 20:06:51 -0700 Message-ID: <01c88bf7$deba6680$9bf55c3b@whitneyin8> From: "Antonio Bowden" To: Date: Sat, 22 Mar 2008 08:36:49 +0530 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Spam: Not detected X-Spam-Score: 2.1 (++) X-Spam-Report: Spam Filtering performed by sourceforge.net. ~ See http://spamassassin.org/tag/ for more details. ~ Report problems to ~ http://sf.net/tracker/?func=add&group_id=1&atid=200001 ~ 0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address ~ [59.92.245.155 listed in dnsbl.sorbs.net] ~ 2.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org ~ [] Subject: [Ddj-users] Office Enterprise 2007 ready to download X-BeenThere: ddj-users@lists.sourceforge.net X-Mailman-Version: 2.1.8 Precedence: list List-Id: List-Unsubscribe: , ~ List-Archive: List-Post: List-Help: List-Subscribe: , ~ Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Sender: ddj-users-bounces@lists.sourceforge.net Errors-To: ddj-users-bounces@lists.sourceforge.net Granted the DDJ mailinglist has about a 100% spam rate so I could just unsubscribe and be done with it but I have some faint hopes Mike will actually continue to support DDJ and GRIP. But in this case it is clear that this message should propably have been stopped by Sourceforge in the first place. The Barracuda can do tricks like this lately by defining hosts as trusted relays. It will then check the Received headers to see who connected to the trusted relay. If that host would not have been allowed to connect to the Barracuda then the Barracuda will kill the message. While primeraly intended for your backup MX servers it also works for mailinglist servers that you get email from. Is there a way to do something similar in MailScanner? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH5PfdBvzDRVjxmYERArw7AJ0U2Int2WQAvXeum1K4Npu68fuO1gCeK5Zs zyWDqYXAg8StM19cBWsWOCQ= =jrCw -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 22 12:37:19 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 22 12:38:48 2008 Subject: Another script, GeoIP for MailWatch (v1) Message-ID: <47E4FD7F.1020907@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I wrote a small script to fetch the GeoIP free database once a month and update the MailWatch database. You can find it on http://hugo.vanderkooij.org/email/mailscanner.htm#GEOIP Please stick to the courtesy rule to fetch the file only once a month. As the free version is only updated once a month there is no need for a daily run of the script. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH5P18BvzDRVjxmYERAmqkAKCigzaZsGPM0UDt+/shM7hOWH6eFQCggRXJ Fd8H8A/heyNFwd4oJzqaCAc= =S95I -----END PGP SIGNATURE----- From ssilva at sgvwater.com Sun Mar 23 01:40:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Sun Mar 23 01:41:28 2008 Subject: Recommended antivirus scanners In-Reply-To: <47E44146.1060909@welshfamily.com> References: <47E27D40.2010701@guttadauro.com> <47E29D8A.6090707@evi-inc.com> <6beca9db0803201315r1386e464rcbc2a4910c99c82a@mail.gmail.com> <47E2D8EC.8040308@evi-inc.com> <223f97700803210402w678ba3a9s209924f2a42ed2c2@mail.gmail.com> <47E44146.1060909@welshfamily.com> Message-ID: on 3-21-2008 4:14 PM Paul Welsh spake the following: > I see that bitdefender has a new version and that it's no longer free > except for personal use. > > I'm using the old version which, presumably, will stop being able to > handle the updates if it hasn't already stopped. Does anyone know? > > I'm also using Clam. > > Having done a search of the sites of the supported products, only f-prot > (which I was using before I found out about bitdefender) appears to > offer server based licensing for $300 pa. > > Since Clam is as good as anything else, I suppose the question is > whether it's worth using f-prot as a second scanner and if so, which one? First thing: Please don't hijack message threads. That said... Check into your desktop virus scanner contracts if you are a business. Some entitle you to use of the commandline scanners ( at least McAfee does). That gives you another one at no extra cost. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080322/2f166f73/signature.bin From MailScanner at ecs.soton.ac.uk Sun Mar 23 14:29:02 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 23 14:29:49 2008 Subject: Postfix 2.5 with MailScanner? Message-ID: <47E6692E.6010400@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone run Postfix 2.5 with MailScanner? Is it known to work okay? Thanks! (need a quick answer to this one, please) Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH5mk0EfZZRxQVtlQRAqz/AKCZ9CAmI/l1RjghRjeHAvNXfdKIEwCePkZu Z0aOrEd5GQEicriDmtJXzSI= =u2bh -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Sun Mar 23 14:58:55 2008 From: gerard at seibercom.net (Gerard) Date: Sun Mar 23 14:59:45 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E6692E.6010400@ecs.soton.ac.uk> References: <47E6692E.6010400@ecs.soton.ac.uk> Message-ID: <20080323105855.5e8935b4@scorpio> On Sun, 23 Mar 2008 14:29:02 +0000 Julian Field wrote: > Has anyone run Postfix 2.5 with MailScanner? > Is it known to work okay? I suppose asking Wietse Venema is out of the question. Actually, I did see one posting regarding it; however, it received the standard response that Mailscanner was not supported, etc. and that ended the thread. I will be configuring a new FreeBSD-7.0 machine shortly that will have Postfix-2.6 (current-beta) installed. However, that will not be for another month or so. Sorry I could not help. -- Gerard gerard@seibercom.net "Just saying "no" prevents teenage pregnancy the way "Have a nice day" cures chronic depression." Faye Wattleton http://en.wikipedia.org/wiki/Faye_Wattleton -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080323/68f49a0c/signature.bin From ms-list at alexb.ch Sun Mar 23 16:26:47 2008 From: ms-list at alexb.ch (Alex Broens) Date: Sun Mar 23 16:27:26 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E6692E.6010400@ecs.soton.ac.uk> References: <47E6692E.6010400@ecs.soton.ac.uk> Message-ID: <47E684C7.4080706@alexb.ch> On 3/23/2008 3:29 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone run Postfix 2.5 with MailScanner? > Is it known to work okay? > > Thanks! (need a quick answer to this one, please) Compiled today from Simon Mudd's sources. Running on a test box with latest MailScanner release and its happily filtering trap mail. Now,, trying to get Pfix 2.5.1, MailScanner and milter-link to run is a different story. Spent all morning with Anthony Howe trying to find what is borked... .. long story... lots of fun (not really) Alex From glenn.steen at gmail.com Sun Mar 23 16:28:44 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 23 16:29:19 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <20080323105855.5e8935b4@scorpio> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> Message-ID: <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> On 23/03/2008, Gerard wrote: > On Sun, 23 Mar 2008 14:29:02 +0000 > Julian Field wrote: > > > Has anyone run Postfix 2.5 with MailScanner? > > Is it known to work okay? > > > I suppose asking Wietse Venema is out of the question. > > Actually, I did see one posting regarding it; however, it received the > standard response that Mailscanner was not supported, etc. and that > ended the thread. > > I will be configuring a new FreeBSD-7.0 machine shortly that will have > Postfix-2.6 (current-beta) installed. However, that will not be for > another month or so. Sorry I could not help. > So you're skipping 2.5 altogether? I *might* be able tosqueeze this in, but ... far from sure:-(. Would be great if someone already had tried it all:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Sun Mar 23 17:08:39 2008 From: ms-list at alexb.ch (Alex Broens) Date: Sun Mar 23 17:09:18 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> Message-ID: <47E68E97.7090502@alexb.ch> On 3/23/2008 5:28 PM, Glenn Steen wrote: > On 23/03/2008, Gerard wrote: >> On Sun, 23 Mar 2008 14:29:02 +0000 >> Julian Field wrote: >> >> > Has anyone run Postfix 2.5 with MailScanner? >> > Is it known to work okay? >> >> >> I suppose asking Wietse Venema is out of the question. >> >> Actually, I did see one posting regarding it; however, it received the >> standard response that Mailscanner was not supported, etc. and that >> ended the thread. >> >> I will be configuring a new FreeBSD-7.0 machine shortly that will have >> Postfix-2.6 (current-beta) installed. However, that will not be for >> another month or so. Sorry I could not help. >> > So you're skipping 2.5 altogether? I *might* be able tosqueeze this > in, but ... far from sure:-(. Would be great if someone already had > tried it all:-). Glenn I'm having an issue with MS/Postfix 2.5.1 and milter-link. MS won't process the msg after milter-link added its tags. A birdie told me you're the MailScanner Postfix Q file detective. wanna share my headache? :-) Alex Alex From hvdkooij at vanderkooij.org Sun Mar 23 17:57:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 23 17:58:35 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E68E97.7090502@alexb.ch> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> Message-ID: <47E699FB.1040005@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: | On 3/23/2008 5:28 PM, Glenn Steen wrote: |> On 23/03/2008, Gerard wrote: |>> On Sun, 23 Mar 2008 14:29:02 +0000 |>> Julian Field wrote: |>> |>> > Has anyone run Postfix 2.5 with MailScanner? |>> > Is it known to work okay? |>> |>> |>> I suppose asking Wietse Venema is out of the question. |>> |>> Actually, I did see one posting regarding it; however, it received the |>> standard response that Mailscanner was not supported, etc. and that |>> ended the thread. |>> |>> I will be configuring a new FreeBSD-7.0 machine shortly that will have |>> Postfix-2.6 (current-beta) installed. However, that will not be for |>> another month or so. Sorry I could not help. |>> |> So you're skipping 2.5 altogether? I *might* be able tosqueeze this |> in, but ... far from sure:-(. Would be great if someone already had |> tried it all:-). | | Glenn | | I'm having an issue with MS/Postfix 2.5.1 and milter-link. | | MS won't process the msg after milter-link added its tags. | | A birdie told me you're the MailScanner Postfix Q file detective. | | wanna share my headache? :-) Not exactly your headache. But what do the headers look like before and after milter-link has touched them? I assume that if you just disable milter-link that everything is OK? (OK, I did not assume, I just asked explicitly ;-) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH5pn4BvzDRVjxmYERAoGaAJ0a7AQQ3uRnKsJsrkxpGZOYE7sK0ACcCnUt I8oyIbcAfgB3CKPsMw/nMA4= =yKKS -----END PGP SIGNATURE----- From glenn.steen at gmail.com Sun Mar 23 18:23:26 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 23 18:24:03 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E68E97.7090502@alexb.ch> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> Message-ID: <223f97700803231123y27cc0ccfj3df2bcf9585f7ac3@mail.gmail.com> On 23/03/2008, Alex Broens wrote: > On 3/23/2008 5:28 PM, Glenn Steen wrote: > > On 23/03/2008, Gerard wrote: > >> On Sun, 23 Mar 2008 14:29:02 +0000 > >> Julian Field wrote: > >> > >> > Has anyone run Postfix 2.5 with MailScanner? > >> > Is it known to work okay? > >> > >> > >> I suppose asking Wietse Venema is out of the question. > >> > >> Actually, I did see one posting regarding it; however, it received the > >> standard response that Mailscanner was not supported, etc. and that > >> ended the thread. > >> > >> I will be configuring a new FreeBSD-7.0 machine shortly that will have > >> Postfix-2.6 (current-beta) installed. However, that will not be for > >> another month or so. Sorry I could not help. > >> > > So you're skipping 2.5 altogether? I *might* be able tosqueeze this > > in, but ... far from sure:-(. Would be great if someone already had > > tried it all:-). > > > Glenn > > I'm having an issue with MS/Postfix 2.5.1 and milter-link. > > MS won't process the msg after milter-link added its tags. > > A birdie told me you're the MailScanner Postfix Q file detective. > > wanna share my headache? :-) > > Alex > > > Alex > Right, to look at this I need: a queue file from _before_ MailScanner has got at them, but _after_ milter-link has "done it's damage". I promise to be discreet...:) Send it off-list. If you could furnish me with the same queue file (from another testrun, obviously) without milter-link, still from before MailScanenr, that would be great. Also, I need the result from _after_ MailScanner... to see what we ... accidentally do:-). 2.5/2.5.1 seems to only clean up the milter support, but I haven't had time to check the actual PF code for changes to the milter support _in the queue file format_ yet... I'll obviously do that while looking at your files... also mean I need do as you asked Jules, and install 2.5.1 somewhere, whatever the family says.... Sigh. Bring it on Alex:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Sun Mar 23 18:24:05 2008 From: ms-list at alexb.ch (Alex Broens) Date: Sun Mar 23 18:24:41 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E699FB.1040005@vanderkooij.org> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> <47E699FB.1040005@vanderkooij.org> Message-ID: <47E6A045.9010601@alexb.ch> On 3/23/2008 6:57 PM, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Broens wrote: > | On 3/23/2008 5:28 PM, Glenn Steen wrote: > |> On 23/03/2008, Gerard wrote: > |>> On Sun, 23 Mar 2008 14:29:02 +0000 > |>> Julian Field wrote: > |>> > |>> > Has anyone run Postfix 2.5 with MailScanner? > |>> > Is it known to work okay? > |>> > |>> > |>> I suppose asking Wietse Venema is out of the question. > |>> > |>> Actually, I did see one posting regarding it; however, it received the > |>> standard response that Mailscanner was not supported, etc. and that > |>> ended the thread. > |>> > |>> I will be configuring a new FreeBSD-7.0 machine shortly that will have > |>> Postfix-2.6 (current-beta) installed. However, that will not be for > |>> another month or so. Sorry I could not help. > |>> > |> So you're skipping 2.5 altogether? I *might* be able tosqueeze this > |> in, but ... far from sure:-(. Would be great if someone already had > |> tried it all:-). > | > | Glenn > | > | I'm having an issue with MS/Postfix 2.5.1 and milter-link. > | > | MS won't process the msg after milter-link added its tags. > | > | A birdie told me you're the MailScanner Postfix Q file detective. > | > | wanna share my headache? :-) > > Not exactly your headache. But what do the headers look like before and > after milter-link has touched them? that is a question I can't really answer (yet) milter-link adds 1 header and modifies the subject and MS chokes on the changes As the files are in Pfix Q format... it escapes my knowledge as to how to correctly take the file apart and see what the difference is. I can provide samples of the Pfix Q files which MS happily ignores and leaves in Hold Q to rot. > I assume that if you just disable milter-link that everything is OK? > (OK, I did not assume, I just asked explicitly ;-) Yes, I did that... no milter-link tagging the msg, MS works. Alex From MailScanner at ecs.soton.ac.uk Sun Mar 23 20:05:49 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 23 20:06:43 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E6A045.9010601@alexb.ch> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> <47E699FB.1040005@vanderkooij.org> <47E6A045.9010601@alexb.ch> Message-ID: <47E6B81D.6060002@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Broens wrote: > On 3/23/2008 6:57 PM, Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Alex Broens wrote: >> | On 3/23/2008 5:28 PM, Glenn Steen wrote: >> |> On 23/03/2008, Gerard wrote: >> |>> On Sun, 23 Mar 2008 14:29:02 +0000 >> |>> Julian Field wrote: >> |>> >> |>> > Has anyone run Postfix 2.5 with MailScanner? >> |>> > Is it known to work okay? >> |>> >> |>> >> |>> I suppose asking Wietse Venema is out of the question. >> |>> >> |>> Actually, I did see one posting regarding it; however, it >> received the >> |>> standard response that Mailscanner was not supported, etc. and that >> |>> ended the thread. >> |>> >> |>> I will be configuring a new FreeBSD-7.0 machine shortly that >> will have >> |>> Postfix-2.6 (current-beta) installed. However, that will not be for >> |>> another month or so. Sorry I could not help. >> |>> >> |> So you're skipping 2.5 altogether? I *might* be able tosqueeze this >> |> in, but ... far from sure:-(. Would be great if someone already had >> |> tried it all:-). >> | >> | Glenn >> | >> | I'm having an issue with MS/Postfix 2.5.1 and milter-link. >> | >> | MS won't process the msg after milter-link added its tags. >> | >> | A birdie told me you're the MailScanner Postfix Q file detective. >> | >> | wanna share my headache? :-) >> >> Not exactly your headache. But what do the headers look like before and >> after milter-link has touched them? > > that is a question I can't really answer (yet) milter-link adds 1 > header and modifies the subject and MS chokes on the changes > As the files are in Pfix Q format... it escapes my knowledge as to how > to correctly take the file apart and see what the difference is. If I were you, I would leave that bit to Glenn. 'postcat' can print it out nicely, but otherwise Glenn needs to look at the actual binary structure really. > > I can provide samples of the Pfix Q files which MS happily ignores and > leaves in Hold Q to rot. Please send Glenn everything you have. > >> I assume that if you just disable milter-link that everything is OK? >> (OK, I did not assume, I just asked explicitly ;-) > > Yes, I did that... no milter-link tagging the msg, MS works. That's good to know. But can we analyse (and hopefully fix :-) the problem quickly? Thanks folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH5rggEfZZRxQVtlQRAixPAJ0UE1tvgt/RF/KfAz/94l8cWjSKXgCdHYc0 1kywqWYeqstL4DBNG/0qxNI= =3dad -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mikael at syska.dk Sun Mar 23 20:07:11 2008 From: mikael at syska.dk (Mikael Syska) Date: Sun Mar 23 20:07:44 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E6692E.6010400@ecs.soton.ac.uk> References: <47E6692E.6010400@ecs.soton.ac.uk> Message-ID: <6beca9db0803231307l42afc4aag10de12e70cb9c167@mail.gmail.com> Hi Julian, We were running 2.5.1 ... http://www.freshports.org/mail/postfix/ on a brand new HP server ... but after a few days of procssing the motherboard broke .... so a replacement is ordered. Until that, it ran just fine .... But about the milter-link thing the others are talking about .... only using it if its part of MS ... :-) // ouT On Sun, Mar 23, 2008 at 3:29 PM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Has anyone run Postfix 2.5 with MailScanner? > Is it known to work okay? > > Thanks! (need a quick answer to this one, please) > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH5mk0EfZZRxQVtlQRAqz/AKCZ9CAmI/l1RjghRjeHAvNXfdKIEwCePkZu > Z0aOrEd5GQEicriDmtJXzSI= > =u2bh > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From glenn.steen at gmail.com Sun Mar 23 20:25:20 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 23 20:25:55 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <47E6B81D.6060002@ecs.soton.ac.uk> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> <47E699FB.1040005@vanderkooij.org> <47E6A045.9010601@alexb.ch> <47E6B81D.6060002@ecs.soton.ac.uk> Message-ID: <223f97700803231325o77ec4d54ucc3452a3bd478433@mail.gmail.com> On 23/03/2008, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Alex Broens wrote: > > On 3/23/2008 6:57 PM, Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Alex Broens wrote: > >> | On 3/23/2008 5:28 PM, Glenn Steen wrote: > >> |> On 23/03/2008, Gerard wrote: > >> |>> On Sun, 23 Mar 2008 14:29:02 +0000 > >> |>> Julian Field wrote: > >> |>> > >> |>> > Has anyone run Postfix 2.5 with MailScanner? > >> |>> > Is it known to work okay? > >> |>> > >> |>> > >> |>> I suppose asking Wietse Venema is out of the question. > >> |>> > >> |>> Actually, I did see one posting regarding it; however, it > >> received the > >> |>> standard response that Mailscanner was not supported, etc. and that > >> |>> ended the thread. > >> |>> > >> |>> I will be configuring a new FreeBSD-7.0 machine shortly that > >> will have > >> |>> Postfix-2.6 (current-beta) installed. However, that will not be for > >> |>> another month or so. Sorry I could not help. > >> |>> > >> |> So you're skipping 2.5 altogether? I *might* be able tosqueeze this > >> |> in, but ... far from sure:-(. Would be great if someone already had > >> |> tried it all:-). > >> | > >> | Glenn > >> | > >> | I'm having an issue with MS/Postfix 2.5.1 and milter-link. > >> | > >> | MS won't process the msg after milter-link added its tags. > >> | > >> | A birdie told me you're the MailScanner Postfix Q file detective. > >> | > >> | wanna share my headache? :-) > >> > >> Not exactly your headache. But what do the headers look like before and > >> after milter-link has touched them? > > > > that is a question I can't really answer (yet) milter-link adds 1 > > header and modifies the subject and MS chokes on the changes > > As the files are in Pfix Q format... it escapes my knowledge as to how > > to correctly take the file apart and see what the difference is. > > If I were you, I would leave that bit to Glenn. 'postcat' can print it > out nicely, but otherwise Glenn needs to look at the actual binary > structure really. > > > > > I can provide samples of the Pfix Q files which MS happily ignores and > > leaves in Hold Q to rot. > > Please send Glenn everything you have. > > > > >> I assume that if you just disable milter-link that everything is OK? > >> (OK, I did not assume, I just asked explicitly ;-) > > > > Yes, I did that... no milter-link tagging the msg, MS works. > > That's good to know. But can we analyse (and hopefully fix :-) the > problem quickly? > > Thanks folks! > Doing my very best... Have a bit limited machines @home, but will shift things over to a testbed at work and do this remotely. Hopefully will know what happens to it in a few minutes/hours... Depending on what the wife says...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Sun Mar 23 20:31:13 2008 From: gerard at seibercom.net (Gerard) Date: Sun Mar 23 20:31:58 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> Message-ID: <20080323163113.399dcd36@scorpio> On Sun, 23 Mar 2008 17:28:44 +0100 "Glenn Steen" wrote: > So you're skipping 2.5 altogether? I *might* be able tosqueeze this > in, but ... far from sure:-(. Would be great if someone already had > tried it all:-). Actually, I am setting up a small system to test various software. Since Postfix-2.5.x is all ready released as a stable product, testing it in various configurations and against different software would seem like a waste of time. I do know that Postfix made several changes to it's 'milter' support in the 2.5.x' release. Not sure about the other stuff though. It is a well known fact that Wietse Venema wants his program to be accessed via standard SMTP and other documented protocols. Maybe he is atempting to enforce that behavior. That would only be a guess. More than likely, the changes he made in the final 2.5.x release simply caused unintentional problems with MailScanner. -- Gerard gerard@seibercom.net The problem with this country is that there is no death penalty for incompetence. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080323/0dd52946/signature.bin From glenn.steen at gmail.com Sun Mar 23 20:45:23 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 23 20:45:59 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <6beca9db0803231307l42afc4aag10de12e70cb9c167@mail.gmail.com> References: <47E6692E.6010400@ecs.soton.ac.uk> <6beca9db0803231307l42afc4aag10de12e70cb9c167@mail.gmail.com> Message-ID: <223f97700803231345p21b7ed64gfd95888394fbd3d4@mail.gmail.com> On 23/03/2008, Mikael Syska wrote: > Hi Julian, > > We were running 2.5.1 ... http://www.freshports.org/mail/postfix/ on a > brand new HP server ... but after a few days of procssing the > motherboard broke .... so a replacement is ordered. > > Until that, it ran just fine .... > > But about the milter-link thing the others are talking about .... only > using it if its part of MS ... :-) > > // ouT If any of our regular Postfix/MailScanner/milter users could confirmthat their milters still work, that would be nice:-). There should be some milter-greylist users at least:-):-). Cheers -- Glenn > > On Sun, Mar 23, 2008 at 3:29 PM, Julian Field > > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Has anyone run Postfix 2.5 with MailScanner? > > Is it known to work okay? > > > > Thanks! (need a quick answer to this one, please) > > > > Jules > > > > - -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > MailScanner customisation, or any advanced system administration help? > > Contact me at Jules@Jules.FM > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > PGP public key: http://www.jules.fm/julesfm.asc > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.8.2 (Build 3005) > > Comment: Use Thunderbird Enigmail to verify this message > > Charset: ISO-8859-1 > > > > wj8DBQFH5mk0EfZZRxQVtlQRAqz/AKCZ9CAmI/l1RjghRjeHAvNXfdKIEwCePkZu > > Z0aOrEd5GQEicriDmtJXzSI= > > =u2bh > > -----END PGP SIGNATURE----- > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Sun Mar 23 21:06:26 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 23 21:07:24 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <223f97700803231325o77ec4d54ucc3452a3bd478433@mail.gmail.com> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <47E68E97.7090502@alexb.ch> <47E699FB.1040005@vanderkooij.org> <47E6A045.9010601@alexb.ch> <47E6B81D.6060002@ecs.soton.ac.uk> <223f97700803231325o77ec4d54ucc3452a3bd478433@mail.gmail.com> Message-ID: <47E6C652.1070209@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 23/03/2008, Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Alex Broens wrote: >> > On 3/23/2008 6:57 PM, Hugo van der Kooij wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Alex Broens wrote: >> >> | On 3/23/2008 5:28 PM, Glenn Steen wrote: >> >> |> On 23/03/2008, Gerard wrote: >> >> |>> On Sun, 23 Mar 2008 14:29:02 +0000 >> >> |>> Julian Field wrote: >> >> |>> >> >> |>> > Has anyone run Postfix 2.5 with MailScanner? >> >> |>> > Is it known to work okay? >> >> |>> >> >> |>> >> >> |>> I suppose asking Wietse Venema is out of the question. >> >> |>> >> >> |>> Actually, I did see one posting regarding it; however, it >> >> received the >> >> |>> standard response that Mailscanner was not supported, etc. and that >> >> |>> ended the thread. >> >> |>> >> >> |>> I will be configuring a new FreeBSD-7.0 machine shortly that >> >> will have >> >> |>> Postfix-2.6 (current-beta) installed. However, that will not be for >> >> |>> another month or so. Sorry I could not help. >> >> |>> >> >> |> So you're skipping 2.5 altogether? I *might* be able tosqueeze this >> >> |> in, but ... far from sure:-(. Would be great if someone already had >> >> |> tried it all:-). >> >> | >> >> | Glenn >> >> | >> >> | I'm having an issue with MS/Postfix 2.5.1 and milter-link. >> >> | >> >> | MS won't process the msg after milter-link added its tags. >> >> | >> >> | A birdie told me you're the MailScanner Postfix Q file detective. >> >> | >> >> | wanna share my headache? :-) >> >> >> >> Not exactly your headache. But what do the headers look like before and >> >> after milter-link has touched them? >> > >> > that is a question I can't really answer (yet) milter-link adds 1 >> > header and modifies the subject and MS chokes on the changes >> > As the files are in Pfix Q format... it escapes my knowledge as to how >> > to correctly take the file apart and see what the difference is. >> >> If I were you, I would leave that bit to Glenn. 'postcat' can print it >> out nicely, but otherwise Glenn needs to look at the actual binary >> structure really. >> >> >> > I can provide samples of the Pfix Q files which MS happily ignores and >> > leaves in Hold Q to rot. >> >> Please send Glenn everything you have. >> >> >> >> I assume that if you just disable milter-link that everything is OK? >> >> (OK, I did not assume, I just asked explicitly ;-) >> > >> > Yes, I did that... no milter-link tagging the msg, MS works. >> >> That's good to know. But can we analyse (and hopefully fix :-) the >> problem quickly? >> >> Thanks folks! >> >> > Doing my very best... Have a bit limited machines @home, but will > shift things over to a testbed at work and do this remotely. Hopefully > will know what happens to it in a few minutes/hours... Depending on > what the wife says...:-) > Can I help in that respect? (Not with the wife, but with the machines :-) I can give you access to a RHEL5 box if that helps? It's one of my devel machines. I can give you ssh access to it in a few minutes if that will help. Mail me back if you're interested. It only has whatever Postfix on it that RHEL 5 supplies, anything beyond that you'll have to install yourself. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH5sZeEfZZRxQVtlQRAqscAKCRogUihDW2rGouhZmifNvVQS8L4wCguYkr 3V4eBkoibNUJV2Lj2OvWRqs= =USz7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Sun Mar 23 21:16:15 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 23 21:16:51 2008 Subject: Postfix 2.5 with MailScanner? In-Reply-To: <20080323163113.399dcd36@scorpio> References: <47E6692E.6010400@ecs.soton.ac.uk> <20080323105855.5e8935b4@scorpio> <223f97700803230928n291c2debn1804dabee8f0bb90@mail.gmail.com> <20080323163113.399dcd36@scorpio> Message-ID: <223f97700803231416x3c5e7410vccc3bd2ed5d3c9d0@mail.gmail.com> On 23/03/2008, Gerard wrote: > On Sun, 23 Mar 2008 17:28:44 +0100 > > "Glenn Steen" wrote: > > > > So you're skipping 2.5 altogether? I *might* be able tosqueeze this > > in, but ... far from sure:-(. Would be great if someone already had > > tried it all:-). > > > Actually, I am setting up a small system to test various software. > Since Postfix-2.5.x is all ready released as a stable product, testing > it in various configurations and against different software would seem > like a waste of time. :-) > I do know that Postfix made several changes to it's 'milter' support in > the 2.5.x' release. Not sure about the other stuff though. It is a well But AFAICT nothing that would break the milter handling in MailScanner... We should "survive" those changes. The queue files I've seen from Alex looks ... sane... from that perspective. > known fact that Wietse Venema wants his program to be accessed via > standard SMTP and other documented protocols. Maybe he is atempting to > enforce that behavior. That would only be a guess. More than likely, I don't think so, no. Might be some "off by one" obscurity on my part, but I doubt that too. > the changes he made in the final 2.5.x release simply caused > unintentional problems with MailScanner. Actually we're not exactly sure here:-). I need some logs from Alex before I can tell for sure what's up... If anything. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 24 00:50:04 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 24 00:50:41 2008 Subject: Postfix 2.5 with MailScanner? Bug found, fix attached... Message-ID: <223f97700803231750r160fe9c1t688259f86e40ddcd@mail.gmail.com> On 23/03/2008, Glenn Steen wrote: > On 23/03/2008, Gerard wrote: > > > On Sun, 23 Mar 2008 17:28:44 +0100 > > > > "Glenn Steen" wrote: > > > > > > > So you're skipping 2.5 altogether? I *might* be able tosqueeze this > > > in, but ... far from sure:-(. Would be great if someone already had > > > tried it all:-). > > > > > > Actually, I am setting up a small system to test various software. > > Since Postfix-2.5.x is all ready released as a stable product, testing > > it in various configurations and against different software would seem > > like a waste of time. > :-) > > > I do know that Postfix made several changes to it's 'milter' support in > > the 2.5.x' release. Not sure about the other stuff though. It is a well > > But AFAICT nothing that would break the milter handling in > MailScanner... We should "survive" those changes. The queue files I've > seen from Alex looks ... sane... from that perspective. > > > > known fact that Wietse Venema wants his program to be accessed via > > standard SMTP and other documented protocols. Maybe he is atempting to > > enforce that behavior. That would only be a guess. More than likely, > > I don't think so, no. > Might be some "off by one" obscurity on my part, but I doubt that too. > > > > the changes he made in the final 2.5.x release simply caused > > unintentional problems with MailScanner. > > Actually we're not exactly sure here:-). I need some logs from Alex > before I can tell for sure what's up... If anything. > > > Cheers Well, I'm now sure of what happens,and I have a pretty certain view of why it happens now and not before... So this is good news:-). Sad thing is it happened to be a genuine bug by yours truly. With 2.5/2.5.1 the (false) assumption that I could happily ignore w and p records while positioning to read the actual body into the message object isn't true anymore. So one by one the MailScanner children would enter a forever loop in the Start function of the Body class in PFDiskStore (one child/new message with a milter action... With milters that don't change many messages, this could take a while to be known... And a restart of MS would "clear things up" for a while. Sigh. I feel a ripe fool...). The fix is pretty straightforward: Just make sure we do the same in the Start functions while loop as we do for the Next action when actually reading the message body. Earlier the logic for inserting the pointer records were slightly different (in PF). Which would explain why it worked then (more or less by accident... By design, but a flawed design:-). Anyway... I'll attach a patch for PFDiskStore.pm that should be clean against the latest stable. Alex, please apply and report back any findings... Actually.... This goes for anyone using Postfix, especially if you are using a milter... We need handle this bug ASAP.... For diverse reasons. Jules, could we have a beta with this in? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -------------- next part -------------- A non-text attachment was scrubbed... Name: PFDiskStore.pm.milterfix.patch.gz Type: application/x-gzip Size: 472 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080324/b7ecc7f0/PFDiskStore.pm.milterfix.patch.gz From ms-list at alexb.ch Mon Mar 24 09:59:43 2008 From: ms-list at alexb.ch (Alex Broens) Date: Mon Mar 24 10:00:22 2008 Subject: Postfix 2.5 with MailScanner? Bug found, fix attached... In-Reply-To: <223f97700803231750r160fe9c1t688259f86e40ddcd@mail.gmail.com> References: <223f97700803231750r160fe9c1t688259f86e40ddcd@mail.gmail.com> Message-ID: <47E77B8F.8060207@alexb.ch> On 3/24/2008 1:50 AM, Glenn Steen wrote: > Alex, please apply and report back any findings... applied 2 hrs ago, MS seems to be purring happily again. haven't seen anything weird yet. watching carefully > Actually.... This goes for anyone using Postfix, especially if you are > using a milter... We need handle this bug ASAP.... For diverse > reasons. > > Jules, could we have a beta with this in? Question: would it be wise (or kamikaze) to use this version of PFDiskstore.pm on older versions of MS ? I have abunch of boxes which still run 1 year old MS versions, without problems, except I cannot use the milter on them. thx Alex From glenn.steen at gmail.com Mon Mar 24 11:05:49 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 24 11:06:25 2008 Subject: Postfix 2.5 with MailScanner? Bug found, fix attached... In-Reply-To: <47E77B8F.8060207@alexb.ch> References: <223f97700803231750r160fe9c1t688259f86e40ddcd@mail.gmail.com> <47E77B8F.8060207@alexb.ch> Message-ID: <223f97700803240405j49b79283w53542376ab08c9a0@mail.gmail.com> On 24/03/2008, Alex Broens wrote: > On 3/24/2008 1:50 AM, Glenn Steen wrote: > > Alex, please apply and report back any findings... > > > applied 2 hrs ago, MS seems to be purring happily again. > haven't seen anything weird yet. > watching carefully > Many thanks Alex! > > > Actually.... This goes for anyone using Postfix, especially if you are > > using a milter... We need handle this bug ASAP.... For diverse > > reasons. > > > > Jules, could we have a beta with this in? > > > Question: would it be wise (or kamikaze) to use this version of > PFDiskstore.pm on older versions of MS ? The patch should be fairly able to apply to any version of MailScanner from somewhere like 4.62.7 and up. How old is the version your thinking of patching? Worst case, apply by hand (it'ls really just 4 lines of code:-). > I have abunch of boxes which still run 1 year old MS versions, without > problems, except I cannot use the milter on them. Hm, one year back... Should be OK to patch. Try one and see what happens... Should be safe enough. > thx > > Alex > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Mar 24 12:07:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 12:16:23 2008 Subject: Postfix 2.5 with MailScanner? Bug found, fix attached... In-Reply-To: <223f97700803240405j49b79283w53542376ab08c9a0@mail.gmail.com> References: <223f97700803231750r160fe9c1t688259f86e40ddcd@mail.gmail.com> <47E77B8F.8060207@alexb.ch> <223f97700803240405j49b79283w53542376ab08c9a0@mail.gmail.com> Message-ID: <47E7999D.2040406@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > On 24/03/2008, Alex Broens wrote: > >> On 3/24/2008 1:50 AM, Glenn Steen wrote: >> > Alex, please apply and report back any findings... >> >> >> applied 2 hrs ago, MS seems to be purring happily again. >> haven't seen anything weird yet. >> watching carefully >> >> > > Many thanks Alex! > > >> > Actually.... This goes for anyone using Postfix, especially if you are >> > using a milter... We need handle this bug ASAP.... For diverse >> > reasons. >> > >> > Jules, could we have a beta with this in? >> >> >> Question: would it be wise (or kamikaze) to use this version of >> PFDiskstore.pm on older versions of MS ? >> > The patch should be fairly able to apply to any version of MailScanner > from somewhere like 4.62.7 and up. How old is the version your > thinking of patching? > Worst case, apply by hand (it'ls really just 4 lines of code:-). > > >> I have abunch of boxes which still run 1 year old MS versions, without >> problems, except I cannot use the milter on them. >> > > Hm, one year back... Should be OK to patch. Try one and see what > happens... Should be safe enough. > I have just released a new beta 4.68.6 with this code in it. Please try it out for size. Thanks folks! Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH55mdEfZZRxQVtlQRAg1EAKDcoypUfGhHtfr+tDjorCTIzfSZIgCgpSeD 4jlOpXheS2cOV2875esuhKc= =OWst -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at skynet-srl.com Mon Mar 24 13:15:21 2008 From: alex at skynet-srl.com (Alessandro Bianchi) Date: Mon Mar 24 13:16:02 2008 Subject: Postfix 2.5 with MailScanner In-Reply-To: <200803241201.m2OC039R012852@safir.blacknight.ie> References: <200803241201.m2OC039R012852@safir.blacknight.ie> Message-ID: <47E7A969.2030502@skynet-srl.com> It works fine I'm running it on two different Fedora servers with mysql support and queue split (requires ne single postfix instance). I've been running sendmail with mysql patch for a long time, and postfix performance in much better Hope this helps Best regards Alessandro Bianchi From lmachite00 at yahoo.com.br Mon Mar 24 13:42:28 2008 From: lmachite00 at yahoo.com.br (Luis Marcelo Achite) Date: Mon Mar 24 13:43:18 2008 Subject: Misterey between Sendmail and MailScanner. Messages are missing!! Message-ID: <47E7AFC4.8080200@yahoo.com.br> Hi, I have a mail server with the following softwares installed: Sendmail Procmail MailScanner with SpamAssassin and Anti-virus software All software are updated with last versions and the process is working correct. As sendmail receives a message, it passes to MailScanner, which passes to SpamAssassin and Anti-Virus Software. After, MailScanner returns to sendmail and the message is passed to procmail. Than the message is released to the user at /var/spool/mail. This structure is working for years. Now the problem: Yesterday a user complain about messages that did not arrived to her (6 messages). I looked on the procmail log + sendmail log and found something curious. From procmail log, I can see that only 3 messages were delivered to the user?s inbox folder. From sendmail log, I can see that 6 messages were delivered to the user. Notice that the log is ok for sendmail and no error is being showed. Below you can see part of the logs. I was wondering were is the 3 messages. The user did not receive them and neither deleted. Actually from procmail log I can see that this is true, as there is only 3 messages. Any hint to solve this mistery? Thanks for any information and help on this. Regards. Marcelo PS: From the logs below, notice that message 1 was delivered but not message 2. There is no reference to message 2 at procmail.log, but apparently nothing wrong happened to that message, as we can see from sendmail.log. Any comment or suggestion? Thanks PROCMAIL.LOG MESSAGE 1 From X...@terra.com.br Wed Mar 19 09:31:34 2008 Subject: YYYYYYYYYYYYYYYYYY Folder: /var/spool/mail/lucy 278546 SENDMAIL.LOG MESSAGE 1 Mar 19 09:31:32 iaibr1 sm-mta-mailscanner[28333]: m2JCVVMZ028333: from=, Mar 19 09:31:32 iaibr1 sm-mta-mailscanner[28333]: m2JCVVMZ028333: Milter accept: message Mar 19 09:31:34 iaibr1 MailScanner[20061]: Virus Scanning completed at 165499 bytes per second Mar 19 09:31:34 iaibr1 MailScanner[20061]: Uninfected: Delivered 1 messages Mar 19 09:31:34 iaibr1 MailScanner[20061]: Batch completed at 156836 bytes per second (277248 / 1) Mar 19 09:31:34 iaibr1 MailScanner[20061]: Batch (1 message) processed in 1.77 seconds Mar 19 09:31:34 iaibr1 sendmail[28343]: m2JCVVMZ028333: to=, delay=00:00:03, xdelay=00:00:00, mailer=local, pri=396417, dsn=2.0.0, stat=Sent MESSAGE 2 Mar 19 09:59:26 iaibr1 sm-mta-mailscanner[30598]: m2JCxOwx030598: from=, Mar 19 09:59:26 iaibr1 sm-mta-mailscanner[30598]: m2JCxOwx030598: Milter accept: message Mar 19 09:59:28 iaibr1 MailScanner[29021]: Uninfected: Delivered 1 messages Mar 19 09:59:28 iaibr1 MailScanner[29021]: Batch completed at 890281 bytes per second (1795543 / 2) Mar 19 09:59:28 iaibr1 MailScanner[29021]: Batch (1 message) processed in 2.02 seconds Mar 19 09:59:29 iaibr1 sendmail[30609]: m2JCxOwx030598: to=, delay=00:00:05, xdelay=00:00:01, mailer=local, pri=1914711, dsn=2.0.0, stat=Sent -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Mon Mar 24 13:44:07 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Mar 24 13:45:17 2008 Subject: Spam Assasin Timeouts Message-ID: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> Hi all I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". The number of messages recieved per day is stable between 1500 and 2500. I've been looking at log-files, and can't find anyting to put my finger on, other than the number of timeout's per date, and system load (increased from 0.1 to 0.3): "Mar 10" 0 timeout's "Mar 11" 0 timeout's "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to MailScanner-4.67.6-1) "Mar 13" 0 timeout's "Mar 14" 0 timeout's "Mar 15" 0 timeout's "Mar 16" 82 timeout's "Mar 17" 141 timeout's "Mar 18" 45 timeout's "Mar 19" 156 timeout's "Mar 20" 130 timeout's "Mar 21" 110 timeout's "Mar 22" 723 timeout's Hmm, watching the maillog scroll up on the console, i notice that every "MCP Checks: Starting" results in a timeout. The only (i think) non standard stuff i got, is a few rules in /etc/mail/spamassassin minus the (scramble) part ;^) fumlersoft.cf : body I_AM_NICE_GIRL /(scramble)I am nice girl/i describe I_AM_NICE_GIRL I am nice girl that would like to chat with you. score I_AM_NICE_GIRL 5.0 body JERTECH_RULE1 /(scramble)jertechinc.com/i describe JERTECH_RULE1 JERTECH INC Advanced fee scam. score JERTECH_RULE1 5.0 body JERTECH_RULE2 /(scramble)JerTech Inc/i describe JERTECH_RULE2 JerTech Inc - Advanced fee scam. score JERTECH_RULE2 5.0 body BLOGSPOT_RULE1 /(scramble)blogspot.com/i describe BLOGSPOT_RULE1 blocspot.com - promotes porn sites. score BLOGSPOT_RULE1 5.0 header MBM_KOI8_RULE1 Subject =~ /(scramble)koi8-/i describe MBM_KOI8_RULE1 Filter for Cyrilic (KOI8) stuff. score MBM_KOI8_RULE1 5.0 body MBM_KOI8_RULE2 /(scramble)koi8-/i describe MBM_KOI8_RULE2 Filter for Cyrilic (KOI8) stuff. score MBM_KOI8_RULE2 5.0 Any ideas to where i should start to look, would be greately apreaciated. On Mon, March 10, 2008 14:26, Gareth wrote: > I scan about 1000 messages per day and get about 1-3 timeouts. > I do run lots of additional rules though. > > On Mon, 2008-03-10 at 12:43, Paul Houselander (SME) wrote: >> Hi List >> >> >> >> I get a few complaints from users that Spam has got through, quite often when I investigate the message I can see in the logs that that SpamAssassin timed out and therefore scored zero. >> >> >> >> Looking at logwatch an average day I would see >> >> >> >> 20166 messages Scanned by MailScanner >> >> 170 SpamAssassin timeout(s) >> >> >> >> Im just after tips as to how to troubleshoot/minimize timeouts, sometimes ive managed to get a copy of the message and ran >> spamassasin ???t ???D < message and it works and scores fine, >> I don't think its down to load as the load average rarely goes >> above 3.00 on this server. I also run a caching name server >> >> >> >> Ive also tried upping the SpamAssasin timeout from 60 to 120? >> >> >> >> Any other tips? I was thinking perhaps an option if spamassasin times out the message could be put back in mqueue.in for a further attempt to scan the message? >> >> >> >> Kind Regards >> >> >> >> Paul >> -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From TGFurnish at herffjones.com Mon Mar 24 16:11:09 2008 From: TGFurnish at herffjones.com (Furnish, Trever G) Date: Mon Mar 24 16:11:47 2008 Subject: Once more, this time no html, sorry: does "is.definitely.spam" yield SA training? Message-ID: <57573D714A832C43B9D80EAFBDA48D030A03EB4D@inex3.herffjones.hj-int> Was a bit surprised no one replied to this one the first time (March 7th), but then I realized I'd sent it in html. Sorry. :-/ Must have been a bad week. ---------------- If a message is marked as spam thanks to being caught by an "Is Definitely Spam" rule, does that message get passed to spamassassin for training Bayes? I found a source of spam that still uses a static IP address and doesn't send out enough that processing it is a problem, so rather than block it at the MTA I thought, "Let them train the system..." But then I thought about it a bit more and began to wonder whether MailScanner even runs SA on mail you've categorized that way. -- Trever Furnish, tgfurnish@herffjones.com Herff Jones, Inc. Unix / Network Administrator Phone: 317.612.3519 Any sufficiently advanced technology is indistinguishable from Unix. From adc at dc-uoit.net Mon Mar 24 16:16:41 2008 From: adc at dc-uoit.net (unix admin) Date: Mon Mar 24 16:17:21 2008 Subject: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log In-Reply-To: <081501c88b6f$5084cb90$f18e62b0$@com> References: <081501c88b6f$5084cb90$f18e62b0$@com> Message-ID: <20080324161641.GA7706@logger.dc-uoit.net> On Fri, Mar 21, 2008 at 09:19:18AM -0700, Greg Deputy wrote: > I'm running debian etch, just upgraded to MailScanner 4.67.6 from 4.66.5. I > suddenly stopped seeing MailScanner logging in my /var/log/mail.log file a > few weeks back in 4.66.5 and could never find out why. I thought maybe > upgrading to the latest version would fix it, but no go. I could use some > help to figure out why. where is your razor-agent logging to? i had a very similar issue about a year ago, and if i remember correctly it occured when i instructed razor-agent to log via syslog. check your /etc/razor/razor-agent.conf file... hope this helps, adc From MailScanner at ecs.soton.ac.uk Mon Mar 24 16:59:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 17:00:19 2008 Subject: Once more, this time no html, sorry: does "is.definitely.spam" yield SA training? In-Reply-To: <57573D714A832C43B9D80EAFBDA48D030A03EB4D@inex3.herffjones.hj-int> References: <57573D714A832C43B9D80EAFBDA48D030A03EB4D@inex3.herffjones.hj-int> Message-ID: <47E7DDF8.7030105@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Furnish, Trever G wrote: > Was a bit surprised no one replied to this one the first time (March > 7th), but then I realized I'd sent it in html. Sorry. :-/ Must have > been a bad week. > > ---------------- > > If a message is marked as spam thanks to being caught by an "Is > Definitely Spam" rule, does that message get passed to spamassassin for > training Bayes? > Not unless you choose to Always Include SpamAssassin Report. Otherwise it's mostly a waste of cycles. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH5936EfZZRxQVtlQRAjfUAKDqTic5uz7WFPzRsUoQJdjtc0o4zgCeNsZK pA158oZ98GOsN18UQR1Iu4w= =NQou -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 24 17:03:22 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 17:03:43 2008 Subject: Misterey between Sendmail and MailScanner. Messages are missing!! In-Reply-To: <47E7AFC4.8080200@yahoo.com.br> References: <47E7AFC4.8080200@yahoo.com.br> Message-ID: <47E7DEDA.7090701@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As MailScanner quite plainly handed the 2 messages back to sendmail, which records that it successfully delivered them, I would look at your procmail setup, as that is where the messages must be being dropped. I don't think this is a MailScanner problem. Luis Marcelo Achite wrote: > Hi, > > I have a mail server with the following softwares installed: > > Sendmail > Procmail > MailScanner with SpamAssassin and Anti-virus software > > All software are updated with last versions and the process is working > correct. As sendmail receives a message, it passes to MailScanner, > which passes to SpamAssassin and Anti-Virus Software. After, > MailScanner returns to sendmail and the message is passed to procmail. > Than the message is released to the user at /var/spool/mail. This > structure is working for years. > > Now the problem: Yesterday a user complain about messages that did not > arrived to her (6 messages). I looked on the procmail log + sendmail > log and found something curious. From procmail log, I can see that > only 3 messages were delivered to the user?s inbox folder. From > sendmail log, I can see that 6 messages were delivered to the user. > Notice that the log is ok for sendmail and no error is being showed. > Below you can see part of the logs. > > I was wondering were is the 3 messages. The user did not receive them > and neither deleted. Actually from procmail log I can see that this is > true, as there is only 3 messages. Any hint to solve this mistery? > > Thanks for any information and help on this. > > Regards. > > Marcelo > > PS: From the logs below, notice that message 1 was delivered but not > message 2. There is no reference to message 2 at procmail.log, but > apparently nothing wrong happened to that message, as we can see from > sendmail.log. Any comment or suggestion? Thanks > > PROCMAIL.LOG > > MESSAGE 1 > From X...@terra.com.br Wed Mar 19 09:31:34 2008 > Subject: YYYYYYYYYYYYYYYYYY > Folder: /var/spool/mail/lucy > 278546 > > SENDMAIL.LOG > > MESSAGE 1 > Mar 19 09:31:32 iaibr1 sm-mta-mailscanner[28333]: m2JCVVMZ028333: > from=, > Mar 19 09:31:32 iaibr1 sm-mta-mailscanner[28333]: m2JCVVMZ028333: > Milter accept: message > Mar 19 09:31:34 iaibr1 MailScanner[20061]: Virus Scanning completed at > 165499 bytes per second > Mar 19 09:31:34 iaibr1 MailScanner[20061]: Uninfected: Delivered 1 > messages > Mar 19 09:31:34 iaibr1 MailScanner[20061]: Batch completed at 156836 > bytes per second (277248 / 1) > Mar 19 09:31:34 iaibr1 MailScanner[20061]: Batch (1 message) processed > in 1.77 seconds > Mar 19 09:31:34 iaibr1 sendmail[28343]: m2JCVVMZ028333: > to=, delay=00:00:03, xdelay=00:00:00, mailer=local, > pri=396417, dsn=2.0.0, stat=Sent > > MESSAGE 2 > Mar 19 09:59:26 iaibr1 sm-mta-mailscanner[30598]: m2JCxOwx030598: > from=, > Mar 19 09:59:26 iaibr1 sm-mta-mailscanner[30598]: m2JCxOwx030598: > Milter accept: message > Mar 19 09:59:28 iaibr1 MailScanner[29021]: Uninfected: Delivered 1 > messages > Mar 19 09:59:28 iaibr1 MailScanner[29021]: Batch completed at 890281 > bytes per second (1795543 / 2) > Mar 19 09:59:28 iaibr1 MailScanner[29021]: Batch (1 message) processed > in 2.02 seconds > Mar 19 09:59:29 iaibr1 sendmail[30609]: m2JCxOwx030598: > to=, delay=00:00:05, xdelay=00:00:01, mailer=local, > pri=1914711, dsn=2.0.0, stat=Sent > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH597fEfZZRxQVtlQRAsusAKDuP14m+eYCaaiKPWpbKKo/RdoajwCg6+jJ lWhlm/NVfcZRgz43oi45+0I= =9hfz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Mon Mar 24 18:17:15 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 24 18:18:21 2008 Subject: Spam Assasin Timeouts In-Reply-To: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> Message-ID: on 3-24-2008 6:44 AM Mogens Melander spake the following: > Hi all > > I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". > > The number of messages recieved per day is stable between 1500 and 2500. > > I've been looking at log-files, and can't find anyting to put my finger on, other than the number > of timeout's per date, and system load (increased from 0.1 to 0.3): > > "Mar 10" 0 timeout's > "Mar 11" 0 timeout's > "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to MailScanner-4.67.6-1) > "Mar 13" 0 timeout's > "Mar 14" 0 timeout's > "Mar 15" 0 timeout's > "Mar 16" 82 timeout's > "Mar 17" 141 timeout's > "Mar 18" 45 timeout's > "Mar 19" 156 timeout's > "Mar 20" 130 timeout's > "Mar 21" 110 timeout's > "Mar 22" 723 timeout's > > Hmm, watching the maillog scroll up on the console, i notice that every "MCP Checks: Starting" > results in a timeout. MCP rules are stored in /etc/MailScanner/mcp. What do you have there? AFAIR you need a v320.pre file in that directory with a minimum of the following; # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080324/828dd3db/signature.bin From rpoe at plattesheriff.org Mon Mar 24 18:27:16 2008 From: rpoe at plattesheriff.org (Rob Poe) Date: Mon Mar 24 18:28:12 2008 Subject: Large uptake in spam? Message-ID: <47E7AC31.65ED.00A2.0@plattesheriff.org> I've noticed a large uptake in the amount of spam my gateways are seeing. Of course, it's causing a higher than normal load on the servers, and people are complaining because we're getting SA timeouts due to the load. Do people here use / recommend setting up Sendmail to reject based on no valid reverse DNS? Milter-SAV ? What free RBL's are people using? The ones I've seen are "Use this lightly" and if you don't .. you get blacklisted from them .. What else do you recommend? I'm using Sendmail / SMF-Grey / SA / MailScanner Server is P4 1.9 2gigs mirrored IDE hard drives.. From mkettler at evi-inc.com Mon Mar 24 18:35:46 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 24 18:36:54 2008 Subject: Once more, this time no html, sorry: does "is.definitely.spam" yield SA training? In-Reply-To: <47E7DDF8.7030105@ecs.soton.ac.uk> References: <57573D714A832C43B9D80EAFBDA48D030A03EB4D@inex3.herffjones.hj-int> <47E7DDF8.7030105@ecs.soton.ac.uk> Message-ID: <47E7F482.4010600@evi-inc.com> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Furnish, Trever G wrote: >> Was a bit surprised no one replied to this one the first time (March >> 7th), but then I realized I'd sent it in html. Sorry. :-/ Must have >> been a bad week. >> >> ---------------- >> >> If a message is marked as spam thanks to being caught by an "Is >> Definitely Spam" rule, does that message get passed to spamassassin for >> training Bayes? >> > Not unless you choose to Always Include SpamAssassin Report. Otherwise > it's mostly a waste of cycles. And even then, it won't result in training unless it happens to meet SA's autolearning criteria.. Correct? i.e.: "Is Definitely Spam" won't actually change anything about the call to SpamAssassin, but may leave SA entirely out if "Always Include SpamAsasssin Report" is disabled (which it is the default). From glenn.steen at gmail.com Mon Mar 24 19:05:31 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 24 19:06:07 2008 Subject: Large uptake in spam? In-Reply-To: <47E7AC31.65ED.00A2.0@plattesheriff.org> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> Message-ID: <223f97700803241205m21bd931dxd03d8d712ffd30a2@mail.gmail.com> On 24/03/2008, Rob Poe wrote: > I've noticed a large uptake in the amount of spam my gateways are seeing. > > Of course, it's causing a higher than normal load on the servers, and people are complaining because we're getting SA timeouts due to the load. > > Do people here use / recommend setting up Sendmail to reject based on no valid reverse DNS? > I wouldn't, but some feel it to be OK. > Milter-SAV ? For recipient verification, not sender verification, yes. Be part of the solution, not the problem... As some would say.:-) > > What free RBL's are people using? The ones I've seen are "Use this lightly" and if you don't .. you get blacklisted from them .. > Since I'm a "light" user, spamhaus works fine for me... Due to regulations etc not in the MTA... Will probably implement selective greylisting as soon as I find time though, and use some BLs for that (as per Matt Kettlers excellent advice). > What else do you recommend? > > I'm using Sendmail / SMF-Grey / SA / MailScanner RFC strictness and greet_pause? > Server is P4 1.9 2gigs mirrored IDE hard drives.. > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From greg at blastzone.com Mon Mar 24 19:10:52 2008 From: greg at blastzone.com (Greg Deputy) Date: Mon Mar 24 19:11:40 2008 Subject: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log In-Reply-To: <20080324161641.GA7706@logger.dc-uoit.net> References: <081501c88b6f$5084cb90$f18e62b0$@com> <20080324161641.GA7706@logger.dc-uoit.net> Message-ID: <0ec301c88de2$c74544b0$55cfce10$@com> Well, that seems to have done it. I have no memory of making changes to my razor when this trouble started (although that doesn't mean it didn't happen) but after telling razor to not use syslog, I'm getting mailscanner logging info again. Thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of unix admin Sent: Monday, March 24, 2008 9:17 AM To: MailScanner discussion Subject: Re: Upgraded to 4.67.6, still not getting any MailScanner messages in Mail.log On Fri, Mar 21, 2008 at 09:19:18AM -0700, Greg Deputy wrote: > I'm running debian etch, just upgraded to MailScanner 4.67.6 from 4.66.5. I > suddenly stopped seeing MailScanner logging in my /var/log/mail.log file a > few weeks back in 4.66.5 and could never find out why. I thought maybe > upgrading to the latest version would fix it, but no go. I could use some > help to figure out why. where is your razor-agent logging to? i had a very similar issue about a year ago, and if i remember correctly it occured when i instructed razor-agent to log via syslog. check your /etc/razor/razor-agent.conf file... hope this helps, adc -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From mogens at fumlersoft.dk Mon Mar 24 19:15:22 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Mar 24 19:16:33 2008 Subject: Spam Assasin Timeouts In-Reply-To: References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> Message-ID: <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> On Mon, March 24, 2008 19:17, Scott Silva wrote: > on 3-24-2008 6:44 AM Mogens Melander spake the following: >> Hi all >> >> I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". >> >> The number of messages recieved per day is stable between 1500 and 2500. >> >> I've been looking at log-files, and can't find anyting to put my finger on, other than the >> number >> of timeout's per date, and system load (increased from 0.1 to 0.3): >> >> "Mar 10" 0 timeout's >> "Mar 11" 0 timeout's >> "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to MailScanner-4.67.6-1) >> "Mar 13" 0 timeout's >> "Mar 14" 0 timeout's >> "Mar 15" 0 timeout's >> "Mar 16" 82 timeout's >> "Mar 17" 141 timeout's >> "Mar 18" 45 timeout's >> "Mar 19" 156 timeout's >> "Mar 20" 130 timeout's >> "Mar 21" 110 timeout's >> "Mar 22" 723 timeout's >> >> Hmm, watching the maillog scroll up on the console, i notice that every "MCP Checks: Starting" >> results in a timeout. > > > > MCP rules are stored in /etc/MailScanner/mcp. What do you have there? > > AFAIR you need a v320.pre file in that directory with a minimum of the following; > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > MailScanner --lint and spamassassin --lint don't give any errors. $ MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamavmodule" Found these virus scanners installed: clamavmodule =========================================================================== Virus Scanner test reports: ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. I got one v320.pre in /etc/MailScanner/mcp $ cat /etc/MailScanner/mcp/v320.pre # Check - Provides main check functionality # loadplugin Mail::SpamAssassin::Plugin::Check And other rules in /etc/mail/spamassassin $ ls -1 /etc/mail/spamassassin/ 70_sare_evilnum0.cf 70_sare_random.cf FuzzyOcr.cf FuzzyOcr.log FuzzyOcr.pm FuzzyOcr.words ImageInfo.pm PDFInfo.pm RulesDuJour/ fumlersoft.cf imageinfo.cf init.pre local.cf mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf pdfinfo.cf pub.gpg sa-update-keys/ tripwire.cf v310.pre v312.pre v320.pre No clues anywhere to what causes timeouts. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at vrt.dk Mon Mar 24 19:55:35 2008 From: jonas at vrt.dk (Jonas A. Larsen) Date: Mon Mar 24 19:56:06 2008 Subject: Spam Assasin Timeouts In-Reply-To: <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> Message-ID: <014501c88de9$06dbe5b0$1493b110$@dk> I have always had spamassassin timeouts... On any type of hardware I used. My fastest hardware has fewest timeouts, but it still has a couple a day. Besides increasing the timeout value in MS I do not know what can be done, except maybe to make SA as little dependant on network tests as possible... That's just my 5 cents. Best regards Jonas Larsen >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] On Behalf Of Mogens Melander >Sent: 24. marts 2008 20:15 >To: MailScanner discussion >Subject: Re: Spam Assasin Timeouts > > >On Mon, March 24, 2008 19:17, Scott Silva wrote: >> on 3-24-2008 6:44 AM Mogens Melander spake the following: >>> Hi all >>> >>> I'm also seeing "a lot" of "Message Content Protection SpamAssassin >timed out and was killed". >>> >>> The number of messages recieved per day is stable between 1500 and >2500. >>> >>> I've been looking at log-files, and can't find anyting to put my >finger on, other than the >>> number >>> of timeout's per date, and system load (increased from 0.1 to 0.3): >>> >>> "Mar 10" 0 timeout's >>> "Mar 11" 0 timeout's >>> "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to >MailScanner-4.67.6-1) >>> "Mar 13" 0 timeout's >>> "Mar 14" 0 timeout's >>> "Mar 15" 0 timeout's >>> "Mar 16" 82 timeout's >>> "Mar 17" 141 timeout's >>> "Mar 18" 45 timeout's >>> "Mar 19" 156 timeout's >>> "Mar 20" 130 timeout's >>> "Mar 21" 110 timeout's >>> "Mar 22" 723 timeout's >>> >>> Hmm, watching the maillog scroll up on the console, i notice that >every "MCP Checks: Starting" >>> results in a timeout. >> >> >> >> MCP rules are stored in /etc/MailScanner/mcp. What do you have there? >> >> AFAIR you need a v320.pre file in that directory with a minimum of the >following; >> >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> > >MailScanner --lint and spamassassin --lint don't give any errors. > >$ MailScanner --lint >Trying to setlogsock(unix) >Checking version numbers... >Version number in MailScanner.conf (4.67.6) is correct. > >Your envelope_sender_header in spam.assassin.prefs.conf is correct. > >Checking for SpamAssassin errors (if you use it)... >SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >SpamAssassin reported no errors. >MailScanner.conf says "Virus Scanners = clamavmodule" >Found these virus scanners installed: clamavmodule >========================================================================= >== >Virus Scanner test reports: >ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" > >If any of your virus scanners (clamavmodule) >are not listed there, you should check that they are installed correctly >and that MailScanner is finding them correctly via its >virus.scanners.conf. > >I got one v320.pre in /etc/MailScanner/mcp > >$ cat /etc/MailScanner/mcp/v320.pre > ># Check - Provides main check functionality ># >loadplugin Mail::SpamAssassin::Plugin::Check > >And other rules in /etc/mail/spamassassin > >$ ls -1 /etc/mail/spamassassin/ >70_sare_evilnum0.cf >70_sare_random.cf >FuzzyOcr.cf >FuzzyOcr.log >FuzzyOcr.pm >FuzzyOcr.words >ImageInfo.pm >PDFInfo.pm >RulesDuJour/ >fumlersoft.cf >imageinfo.cf >init.pre >local.cf >mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf >pdfinfo.cf >pub.gpg >sa-update-keys/ >tripwire.cf >v310.pre >v312.pre >v320.pre > >No clues anywhere to what causes timeouts. > >-- >Later > >Mogens Melander >+45 40 85 71 38 >+66 870 133 224 > > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Mon Mar 24 20:12:58 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 24 20:13:32 2008 Subject: Spam Assasin Timeouts In-Reply-To: <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> Message-ID: <223f97700803241312s748a3f22n5127ef2b380f812f@mail.gmail.com> On 24/03/2008, Mogens Melander wrote: > > On Mon, March 24, 2008 19:17, Scott Silva wrote: > > on 3-24-2008 6:44 AM Mogens Melander spake the following: > >> Hi all > >> > >> I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". > >> > >> The number of messages recieved per day is stable between 1500 and 2500. > >> > >> I've been looking at log-files, and can't find anyting to put my finger on, other than the > >> number > >> of timeout's per date, and system load (increased from 0.1 to 0.3): > >> > >> "Mar 10" 0 timeout's > >> "Mar 11" 0 timeout's > >> "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to MailScanner-4.67.6-1) > >> "Mar 13" 0 timeout's > >> "Mar 14" 0 timeout's > >> "Mar 15" 0 timeout's > >> "Mar 16" 82 timeout's > >> "Mar 17" 141 timeout's > >> "Mar 18" 45 timeout's > >> "Mar 19" 156 timeout's > >> "Mar 20" 130 timeout's > >> "Mar 21" 110 timeout's > >> "Mar 22" 723 timeout's > >> > >> Hmm, watching the maillog scroll up on the console, i notice that every "MCP Checks: Starting" > >> results in a timeout. > > > > > > > > MCP rules are stored in /etc/MailScanner/mcp. What do you have there? > > > > AFAIR you need a v320.pre file in that directory with a minimum of the following; > > > > # Check - Provides main check functionality > > # > > loadplugin Mail::SpamAssassin::Plugin::Check > > > > > MailScanner --lint and spamassassin --lint don't give any errors. > > $ MailScanner --lint This syntax checker isn't that relevant to your problem, far better to run "MailScanenr --debug --debug-sa" instead, with MailScanner (but not you MTA) stopped, since that will run through the netwrok tests as well. Oh, and do look at ps output for the MailScanner children (Jules rewrite the commandline to show what they're up to ATM)... Will give a clue as to where they spend time. > I got one v320.pre in /etc/MailScanner/mcp > > $ cat /etc/MailScanner/mcp/v320.pre > Hm, I thought it need the the Check plugin... Strange. Perhaps you have some other pre file there too? > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > > > And other rules in /etc/mail/spamassassin > > $ ls -1 /etc/mail/spamassassin/ > 70_sare_evilnum0.cf > 70_sare_random.cf > FuzzyOcr.cf > FuzzyOcr.log > FuzzyOcr.pm > FuzzyOcr.words Fuzzy is a bit of a pig, wrt performance, with a bit debatable worth. Try disabling it? > ImageInfo.pm > PDFInfo.pm > RulesDuJour/ > fumlersoft.cf > imageinfo.cf > init.pre > local.cf > mailscanner.cf -> /etc/MailScanner/spam.assassin.prefs.conf > pdfinfo.cf > pub.gpg > sa-update-keys/ > tripwire.cf > v310.pre > v312.pre > v320.pre > > No clues anywhere to what causes timeouts. > When you run your SA check, use a real message instead of the --lint test. The lint doesn't check network tests. The thing above will make SA show -D output for a real message, and if you have a recent MS... It'll print timing information as well;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Mar 24 20:52:34 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 24 20:52:56 2008 Subject: Spam Assasin Timeouts In-Reply-To: <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> Message-ID: on 3-24-2008 12:15 PM Mogens Melander spake the following: > On Mon, March 24, 2008 19:17, Scott Silva wrote: >> on 3-24-2008 6:44 AM Mogens Melander spake the following: >>> Hi all >>> >>> I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". >>> >>> The number of messages recieved per day is stable between 1500 and 2500. >>> >>> I've been looking at log-files, and can't find anyting to put my finger on, other than the >>> number >>> of timeout's per date, and system load (increased from 0.1 to 0.3): >>> >>> "Mar 10" 0 timeout's >>> "Mar 11" 0 timeout's >>> "Mar 12" 0 timeout's (Updated from MailScanner-4.60.8 to MailScanner-4.67.6-1) >>> "Mar 13" 0 timeout's >>> "Mar 14" 0 timeout's >>> "Mar 15" 0 timeout's >>> "Mar 16" 82 timeout's >>> "Mar 17" 141 timeout's >>> "Mar 18" 45 timeout's >>> "Mar 19" 156 timeout's >>> "Mar 20" 130 timeout's >>> "Mar 21" 110 timeout's >>> "Mar 22" 723 timeout's >>> >>> Hmm, watching the maillog scroll up on the console, i notice that every "MCP Checks: Starting" >>> results in a timeout. >> >> >> MCP rules are stored in /etc/MailScanner/mcp. What do you have there? >> >> AFAIR you need a v320.pre file in that directory with a minimum of the following; >> >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> > > MailScanner --lint and spamassassin --lint don't give any errors. > > $ MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamavmodule" > Found these virus scanners installed: clamavmodule > =========================================================================== > Virus Scanner test reports: > ClamAVModule said "eicar.com was infected: Eicar-Test-Signature" > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > I got one v320.pre in /etc/MailScanner/mcp > > $ cat /etc/MailScanner/mcp/v320.pre > > # Check - Provides main check functionality > # > loadplugin Mail::SpamAssassin::Plugin::Check > Since you are not using MCP, do you by any chance have it enabled by mistake? # MCP (Message Content Protection) # ----------------------------- # # This scans text and HTML messages segments for any banned text, using # a 2nd copy of SpamAssassin to provide the searching abilities. # This 2nd copy has its own entire set of rules, preferences and settings. # When used together with the patches for SpamAssassin, it can also check # the content of attachments such as office documents. # # See http://www.mailscanner.info/mcp.html for more info. # MCP Checks = no -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080324/1933835f/signature.bin From ssilva at sgvwater.com Mon Mar 24 21:12:24 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 24 21:12:42 2008 Subject: Large uptake in spam? In-Reply-To: <47E7AC31.65ED.00A2.0@plattesheriff.org> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> Message-ID: on 3-24-2008 11:27 AM Rob Poe spake the following: > I've noticed a large uptake in the amount of spam my gateways are seeing. > > Of course, it's causing a higher than normal load on the servers, and people are complaining because we're getting SA timeouts due to the load. > > Do people here use / recommend setting up Sendmail to reject based on no valid reverse DNS? > > Milter-SAV ? > > What free RBL's are people using? The ones I've seen are "Use this lightly" and if you don't .. you get blacklisted from them .. > > What else do you recommend? > > I'm using Sendmail / SMF-Grey / SA / MailScanner > > Server is P4 1.9 2gigs mirrored IDE hard drives.. > > > The best thing I can recommend is to look at your logs at which blacklists have hit at 100% spam rate. Mailwatch helps here, but you can dig in your logs if you need to. Through the above testing I have found I can use spamcop, njabl, dsbl, cbl, sorbs and spamhaus at the end. With the other lists taking the brunt of the work, I can still use spamhaus with better than 70% less queries. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080324/faaf52ce/signature.bin From MailScanner at ecs.soton.ac.uk Mon Mar 24 21:29:46 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 21:30:30 2008 Subject: Large uptake in spam? In-Reply-To: <223f97700803241205m21bd931dxd03d8d712ffd30a2@mail.gmail.com> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> <223f97700803241205m21bd931dxd03d8d712ffd30a2@mail.gmail.com> Message-ID: <47E81D4A.8040608@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: > > Will probably implement selective > greylisting as soon as I find time though, and use some BLs for that > (as per Matt Kettlers excellent advice). > I've just added the GeoIP stuff to my greylisting. I tried to implement greylisting across the board a couple of years ago, and got told not to by my boss, who had a website registration email delayed. So now I'm having a second go, but this time greylisting only sites that are on the SORBS DUN list, or come from countries that send us a lot of spam but with which we do little business. I'm slowly building the set of target countries. I've built an RPM of the latest milter-greylist including all the GeoIP stuff if anyone wants it. A separate one for RHEL 4 and RHEL 5. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6B1MEfZZRxQVtlQRAmr2AKDGJ1AyynQxyWHhA+GrHeluju0lQQCgoKPq Wjd7Ee+k7LbSiA/F13Jf7AI= =4n2B -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Mon Mar 24 21:37:18 2008 From: alex at nkpanama.com (Alex Neuman) Date: Mon Mar 24 21:38:17 2008 Subject: Large uptake in spam? In-Reply-To: <47E81D4A.8040608@ecs.soton.ac.uk> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> <223f97700803241205m21bd931dxd03d8d712ffd30a2@mail.gmail.com> <47E81D4A.8040608@ecs.soton.ac.uk> Message-ID: <8F6640F0-330A-4D8F-A020-773326053CE5@nkpanama.com> Sounds great! Care to keep it in http://mailscanner.info/ downloads.html ? On Mar 24, 2008, at 4:29 PM, Julian Field wrote: > I've built an RPM of the latest milter-greylist including all the > GeoIP > stuff if anyone wants it. A separate one for RHEL 4 and RHEL 5. From denis at croombs.org Mon Mar 24 21:47:08 2008 From: denis at croombs.org (Denis Croombs) Date: Mon Mar 24 21:47:57 2008 Subject: Large uptake in spam? In-Reply-To: <47E81D4A.8040608@ecs.soton.ac.uk> Message-ID: <20080324214718.68195E3013E@master.justemail.org> > > Will probably implement selective > > greylisting as soon as I find time though, and use some BLs > for that > > (as per Matt Kettlers excellent advice). > > > I've just added the GeoIP stuff to my greylisting. I tried to > implement greylisting across the board a couple of years ago, > and got told not to by my boss, who had a website > registration email delayed. So now I'm having a second go, > but this time greylisting only sites that are on the SORBS > DUN list, or come from countries that send us a lot of spam > but with which we do little business. I'm slowly building the > set of target countries. > > I've built an RPM of the latest milter-greylist including all > the GeoIP stuff if anyone wants it. A separate one for RHEL 4 > and RHEL 5. > > Jules Hi Jules I would be very interested in getting a copy of the rpm's Regards Denis No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.21.8/1340 - Release Date: 23/03/2008 18:50 From hvdkooij at vanderkooij.org Mon Mar 24 22:12:45 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Mar 24 22:13:56 2008 Subject: Large uptake in spam? In-Reply-To: <47E7AC31.65ED.00A2.0@plattesheriff.org> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> Message-ID: <47E8275D.8020304@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob Poe wrote: | I've noticed a large uptake in the amount of spam my gateways are seeing. | | Of course, it's causing a higher than normal load on the servers, and people are complaining because we're getting SA timeouts due to the load. | | Do people here use / recommend setting up Sendmail to reject based on no valid reverse DNS? | | Milter-SAV ? | | What free RBL's are people using? The ones I've seen are "Use this lightly" and if you don't .. you get blacklisted from them .. | | What else do you recommend? | | I'm using Sendmail / SMF-Grey / SA / MailScanner | | Server is P4 1.9 2gigs mirrored IDE hard drives. I suggest you start by investigating why there is a significant increase in the amount of spam. Then you would have some idea of which strategy would be best. I would recommend to block dialup clients for example if you have the ability. Depending on the sort of communication you have it may or may not be a good possibility to loose a lot spam. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6CdbBvzDRVjxmYERAnyUAJ9UBv5rQc/2GEIzRxAVVRMXxaoJCgCdGeDJ H6l8cNNeoIU4206md+autQw= =BtXr -----END PGP SIGNATURE----- From mogens at fumlersoft.dk Mon Mar 24 22:20:49 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Mar 24 22:21:45 2008 Subject: Spam Assasin Timeouts In-Reply-To: <223f97700803241312s748a3f22n5127ef2b380f812f@mail.gmail.com> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> <223f97700803241312s748a3f22n5127ef2b380f812f@mail.gmail.com> Message-ID: <3182.90.184.19.31.1206397249.squirrel@mail.fumlersoft.dk> On Mon, March 24, 2008 21:12, Glenn Steen wrote: > On 24/03/2008, Mogens Melander wrote: >> >> No clues anywhere to what causes timeouts. >> > When you run your SA check, use a real message instead of the --lint > test. The lint doesn't check network tests. The thing above will make > SA show -D output for a real message, and if you have a recent MS... > It'll print timing information as well;-). Cool, running `spamassassin -D < message` was quite educational. No timeout's, but i spotted a few other issues. DCC using dccproc instead of dccifd socket, sa-update seems to forget to compile rules ( must i do that "by hand"? ). I'm down to 22 MCP and spamassassin, and 0 RBL timeout's today :^) -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 24 22:27:23 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 22:28:14 2008 Subject: Large uptake in spam? In-Reply-To: <8F6640F0-330A-4D8F-A020-773326053CE5@nkpanama.com> References: <47E7AC31.65ED.00A2.0@plattesheriff.org> <223f97700803241205m21bd931dxd03d8d712ffd30a2@mail.gmail.com> <47E81D4A.8040608@ecs.soton.ac.uk> <8F6640F0-330A-4D8F-A020-773326053CE5@nkpanama.com> Message-ID: <47E82ACB.2020200@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have written it up and put it in http://www.mailscanner.info/greylist.html It is linked from the documentation page on the website. Hope it's some use! Alex Neuman wrote: > Sounds great! Care to keep it in http://mailscanner.info/downloads.html ? > > On Mar 24, 2008, at 4:29 PM, Julian Field wrote: >> I've built an RPM of the latest milter-greylist including all the GeoIP >> stuff if anyone wants it. A separate one for RHEL 4 and RHEL 5. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6CrPEfZZRxQVtlQRAimnAJ0abBnaD0xuxPYIOa34RpsF307UQACfSy9v UQfimk7eeaUcoO1kaxWheNQ= =ypCQ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 24 22:27:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 24 22:28:29 2008 Subject: Large uptake in spam? In-Reply-To: <20080324214718.68195E3013E@master.justemail.org> References: <20080324214718.68195E3013E@master.justemail.org> Message-ID: <47E82AE3.1050407@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denis Croombs wrote: >>> Will probably implement selective >>> greylisting as soon as I find time though, and use some BLs >>> >> for that >> >>> (as per Matt Kettlers excellent advice). >>> >>> >> I've just added the GeoIP stuff to my greylisting. I tried to >> implement greylisting across the board a couple of years ago, >> and got told not to by my boss, who had a website >> registration email delayed. So now I'm having a second go, >> but this time greylisting only sites that are on the SORBS >> DUN list, or come from countries that send us a lot of spam >> but with which we do little business. I'm slowly building the >> set of target countries. >> >> I've built an RPM of the latest milter-greylist including all >> the GeoIP stuff if anyone wants it. A separate one for RHEL 4 >> and RHEL 5. >> >> Jules >> > Hi Jules > > I would be very interested in getting a copy of the rpm's > See http://www.mailscanner.info/greylist.html > Regards > > Denis > > No virus found in this outgoing message. > Checked by AVG. > Version: 7.5.519 / Virus Database: 269.21.8/1340 - Release Date: 23/03/2008 > 18:50 > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: windows-1250 wj8DBQFH6CrmEfZZRxQVtlQRAn7QAJ9bdtVSHrGiyV1sIzNlOcVlwZm+wwCfb6R2 2OxhIwvKWmcNpi83e6daj9Y= =HxFG -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Mon Mar 24 23:10:52 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Mon Mar 24 23:11:47 2008 Subject: Spam Assasin Timeouts In-Reply-To: References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> Message-ID: <3323.90.184.19.31.1206400252.squirrel@mail.fumlersoft.dk> On Mon, March 24, 2008 21:52, Scott Silva wrote: > on 3-24-2008 12:15 PM Mogens Melander spake the following: >> On Mon, March 24, 2008 19:17, Scott Silva wrote: >>> on 3-24-2008 6:44 AM Mogens Melander spake the following: >>>> Hi all >>>> >>>> I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". >>>> >>> >>> MCP rules are stored in /etc/MailScanner/mcp. What do you have there? >>> >>> AFAIR you need a v320.pre file in that directory with a minimum of the following; >>> >>> # Check - Provides main check functionality >>> # >>> loadplugin Mail::SpamAssassin::Plugin::Check >>> >> >> I got one v320.pre in /etc/MailScanner/mcp >> >> $ cat /etc/MailScanner/mcp/v320.pre >> >> # Check - Provides main check functionality >> # >> loadplugin Mail::SpamAssassin::Plugin::Check >> > > Since you are not using MCP, do you by any chance have it enabled by mistake? Hmm, i do use MCP. What makes you think otherwise ? I've got another v320-pre in /etc/mail/spamassassin loading all sorts of filters. spamassassin -D --lint shows that they indeed are loaded. > # MCP (Message Content Protection) > # ----------------------------- > # > > MCP Checks = no > And yes, i'got "MCP Checks = yes", but i think thats what it's suposed to be. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From leiw324 at yahoo.com.hk Tue Mar 25 01:18:38 2008 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Tue Mar 25 01:19:13 2008 Subject: (no subject) Message-ID: <450736.3587.qm@web54405.mail.yahoo.com> Please help after reboot cannot start MailScanner (MailScanner + postfix + clamav + spamassassin), [root@mailgateway ~]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming postfix: [ OK ] outgoing postfix: [ OK ] Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. --------------------------------- Yahoo! ºô¤W¦w¥þ§ð²¤¡A±Ð§A¦p¦ó¨¾½d¶Â«È! ¤F¸Ñ§ó¦h -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/032cce22/attachment.html From leiw324 at yahoo.com.hk Tue Mar 25 01:46:02 2008 From: leiw324 at yahoo.com.hk (Wilson Kwok) Date: Tue Mar 25 01:46:38 2008 Subject: (no subject) Message-ID: <255792.50091.qm@web54408.mail.yahoo.com> I cannot start MailScanner after reboot Centos 4.4 (MailScanner + Postfix + Clamav + Spamassassin) Thx ! [root@mailgateway MailScanner]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: [FAILED] incoming postfix: [ OK ] outgoing postfix: [ OK ] Starting MailScanner daemons: incoming postfix: [ OK ] outgoing postfix: [ OK ] MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. Compilation failed in require at /usr/sbin/MailScanner line 79. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. [ OK ] --------------------------------- Yahoo! ºô¤W¦w¥þ§ð²¤¡A±Ð§A¦p¦ó¨¾½d¶Â«È! ¤F¸Ñ§ó¦h -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/5605beab/attachment.html From gwong at wong-consulting.com Tue Mar 25 03:14:38 2008 From: gwong at wong-consulting.com (Gregory Wong) Date: Tue Mar 25 03:15:19 2008 Subject: Checking SPF Records & Updating Server Message-ID: Does anyone know if the MailScanner package automatically checks SPF records? I know that the MailScanner package includes the libmail-spf-query-perl package. If it doesn't do it by default, does anyone know how to enable it? Also, what procedures do all of you use to update your server? Since I've built mine its been pretty much running fine but I'm starting to think that I might to update the server using the package manager (apt). If anyone needs to know my configuration, its basically this: http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080324/8b6bb7e4/attachment.html From Andrew.Chester at ukuvuma.co.za Tue Mar 25 05:48:57 2008 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Tue Mar 25 05:49:51 2008 Subject: Blocking mail based on it's content or attachment Message-ID: Hi All I would like to know if there is a way to block mail for a certain domain, (with MailScanner sitting on a mail gateway being used for multiple domains) based on the mail's content and attachment. Basically, the owners of the domain don't want certain file types and certain mail content to be received by the users, and thus want it automatically blocked at gateway level. We are using Postfix as the MTA on the gateway. Thanks in advance! Andrew CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. VERTROULIKHEIDSKLOUSULE Dié boodskap is slegs vir die gebruik van die individu of entiteit aan wie dit gerig is en bevat streng vertroulike inligting. Indien die leser nie die voorgenome ontvanger is nie, of die werknemer of agent verantwoordelik vir die lewering van die boodskap aan die voorgenome ontvanger nie, word u hiermee meegedeel dat enige verspreiding of kopiëring van dié boodskap streng verbode is. Indien u die kommunikasie verkeerdelik ontvang het, stel asseblief die afsender telefonies in kennis. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/0da8dfd3/attachment.html From hvdkooij at vanderkooij.org Tue Mar 25 06:17:37 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 25 06:18:42 2008 Subject: (no subject) In-Reply-To: <450736.3587.qm@web54405.mail.yahoo.com> References: <450736.3587.qm@web54405.mail.yahoo.com> Message-ID: <47E89901.3050900@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wilson Kwok wrote: | Please help after reboot cannot start MailScanner (MailScanner + postfix | + clamav + spamassassin), | | [root@mailgateway ~]# service MailScanner restart | Shutting down MailScanner daemons: | MailScanner: [FAILED] | incoming postfix: [ OK ] | outgoing postfix: [ OK ] | Starting MailScanner daemons: | incoming postfix: [ OK ] | outgoing postfix: [ OK ] | MailScanner: Variable "$FIELD_NAME" is not imported at | /usr/lib/MailScanner/MailScanner/Message.pm line 6367. | Variable "$FIELD_NAME" is not imported at | /usr/lib/MailScanner/MailScanner/Message.pm line 6370. | Global symbol "$FIELD_NAME" requires explicit package name at | /usr/lib/MailScanner/MailScanner/Message.pm line 6367. | Global symbol "$FIELD_NAME" requires explicit package name at | /usr/lib/MailScanner/MailScanner/Message.pm line 6370. | Compilation failed in require at /usr/sbin/MailScanner line 79. | BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. You can do better then this. Use the --lint options and do the other debug things peple suggest a lot on this mailinglist. Use a meaningfull subject line. Include relevant details like distro, method of installation, MS version, .......... And you allready had a problem. Notice the fact that it sad it failed to stop MS to begin with. So go back in time and think of all the changes you made to the system. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6Jj/BvzDRVjxmYERApo3AKCllDyIF1cHJGZ3ySFJY8ee/GN/ZwCfUpVC FzAQnjeTKDP7TUHMYbocQTY= =KT+Q -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Mar 25 06:19:02 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 25 06:19:49 2008 Subject: Checking SPF Records & Updating Server In-Reply-To: References: Message-ID: <47E89956.4090602@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Wong wrote: | Does anyone know if the MailScanner package automatically checks SPF | records? I know that the MailScanner package includes the | libmail-spf-query-perl package. If it doesn?t do it by default, does | anyone know how to enable it? MS: No, SA: yes MTA: ? (Depends on your config) Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6JlTBvzDRVjxmYERArNQAJ9zlTd2Bu0mT1U5ORVwvNgUz6ve9wCgm96F 36FCgZkoWvKSllGGvZ+LsIQ= =vB75 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Tue Mar 25 06:24:05 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 25 06:25:07 2008 Subject: Blocking mail based on it's content or attachment In-Reply-To: References: Message-ID: <47E89A85.3050201@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew Chester wrote: | I would like to know if there is a way to block mail for a certain | domain, (with MailScanner sitting on a mail gateway being used for | multiple domains) based on the mail's content and attachment. Basically, | the owners of the domain don't want certain file types and certain mail | content to be received by the users, and thus want it automatically | blocked at gateway level. We are using Postfix as the MTA on the gateway. Please read you config file help on the following sections: # Attachment Filename Checking You want to use rulesets there instead of rules so you pick and choose what to for each domain. More explicit examples can be found in the archives of this mailinglist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6JqDBvzDRVjxmYERAt6VAJ9uOAYSwt52TLSi7X+T4fVVVeoV3QCgqIM0 IoQUMT8PHW7sDejR21ELfs0= =MSDs -----END PGP SIGNATURE----- From allenjiang at clicktosee.com Tue Mar 25 06:36:48 2008 From: allenjiang at clicktosee.com (Allen Jiang) Date: Tue Mar 25 06:42:14 2008 Subject: no loaded plugin implements 'check_main' Message-ID: <47E89D80.9040007@clicktosee.com> on Fri, 21 Mar 2008 I wrote: >Successed! >I used yum install SpamAssassin in centos 4.4. >Today, I download the SpamAssassin from spamassassin.apache.org and run >it, find the wrong is disapear! but now i found that when i run "MailScanner -debug" it return: In Debugging mode, not forking... Trying to setlogsock(unix) SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp then halted so i not see the wrong message. After i reinstall the sa (package from spamassassin.apache.org), i run "MailScanner -debug" again, the wrong appear again! Remove this version sa and install install-Clam-0.92.1-SA-3.2.4.tar.gz, the wrong still appear. #find / -name SpamAssassin.pm -print /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm -- ======================================================== allenjiang@clicktosee.com http://www.clicktosee.com ======================================================== From shuttlebox at gmail.com Tue Mar 25 08:36:42 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Mar 25 08:36:52 2008 Subject: (no subject) In-Reply-To: <255792.50091.qm@web54408.mail.yahoo.com> References: <255792.50091.qm@web54408.mail.yahoo.com> Message-ID: <625385e30803250136i4d9af499lf9c793ee3d13ff01@mail.gmail.com> On Tue, Mar 25, 2008 at 2:46 AM, Wilson Kwok wrote: > MailScanner: Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at > /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at > /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. My guess is that you have upgraded the MailTools perl module and you don't have MailScanner 4.66 or later? Please post your versions of MailTools, IO and MailScanner itself. -- /peter From Chris.Russell at knowledgeit.co.uk Tue Mar 25 10:11:42 2008 From: Chris.Russell at knowledgeit.co.uk (Chris Russell) Date: Tue Mar 25 10:12:38 2008 Subject: O/T: Barracuda [was: Spam Graph] In-Reply-To: References: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> Message-ID: <1638CDD827D51E4D8E9B2741290E1C91016E7965@wkits02.knowledgeit.co.uk> Speaking of Barracuda. Is anyone having issues with their reputation system? We have a server constantly listed as poor reputation however no matter how many requests we put through we've yet to receive anything back on exactly why. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij > Sent: 07 March 2008 11:43 > To: MailScanner discussion > Subject: Spam Graph > > Hi, > > Just in case people get complaints about some spam passing by this > might be a nice graph to show how poor email has become: > http://www.barracudacentral.com/index.cgi?p=spam > > OK, this is the competion ;-) But I guess this is a reasonable average. From ade at techniumcast.com Tue Mar 25 11:13:07 2008 From: ade at techniumcast.com (Ade Fewings) Date: Tue Mar 25 11:13:47 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC Message-ID: <47E8DE43.1050607@techniumcast.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: ade.vcf Type: text/x-vcard Size: 362 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/af6a5f18/ade.vcf From ms-list at alexb.ch Tue Mar 25 11:29:54 2008 From: ms-list at alexb.ch (Alex Broens) Date: Tue Mar 25 11:30:32 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <47E8DE43.1050607@techniumcast.com> References: <47E8DE43.1050607@techniumcast.com> Message-ID: <47E8E232.3010901@alexb.ch> On 3/25/2008 12:13 PM, Ade Fewings wrote: > Hi all > > I'm experiencing a strange issue, which i'm convinced must be me just > not 'getting' something, but hours of google'ing haven't got me anywhere > yet, so here i am...... > > I'm using MS 4.67.6 with Postfix 2.5.1 and SA 3.2.4. This all works > wonderfully and very reliably. > > I'm now trying to improve spam detection by adding in DCC and Pyzor. I > have both built and working fine - and can run spamassassin -D over a > known spam message and see spamassassin using DCC and Pyzor as appropriate. > However, I've found that whilst this works just fine (and so does > running MailScanner in debug and debug-sa over a single batch), running > MailScanner normally as daemon causes MS to get stuck hogging lots of > CPU and with "Enabling SpamAssassin auto-whitelist functionality...." as > the last logged message from all the MS processes that start. No mail > actually gets scanned. > As soon as I switch 'use_pyzor' and 'use_dcc' to 0 in > spam.assassin.prefs.conf, things return to normal. iirc, these switches are obsolete you now enable them in the .pre files h2h Alex From MailScanner at ecs.soton.ac.uk Tue Mar 25 11:36:36 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Mar 25 11:37:27 2008 Subject: Spam Assasin Timeouts In-Reply-To: <3182.90.184.19.31.1206397249.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> <223f97700803241312s748a3f22n5127ef2b380f812f@mail.gmail.com> <3182.90.184.19.31.1206397249.squirrel@mail.fumlersoft.dk> Message-ID: <47E8E3C4.403@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mogens Melander wrote: > On Mon, March 24, 2008 21:12, Glenn Steen wrote: > >> On 24/03/2008, Mogens Melander wrote: >> >>> No clues anywhere to what causes timeouts. >>> >>> >> When you run your SA check, use a real message instead of the --lint >> test. The lint doesn't check network tests. The thing above will make >> SA show -D output for a real message, and if you have a recent MS... >> It'll print timing information as well;-). >> > > Cool, running `spamassassin -D < message` was quite educational. No timeout's, > but i spotted a few other issues. DCC using dccproc instead of dccifd socket, > sa-update seems to forget to compile rules ( must i do that "by hand"? ). > It should do it automatically, but you may have something missing from your system. Run sa-compile once by hand to see what happens. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6OPMEfZZRxQVtlQRApnFAKCJONStU2Q47yP0DUpPgeXT/veUkACfSuW6 4TneiPpnmE+Du0aDSQ1wu68= =kXiC -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gerard at seibercom.net Tue Mar 25 11:46:14 2008 From: gerard at seibercom.net (Gerard) Date: Tue Mar 25 11:46:51 2008 Subject: (no subject) In-Reply-To: <450736.3587.qm@web54405.mail.yahoo.com> References: <450736.3587.qm@web54405.mail.yahoo.com> Message-ID: <317253d70803250446w7df7cc58w2d3237911b31f174@mail.gmail.com> On Mon, Mar 24, 2008 at 9:18 PM, Wilson Kwok wrote: > > Please help after reboot cannot start MailScanner (MailScanner + postfix + clamav + spamassassin), > > [root@mailgateway ~]# service MailScanner restart > Shutting down MailScanner daemons: > MailScanner: [FAILED] > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > Starting MailScanner daemons: > incoming postfix: [ OK ] > outgoing postfix: [ OK ] > MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. > Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. > Compilation failed in require at /usr/sbin/MailScanner line 79. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. Do you think it would be possible in the future to include a subject with your posts? It would make it a lot easier for me to track and possibly respond to them. -- Gerard gerard@seibercom.net From ade at techniumcast.com Tue Mar 25 11:47:11 2008 From: ade at techniumcast.com (Ade Fewings) Date: Tue Mar 25 11:47:49 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <47E8E232.3010901@alexb.ch> References: <47E8DE43.1050607@techniumcast.com> <47E8E232.3010901@alexb.ch> Message-ID: <47E8E63F.90900@techniumcast.com> >> I'm now trying to improve spam detection by adding in DCC and Pyzor. >> I have both built and working fine - and can run spamassassin -D over >> a known spam message and see spamassassin using DCC and Pyzor as >> appropriate. >> However, I've found that whilst this works just fine (and so does >> running MailScanner in debug and debug-sa over a single batch), >> running MailScanner normally as daemon causes MS to get stuck hogging >> lots of CPU and with "Enabling SpamAssassin auto-whitelist >> functionality...." as the last logged message from all the MS >> processes that start. No mail actually gets scanned. >> As soon as I switch 'use_pyzor' and 'use_dcc' to 0 in >> spam.assassin.prefs.conf, things return to normal. > > iirc, these switches are obsolete > > you now enable them in the .pre files Thanks Alex......and oops.....sorry didn't make that clear....... ;-) I can see that the 'use_pyzor' and 'use_dcc' settings do stop SA from using those utils. I think the stuff in the .pre files affects whether the SA modules for those tools are loaded at all, but the 'use_pyzor' and 'use_dcc' settings still seem to be honored. So, basically the result is the same - if I use Pyzor/DCC then starting MS in daemon mode gives the problem, if I remove them (either via the above switches or via the .pre files), then MS start and rolls just fine. -------------- next part -------------- A non-text attachment was scrubbed... Name: ade.vcf Type: text/x-vcard Size: 362 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/ac631001/ade.vcf From uxbod at splatnix.net Tue Mar 25 12:43:52 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 25 12:44:53 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <47E8E63F.90900@techniumcast.com> Message-ID: <2994042.571206449032996.JavaMail.root@office.splatnix.net> are your firewall ports open for DCC and Pyzor ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Ade Fewings" wrote: >> I'm now trying to improve spam detection by adding in DCC and Pyzor. >> I have both built and working fine - and can run spamassassin -D over >> a known spam message and see spamassassin using DCC and Pyzor as >> appropriate. >> However, I've found that whilst this works just fine (and so does >> running MailScanner in debug and debug-sa over a single batch), >> running MailScanner normally as daemon causes MS to get stuck hogging >> lots of CPU and with "Enabling SpamAssassin auto-whitelist >> functionality...." as the last logged message from all the MS >> processes that start. No mail actually gets scanned. >> As soon as I switch 'use_pyzor' and 'use_dcc' to 0 in >> spam.assassin.prefs.conf, things return to normal. > > iirc, these switches are obsolete > > you now enable them in the .pre files Thanks Alex......and oops.....sorry didn't make that clear....... ;-) I can see that the 'use_pyzor' and 'use_dcc' settings do stop SA from using those utils. I think the stuff in the .pre files affects whether the SA modules for those tools are loaded at all, but the 'use_pyzor' and 'use_dcc' settings still seem to be honored. So, basically the result is the same - if I use Pyzor/DCC then starting MS in daemon mode gives the problem, if I remove them (either via the above switches or via the .pre files), then MS start and rolls just fine. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Tue Mar 25 13:11:29 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Tue Mar 25 13:12:17 2008 Subject: Spam Assasin Timeouts In-Reply-To: <47E8E3C4.403@ecs.soton.ac.uk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> <223f97700803241312s748a3f22n5127ef2b380f812f@mail.gmail.com> <3182.90.184.19.31.1206397249.squirrel@mail.fumlersoft.dk> <47E8E3C4.403@ecs.soton.ac.uk> Message-ID: <2897.90.184.19.31.1206450689.squirrel@mail.fumlersoft.dk> On Tue, March 25, 2008 12:36, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Mogens Melander wrote: >>> On 24/03/2008, Mogens Melander wrote: >>> >>>> No clues anywhere to what causes timeouts. >>>> >> >> Cool, running `spamassassin -D < message` was quite educational. No timeout's, >> but i spotted a few other issues. DCC using dccproc instead of dccifd socket, >> sa-update seems to forget to compile rules ( must i do that "by hand"? ). >> > It should do it automatically, but you may have something missing from > your system. Run sa-compile once by hand to see what happens. > Running sa-compile (by hand) goes smooth, no hickups. Running spamassassin -D < message the same. I notice that i now got following: [3396] dbg: zoom: loading compiled ruleset from /var/lib/spamassassin/compiled/3.002004 [3396] dbg: zoom: using compiled ruleset in /var/lib/spamassassin/compiled/3.002004/Mail/SpamAssassin/CompiledRegexps/body_0.pm for Mail::SpamAssassin::CompiledRegexps::body_0 [3396] dbg: zoom: able to use 340/340 'body_0' compiled rules (100%) So far, so good ( No timeout's on "Mar 25"). Argh, Auch (slapping myself across the face) I got an old sa-update in crontab. Running `/opt/MailScanner/bin/update_spamassassin` instead fixed that issue. Thanks all for your time. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Tue Mar 25 13:15:55 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 25 13:16:31 2008 Subject: no loaded plugin implements 'check_main' In-Reply-To: <47E89D80.9040007@clicktosee.com> References: <47E89D80.9040007@clicktosee.com> Message-ID: <223f97700803250615m51fa4b4dm85308e9b69b05598@mail.gmail.com> On 25/03/2008, Allen Jiang wrote: > on Fri, 21 Mar 2008 I wrote: > > >Successed! > >I used yum install SpamAssassin in centos 4.4. > >Today, I download the SpamAssassin from spamassassin.apache.org and run > >it, find the wrong is disapear! > > > but now i found that when i run "MailScanner -debug" it return: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > > > then halted so i not see the wrong message. Since that will wait for a message to arrive&be picked up by MailScanner... it can take some time:-). Best thing to do when doing that is to supply a message via telnet, so that you know there is at elast one message in the queue that should go through...;). > After i reinstall the sa (package from spamassassin.apache.org), i run > "MailScanner -debug" again, the wrong appear again! ? Strange. > > Remove this version sa and install install-Clam-0.92.1-SA-3.2.4.tar.gz, > the wrong still appear. Those should basically be the same, so ... > > #find / -name SpamAssassin.pm -print > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm > Good. Only one. More than a bit strange this... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ade at techniumcast.com Tue Mar 25 13:29:49 2008 From: ade at techniumcast.com (Ade Fewings) Date: Tue Mar 25 13:31:20 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <2994042.571206449032996.JavaMail.root@office.splatnix.net> References: <2994042.571206449032996.JavaMail.root@office.splatnix.net> Message-ID: <47E8FE4D.5060201@techniumcast.com> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: ade.vcf Type: text/x-vcard Size: 376 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/e5160691/ade.vcf From peter at farrows.org Tue Mar 25 13:52:17 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 25 13:53:05 2008 Subject: (no subject) In-Reply-To: <317253d70803250446w7df7cc58w2d3237911b31f174@mail.gmail.com> References: <450736.3587.qm@web54405.mail.yahoo.com> <317253d70803250446w7df7cc58w2d3237911b31f174@mail.gmail.com> Message-ID: <47E90391.20900@farrows.org> Gerard wrote: > On Mon, Mar 24, 2008 at 9:18 PM, Wilson Kwok wrote: > >> Please help after reboot cannot start MailScanner (MailScanner + postfix + clamav + spamassassin), >> >> [root@mailgateway ~]# service MailScanner restart >> Shutting down MailScanner daemons: >> MailScanner: [FAILED] >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> Starting MailScanner daemons: >> incoming postfix: [ OK ] >> outgoing postfix: [ OK ] >> MailScanner: Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. >> Variable "$FIELD_NAME" is not imported at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. >> Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6367. >> Global symbol "$FIELD_NAME" requires explicit package name at /usr/lib/MailScanner/MailScanner/Message.pm line 6370. >> Compilation failed in require at /usr/sbin/MailScanner line 79. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 79. >> > > Do you think it would be possible in the future to include a subject > with your posts? It would make it a lot easier for me to track and > possibly respond to them. > > You'll probably find that this is due to perl-mailtools being version 2.02 rather than version 1.7... you probably rebooted after an update... Do an rpm -q -a | grep perl-mailtools -i and see what version it gives. regards Pete From m.anderlini at database.it Tue Mar 25 13:45:28 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Tue Mar 25 13:57:22 2008 Subject: Mailscanner slow queue In-Reply-To: <223f97700803250615m51fa4b4dm85308e9b69b05598@mail.gmail.com> References: <47E89D80.9040007@clicktosee.com> <223f97700803250615m51fa4b4dm85308e9b69b05598@mail.gmail.com> Message-ID: <003901c88e7e$7c48d2f0$2e01a8c0@dbdomain.database.it> Hello to all, this for me it's a periodical problem. Sometime, random, spamassassin become very slow. I've read all faq without real success Now I've try spammassind -D < messagge and it seems it's slow the running body tests process, but I've not changed nothing. Someone could help me telling one sure way to understand where could be the problem and how to have the full controll of spamassassin ? My system it's a centos 4.6 with mailscanner-4.58.9-1, spamassassin-3.2.4-1.el4. My puglin are razor,pyzor, fuzzyocr, kam rules, Thanks for any kind of help and sorry for my worst english. Best regards Marcello -- Messaggio verificato dal servizio antivirus di Database Informatica From martinh at solidstatelogic.com Tue Mar 25 14:38:20 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Mar 25 14:38:58 2008 Subject: Mailscanner slow queue In-Reply-To: <003901c88e7e$7c48d2f0$2e01a8c0@dbdomain.database.it> Message-ID: <528e3fc62e599b408ddbfd01e4e91db4@solidstatelogic.com> Marcello You read this.. http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_of_spamassassin -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 25 March 2008 13:45 > To: MailScanner discussion > Subject: Mailscanner slow queue > > Hello to all, this for me it's a periodical problem. > Sometime, random, spamassassin become very slow. I've read all faq without > real success > > Now I've try spammassind -D < messagge and it seems it's slow the running > body tests process, but I've not changed nothing. > > Someone could help me telling one sure way to understand where could be > the > problem and how to have the full controll of spamassassin ? > > My system it's a centos 4.6 with mailscanner-4.58.9-1, > spamassassin-3.2.4-1.el4. > My puglin are razor,pyzor, fuzzyocr, kam rules, > > Thanks for any kind of help and sorry for my worst english. > > Best regards Marcello > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From marco.barbero at gmail.com Tue Mar 25 16:32:37 2008 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue Mar 25 16:33:11 2008 Subject: mailscanner/postfix issue (this is going to make me mad) Message-ID: Hi all Scenario is the following: Dual Xeon Quad Core 4GB Ram Debian Etch, custom kernel 2.6.24.3 A) At the first I use the following env: MTA: postfix MailScanner 4.67.6 SpamAssassin 3.2.4 Razor , DCC vispan (only for spam stats) avira antivir I use drbd 8.2.5 for network mirroring (using heartbeat 1.2.5) of postfix/mailscanner queues and for mailscanner quarantine and bayes. I use list.dsbl.org and dnsbl.njabl.org, plus I have spamhaus feed using rbldnsd and rsync. All the dnsbl are set on postfix configuration I use avira antivir like Virus Scanner. Had to say this is not my first experience with MailScanner. I'm using it since 2004 with success using both sendmail and postfix like MTA. This time this scenario has a high traffic mail (about 3/4 millions every month). Ok after debugging both mailscanner and spamassassin I tried to put the thing in production environment. After a while I noticed queues began to grow. I look at logs and seems problem appears during requeing (so after mailscanner checks). In short words: it works but it's slow and delays are noticeable. vmstat and top doesn't show any important bottleneck. Postfix smtpd processes grows fast and they reach max in a few time. So I tried to block port 25 using a firewall and in 1 minute all queues empties.... B) So I tried to do this (thinking about postfix developers not loving Mailscanner) MTA on port 25: Postfix MTA on port 26: Sendmail/MailScanner So Postfix receives mail from Internet and then send them to Sendmail on port 26 that call MailScanner. Run the test and issue persists. And are always postfix queues to fill up. Postfix people says that this happens because of postfix rate limit, so I cannot blame Postfix for this. For postfix people problem is still on MailScanner. C) So I tried this: MTA on port 25: Sendmail all other pieces of software like first env Things do not come better. Delays persist and sendmail suffer. I tried two things: 1) disable spam checks and issue persists 2) disable mailscanner at all with no issue D) So I tried to use Sendmail but downgrade MailScanner to 4.61.7 (a release I'm sure it's working well since I have it in other recent production environment). And... it works with no more issues. Delays now are few seconds (againts 5-10-20 minutes) Ah..so problem is MailScanner 4.67!?!? All rights, let's put again Postfix using MailScanner 4.61. I do that and issue come back again...... So let's sum up: Postfix 2.3.8 + MailScanner 4.67 = ISSUES Postfix 2.3.8 + Sendmail 8.13 + MailScanner 4.67 = ISSUES Sendmail 8.13 + MailScanner 4.67 = ISSUES Sendmail 8.13 + MailScanner 4.61 = WORKS WITH NO ISSUES!!!! Postfix 2.3.8 + MailScanner 4.61 = ISSUES This makes me mad. Why this happens? Like said before I have similar working installations (less traffic and using clamav in place of antivir). What's happening this time? It seems postfix related (always) and mailscanner related (4.67) Maybe postfix related? Maybe mailscanner related? Maybe drbd related? Any helps or hints will be appreciated Adding: during postfix tests, I noticed in logs this: MailScanner[10310]: Cannot lock /tmp/AntiVirBusy.lock, Permission denied /tmp/AntiVirBusy.lock is 600 Putting it 777 suppress log but does not resolve performance issue. This does not appear at all using sendmail Thanks From steve.swaney at fsl.com Tue Mar 25 17:01:58 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 25 17:02:40 2008 Subject: relays.ordb.org blacklisting all IPs In-Reply-To: References: Message-ID: <239a01c88e99$efdc6cc0$cf954640$@swaney@fsl.com> Dear all, You might note that relays.ordb.org, which has been dead for a while, has just blacklisted the world. If you are blocking at the MTA level using this site you are probably not receiving any mail as a result of this change. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com Steve Swaney steve@fsl.com Office Phone: 202 595-7760 ext. 601 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marco Barbero > Sent: Tuesday, March 25, 2008 12:33 PM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner/postfix issue (this is going to make me mad) > > Hi all > > Scenario is the following: > Dual Xeon Quad Core 4GB Ram > Debian Etch, custom kernel 2.6.24.3 > > A) At the first I use the following env: > > MTA: postfix > MailScanner 4.67.6 > SpamAssassin 3.2.4 > Razor , DCC > vispan (only for spam stats) > avira antivir > > I use drbd 8.2.5 for network mirroring (using heartbeat 1.2.5) of > postfix/mailscanner queues and for mailscanner quarantine and bayes. > > I use list.dsbl.org and dnsbl.njabl.org, plus I have spamhaus feed > using rbldnsd and rsync. All the dnsbl are set on postfix > configuration > > I use avira antivir like Virus Scanner. > > Had to say this is not my first experience with MailScanner. I'm using > it since 2004 > with success using both sendmail and postfix like MTA. > > This time this scenario has a high traffic mail (about 3/4 millions > every month). > Ok after debugging both mailscanner and spamassassin I tried to put > the thing in production environment. > > After a while I noticed queues began to grow. I look at logs and seems > problem appears during requeing (so after mailscanner checks). In > short words: it works but it's slow and delays are noticeable. > vmstat and top doesn't show any important bottleneck. Postfix smtpd > processes grows fast and they reach max in a few time. > So I tried to block port 25 using a firewall and in 1 minute all > queues empties.... > > > B) So I tried to do this (thinking about postfix developers not > loving Mailscanner) > MTA on port 25: Postfix > MTA on port 26: Sendmail/MailScanner > > So Postfix receives mail from Internet and then send them to Sendmail > on port 26 that call MailScanner. > Run the test and issue persists. And are always postfix queues to fill > up. Postfix people says that this happens because of postfix rate > limit, so I cannot blame Postfix for this. For postfix people problem > is still on MailScanner. > > C) So I tried this: > MTA on port 25: Sendmail > all other pieces of software like first env > > Things do not come better. Delays persist and sendmail suffer. > I tried two things: > 1) disable spam checks and issue persists > 2) disable mailscanner at all with no issue > > > D) So I tried to use Sendmail but downgrade MailScanner to 4.61.7 (a > release I'm sure it's working well since I have it in other recent > production environment). > > And... it works with no more issues. Delays now are few seconds > (againts 5-10-20 minutes) > > Ah..so problem is MailScanner 4.67!?!? All rights, let's put again > Postfix using MailScanner 4.61. > I do that and issue come back again...... > > So let's sum up: > > Postfix 2.3.8 + MailScanner 4.67 = ISSUES > Postfix 2.3.8 + Sendmail 8.13 + MailScanner 4.67 = ISSUES > Sendmail 8.13 + MailScanner 4.67 = ISSUES > Sendmail 8.13 + MailScanner 4.61 = WORKS WITH NO ISSUES!!!! > Postfix 2.3.8 + MailScanner 4.61 = ISSUES > > This makes me mad. Why this happens? > > Like said before I have similar working installations (less traffic > and using clamav in place of antivir). What's happening this time? > > It seems postfix related (always) and mailscanner related (4.67) > > Maybe postfix related? > Maybe mailscanner related? > Maybe drbd related? > > Any helps or hints will be appreciated > > Adding: during postfix tests, I noticed in logs this: > MailScanner[10310]: Cannot lock /tmp/AntiVirBusy.lock, Permission > denied > > /tmp/AntiVirBusy.lock is 600 Putting it 777 suppress log but does > not resolve performance issue. > This does not appear at all using sendmail > > > Thanks > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From martinh at solidstatelogic.com Tue Mar 25 17:07:06 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Tue Mar 25 17:07:38 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: Message-ID: <55340279a672fb41aa3418741ad6a3f1@solidstatelogic.com> Hi I'd start slow here.. Get postfix running on it's own as a pure gateway. Once that works Install mailscanner into mix. Make sure you're installing using modern documentation and the 'hold' queue method. Don't install the avira stuff yet. When that's working install the avira stuff. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marco Barbero > Sent: 25 March 2008 16:33 > To: mailscanner@lists.mailscanner.info > Subject: mailscanner/postfix issue (this is going to make me mad) > > Hi all > > Scenario is the following: > Dual Xeon Quad Core 4GB Ram > Debian Etch, custom kernel 2.6.24.3 > > A) At the first I use the following env: > > MTA: postfix > MailScanner 4.67.6 > SpamAssassin 3.2.4 > Razor , DCC > vispan (only for spam stats) > avira antivir > > I use drbd 8.2.5 for network mirroring (using heartbeat 1.2.5) of > postfix/mailscanner queues and for mailscanner quarantine and bayes. > > I use list.dsbl.org and dnsbl.njabl.org, plus I have spamhaus feed > using rbldnsd and rsync. All the dnsbl are set on postfix > configuration > > I use avira antivir like Virus Scanner. > > Had to say this is not my first experience with MailScanner. I'm using > it since 2004 > with success using both sendmail and postfix like MTA. > > This time this scenario has a high traffic mail (about 3/4 millions > every month). > Ok after debugging both mailscanner and spamassassin I tried to put > the thing in production environment. > > After a while I noticed queues began to grow. I look at logs and seems > problem appears during requeing (so after mailscanner checks). In > short words: it works but it's slow and delays are noticeable. > vmstat and top doesn't show any important bottleneck. Postfix smtpd > processes grows fast and they reach max in a few time. > So I tried to block port 25 using a firewall and in 1 minute all > queues empties.... > > > B) So I tried to do this (thinking about postfix developers not > loving Mailscanner) > MTA on port 25: Postfix > MTA on port 26: Sendmail/MailScanner > > So Postfix receives mail from Internet and then send them to Sendmail > on port 26 that call MailScanner. > Run the test and issue persists. And are always postfix queues to fill > up. Postfix people says that this happens because of postfix rate > limit, so I cannot blame Postfix for this. For postfix people problem > is still on MailScanner. > > C) So I tried this: > MTA on port 25: Sendmail > all other pieces of software like first env > > Things do not come better. Delays persist and sendmail suffer. > I tried two things: > 1) disable spam checks and issue persists > 2) disable mailscanner at all with no issue > > > D) So I tried to use Sendmail but downgrade MailScanner to 4.61.7 (a > release I'm sure it's working well since I have it in other recent > production environment). > > And... it works with no more issues. Delays now are few seconds > (againts 5-10-20 minutes) > > Ah..so problem is MailScanner 4.67!?!? All rights, let's put again > Postfix using MailScanner 4.61. > I do that and issue come back again...... > > So let's sum up: > > Postfix 2.3.8 + MailScanner 4.67 = ISSUES > Postfix 2.3.8 + Sendmail 8.13 + MailScanner 4.67 = ISSUES > Sendmail 8.13 + MailScanner 4.67 = ISSUES > Sendmail 8.13 + MailScanner 4.61 = WORKS WITH NO ISSUES!!!! > Postfix 2.3.8 + MailScanner 4.61 = ISSUES > > This makes me mad. Why this happens? > > Like said before I have similar working installations (less traffic > and using clamav in place of antivir). What's happening this time? > > It seems postfix related (always) and mailscanner related (4.67) > > Maybe postfix related? > Maybe mailscanner related? > Maybe drbd related? > > Any helps or hints will be appreciated > > Adding: during postfix tests, I noticed in logs this: > MailScanner[10310]: Cannot lock /tmp/AntiVirBusy.lock, Permission denied > > /tmp/AntiVirBusy.lock is 600 Putting it 777 suppress log but does > not resolve performance issue. > This does not appear at all using sendmail > > > Thanks > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ssilva at sgvwater.com Tue Mar 25 17:11:31 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 17:12:12 2008 Subject: Spam Assasin Timeouts In-Reply-To: <3323.90.184.19.31.1206400252.squirrel@mail.fumlersoft.dk> References: <2318.90.184.19.31.1206366247.squirrel@mail.fumlersoft.dk> <2971.90.184.19.31.1206386122.squirrel@mail.fumlersoft.dk> <3323.90.184.19.31.1206400252.squirrel@mail.fumlersoft.dk> Message-ID: on 3-24-2008 4:10 PM Mogens Melander spake the following: > On Mon, March 24, 2008 21:52, Scott Silva wrote: >> on 3-24-2008 12:15 PM Mogens Melander spake the following: >>> On Mon, March 24, 2008 19:17, Scott Silva wrote: >>>> on 3-24-2008 6:44 AM Mogens Melander spake the following: >>>>> Hi all >>>>> >>>>> I'm also seeing "a lot" of "Message Content Protection SpamAssassin timed out and was killed". >>>>> >>>> MCP rules are stored in /etc/MailScanner/mcp. What do you have there? >>>> >>>> AFAIR you need a v320.pre file in that directory with a minimum of the following; >>>> >>>> # Check - Provides main check functionality >>>> # >>>> loadplugin Mail::SpamAssassin::Plugin::Check >>>> >>> I got one v320.pre in /etc/MailScanner/mcp >>> >>> $ cat /etc/MailScanner/mcp/v320.pre >>> >>> # Check - Provides main check functionality >>> # >>> loadplugin Mail::SpamAssassin::Plugin::Check >>> >> Since you are not using MCP, do you by any chance have it enabled by mistake? > > Hmm, i do use MCP. What makes you think otherwise ? > > I've got another v320-pre in /etc/mail/spamassassin loading all sorts of filters. > > spamassassin -D --lint shows that they indeed are loaded. > >> # MCP (Message Content Protection) >> # ----------------------------- >> # >> >> MCP Checks = no >> > > And yes, i'got "MCP Checks = yes", but i think thats what it's suposed to be. > I wouldn't run any network based tests in MCP, just content based ones. If you aren't then I can't see why you would be getting timeouts. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/647bdf12/signature.bin From marco.barbero at gmail.com Tue Mar 25 17:32:04 2008 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue Mar 25 17:32:38 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: <55340279a672fb41aa3418741ad6a3f1@solidstatelogic.com> References: <55340279a672fb41aa3418741ad6a3f1@solidstatelogic.com> Message-ID: 2008/3/25, Martin.Hepworth : > Hi > > I'd start slow here.. > > Get postfix running on it's own as a pure gateway. Once that works > > Install mailscanner into mix. Make sure you're installing using modern documentation and the 'hold' queue method. Don't install the avira stuff yet. > > When that's working install the avira stuff. I have some news and probably a dead here. To the point: It seems NO ISSUE env is not calling antivir at all. Tried now to send email containing eicar test virus and it was not blocked. Tried then MailScanner --lint using 4.67 and after a while (I think after virus scanning timeout) I'm getting: MailScanner.conf says "Virus Scanners = antivir" Found these virus scanners installed: antivir =========================================================================== Ignore errors about failing to find EOCD signature Undefined subroutine &MailScanner::Config::SetValue called at ./MailScanner line 498. MailScanner --lint using 4.61 does not do eicar test. Have to say that manually doing: /opt/MailScanner/lib/antivir-wrapper /usr/lib/AntiVir /tmp/ works.... So this is going to explain a lot of things (delays on ISSUE dev are due to timeout? still no output on logs). Actually it's working because antivir scanning is skipping, despite I have set it correctly on MailScanner.conf The point is now on --lint output... Anyone can help on that. Thanks in advance > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > -----Original Message----- > > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > > bounces@lists.mailscanner.info] On Behalf Of Marco Barbero > > Sent: 25 March 2008 16:33 > > To: mailscanner@lists.mailscanner.info > > Subject: mailscanner/postfix issue (this is going to make me mad) > > > > Hi all > > > > Scenario is the following: > > Dual Xeon Quad Core 4GB Ram > > Debian Etch, custom kernel 2.6.24.3 > > > > A) At the first I use the following env: > > > > MTA: postfix > > MailScanner 4.67.6 > > SpamAssassin 3.2.4 > > Razor , DCC > > vispan (only for spam stats) > > avira antivir > > > > I use drbd 8.2.5 for network mirroring (using heartbeat 1.2.5) of > > postfix/mailscanner queues and for mailscanner quarantine and bayes. > > > > I use list.dsbl.org and dnsbl.njabl.org, plus I have spamhaus feed > > using rbldnsd and rsync. All the dnsbl are set on postfix > > configuration > > > > I use avira antivir like Virus Scanner. > > > > Had to say this is not my first experience with MailScanner. I'm using > > it since 2004 > > with success using both sendmail and postfix like MTA. > > > > This time this scenario has a high traffic mail (about 3/4 millions > > every month). > > Ok after debugging both mailscanner and spamassassin I tried to put > > the thing in production environment. > > > > After a while I noticed queues began to grow. I look at logs and seems > > problem appears during requeing (so after mailscanner checks). In > > short words: it works but it's slow and delays are noticeable. > > vmstat and top doesn't show any important bottleneck. Postfix smtpd > > processes grows fast and they reach max in a few time. > > So I tried to block port 25 using a firewall and in 1 minute all > > queues empties.... > > > > > > B) So I tried to do this (thinking about postfix developers not > > loving Mailscanner) > > MTA on port 25: Postfix > > MTA on port 26: Sendmail/MailScanner > > > > So Postfix receives mail from Internet and then send them to Sendmail > > on port 26 that call MailScanner. > > Run the test and issue persists. And are always postfix queues to fill > > up. Postfix people says that this happens because of postfix rate > > limit, so I cannot blame Postfix for this. For postfix people problem > > is still on MailScanner. > > > > C) So I tried this: > > MTA on port 25: Sendmail > > all other pieces of software like first env > > > > Things do not come better. Delays persist and sendmail suffer. > > I tried two things: > > 1) disable spam checks and issue persists > > 2) disable mailscanner at all with no issue > > > > > > D) So I tried to use Sendmail but downgrade MailScanner to 4.61.7 (a > > release I'm sure it's working well since I have it in other recent > > production environment). > > > > And... it works with no more issues. Delays now are few seconds > > (againts 5-10-20 minutes) > > > > Ah..so problem is MailScanner 4.67!?!? All rights, let's put again > > Postfix using MailScanner 4.61. > > I do that and issue come back again...... > > > > So let's sum up: > > > > Postfix 2.3.8 + MailScanner 4.67 = ISSUES > > Postfix 2.3.8 + Sendmail 8.13 + MailScanner 4.67 = ISSUES > > Sendmail 8.13 + MailScanner 4.67 = ISSUES > > Sendmail 8.13 + MailScanner 4.61 = WORKS WITH NO ISSUES!!!! > > Postfix 2.3.8 + MailScanner 4.61 = ISSUES > > > > This makes me mad. Why this happens? > > > > Like said before I have similar working installations (less traffic > > and using clamav in place of antivir). What's happening this time? > > > > It seems postfix related (always) and mailscanner related (4.67) > > > > Maybe postfix related? > > Maybe mailscanner related? > > Maybe drbd related? > > > > Any helps or hints will be appreciated > > > > Adding: during postfix tests, I noticed in logs this: > > MailScanner[10310]: Cannot lock /tmp/AntiVirBusy.lock, Permission denied > > > > /tmp/AntiVirBusy.lock is 600 Putting it 777 suppress log but does > > not resolve performance issue. > > This does not appear at all using sendmail > > > > > > Thanks > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > ********************************************************************** > Confidentiality : This e-mail and any attachments are intended for the > addressee only and may be confidential. If they come to you in error > you must take no action based on them, nor must you copy or show them > to anyone. Please advise the sender by replying to this e-mail > immediately and then delete the original from your computer. > Opinion : Any opinions expressed in this e-mail are entirely those of > the author and unless specifically stated to the contrary, are not > necessarily those of the author's employer. > Security Warning : Internet e-mail is not necessarily a secure > communications medium and can be subject to data corruption. We advise > that you consider this fact when e-mailing us. > Viruses : We have taken steps to ensure that this e-mail and any > attachments are free from known viruses but in keeping with good > computing practice, you should ensure that they are virus free. > > Red Lion 49 Ltd T/A Solid State Logic > Registered as a limited company in England and Wales > (Company No:5362730) > Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, > United Kingdom > ********************************************************************** > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > From ssilva at sgvwater.com Tue Mar 25 17:38:06 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 17:38:53 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <47E8FE4D.5060201@techniumcast.com> References: <2994042.571206449032996.JavaMail.root@office.splatnix.net> <47E8FE4D.5060201@techniumcast.com> Message-ID: on 3-25-2008 6:29 AM Ade Fewings spake the following: > --[ UxBoD ]-- wrote: >> are your firewall ports open for DCC and Pyzor ? >> >> Regards, >> >> > > Yes, outgoing is not blocked at all and incoming I have: > > DCC - source port 6277/udp allow > Pyzor - source port 24441/tcp allow > > And I'm not sure that I even need them, as both DCC and Pyzor work fine > with or without. Maybe if i was running a Pyzor server? > Are you running the alternate pyzor server? 82.94.255.100:24441 -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/782fb2c7/signature.bin From mkercher at nfsmith.com Tue Mar 25 17:47:53 2008 From: mkercher at nfsmith.com (Mike Kercher) Date: Tue Mar 25 17:48:57 2008 Subject: relays.ordb.org blacklisting all IPs In-Reply-To: <239a01c88e99$efdc6cc0$cf954640$@swaney@fsl.com> References: <239a01c88e99$efdc6cc0$cf954640$@swaney@fsl.com> Message-ID: <224FA7E11EA39E45843E11CEBBD3A36F864590@HOUPEX01.nfsmith.info> I found the same thing when an old friend called me up asking why his mail server was rejecting everything. Mike -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Stephen Swaney Sent: Tuesday, March 25, 2008 12:02 PM To: 'MailScanner discussion' Subject: relays.ordb.org blacklisting all IPs Dear all, You might note that relays.ordb.org, which has been dead for a while, has just blacklisted the world. If you are blocking at the MTA level using this site you are probably not receiving any mail as a result of this change. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com Steve Swaney steve@fsl.com Office Phone: 202 595-7760 ext. 601 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marco Barbero > Sent: Tuesday, March 25, 2008 12:33 PM > To: mailscanner@lists.mailscanner.info > Subject: mailscanner/postfix issue (this is going to make me mad) > > Hi all > > Scenario is the following: > Dual Xeon Quad Core 4GB Ram > Debian Etch, custom kernel 2.6.24.3 > > A) At the first I use the following env: > > MTA: postfix > MailScanner 4.67.6 > SpamAssassin 3.2.4 > Razor , DCC > vispan (only for spam stats) > avira antivir > > I use drbd 8.2.5 for network mirroring (using heartbeat 1.2.5) of > postfix/mailscanner queues and for mailscanner quarantine and bayes. > > I use list.dsbl.org and dnsbl.njabl.org, plus I have spamhaus feed > using rbldnsd and rsync. All the dnsbl are set on postfix > configuration > > I use avira antivir like Virus Scanner. > > Had to say this is not my first experience with MailScanner. I'm using > it since 2004 with success using both sendmail and postfix like MTA. > > This time this scenario has a high traffic mail (about 3/4 millions > every month). > Ok after debugging both mailscanner and spamassassin I tried to put > the thing in production environment. > > After a while I noticed queues began to grow. I look at logs and seems > problem appears during requeing (so after mailscanner checks). In > short words: it works but it's slow and delays are noticeable. > vmstat and top doesn't show any important bottleneck. Postfix smtpd > processes grows fast and they reach max in a few time. > So I tried to block port 25 using a firewall and in 1 minute all > queues empties.... > > > B) So I tried to do this (thinking about postfix developers not > loving Mailscanner) MTA on port 25: Postfix MTA on port 26: > Sendmail/MailScanner > > So Postfix receives mail from Internet and then send them to Sendmail > on port 26 that call MailScanner. > Run the test and issue persists. And are always postfix queues to fill > up. Postfix people says that this happens because of postfix rate > limit, so I cannot blame Postfix for this. For postfix people problem > is still on MailScanner. > > C) So I tried this: > MTA on port 25: Sendmail > all other pieces of software like first env > > Things do not come better. Delays persist and sendmail suffer. > I tried two things: > 1) disable spam checks and issue persists > 2) disable mailscanner at all with no issue > > > D) So I tried to use Sendmail but downgrade MailScanner to 4.61.7 (a > release I'm sure it's working well since I have it in other recent > production environment). > > And... it works with no more issues. Delays now are few seconds > (againts 5-10-20 minutes) > > Ah..so problem is MailScanner 4.67!?!? All rights, let's put again > Postfix using MailScanner 4.61. > I do that and issue come back again...... > > So let's sum up: > > Postfix 2.3.8 + MailScanner 4.67 = ISSUES > Postfix 2.3.8 + Sendmail 8.13 + MailScanner 4.67 = ISSUES Sendmail > 8.13 + MailScanner 4.67 = ISSUES Sendmail 8.13 + MailScanner 4.61 = > WORKS WITH NO ISSUES!!!! > Postfix 2.3.8 + MailScanner 4.61 = ISSUES > > This makes me mad. Why this happens? > > Like said before I have similar working installations (less traffic > and using clamav in place of antivir). What's happening this time? > > It seems postfix related (always) and mailscanner related (4.67) > > Maybe postfix related? > Maybe mailscanner related? > Maybe drbd related? > > Any helps or hints will be appreciated > > Adding: during postfix tests, I noticed in logs this: > MailScanner[10310]: Cannot lock /tmp/AntiVirBusy.lock, Permission > denied > > /tmp/AntiVirBusy.lock is 600 Putting it 777 suppress log but does > not resolve performance issue. > This does not appear at all using sendmail > > > Thanks > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From gerard at seibercom.net Tue Mar 25 18:04:43 2008 From: gerard at seibercom.net (Gerard) Date: Tue Mar 25 18:05:18 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: References: Message-ID: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> On Tue, Mar 25, 2008 at 12:32 PM, Marco Barbero wrote: [snip] > Postfix 2.3.8 [snip] You are running a very old version of Postfix. You would be well advised to update to the latest 2.5.x version. It has some additional knobs that might prove useful for you. -- Gerard gerard@seibercom.net From hvdkooij at vanderkooij.org Tue Mar 25 18:08:20 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Tue Mar 25 18:09:52 2008 Subject: Mailscanner slow queue In-Reply-To: <003901c88e7e$7c48d2f0$2e01a8c0@dbdomain.database.it> References: <47E89D80.9040007@clicktosee.com> <223f97700803250615m51fa4b4dm85308e9b69b05598@mail.gmail.com> <003901c88e7e$7c48d2f0$2e01a8c0@dbdomain.database.it> Message-ID: <47E93F94.7000608@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcello Anderlini wrote: | Hello to all, this for me it's a periodical problem. Stealing threads is your problem. Please apply `tar --with-feathers`. Proof in your message headers: Thread-Index: AciOe/760seI0ILvQbqm86ZH2wETowAAb2sg In-Reply-To: <223f97700803250615m51fa4b4dm85308e9b69b05598@mail.gmail.com> Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH6T+SBvzDRVjxmYERAgUAAKCPhmVam+Dlu4yYVrm9yMnWayStagCeN+Lk jNvL7afJl4/zvteT0XSL/aA= =l2NV -----END PGP SIGNATURE----- From marco.barbero at gmail.com Tue Mar 25 19:12:41 2008 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue Mar 25 19:13:19 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> References: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> Message-ID: So now I'm switched back to original env with Postfix and MailScanner 4.67.6 Trying Mailscanner --lint does not report eicar test check? Why? Now I'm running it with 'Virus Scanning = no' since antivir is not working.... It's probable that issue are from antivir not working with MailScanner... Any hints? I have an ancient installation of Mailscanner 4.47 + Antivir + Sendmail and is working... From uxbod at splatnix.net Tue Mar 25 19:42:33 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 25 19:43:43 2008 Subject: [OT] TMDA Message-ID: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> Hi, Is anybody using TMDA with Postfix, especially the challenge/response element of it? Thoughts? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Tue Mar 25 20:02:10 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 20:03:01 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: References: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> Message-ID: on 3-25-2008 12:12 PM Marco Barbero spake the following: > So now I'm switched back to original env with Postfix and MailScanner 4.67.6 > Trying Mailscanner --lint does not report eicar test check? Why? > > Now I'm running it with 'Virus Scanning = no' since antivir is not working.... > > It's probable that issue are from antivir not working with MailScanner... > Any hints? > > I have an ancient installation of Mailscanner 4.47 + Antivir + > Sendmail and is working... Since sendmail runs as root, but postfix doesn't, maybe some permission issues are involved. Is it the same version of antivir? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/385c582c/signature.bin From ssilva at sgvwater.com Tue Mar 25 20:05:37 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 20:10:12 2008 Subject: [OT] TMDA In-Reply-To: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> Message-ID: on 3-25-2008 12:42 PM --[ UxBoD ]-- spake the following: > Hi, > > Is anybody using TMDA with Postfix, especially the challenge/response element of it? Thoughts? > > Regards, > I never respond to the challenges, and many other people don't either. I think it is just as flawed an idea as sender verification or "call-ahead" systems. But that is just my humble but stubborn opinion. ;-P http://linuxmafia.com/faq/Mail/challenge-response.html -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/3e844632/signature.bin From glenn.steen at gmail.com Tue Mar 25 20:14:28 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 25 20:15:05 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: References: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> Message-ID: <223f97700803251314y85b33dbw10be5b9fa7525833@mail.gmail.com> On 25/03/2008, Scott Silva wrote: > on 3-25-2008 12:12 PM Marco Barbero spake the following: > > > So now I'm switched back to original env with Postfix and MailScanner 4.67.6 > > Trying Mailscanner --lint does not report eicar test check? Why? > > > > Now I'm running it with 'Virus Scanning = no' since antivir is not working.... > > > > It's probable that issue are from antivir not working with MailScanner... > > Any hints? > > > > I have an ancient installation of Mailscanner 4.47 + Antivir + > > Sendmail and is working... > > Since sendmail runs as root, but postfix doesn't, maybe some permission issues > are involved. Very Likely Scott. Marco, when you ran the antivir wrapper, did you do that as the postfix user? My money is on that you didn't:-). I'd also follow the gist of Martins advice, to make this a simple as possible to begin with... So perhaps disable the mirroring stuff (I see very little real point to that anyway:-), if tripplechecking postfix permissions (for Antivir) doesn't solve things. > Is it the same version of antivir? > Does it really matter? 4.47 is antiquated:-)... No real comparison ... Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Mar 25 20:16:53 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 25 20:17:29 2008 Subject: [OT] TMDA In-Reply-To: References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> Message-ID: <223f97700803251316l71c4e602u927fcd4f7173818a@mail.gmail.com> On 25/03/2008, Scott Silva wrote: > on 3-25-2008 12:42 PM --[ UxBoD ]-- spake the following: > > > Hi, > > > > Is anybody using TMDA with Postfix, especially the challenge/response element of it? Thoughts? > > > > Regards, > > > > I never respond to the challenges, and many other people don't either. > I think it is just as flawed an idea as sender verification or "call-ahead" > systems. But that is just my humble but stubborn opinion. ;-P > > http://linuxmafia.com/faq/Mail/challenge-response.html > CC. Just another "irritant"... Not part of the solution, probably part of the problem...:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From timb at vwg.com Tue Mar 25 20:52:13 2008 From: timb at vwg.com (Timothy Barhorst) Date: Tue Mar 25 20:53:34 2008 Subject: MailScanner marks everything as spam Message-ID: Hey I know I'm a little behind with this version -- 4.54.6-1 running on RH Enterprise 4 using sendmail. But all of a sudden this afternoon .. Mailscanner started marking just about ALL e-mail as spam and quarantining it all. I had to set " spam checks = no" to get mail through .. Here's a header from one in the quarantine: X-VWG-MailScanner-Information: Please contact VWG for more information X-VWG-MailScanner: Found to be clean X-VWG-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-4.14, required 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, HTML_MESSAGE 0.00) I am planning on updating this server soon but in the meantime if there are any suggestions, I'd appreciate it. Tim Barhorst -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/472b0af7/attachment.html From uxbod at splatnix.net Tue Mar 25 20:59:48 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Mar 25 21:00:36 2008 Subject: [OT] TMDA In-Reply-To: <223f97700803251316l71c4e602u927fcd4f7173818a@mail.gmail.com> Message-ID: <84391.1121206478788175.JavaMail.root@office.splatnix.net> Well that answered that question ;) thanks :) Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Glenn Steen" wrote: > On 25/03/2008, Scott Silva wrote: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Tue Mar 25 21:04:46 2008 From: alex at nkpanama.com (Alex Neuman) Date: Tue Mar 25 21:05:50 2008 Subject: MailScanner marks everything as spam In-Reply-To: References: Message-ID: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> That's actually marked as NOT spam, the score is negative! On Mar 25, 2008, at 3:52 PM, Timothy Barhorst wrote: > Hey I know I?m a little behind with this version -- 4.54.6-1 running > on RH Enterprise 4 using sendmail. > > But all of a sudden this afternoon .. Mailscanner started marking > just about ALL e-mail as spam and quarantining it all. > I had to set ? spam checks = no? to get mail through .. > > Here?s a header from one in the quarantine: > X-VWG-MailScanner-Information: Please contact VWG for more information > X-VWG-MailScanner: Found to be clean > X-VWG-MailScanner-SpamCheck: not spam (whitelisted), > SpamAssassin (score=-4.14, required 5, autolearn=not spam, > ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, > HTML_MESSAGE 0.00) > > > > I am planning on updating this server soon but in the meantime if > there are any suggestions, I?d appreciate it. > > Tim Barhorst > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From ssilva at sgvwater.com Tue Mar 25 21:06:55 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 21:07:36 2008 Subject: MailScanner marks everything as spam In-Reply-To: References: Message-ID: on 3-25-2008 1:52 PM Timothy Barhorst spake the following: > Hey I know I?m a little behind with this version -- 4.54.6-1 running on > RH Enterprise 4 using sendmail. > > > > But all of a sudden this afternoon .. Mailscanner started marking just > about ALL e-mail as spam and quarantining it all. > > I had to set ? spam checks = no? to get mail through .. > > > > Here?s a header from one in the quarantine: > > X-VWG-MailScanner-Information: Please contact VWG for more information > > X-VWG-MailScanner: Found to be clean > > X-VWG-MailScanner-SpamCheck: not spam (whitelisted), > > SpamAssassin (score=-4.14, required 5, autolearn=not spam, > > ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, > > HTML_MESSAGE 0.00) > > > > > > > > I am planning on updating this server soon but in the meantime if there > are any suggestions, I?d appreciate it. > > > > Tim Barhorst > > > You wouldn't by any chance be using relays.ordb.org as a blacklist, would you? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/1364fb89/signature.bin From timb at vwg.com Tue Mar 25 21:15:06 2008 From: timb at vwg.com (Timothy Barhorst) Date: Tue Mar 25 21:16:23 2008 Subject: MailScanner marks everything as spam References: Message-ID: This was the problem per previous message.. if I has just read it before I posted. Dear all, You might note that relays.ordb.org, which has been dead for a while, has just blacklisted the world. If you are blocking at the MTA level using this site you are probably not receiving any mail as a result of this change. Best regards, Steve Steve Swaney _____ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Timothy Barhorst Sent: Tuesday, March 25, 2008 4:52 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner marks everything as spam Hey I know I'm a little behind with this version -- 4.54.6-1 running on RH Enterprise 4 using sendmail. But all of a sudden this afternoon .. Mailscanner started marking just about ALL e-mail as spam and quarantining it all. I had to set " spam checks = no" to get mail through .. Here's a header from one in the quarantine: X-VWG-MailScanner-Information: Please contact VWG for more information X-VWG-MailScanner: Found to be clean X-VWG-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (score=-4.14, required 5, autolearn=not spam, ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, HTML_MESSAGE 0.00) I am planning on updating this server soon but in the meantime if there are any suggestions, I'd appreciate it. Tim Barhorst -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/d99e93fc/attachment.html From glenn.steen at gmail.com Tue Mar 25 21:23:34 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Mar 25 21:24:08 2008 Subject: MailScanner marks everything as spam In-Reply-To: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> References: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> Message-ID: <223f97700803251423k7b43ab65r58c8c4f627d8a626@mail.gmail.com> On 25/03/2008, Alex Neuman wrote: > That's actually marked as NOT spam, the score is negative! > > > On Mar 25, 2008, at 3:52 PM, Timothy Barhorst wrote: > > Hey I know I'm a little behind with this version -- 4.54.6-1 running > > on RH Enterprise 4 using sendmail. > > > > But all of a sudden this afternoon .. Mailscanner started marking > > just about ALL e-mail as spam and quarantining it all. > > I had to set " spam checks = no" to get mail through .. > > > > Here's a header from one in the quarantine: > > X-VWG-MailScanner-Information: Please contact VWG for more information > > X-VWG-MailScanner: Found to be clean > > X-VWG-MailScanner-SpamCheck: not spam (whitelisted), > > SpamAssassin (score=-4.14, required 5, autolearn=not spam, > > ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, > > HTML_MESSAGE 0.00) > > > > > > > > I am planning on updating this server soon but in the meantime if > > there are any suggestions, I'd appreciate it. > > > > Tim Barhorst > > > > > With that old a version you might have ORDB in your Spam Lists setting, which will override anything you do to 'em... And ordb "blacklist" everything ATM, I hear (it being dead, this isn't surprising). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From peter at farrows.org Tue Mar 25 21:23:40 2008 From: peter at farrows.org (Peter Farrow) Date: Tue Mar 25 21:24:27 2008 Subject: Large uptake in spam? In-Reply-To: <47E82AE3.1050407@ecs.soton.ac.uk> References: <20080324214718.68195E3013E@master.justemail.org> <47E82AE3.1050407@ecs.soton.ac.uk> Message-ID: <47E96D5C.2060403@farrows.org> Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > Denis Croombs wrote: > >>>> Will probably implement selective >>>> greylisting as soon as I find time though, and use some BLs >>>> >>>> >>> for that >>> >>> >>>> (as per Matt Kettlers excellent advice). >>>> >>>> >>>> >>> I've just added the GeoIP stuff to my greylisting. I tried to >>> implement greylisting across the board a couple of years ago, >>> and got told not to by my boss, who had a website >>> registration email delayed. So now I'm having a second go, >>> but this time greylisting only sites that are on the SORBS >>> DUN list, or come from countries that send us a lot of spam >>> but with which we do little business. I'm slowly building the >>> set of target countries. >>> >>> I've built an RPM of the latest milter-greylist including all >>> the GeoIP stuff if anyone wants it. A separate one for RHEL 4 >>> and RHEL 5. >>> >>> Jules >>> >>> >> Hi Jules >> >> I would be very interested in getting a copy of the rpm's >> >> > See http://www.mailscanner.info/greylist.html > >> Regards >> >> Denis >> >> No virus found in this outgoing message. >> Checked by AVG. >> Version: 7.5.519 / Virus Database: 269.21.8/1340 - Release Date: 23/03/2008 >> 18:50 >> >> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Thunderbird Enigmail to verify this message > Charset: windows-1250 > > wj8DBQFH6CrmEfZZRxQVtlQRAn7QAJ9bdtVSHrGiyV1sIzNlOcVlwZm+wwCfb6R2 > 2OxhIwvKWmcNpi83e6daj9Y= > =HxFG > -----END PGP SIGNATURE----- > > This looks very similar to milter-greylist by Emmanuel Dreyfus, is this related to that milter? If it is, from your rpms what is the database length (maximum entries) as in the original code this was 1024 and required a simple mod to up the limit... Regards Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/65aae0f8/attachment.html From marco.barbero at gmail.com Tue Mar 25 21:25:49 2008 From: marco.barbero at gmail.com (Marco Barbero) Date: Tue Mar 25 21:26:27 2008 Subject: mailscanner/postfix issue (this is going to make me mad) In-Reply-To: <223f97700803251314y85b33dbw10be5b9fa7525833@mail.gmail.com> References: <317253d70803251104h16fa5c42u2282cfb28452b5c9@mail.gmail.com> <223f97700803251314y85b33dbw10be5b9fa7525833@mail.gmail.com> Message-ID: 2008/3/25, Glenn Steen : > Very Likely Scott. Marco, when you ran the antivir wrapper, did you do > that as the postfix user? My money is on that you didn't:-). > I'd also follow the gist of Martins advice, to make this a simple as > possible to begin with... So perhaps disable the mirroring stuff (I > see very little real point to that anyway:-), if tripplechecking > postfix permissions (for Antivir) doesn't solve things. Yup, running manually wrapper like postfix user does work. Using clamav works. Also --lint does not report any eicar test (no matter antivir or clamav) > > Is it the same version of antivir? > > > > Does it really matter? 4.47 is antiquated:-)... No real comparison ... yes, some version From gwong at wong-consulting.com Tue Mar 25 21:50:42 2008 From: gwong at wong-consulting.com (Gregory Wong) Date: Tue Mar 25 21:51:21 2008 Subject: MailScanner marks everything as spam In-Reply-To: <223f97700803251423k7b43ab65r58c8c4f627d8a626@mail.gmail.com> References: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> <223f97700803251423k7b43ab65r58c8c4f627d8a626@mail.gmail.com> Message-ID: <6052545A7C35D54FBDD1051DFDD2045103E0BC5F4F@EX2K7VS01.4emm.local> What do you recommend for blacklist lookups? And how much blacklists does an email have to be on in order for it to be considered spam? I ran into this problem with my mail scanner today. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: Tuesday, March 25, 2008 5:24 PM To: MailScanner discussion Subject: Re: MailScanner marks everything as spam On 25/03/2008, Alex Neuman wrote: > That's actually marked as NOT spam, the score is negative! > > > On Mar 25, 2008, at 3:52 PM, Timothy Barhorst wrote: > > Hey I know I'm a little behind with this version -- 4.54.6-1 running > > on RH Enterprise 4 using sendmail. > > > > But all of a sudden this afternoon .. Mailscanner started marking > > just about ALL e-mail as spam and quarantining it all. > > I had to set " spam checks = no" to get mail through .. > > > > Here's a header from one in the quarantine: > > X-VWG-MailScanner-Information: Please contact VWG for more information > > X-VWG-MailScanner: Found to be clean > > X-VWG-MailScanner-SpamCheck: not spam (whitelisted), > > SpamAssassin (score=-4.14, required 5, autolearn=not spam, > > ALL_TRUSTED -1.80, BAYES_00 -2.60, CN_SUBJECT_799 0.26, > > HTML_MESSAGE 0.00) > > > > > > > > I am planning on updating this server soon but in the meantime if > > there are any suggestions, I'd appreciate it. > > > > Tim Barhorst > > > > > With that old a version you might have ORDB in your Spam Lists setting, which will override anything you do to 'em... And ordb "blacklist" everything ATM, I hear (it being dead, this isn't surprising). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ade at techniumcast.com Tue Mar 25 22:02:47 2008 From: ade at techniumcast.com (Ade Fewings) Date: Tue Mar 25 22:03:28 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: References: <2994042.571206449032996.JavaMail.root@office.splatnix.net> <47E8FE4D.5060201@techniumcast.com> Message-ID: <1085.10.1.33.51.1206482567.squirrel@webmail.techniumcast.com> > Are you running the alternate pyzor server? > > 82.94.255.100:24441 > Yes, that's the server that i'm using. The thing I can't understand is why it all works fine (DCC & Pyzor) if I call MailScanner --debug but letting check_mailscanner start the daemon processes brings the problem forth. So, I suppose - what's the difference between the way SpamAssassin is called when MS is in debug to that when it's not? Thanks for your efforts ~ From mkettler at evi-inc.com Tue Mar 25 22:03:25 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Tue Mar 25 22:04:16 2008 Subject: [OT] TMDA In-Reply-To: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> Message-ID: <47E976AD.9010703@evi-inc.com> --[ UxBoD ]-- wrote: > Hi, > > Is anybody using TMDA with Postfix, especially the challenge/response element of it? Thoughts? > > Regards, > Beyond the fact that it irritates people (ie: every time you get spammed, you wind up sending unsolicited challenges to some innocent third party.. In effect, they get spammed every time you do), there are other problems with TMDA. Fundamentally, TMDA boils down to a system of outsourcing your spam filtering onto others, irritating them by doing so without their consent, and then hoping they'll behave the way you want and handle it for you. TMDA breaks down when it encounters people like me. Whenever I get a challenge for a message I did send, I consider who benefits from the message. If the delivery of the message benefits the recipient more than me, i.e.: I'm giving away advice for free, I delete the challenge without approving it. I've already expended enough work writing a response to their question. I'm not going to jump through extra hoops after the fact to deliver it to them. Whenever I get a challenge for a message I don't believe I sent, I immediately approve it. After all, I don't want to be responsible for them missing out on an email when I'm unsure of the content, it could be important to them... In both cases, their system just sent me an unsolicited message. Now that they've ticked me off by spamming me, why should I cooperate? As far as I know, nobody has offered to pay me, or even politely asked me to handle their spam filtering. Why should I reward them for such impolite behavior? What would you do if your neighbor took a leaf blower and blew all his leaves into your yard without asking? would you bag them for him? I wouldn't. I'd use my leaf blower to blow them back where they came from. From ssilva at sgvwater.com Tue Mar 25 22:57:52 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 22:58:48 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: <1085.10.1.33.51.1206482567.squirrel@webmail.techniumcast.com> References: <2994042.571206449032996.JavaMail.root@office.splatnix.net> <47E8FE4D.5060201@techniumcast.com> <1085.10.1.33.51.1206482567.squirrel@webmail.techniumcast.com> Message-ID: on 3-25-2008 3:02 PM Ade Fewings spake the following: >> Are you running the alternate pyzor server? >> >> 82.94.255.100:24441 >> > > Yes, that's the server that i'm using. > > The thing I can't understand is why it all works fine (DCC & Pyzor) if I > call MailScanner --debug but letting check_mailscanner start the daemon > processes brings the problem forth. > > So, I suppose - what's the difference between the way SpamAssassin is > called when MS is in debug to that when it's not? > > Thanks for your efforts > ~ > When you are trying your MailScanner debug, you are probably root. But when it is called by mailscanner and postfix, it gets called as the postfix user. Now try and run the debug as the postfix user. "su - postfix -c /bin/bash" if I remember correctly will give you a shell under the postfix user. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/0482b1f2/signature.bin From steve.swaney at fsl.com Tue Mar 25 22:59:00 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 25 22:59:41 2008 Subject: [OT] TMDA In-Reply-To: <47E976AD.9010703@evi-inc.com> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> Message-ID: <262f01c88ecb$d0c50fe0$724f2fa0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Matt Kettler > Sent: Tuesday, March 25, 2008 6:03 PM > To: MailScanner discussion > Subject: Re: [OT] TMDA > > --[ UxBoD ]-- wrote: > > Hi, > > > > Is anybody using TMDA with Postfix, especially the challenge/response > element of it? Thoughts? > > > > Regards, > > > > Beyond the fact that it irritates people (ie: every time you get > spammed, you > wind up sending unsolicited challenges to some innocent third party.. > In effect, > they get spammed every time you do), there are other problems with > TMDA. > > > Fundamentally, TMDA boils down to a system of outsourcing your spam > filtering > onto others, irritating them by doing so without their consent, and > then hoping > they'll behave the way you want and handle it for you. > > TMDA breaks down when it encounters people like me. > > Whenever I get a challenge for a message I did send, I consider who > benefits > from the message. If the delivery of the message benefits the recipient > more > than me, i.e.: I'm giving away advice for free, I delete the challenge > without > approving it. I've already expended enough work writing a response to > their > question. I'm not going to jump through extra hoops after the fact to > deliver it > to them. > > Whenever I get a challenge for a message I don't believe I sent, I > immediately > approve it. After all, I don't want to be responsible for them missing > out on an > email when I'm unsure of the content, it could be important to them... > > In both cases, their system just sent me an unsolicited message. Now > that > they've ticked me off by spamming me, why should I cooperate? As far as > I know, > nobody has offered to pay me, or even politely asked me to handle their > spam > filtering. Why should I reward them for such impolite behavior? What > would you > do if your neighbor took a leaf blower and blew all his leaves into > your yard > without asking? would you bag them for him? I wouldn't. I'd use my leaf > blower > to blow them back where they came from. > Matt, Thank you for providing the best, funniest and most thoughtful response to what is wrong with challenge / response systems I have read yet. I was writing my own response to the thread when I read yours. It's much better than mine :) Thanks for saving me a lot of writing and I may even try to get this into the MS wiki. Steve Steve Swaney steve@fsl.com www.fsl.com From ssilva at sgvwater.com Tue Mar 25 23:00:05 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 23:05:33 2008 Subject: [OT] TMDA In-Reply-To: <47E976AD.9010703@evi-inc.com> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> Message-ID: on 3-25-2008 3:03 PM Matt Kettler spake the following: > --[ UxBoD ]-- wrote: >> Hi, >> >> Is anybody using TMDA with Postfix, especially the challenge/response >> element of it? Thoughts? >> >> Regards, >> > > Beyond the fact that it irritates people (ie: every time you get > spammed, you wind up sending unsolicited challenges to some innocent > third party.. In effect, they get spammed every time you do), there are > other problems with TMDA. > > > Fundamentally, TMDA boils down to a system of outsourcing your spam > filtering onto others, irritating them by doing so without their > consent, and then hoping they'll behave the way you want and handle it > for you. > > TMDA breaks down when it encounters people like me. > > Whenever I get a challenge for a message I did send, I consider who > benefits from the message. If the delivery of the message benefits the > recipient more than me, i.e.: I'm giving away advice for free, I delete > the challenge without approving it. I've already expended enough work > writing a response to their question. I'm not going to jump through > extra hoops after the fact to deliver it to them. > > Whenever I get a challenge for a message I don't believe I sent, I > immediately approve it. After all, I don't want to be responsible for > them missing out on an email when I'm unsure of the content, it could be > important to them... > > In both cases, their system just sent me an unsolicited message. Now > that they've ticked me off by spamming me, why should I cooperate? As > far as I know, nobody has offered to pay me, or even politely asked me > to handle their spam filtering. Why should I reward them for such > impolite behavior? What would you do if your neighbor took a leaf blower > and blew all his leaves into your yard without asking? would you bag > them for him? I wouldn't. I'd use my leaf blower to blow them back where > they came from. > Before or after you tossed the burning match into the pile? ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/eb002626/signature.bin From ssilva at sgvwater.com Tue Mar 25 23:14:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Mar 25 23:15:27 2008 Subject: MailScanner marks everything as spam In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103E0BC5F4F@EX2K7VS01.4emm.local> References: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> <223f97700803251423k7b43ab65r58c8c4f627d8a626@mail.gmail.com> <6052545A7C35D54FBDD1051DFDD2045103E0BC5F4F@EX2K7VS01.4emm.local> Message-ID: on 3-25-2008 2:50 PM Gregory Wong spake the following: > What do you recommend for blacklist lookups? >And how much blacklists does an email have to be on in order >for it to be considered spam? I ran into this problem with my mail scanner today. > It depends on what you are going to do with the result. If you are going to dump it, why not use the blacklist at the MTA where it cuts the system load? If you are going to quarantine it or mark it as spam and send it on its merry way, and you are using spamassassin, use the spamassassin scoring system, adjusting what you need to get the ratio right. If you are not using spamassassin, and just want to mark and forward (catch and release in fishing terms)or quarantine based on the blacklists, then MailScanner is the place to do it. As for how many blacklists, that is also dependent on where you are using them. If at the MTA, the first hit drops the message and you can use whichever lists don't FP for you. If in spamassassin, the lookups are in parallel, so 1 lookup takes close to as long as 10 lookups do, so use as many as you want. In MailScanner, each lookup is done one after the other, so the more lookups you do, the longer it takes to deliver mail. I wouldn't use more than 2 or 3 here. (I wouldn't do any here personally, but that is my setup) But the most important thing is to use a blacklist that is OK in your environment. A list that is highly effective for me might block your boss or your CEO, causing you to do unemployment lookups and job queries. Not good! I have been keeping track of the hits I get with spamassassin, and if I hit 100% spam on a list for 3 to 4 months, I move it to the MTA. All others I leave in spamassassin and just let the scores accumulate. And the last concept is this... If you accept the message, spam or not, don't bounce it. Only drop spam during the time that the original server is still connected to you. Anytime after that will get you on a blacklist, and we will all be blocking you! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080325/425d3a6e/signature.bin From steve.swaney at fsl.com Tue Mar 25 23:54:51 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Tue Mar 25 23:55:32 2008 Subject: [OT] TMDA In-Reply-To: References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> Message-ID: <265001c88ed3$9dbf6930$d93e3b90$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Scott Silva > Sent: Tuesday, March 25, 2008 7:00 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: [OT] TMDA > > on 3-25-2008 3:03 PM Matt Kettler spake the following: > > --[ UxBoD ]-- wrote: > >> Hi, > >> > >> Is anybody using TMDA with Postfix, especially the > challenge/response > >> element of it? Thoughts? > >> > >> Regards, > >> > > > > Beyond the fact that it irritates people (ie: every time you get > > spammed, you wind up sending unsolicited challenges to some innocent > > third party.. In effect, they get spammed every time you do), there > > are other problems with TMDA. > > > > > > Fundamentally, TMDA boils down to a system of outsourcing your spam > > filtering onto others, irritating them by doing so without their > > consent, and then hoping they'll behave the way you want and handle > it > > for you. > > > > TMDA breaks down when it encounters people like me. > > > > Whenever I get a challenge for a message I did send, I consider who > > benefits from the message. If the delivery of the message benefits > the > > recipient more than me, i.e.: I'm giving away advice for free, I > > delete the challenge without approving it. I've already expended > > enough work writing a response to their question. I'm not going to > > jump through extra hoops after the fact to deliver it to them. > > > > Whenever I get a challenge for a message I don't believe I sent, I > > immediately approve it. After all, I don't want to be responsible for > > them missing out on an email when I'm unsure of the content, it could > > be important to them... > > > > In both cases, their system just sent me an unsolicited message. Now > > that they've ticked me off by spamming me, why should I cooperate? As > > far as I know, nobody has offered to pay me, or even politely asked > me > > to handle their spam filtering. Why should I reward them for such > > impolite behavior? What would you do if your neighbor took a leaf > > blower and blew all his leaves into your yard without asking? would > > you bag them for him? I wouldn't. I'd use my leaf blower to blow them > > back where they came from. > > > Before or after you tossed the burning match into the pile? ;-P And I forgot to mention that we are seeing more and more spammers using challenge / response system to forward their evil sp(awn)am. Steve Steve Swaney steve@fsl.com www.fsl.com From Michael at kooinda.net Wed Mar 26 08:27:49 2008 From: Michael at kooinda.net (Michael Chase) Date: Wed Mar 26 08:28:32 2008 Subject: All mail marked as spam? Message-ID: <47EA0905.3060702@kooinda.net> Hi, I have a mailscanner/mailwatch/postfix/spamassassin/clamav setup that's been serving me well for several years (with the occasional update). In the last 24h or so, it's been marking all mail, even messages with a score of 0.0, as possible spam. I have anything >3.0 flagged as possible spam, quarantined and emailed to postmaster. Anything >6.0 is spam and just quarantine. Looking at the messages in mailwatch, the 0.0 score ones don't have any info on why spam assassin thought they were bad, presumably because it didn't (score = 0.0). Real spam has details on the breakdown of the score. There does not seem to me any errors when MailScanner is restarted. Where should I start to look for the problem? I've not changed anything for weeks/months, so I'm puzzled that it has started to act strangely. Michael. From Michael at kooinda.net Wed Mar 26 08:34:16 2008 From: Michael at kooinda.net (Michael Chase) Date: Wed Mar 26 08:34:29 2008 Subject: All mail marked as spam? - more info Message-ID: <47EA0A88.1060500@kooinda.net> I have MailScanner[16565]: Commercial virus checker failed with real error: Invalid function CL_SCAN_PHISHING_DOMAINLIST at /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm line 112. in the logs. And in MailScanner.conf Virus Scanners = clamavmodule bitdefender The error looks like clamav, possibly caused by some perl update that has come down with a yum update? yum.log has: Mar 05 20:33:48 Updated: perl-Test-Simple.noarch 0.78-1.el4.rf Mar 05 20:33:51 Updated: syslinux.i386 3.62-1.el4.rf Mar 05 20:33:52 Updated: perl-HTML-Tagset.noarch 3.20-1.el4.rf Mar 05 20:33:53 Updated: rsync.i386 3.0.0-1.el4.rf Mar 14 18:52:17 Updated: tzdata.noarch 2007k-2.el4 So should I update clamav or something? I have: # clamscan --version ClamAV 0.88/6074/Sun Mar 2 08:29:36 2008 Michael. From uxbod at splatnix.net Wed Mar 26 09:58:25 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Mar 26 09:59:38 2008 Subject: All mail marked as spam? - more info In-Reply-To: <47EA0A88.1060500@kooinda.net> Message-ID: <17846274.151206525505768.JavaMail.root@office.splatnix.net> Yes I would upgrade Clam definitely. Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Michael Chase" wrote: > I have > > MailScanner[16565]: Commercial virus checker failed with real error: > Invalid function CL_SCAN_PHISHING_DOMAINLIST at > /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/Mail/ClamAV.pm > line 112. > > in the logs. > > And in MailScanner.conf > > Virus Scanners = clamavmodule bitdefender > > The error looks like clamav, possibly caused by some perl update that > has come down with a yum update? > > yum.log has: > > Mar 05 20:33:48 Updated: perl-Test-Simple.noarch 0.78-1.el4.rf > Mar 05 20:33:51 Updated: syslinux.i386 3.62-1.el4.rf > Mar 05 20:33:52 Updated: perl-HTML-Tagset.noarch 3.20-1.el4.rf > Mar 05 20:33:53 Updated: rsync.i386 3.0.0-1.el4.rf > Mar 14 18:52:17 Updated: tzdata.noarch 2007k-2.el4 > > So should I update clamav or something? > > I have: > > # clamscan --version > ClamAV 0.88/6074/Sun Mar 2 08:29:36 2008 > > > Michael. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mailscanner at snot.dk Wed Mar 26 10:03:51 2008 From: mailscanner at snot.dk (Lars Christiansen) Date: Wed Mar 26 10:04:39 2008 Subject: All mail marked as spam? References: <47EA0905.3060702@kooinda.net> Message-ID: <20080326100310.M53460@snot.dk> Michael, You aren't using ORDB anymore, are you? http://it.slashdot.org/article.pl?sid=08/03/25/2124224 Remove ORDB from 'Spam List' in mailscanner.conf. Brgds, -Lars On Wed, 26 Mar 2008 18:57:49 +1030, Michael Chase wrote > Hi, > > I have a mailscanner/mailwatch/postfix/spamassassin/clamav setup that's > been serving me well for several years (with the occasional update). > > In the last 24h or so, it's been marking all mail, even messages > with a score of 0.0, as possible spam. > > I have anything >3.0 flagged as possible spam, quarantined and > emailed to postmaster. Anything >6.0 is spam and just quarantine. > > Looking at the messages in mailwatch, the 0.0 score ones don't have any > info on why spam assassin thought they were bad, presumably because > it didn't (score = 0.0). Real spam has details on the breakdown of > the score. > > There does not seem to me any errors when MailScanner is restarted. > > Where should I start to look for the problem? I've not changed anything > for weeks/months, so I'm puzzled that it has started to act strangely. > > Michael. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From mogens at fumlersoft.dk Wed Mar 26 10:59:27 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Wed Mar 26 11:00:25 2008 Subject: mail from mindspring Message-ID: <1122.90.184.19.31.1206529167.squirrel@mail.fumlersoft.dk> Hi I have to admit, i was somewhat surprised to learn, that MS tries to send notice, about unwanted attachment, to mindspring.com. I would think that messages marked as spam, should not trigger a responce to sender, who is 99% shure faked, even when config is to notice sender about unwanted attachments. Is there a config combination that would keep MS from doing this ? I got an entry i my access.db blocking all mindspring.com: mindspring.com ERROR:"550 Reject : mindspring.com - Spam source" And maillog said: Mar 26 09:49:02 (none) MailScanner[3448]: Message m2Q8moaj003869 from 202.141.26.5 (hueyg@mindspring.net) to parkhotel.dk is spam, SpamAssassin (not cached, score=14.311, required 5, BAYES_99 5.00, CHARSET_FARAWAY_HEADER 3.20, DCC_CHECK 2.17, HTML_MESSAGE 0.00, MIME_CHARSET_FARAWAY 2.45, PLING_QUERY 1.39, RDNS_NONE 0.10) So it's clearly marked as spam. It's also being tagged by MCP: Mar 26 09:49:03 (none) MailScanner[3448]: Spam Checks: Found 1 spam messages Mar 26 09:49:03 (none) MailScanner[3448]: Spam Actions: message m2Q8moaj003869 actions are store-nonmcp Mar 26 09:49:04 (none) MailScanner[3448]: MCP Checks: Starting Mar 26 09:49:05 (none) MailScanner[3448]: Virus and Content Scanning: Starting Mar 26 09:49:07 (none) MailScanner[3448]: Filetype Checks: No executables (m2Q8moaj003869 msg-3448-5.txt) Mar 26 09:49:07 (none) MailScanner[3448]: Filetype Checks: Allowing m2Q8moaj003869 msg-3448-6.html Mar 26 09:49:07 (none) MailScanner[3448]: Other Checks: Found 1 problems Mar 26 09:49:08 (none) MailScanner[3448]: Saved entire message to /var/spool/MailScanner/quarantine/20080326/m2Q8moaj003869 Mar 26 09:49:09 (none) MailScanner[3448]: Saved infected "msg-3448-5.txt" to /var/spool/MailScanner/quarantine/20080326/m2Q8moaj003869 ---------------------------------------- Original Message ---------------------------------------- Subject: Postmaster notify: see transcript for details From: "Mail Delivery Subsystem" Date: Wed, March 26, 2008 09:49 To: postmaster -------------------------------------------------------------------------------------------------- The original message was received at Wed, 26 Mar 2008 09:49:09 +0100 from localhost [127.0.0.1] with id m2Q8n9nP003889 ----- The following addresses had permanent fatal errors ----- (reason: 550 Mailbox unavailable or access denied - ) ----- Transcript of session follows ----- ... while talking to im.namehub.com.: >>> RCPT To: <<< 550 Mailbox unavailable or access denied - 550 5.1.1 ... User unknown -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- Skipped content of type message/delivery-status-------------- next part -------------- An embedded message was scrubbed... From: "MailScanner" Subject: Warning: E-mail viruses detected Date: Wed, 26 Mar 2008 09:49:09 +0100 Size: 1740 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/909e2970/E-mailvirusesdetected-0001.mht From rgreen at trayerproducts.com Wed Mar 26 11:12:24 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Mar 26 11:12:41 2008 Subject: Spam List Message-ID: <47EA2F98.7020806@trayerproducts.com> A recent posting here prompted me to ask other MailScanner users which RBLs they are using. I don't have anything currently configured for "Spam List =" in MailScanner.conf. So, which RBLs are you using? Thanks, Rod / / "The Internet is a telephone system that's gotten uppity." - Clifford Stoll -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Wed Mar 26 11:03:41 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Wed Mar 26 11:17:04 2008 Subject: Mailscanner slow queue Message-ID: <2FA349F95CF3644FAFC92070E642EB6AC7BA5B@beta.dbdomain.database.it> Maybe I've found the problem In my /etc/mail/spamassassin/init.pre I've this line loadplugin Mail::SpamAssassin::Plugin::URIDNSBL Now running a spammassassin -D < message I'get also these lines ======================================================================== === [23801] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:meetic.com (timeout 10.0s, min 2.0s) [23801] dbg: dns: URIBL_RED lookup start [23801] dbg: dns: URIBL_GREY lookup start [23801] dbg: async: starting: URI-DNSBL, DNSBL:bl.open-whois.org.:meetic.com (timeout 10.0s, min 2.0s) [23801] dbg: dns: WHOIS_SECUREWHOIS lookup start [23801] dbg: dns: WHOIS_MYPRIVREG lookup start [23801] dbg: dns: WHOIS_NETSOLPR lookup start [23801] dbg: dns: WHOIS_AITPRIV lookup start [23801] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:meetic.com (timeout 10.0s, min 2.0s) [23801] dbg: dns: URIBL_SC_SURBL lookup start [23801] dbg: dns: URIBL_AB_SURBL lookup start [23801] dbg: dns: WHOIS_CONTACTPRIV lookup start [23801] dbg: dns: WHOIS_NAMEKING lookup start [23801] dbg: dns: WHOIS_PRIVPROT lookup start [23801] dbg: dns: WHOIS_WHOISGUARD lookup start [23801] dbg: dns: URIBL_PH_SURBL lookup start [23801] dbg: dns: URIBL_BLACK lookup start [23801] dbg: dns: WHOIS_PRIVACYPOST lookup start [23801] dbg: async: starting: URI-DNSBL, DNSBL:rhsbl.ahbl.org.:meetic.com (timeout 10.0s, min 2.0s) [23801] dbg: dns: URIBL_RHS_AHBL lookup start [23801] dbg: async: starting: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:meetic.com (timeout 10.0s, min 2.0s) [omissis] ======================================================================== === I would like to mantain (to not change) this configuration but I could not foud where this dnsbl are set and so try to change dbsbl or limit the number. Could someone help me ? Thanks again ===================== Marcello You read this.. http://wiki.mailscanner.info/doku.php?id=maq:index#getting_the_best_out_ of_spamassassin -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Marcello Anderlini > Sent: 25 March 2008 13:45 > To: MailScanner discussion > Subject: Mailscanner slow queue > > Hello to all, this for me it's a periodical problem. > Sometime, random, spamassassin become very slow. I've read all faq > without real success > > Now I've try spammassind -D < messagge and it seems it's slow the > running body tests process, but I've not changed nothing. > > Someone could help me telling one sure way to understand where could > be the problem and how to have the full controll of spamassassin ? > > My system it's a centos 4.6 with mailscanner-4.58.9-1, > spamassassin-3.2.4-1.el4. > My puglin are razor,pyzor, fuzzyocr, kam rules, > > Thanks for any kind of help and sorry for my worst english. > > Best regards Marcello > > > -- > Messaggio verificato dal servizio antivirus di Database Informatica > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica Dr. Marcello Anderlini m.anderlini@database.it --------------------------------------------- Database Informatica S.r.l. Microsoft Certified Partner Tel. +39059775070 Fax. +39059779545 http://www.database.it --------------------------------------------- -- Messaggio verificato dal servizio antivirus di Database Informatica From ade at techniumcast.com Wed Mar 26 11:34:05 2008 From: ade at techniumcast.com (Ade Fewings) Date: Wed Mar 26 11:34:48 2008 Subject: MS 4.67.6 + SA3.2.4 + Pyzor/DCC In-Reply-To: References: <2994042.571206449032996.JavaMail.root@office.splatnix.net> <47E8FE4D.5060201@techniumcast.com> <1085.10.1.33.51.1206482567.squirrel@webmail.techniumcast.com> Message-ID: <47EA34AD.4040403@techniumcast.com> > When you are trying your MailScanner debug, you are probably root. But > when it is called by mailscanner and postfix, it gets called as the > postfix user. > > Now try and run the debug as the postfix user. > "su - postfix -c /bin/bash" if I remember correctly will give you a > shell under the postfix user. > > I had been running MailScanner in debug using the postfix user, but your message caused me to go back and investigate again. Works fine using MS in debug as postfix user. What I also tried was to run check_mailscanner as the postfix user and low-and-behold, it worked - runs daemon and uses DCC & Pyzor ok! Hence, I've now got the cron entry for check_mailscanner under the postfix user (instead of root), and all is well. Thanks for your help, much appreciated. A -------------- next part -------------- A non-text attachment was scrubbed... Name: ade.vcf Type: text/x-vcard Size: 376 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/2a0ae88b/ade.vcf From list-mailscanner at linguaphone.com Wed Mar 26 11:57:07 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Mar 26 11:57:57 2008 Subject: Spam List In-Reply-To: <47EA2F98.7020806@trayerproducts.com> References: <47EA2F98.7020806@trayerproducts.com> Message-ID: <1206532627.30621.6.camel@gblades-suse.linguaphone-intranet.co.uk> I have 3 RBLs configured but have them all configured in Postfix so they are rejected immediately. spamhaus (via datafeed subscription) bl.spamcop.net mailwatch2rbl (http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/index.html) On Wed, 2008-03-26 at 11:12, Rodney Green wrote: > A recent posting here prompted me to ask other MailScanner users which > RBLs they are using. I don't have anything currently configured for > "Spam List =" in MailScanner.conf. So, which RBLs are you using? > > Thanks, > Rod > / > / > > "The Internet is a telephone system that's gotten uppity." > - Clifford Stoll > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From martinh at solidstatelogic.com Wed Mar 26 12:07:33 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Mar 26 12:08:39 2008 Subject: Spam List In-Reply-To: <47EA2F98.7020806@trayerproducts.com> Message-ID: <9b0d46325430454d97c781a3ba6fff19@solidstatelogic.com> Rod Most people put the RBL's on the inbound MTA or use SA rather than MS. Then you get the fun of choosing from the 13 or so SA turns ON by default. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Rodney Green > Sent: 26 March 2008 11:12 > To: MailScanner discussion > Subject: Spam List > > A recent posting here prompted me to ask other MailScanner users which > RBLs they are using. I don't have anything currently configured for > "Spam List =" in MailScanner.conf. So, which RBLs are you using? > > Thanks, > Rod > / > / > > "The Internet is a telephone system that's gotten uppity." > - Clifford Stoll > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From MailScanner at ecs.soton.ac.uk Wed Mar 26 12:28:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 26 12:28:57 2008 Subject: Spam List In-Reply-To: <47EA2F98.7020806@trayerproducts.com> References: <47EA2F98.7020806@trayerproducts.com> Message-ID: <47EA4157.2000902@ecs.soton.ac.uk> Rodney Green wrote: > A recent posting here prompted me to ask other MailScanner users which > RBLs they are using. I don't have anything currently configured for > "Spam List =" in MailScanner.conf. So, which RBLs are you using? Spam List = MAPS-RBL+ spamhaus-ZEN Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rgreen at trayerproducts.com Wed Mar 26 13:09:19 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Mar 26 13:09:28 2008 Subject: Spam List In-Reply-To: <1206532627.30621.6.camel@gblades-suse.linguaphone-intranet.co.uk> References: <47EA2F98.7020806@trayerproducts.com> <1206532627.30621.6.camel@gblades-suse.linguaphone-intranet.co.uk> Message-ID: <47EA4AFF.6080305@trayerproducts.com> How do you have them configured in Postfix. I use Postfix as my MTA. There appears to be a few different ways to utilize RBLs in Postfix. Thanks, Rod Gareth wrote: > I have 3 RBLs configured but have them all configured in Postfix so they > are rejected immediately. > > spamhaus (via datafeed subscription) > bl.spamcop.net > mailwatch2rbl > (http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/index.html) > > On Wed, 2008-03-26 at 11:12, Rodney Green wrote: > >> A recent posting here prompted me to ask other MailScanner users which >> RBLs they are using. I don't have anything currently configured for >> "Spam List =" in MailScanner.conf. So, which RBLs are you using? >> >> Thanks, >> Rod >> / >> / >> >> "The Internet is a telephone system that's gotten uppity." >> - Clifford Stoll >> >> >> > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Wed Mar 26 13:25:45 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Wed Mar 26 13:26:35 2008 Subject: Spam List In-Reply-To: <47EA2F98.7020806@trayerproducts.com> References: <47EA2F98.7020806@trayerproducts.com> Message-ID: <1510.90.184.19.31.1206537945.squirrel@mail.fumlersoft.dk> I'm pretty happy with these, no FP's so far. spamhaus-ZEN spamcop.net NJABL On Wed, March 26, 2008 12:12, Rodney Green wrote: > A recent posting here prompted me to ask other MailScanner users which > RBLs they are using. I don't have anything currently configured for > "Spam List =" in MailScanner.conf. So, which RBLs are you using? > > Thanks, > Rod > / > / > > "The Internet is a telephone system that's gotten uppity." > - Clifford Stoll > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From list-mailscanner at linguaphone.com Wed Mar 26 13:36:59 2008 From: list-mailscanner at linguaphone.com (Gareth) Date: Wed Mar 26 13:37:35 2008 Subject: Spam List In-Reply-To: <47EA4AFF.6080305@trayerproducts.com> References: <47EA2F98.7020806@trayerproducts.com> <1206532627.30621.6.camel@gblades-suse.linguaphone-intranet.co.uk> <47EA4AFF.6080305@trayerproducts.com> Message-ID: <1206538618.30628.8.camel@gblades-suse.linguaphone-intranet.co.uk> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client autoblock.dnsbl On Wed, 2008-03-26 at 13:09, Rodney Green wrote: > How do you have them configured in Postfix. I use Postfix as my MTA. > There appears to be a few different ways to utilize RBLs in Postfix. > > Thanks, > Rod > > Gareth wrote: > > I have 3 RBLs configured but have them all configured in Postfix so they > > are rejected immediately. > > > > spamhaus (via datafeed subscription) > > bl.spamcop.net > > mailwatch2rbl > > (http://www.gbnetwork.co.uk/mailscanner/mailwatch2rbl/index.html) > > > > On Wed, 2008-03-26 at 11:12, Rodney Green wrote: > > > >> A recent posting here prompted me to ask other MailScanner users which > >> RBLs they are using. I don't have anything currently configured for > >> "Spam List =" in MailScanner.conf. So, which RBLs are you using? > >> > >> Thanks, > >> Rod > >> / > >> / > >> > >> "The Internet is a telephone system that's gotten uppity." > >> - Clifford Stoll > >> > >> > >> > > > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. From kevin.murphy at midland-ics.ie Wed Mar 26 13:32:17 2008 From: kevin.murphy at midland-ics.ie (Kevin Murphy) Date: Wed Mar 26 13:37:46 2008 Subject: Correct Configuration of MS with SA Message-ID: <009e01c88f45$d00f7b10$6045000a@micsgx270spar> I use MS and SA but am not sure SA is working correctly. Is there tests I can perform to see the results? Regards Kevin MURPHY This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/ecbd6860/attachment.html From uxbod at splatnix.net Wed Mar 26 13:53:44 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Mar 26 13:55:04 2008 Subject: Correct Configuration of MS with SA In-Reply-To: <009e01c88f45$d00f7b10$6045000a@micsgx270spar> Message-ID: <12048716.741206539624984.JavaMail.root@office.splatnix.net> MailScanner --lint MailScanner --debug-sa MailScanner --debug Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Kevin Murphy" wrote: > I use MS and SA but am not sure SA is working correctly. > > Is there tests I can perform to see the results? > > Regards > > > > Kevin MURPHY > > This e-mail is intended solely for the addressee(s) and is strictly > confidential. The unauthorised use, disclosure or copying of this > e-mail, or any information it contains is prohibited. If you have > received this e-mail in error, please notify us immediately and then > permanently delete it. Although we make every effort to keep our > systems free from viruses, you should check this e-mail and any > attachments to it for viruses as we cannot accept any liability for > viruses inadvertently transmitted by use. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martinh at solidstatelogic.com Wed Mar 26 14:01:34 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Mar 26 14:02:23 2008 Subject: Correct Configuration of MS with SA In-Reply-To: <009e01c88f45$d00f7b10$6045000a@micsgx270spar> Message-ID: <2efa9a1639b6dd40adacd93f4fca66dc@solidstatelogic.com> Kevin Make the headers verbose about SA scores etc.. In mailScanner.conf Change the following setting as so: SpamScore Number Instead Of Stars = yes Detailed Spam Report = yes Always Include SpamAssassin Report = yes Spam Score = yes Spam Score Number Format = %5.2f And of course Use SpamAssassin = yes -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Kevin Murphy > Sent: 26 March 2008 13:32 > To: mailscanner@lists.mailscanner.info > Subject: Correct Configuration of MS with SA > > I use MS and SA but am not sure SA is working correctly. > > Is there tests I can perform to see the results? > > Regards > > > > Kevin MURPHY > > This e-mail is intended solely for the addressee(s) and is strictly > confidential. The unauthorised use, disclosure or copying of this e-mail, > or any information it contains is prohibited. If you have received this e- > mail in error, please notify us immediately and then permanently delete > it. Although we make every effort to keep our systems free from viruses, > you should check this e-mail and any attachments to it for viruses as we > cannot accept any liability for viruses inadvertently transmitted by use. ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From agross at gcpsite.com Wed Mar 26 14:24:31 2008 From: agross at gcpsite.com (Adam Gross) Date: Wed Mar 26 14:25:18 2008 Subject: All mail marked as spam? References: <47EA0905.3060702@kooinda.net> <20080326100310.M53460@snot.dk> Message-ID: <4487B1717589544792AD581CC5D2EC2E7781@GCPMASTER.gpocorp.local> I'm embarrassed to admit this caught me not paying attention as well. Any recommendations on another list to use in this ones place? -Adam -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Lars Christiansen Sent: Wednesday, March 26, 2008 6:04 AM To: MailScanner discussion Subject: Re: All mail marked as spam? Michael, You aren't using ORDB anymore, are you? http://it.slashdot.org/article.pl?sid=08/03/25/2124224 Remove ORDB from 'Spam List' in mailscanner.conf. Brgds, -Lars On Wed, 26 Mar 2008 18:57:49 +1030, Michael Chase wrote > Hi, > > I have a mailscanner/mailwatch/postfix/spamassassin/clamav setup that's > been serving me well for several years (with the occasional update). > > In the last 24h or so, it's been marking all mail, even messages > with a score of 0.0, as possible spam. > > I have anything >3.0 flagged as possible spam, quarantined and > emailed to postmaster. Anything >6.0 is spam and just quarantine. > > Looking at the messages in mailwatch, the 0.0 score ones don't have any > info on why spam assassin thought they were bad, presumably because > it didn't (score = 0.0). Real spam has details on the breakdown of > the score. > > There does not seem to me any errors when MailScanner is restarted. > > Where should I start to look for the problem? I've not changed anything > for weeks/months, so I'm puzzled that it has started to act strangely. > > Michael. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ From twolak at sktydev.com Wed Mar 26 15:00:57 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 15:01:38 2008 Subject: MailScanner not delivering messages Message-ID: Morning all, I have Mailscanner running with postfix, amavis and spamassasin and am not recieveing any mail. I can see in the logs its going into the hold queue and it never comes out, as well as the /var/spool/MailScanner/incoming there is messages in there as well. I am posting part of my log. Thanks Tim connect from localhost.localdomain[127.0.0.1] Mar 26 09:20:58 sktymx1 postfix/smtpd[1101]: 255C9DD59E6: client=localhost.localdomain[127.0.0.1] Mar 26 09:21:30 sktymx1 postfix/cleanup[1086]: 255C9DD59E6: hold: header Received: from localhost (localhost.localdomain [127.0.0.1])??by sktymxdev1.sktydev.com (Postfix) with SMTP id 255C9DD59E6??for ; Wed, 26 Mar 2008 09:20:48 -0500 (CDT) from localhost.localdomain[127.0.0.1]; from= to= proto=SMTP helo= Mar 26 09:21:30 sktymx1 postfix/cleanup[1086]: 255C9DD59E6: message-id=<20080326142058.255C9DD59E6@sktymxdev1.sktydev.com> Mar 26 09:21:31 sktymx1 MailScanner[1059]: New Batch: Found 6 messages waiting Mar 26 09:21:31 sktymx1 MailScanner[1059]: New Batch: Scanning 1 messages, 985 bytes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/d790c126/attachment.html From Kevin_Miller at ci.juneau.ak.us Wed Mar 26 15:06:03 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Wed Mar 26 15:05:37 2008 Subject: All mail marked as spam? In-Reply-To: <20080326100310.M53460@snot.dk> References: <47EA0905.3060702@kooinda.net> <20080326100310.M53460@snot.dk> Message-ID: Lars Christiansen wrote: > Michael, > > You aren't using ORDB anymore, are you? > > http://it.slashdot.org/article.pl?sid=08/03/25/2124224 > > Remove ORDB from 'Spam List' in mailscanner.conf. Hey, you gotta admit, that's a pretty good filter. 100% of spam, and zero false negatives! ;-) ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From uxbod at splatnix.net Wed Mar 26 15:08:26 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Mar 26 15:09:37 2008 Subject: MailScanner not delivering messages In-Reply-To: Message-ID: <16958193.1031206544106858.JavaMail.root@office.splatnix.net> shutdown MailScanner and then run it using MailScanner --debug then post the output as there is not enough in your log extract for us to work out what is happening. What does MailScanner --lint also show ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Tim Wolak" wrote: > MailScanner not delivering messages Morning all, > > I have Mailscanner running with postfix, amavis and spamassasin and am > not recieveing any mail. I can see in the logs its going into the hold > queue and it never comes out, as well as the > /var/spool/MailScanner/incoming there is messages in there as well. I > am posting part of my log. > > Thanks > > Tim > > > connect from localhost.localdomain[127.0.0.1] > Mar 26 09:20:58 sktymx1 postfix/smtpd[1101]: 255C9DD59E6: > client=localhost.localdomain[127.0.0.1] > Mar 26 09:21:30 sktymx1 postfix/cleanup[1086]: 255C9DD59E6: hold: > header Received: from localhost (localhost.localdomain > [127.0.0.1])??by sktymxdev1.sktydev.com (Postfix) with SMTP id > 255C9DD59E6??for ; Wed, 26 Mar 2008 09:20:48 -0500 > (CDT) from localhost.localdomain[127.0.0.1]; > from= to= proto=SMTP > helo= > Mar 26 09:21:30 sktymx1 postfix/cleanup[1086]: 255C9DD59E6: > message-id=<20080326142058.255C9DD59E6@sktymxdev1.sktydev.com> > Mar 26 09:21:31 sktymx1 MailScanner[1059]: New Batch: Found 6 messages > waiting > Mar 26 09:21:31 sktymx1 MailScanner[1059]: New Batch: Scanning 1 > messages, 985 bytes -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rgreen at trayerproducts.com Wed Mar 26 14:47:18 2008 From: rgreen at trayerproducts.com (Rodney Green) Date: Wed Mar 26 15:27:44 2008 Subject: Spam List In-Reply-To: <1510.90.184.19.31.1206537945.squirrel@mail.fumlersoft.dk> References: <47EA2F98.7020806@trayerproducts.com> <1510.90.184.19.31.1206537945.squirrel@mail.fumlersoft.dk> Message-ID: <47EA61F6.4020701@trayerproducts.com> Thanks everyone! I appreciate it! Rod Mogens Melander wrote: > I'm pretty happy with these, no FP's so far. > > spamhaus-ZEN spamcop.net NJABL > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From twolak at sktydev.com Wed Mar 26 16:37:11 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 16:38:10 2008 Subject: MailScanner not delivering messages Message-ID: MailScanner ?lint displays: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. The debug stops and generating messages: 10:36:36 SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp 10:36:37 [3369] dbg: logger: adding facilities: all 10:36:37 [3369] dbg: logger: logging level is DBG 10:36:37 [3369] dbg: generic: SpamAssassin version 3.1.9 10:36:37 [3369] dbg: config: score set 0 chosen. 10:36:37 [3369] dbg: util: running in taint mode? no 10:36:37 [3369] dbg: message: ---- MIME PARSER START ---- 10:36:37 [3369] dbg: message: main message type: text/plain 10:36:37 [3369] dbg: message: parsing normal part 10:36:37 [3369] dbg: message: added part, type: text/plain 10:36:37 [3369] dbg: message: ---- MIME PARSER END ---- 10:36:37 [3369] dbg: dns: is Net::DNS::Resolver available? yes 10:36:37 [3369] dbg: dns: Net::DNS version: 0.63 10:36:37 [3369] dbg: ignore: test message to precompile patterns and load modules 10:36:37 [3369] dbg: config: using "/etc/mail/spamassassin" for site rules pre files 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/init.pre 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/v310.pre 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/v312.pre 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009" for sys rules pre files 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org.pre 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009" for default rules dir 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org.cf 10:36:37 [3369] dbg: config: using "/etc/mail/spamassassin" for site rules dir 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj_x30.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_header0.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_header3.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_header_x30.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_html_x30.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/71_sare_redirect_pre3.0.0.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/88_FVGT_body.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/88_FVGT_rawbody.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/88_FVGT_subject.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/88_FVGT_uri.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/99_FVGT_DomainDigits.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/99_FVGT_Tripwire.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/99_FVGT_meta.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/local.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/mime_validate.cf 10:36:37 [3369] dbg: config: read file /etc/mail/spamassassin/random.current.cf 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xbc5db54) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0xbc44c90) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xbc6bc20) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC 10:36:37 [3369] dbg: dcc: network tests on, registering DCC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0xbc88ccc) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC 10:36:37 [3369] dbg: pyzor: network tests on, attempting Pyzor 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0xbcdc4cc) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC 10:36:37 [3369] dbg: razor2: razor2 is available, version 2.84 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0xbcedaf8) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::AntiVirus from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::AntiVirus=HASH(0xc1764cc) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0xc19136c) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0xc14d508) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0xc1ad880) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::DomainKeys from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::DomainKeys=HASH(0xc23d0ec) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0xc24b498) 10:36:37 [3369] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC 10:36:37 [3369] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb14763c) 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/empty.pre 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/empty.pre" for included file 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pt_br.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pt_br.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pt_br.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_uri_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_uri_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_uri_tests.cf 10:36:37 [3369] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i 10:36:37 [3369] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i 10:36:37 [3369] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i 10:36:37 [3369] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i 10:36:37 [3369] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i 10:36:37 [3369] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i 10:36:37 [3369] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i 10:36:37 [3369] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i 10:36:37 [3369] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[& #])'i 10:36:37 [3369] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?< =%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i 10:36:37 [3369] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?< =%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i 10:36:37 [3369] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)( ?:$|[&#])'i 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_pyzor.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_pyzor.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_pyzor.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_body_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_body_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_body_tests.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_advance_fee.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_advance_fee.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_advance_fee.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_spf.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_spf.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_spf.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_de.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_de.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_de.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/23_bayes.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/23_bayes.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/23_bayes.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_drugs.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_drugs.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_drugs.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_phrases.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_phrases.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_phrases.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_meta_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_meta_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_meta_tests.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_html_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_html_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_html_tests.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_compensate.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_compensate.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_compensate.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_accessdb.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_accessdb.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_accessdb.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pl.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pl.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_pl.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/10_misc.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/10_misc.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/10_misc.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_domainkeys.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_domainkeys.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_domainkeys.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dkim.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dkim.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dkim.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_subject .cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_subjec t.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_subject .cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_hashcash.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_hashcash.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_hashcash.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_pl.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_pl.cf " for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_pl.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/70_iadb.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/70_iadb.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/70_iadb.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_textcat.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_textcat.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_textcat.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_head_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_head_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_head_tests.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_es.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_es.cf " for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_body_tests_es.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_net_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_net_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_net_tests.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_uribl.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_uribl.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_uribl.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_ratware.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_ratware.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_ratware.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_razor2.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_razor2.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_razor2.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_fake_helo_tests.c f 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_fake_helo_tests. cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_fake_helo_tests.c f 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_spf.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_spf.cf " for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_spf.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dk.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dk.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dk.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_antivirus.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_antivirus.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_antivirus.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dkim.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dkim.c f" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_whitelist_dkim.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/50_scores.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/50_scores.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/50_scores.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_nl.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_nl.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_nl.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_anti_ratware.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_anti_ratware.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_anti_ratware.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dcc.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dcc.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_dcc.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_porn.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_porn.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_porn.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_awl.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/60_awl.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/60_awl.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_replace.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/25_replace.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/25_replace.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_fr.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_fr.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/30_text_fr.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/80_additional.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/80_additional.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/80_additional.cf 10:36:37 [3369] dbg: plugin: fixed relative path: /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_dnsbl_tests.cf 10:36:37 [3369] dbg: config: using "/var/lib/spamassassin/3.001009/updates_spamassassin_org/20_dnsbl_tests.cf" for included file 10:36:37 [3369] dbg: config: read file /var/lib/spamassassin/3.001009/updates_spamassassin_org/20_dnsbl_tests.cf 10:36:38 [3369] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xb14763c) implements 'finish_parsing_end' 10:36:38 [3369] dbg: replacetags: replacing tags 10:36:38 [3369] dbg: replacetags: done replacing tags 10:36:38 [3369] dbg: bayes: no dbs present, cannot tie DB R/O: /etc/mail/spamassassin/bayes_toks 10:36:38 [3369] dbg: config: score set 1 chosen. 10:36:38 [3369] dbg: message: ---- MIME PARSER START ---- 10:36:38 [3369] dbg: message: main message type: text/plain 10:36:38 [3369] dbg: message: parsing normal part 10:36:38 [3369] dbg: message: added part, type: text/plain 10:36:38 [3369] dbg: message: ---- MIME PARSER END ---- 10:36:38 [3369] dbg: bayes: no dbs present, cannot tie DB R/O: /etc/mail/spamassassin/bayes_toks 10:36:38 [3369] dbg: dns: dns_available set to yes in config file, skipping test 10:36:38 [3369] dbg: metadata: X-Spam-Relays-Trusted: 10:36:38 [3369] dbg: metadata: X-Spam-Relays-Untrusted: 10:36:38 [3369] dbg: metadata: X-Spam-Relays-Internal: 10:36:38 [3369] dbg: metadata: X-Spam-Relays-External: 10:36:38 [3369] dbg: message: no encoding detected 10:36:38 [3369] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xbc5db54) implements 'parsed_metadata' 10:36:38 [3369] dbg: uridnsbl: domains to query: 10:36:38 [3369] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted 10:36:38 [3369] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal 10:36:38 [3369] dbg: dns: checking RBL combined.njabl.org., set njabl 10:36:38 [3369] dbg: dns: checking RBL bl.spamcop.net., set spamcop 10:36:38 [3369] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 10:36:38 [3369] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal 10:36:38 [3369] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs 10:36:38 [3369] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal 10:36:38 [3369] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted 10:36:38 [3369] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal 10:36:38 [3369] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted 10:36:38 [3369] dbg: dns: checking RBL zen.spamhaus.org., set zen 10:36:38 [3369] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted 10:36:38 [3369] dbg: check: running tests for priority: 0 10:36:38 [3369] dbg: rules: running header regexp tests; score so far=0 10:36:38 [3369] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" 10:36:38 [3369] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1206545797.017@spamassassin_spamd_init> 10:36:38 [3369] dbg: rules: " 10:36:38 [3369] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@spamassassin_spamd_init>" 10:36:38 [3369] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org 10:36:38 [3369] dbg: rules: " 10:36:38 [3369] dbg: rules: ran header rule __FM_NO_FROM ======> got hit: "i" 10:36:38 [3369] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1206545797" 10:36:38 [3369] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check 10:36:38 [3369] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org 10:36:38 [3369] dbg: dk: from: ignore@compiling.spamassassin.taint.org 10:36:38 [3369] dbg: dk: signing domain name: not found 10:36:38 [3369] dbg: dk: fetched policy for domain compiling.spamassassin.taint.org: o=~ 10:36:38 [3369] dbg: dk: no signature 10:36:38 [3369] dbg: dk: comment is 'no signature' 10:36:38 [3369] dbg: dk: no signature 10:36:38 [3369] dbg: dk: whitelist_from_dk: could not find signing domain name 10:36:38 [3369] dbg: rules: ran eval rule DK_POLICY_SIGNSOME ======> got hit 10:36:38 [3369] dbg: eval: all '*To' addrs: 10:36:38 [3369] dbg: spf: no suitable relay for spf use found, skipping SPF check 10:36:38 [3369] dbg: rules: ran eval rule NO_RELAYS ======> got hit 10:36:38 [3369] dbg: spf: cannot get Envelope-From, cannot use SPF 10:36:38 [3369] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender 10:36:38 [3369] dbg: dk: def_whitelist_from_dk: could not find signing domain name 10:36:38 [3369] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit 10:36:38 [3369] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit 10:36:38 [3369] dbg: spf: spf_whitelist_from: could not find useable envelope sender 10:36:38 [3369] dbg: rules: running body-text per-line regexp tests; score so far=0.739 10:36:39 [3369] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" 10:36:39 [3369] dbg: uri: running uri tests; score so far=0.739 10:36:39 [3369] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.739 10:36:39 [3369] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" 10:36:39 [3369] dbg: rules: running full-text regexp tests; score so far=0.739 10:36:39 [3369] dbg: info: entering helper-app run mode 10:36:39 [3369] dbg: info: leaving helper-app run mode 10:36:39 [3369] dbg: razor2: part=0 engine=4 contested=0 confidence=0 10:36:39 [3369] dbg: razor2: results: spam? 0 10:36:39 [3369] dbg: razor2: results: engine 8, highest cf score: 0 10:36:39 [3369] dbg: razor2: results: engine 4, highest cf score: 0 10:36:39 [3369] dbg: pyzor: pyzor is available: /usr/bin/pyzor 10:36:39 [3369] dbg: info: entering helper-app run mode 10:36:39 [3369] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin3369JfOVZWtmp 10:36:39 [3376] dbg: util: setuid: ruid=89 euid=89 10:36:39 [3369] dbg: pyzor: [3376] finished: exit=0x0100 10:36:39 [3369] dbg: pyzor: got response: 82.94.255.100:24441 (200, 'OK') 0 0 10:36:39 [3369] dbg: info: leaving helper-app run mode 10:36:39 [3369] dbg: dcc: dccifd is not available: no r/w dccifd socket found 10:36:39 [3369] dbg: dcc: dccproc is available: /usr/local/bin/dccproc 10:36:39 [3369] dbg: info: entering helper-app run mode 10:36:39 [3369] dbg: dcc: opening pipe: /usr/local/bin/dccproc -H -x 0 < /var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin3369JfOVZWtmp 10:36:39 [3377] dbg: util: setuid: ruid=89 euid=89 10:36:39 [3369] dbg: dcc: got response: X-DCC--Metrics: sktymx1dev.sktydev.com 1114; Body=many Fuz1=many Fuz2=many 10:36:39 [3369] dbg: info: leaving helper-app run mode 10:36:39 [3369] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999 FUZ2=999999/999999 10:36:39 [3369] dbg: rules: ran eval rule DCC_CHECK ======> got hit 10:36:39 [3369] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xbc5db54) implements 'check_tick' 10:36:39 [3369] dbg: check: running tests for priority: 500 10:36:39 [3369] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xbc5db54) implements 'check_post_dnsbl' 10:36:39 [3369] dbg: rules: running meta tests; score so far=2.109 10:36:39 [3369] info: rules: meta test FM_EMPTY_MSG has undefined dependency 'DATE_MISSING' 10:36:39 [3369] info: rules: meta test FC_SPECIAL04 has dependency 'HTML_70_80' with a zero score 10:36:39 [3369] info: rules: meta test SPECIAL_OF_WEEK_01 has undefined dependency 'FB_PAY_PER_VIEW' 10:36:39 [3369] info: rules: meta test SPECIAL_OF_WEEK_01 has undefined dependency 'FB_XXX_MOVIE' 10:36:39 [3369] info: rules: meta test SPECIAL_OF_WEEK_01 has undefined dependency 'FB_CABLE_FILTER' 10:36:39 [3369] info: rules: meta test SPECIAL_OF_WEEK_01 has undefined dependency 'FH_MPOPWEBMAIL' 10:36:39 [3369] info: rules: meta test SPECIAL_OF_WEEK_01 has undefined dependency 'FR_DDDD_HOSTING' 10:36:39 [3369] info: rules: meta test FC_SPECIAL05 has undefined dependency 'FVGT_u_DOM_END_NUM' 10:36:39 [3369] info: rules: meta test FM_HOTMAIL_BIZ has undefined dependency 'FU_TLD_BIZ' 10:36:39 [3369] info: rules: meta test SARE_SPEC_PROLEO_M2a has dependency 'MIME_QP_LONG_LINE' with a zero score 10:36:39 [3369] info: rules: meta test FM_RATES_PAYING has undefined dependency 'FB_PAYING_TOO_MUCH' 10:36:39 [3369] info: rules: meta test FM_RATES_PAYING has undefined dependency 'FB_YOUR_RATES' 10:36:39 [3369] info: rules: meta test FM_RATES_PAYING has undefined dependency 'FB_HEALTH_INSURANCE' 10:36:39 [3369] info: rules: meta test FM_RATES_PAYING has undefined dependency 'FB_PERSONAL_QUOTE' 10:36:39 [3369] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' 10:36:39 [3369] info: rules: meta test SARE_HEAD_SUBJ_RAND has dependency 'X_AUTH_WARN_FAKED' with a zero score 10:36:39 [3369] info: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined dependency '__SARE_HEAD_8BIT_DATE' 10:36:39 [3369] info: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined dependency '__SARE_HEAD_8BIT_RECV' 10:36:39 [3369] info: rules: meta test FC_SPECIAL01 has undefined dependency 'DATE_MISSING' 10:36:39 [3369] info: rules: meta test FC_SPECIAL01 has undefined dependency 'FVGT_u_GEOCITIES' 10:36:39 [3369] info: rules: meta test SARE_MULT_RATW_03 has undefined dependency '__SARE_MULT_RATW_03E' 10:36:39 [3369] info: rules: meta test FM_SMALL_MSG_IMG_ONLY has undefined dependency '__FR_HTML_LEN_80_375' 10:36:39 [3369] info: rules: meta test SARE_HEAD_XORIP_NOTIP has undefined dependency 'X_ORIG_IPNOT_IPV4' 10:36:39 [3369] info: rules: meta test FC_SPECIAL06 has dependency 'HTML_90_100' with a zero score 10:36:39 [3369] info: rules: meta test FC_SPECIAL06 has undefined dependency 'HTML_COMMENT_RATIO' 10:36:39 [3369] info: rules: meta test FC_SPECIAL06 has undefined dependency 'HTML_IMAGE_ONLY_02' 10:36:39 [3369] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' 10:36:39 [3369] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' 10:36:39 [3369] info: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' 10:36:39 [3369] info: rules: meta test FC_OBFU01 has undefined dependency 'FVGT_s_LONGSUBJECT' 10:36:39 [3369] info: rules: meta test FC_OBFU01 has dependency 'HTML_90_100' with a zero score 10:36:39 [3369] info: rules: meta test FM_RATES_AGAIN has undefined dependency 'FB_FROM_QUOTE' 10:36:39 [3369] info: rules: meta test FM_RATES_AGAIN has undefined dependency 'FS_CREDIT' 10:36:39 [3369] info: rules: meta test FM_RATES_AGAIN has undefined dependency 'FB_RATES_R_LOW' 10:36:39 [3369] info: rules: meta test FM_RATES_AGAIN has undefined dependency 'FB_INTEREST_RATES' 10:36:39 [3369] info: rules: meta test FM_RATES_AGAIN has undefined dependency 'FB_CONSOL_YOUR' 10:36:39 [3369] info: rules: meta test FC_SPECIAL07 has undefined dependency 'HTML_IMAGE_ONLY_02' 10:36:39 [3369] info: rules: meta test FC_SPECIAL07 has undefined dependency 'MIME_HTML_NO_CHARSET' 10:36:39 [3369] info: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG50' 10:36:39 [3369] info: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG55' 10:36:39 [3369] info: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG65' 10:36:39 [3369] info: rules: meta test SARE_MSGID_LONG45 has undefined dependency '__SARE_MSGID_LONG75' 10:36:39 [3369] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' 10:36:39 [3369] info: rules: meta test FM_NO_STYLE has undefined dependency '__FH_NETSCAPE' 10:36:39 [3369] info: rules: meta test FM_NO_STYLE has undefined dependency 'FH_FWD_MSG' 10:36:39 [3369] info: rules: meta test FM_NO_STYLE has undefined dependency '__ORIG_MSG_AGENT' 10:36:39 [3369] info: rules: meta test FC_SPECIAL03 has undefined dependency 'HTML_TAG_BALANCE_A' 10:36:39 [3369] info: rules: meta test FC_SPECIAL03 has undefined dependency 'HTML_IMAGE_ONLY_02' 10:36:39 [3369] info: rules: meta test FM_PRESSCLICK has undefined dependency 'CLICK_BELOW' 10:36:39 [3369] info: rules: meta test FM_PRESSCLICK has undefined dependency 'FB_PRESSHERE' 10:36:39 [3369] dbg: rules: running header regexp tests; score so far=4.087 10:36:39 [3369] dbg: rules: running body-text per-line regexp tests; score so far=4.087 10:36:39 [3369] dbg: uri: running uri tests; score so far=4.087 10:36:39 [3369] dbg: rules: running raw-body-text per-line regexp tests; score so far=4.087 10:36:39 [3369] dbg: rules: running full-text regexp tests; score so far=4.087 10:36:39 [3369] dbg: check: running tests for priority: 1000 10:36:39 [3369] dbg: rules: running meta tests; score so far=4.087 10:36:39 [3369] dbg: rules: running header regexp tests; score so far=4.087 10:36:39 [3369] dbg: rules: running body-text per-line regexp tests; score so far=4.087 10:36:39 [3369] dbg: uri: running uri tests; score so far=4.087 10:36:39 [3369] dbg: rules: running raw-body-text per-line regexp tests; score so far=4.087 10:36:39 [3369] dbg: rules: running full-text regexp tests; score so far=4.087 10:36:39 [3369] dbg: check: is spam? score=4.087 required=5 10:36:39 [3369] dbg: check: tests=DCC_CHECK,DK_POLICY_SIGNSOME,FM_NO_TO,MISSING_HEADERS,MISSING_SUBJECT, NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE 10:36:39 [3369] dbg: check: subtests=__FM_NO_FROM,__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMP TY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID 10:36:39 Building a message batch to scan... 10:36:39 Have a batch of 10 messages. max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' max message size is '200k' -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/8cc7b625/attachment-0001.html From Jeff at beaconplanning.com Wed Mar 26 16:52:44 2008 From: Jeff at beaconplanning.com (Jeff Salisbury) Date: Wed Mar 26 16:53:26 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf Message-ID: <47EA7F5C.3030801@BeaconPlanning.com> Greetings, How do I restart MailScanner after I've modified MailScanner.conf? Regards, Jeff -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Wed Mar 26 16:55:23 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Wed Mar 26 16:56:36 2008 Subject: [OT] TMDA In-Reply-To: References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> Message-ID: <47EA7FFB.9030708@evi-inc.com> Scott Silva wrote: >> In both cases, their system just sent me an unsolicited message. Now >> that they've ticked me off by spamming me, why should I cooperate? As >> far as I know, nobody has offered to pay me, or even politely asked me >> to handle their spam filtering. Why should I reward them for such >> impolite behavior? What would you do if your neighbor took a leaf >> blower and blew all his leaves into your yard without asking? would >> you bag them for him? I wouldn't. I'd use my leaf blower to blow them >> back where they came from. >> > Before or after you tossed the burning match into the pile? ;-P And is that before or after I toss my neighbor into the pile? :-P From martinh at solidstatelogic.com Wed Mar 26 17:16:55 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Wed Mar 26 17:17:32 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <47EA7F5C.3030801@BeaconPlanning.com> Message-ID: <052dde8c4d5b8449aad7e332a2f6a76f@solidstatelogic.com> Jeff Depends on how it get started on bootup.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jeff Salisbury > Sent: 26 March 2008 16:53 > To: MailScanner discussion > Subject: {Spam?} How To Restart MailScanner After Modifying > MailScanner.conf > > Greetings, How do I restart MailScanner after I've modified > MailScanner.conf? > > Regards, Jeff > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From agross at gcpsite.com Wed Mar 26 17:26:08 2008 From: agross at gcpsite.com (Adam Gross) Date: Wed Mar 26 17:26:51 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf References: <47EA7F5C.3030801@BeaconPlanning.com> Message-ID: <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> #killall -9 MailScanner Wait a few seconds... #check_mailscanner -Adam -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Salisbury Sent: Wednesday, March 26, 2008 12:53 PM To: MailScanner discussion Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf Greetings, How do I restart MailScanner after I've modified MailScanner.conf? Regards, Jeff -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ ------------------------------------------------------------ This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------ From chris at unitedok.com Wed Mar 26 17:27:43 2008 From: chris at unitedok.com (Chris Smith) Date: Wed Mar 26 17:28:17 2008 Subject: All mail marked as spam? In-Reply-To: <47EA0905.3060702@kooinda.net> References: <47EA0905.3060702@kooinda.net> Message-ID: <319C0C7776CC4C49AC6CF2F9AD61E9FC@ChrisXPS> Same here. It must be one of the spam lists we are using. Anyone else seeing this and know what needs to be done? Thanks, Chris ----- Original Message ----- From: "Michael Chase" To: "MailScanner discussion" Sent: Wednesday, March 26, 2008 3:27 AM Subject: All mail marked as spam? > Hi, > > I have a mailscanner/mailwatch/postfix/spamassassin/clamav setup that's > been serving me well for several years (with the occasional update). > > In the last 24h or so, it's been marking all mail, even messages with a > score of 0.0, as possible spam. > > I have anything >3.0 flagged as possible spam, quarantined and emailed > to postmaster. Anything >6.0 is spam and just quarantine. > > Looking at the messages in mailwatch, the 0.0 score ones don't have any > info on why spam assassin thought they were bad, presumably because it > didn't (score = 0.0). Real spam has details on the breakdown of the score. > > There does not seem to me any errors when MailScanner is restarted. > > Where should I start to look for the problem? I've not changed anything > for weeks/months, so I'm puzzled that it has started to act strangely. > > Michael. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ssilva at sgvwater.com Wed Mar 26 17:30:39 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 17:31:40 2008 Subject: Mailscanner slow queue In-Reply-To: <2FA349F95CF3644FAFC92070E642EB6AC7BA5B@beta.dbdomain.database.it> References: <2FA349F95CF3644FAFC92070E642EB6AC7BA5B@beta.dbdomain.database.it> Message-ID: on 3-26-2008 4:03 AM Marcello Anderlini spake the following: > Maybe I've found the problem > > In my /etc/mail/spamassassin/init.pre > I've this line > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > > Now running a spammassassin -D < message I'get also these lines > > ======================================================================== > === > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:multi.uribl.com.:meetic.com (timeout 10.0s, min 2.0s) > [23801] dbg: dns: URIBL_RED lookup start > [23801] dbg: dns: URIBL_GREY lookup start > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:bl.open-whois.org.:meetic.com (timeout 10.0s, min 2.0s) > [23801] dbg: dns: WHOIS_SECUREWHOIS lookup start > [23801] dbg: dns: WHOIS_MYPRIVREG lookup start > [23801] dbg: dns: WHOIS_NETSOLPR lookup start > [23801] dbg: dns: WHOIS_AITPRIV lookup start > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:multi.surbl.org.:meetic.com (timeout 10.0s, min 2.0s) > [23801] dbg: dns: URIBL_SC_SURBL lookup start > [23801] dbg: dns: URIBL_AB_SURBL lookup start > [23801] dbg: dns: WHOIS_CONTACTPRIV lookup start > [23801] dbg: dns: WHOIS_NAMEKING lookup start > [23801] dbg: dns: WHOIS_PRIVPROT lookup start > [23801] dbg: dns: WHOIS_WHOISGUARD lookup start > [23801] dbg: dns: URIBL_PH_SURBL lookup start > [23801] dbg: dns: URIBL_BLACK lookup start > [23801] dbg: dns: WHOIS_PRIVACYPOST lookup start > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:rhsbl.ahbl.org.:meetic.com (timeout 10.0s, min 2.0s) > [23801] dbg: dns: URIBL_RHS_AHBL lookup start > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:dob.sibl.support-intelligence.net:meetic.com (timeout 10.0s, min > 2.0s) > [omissis] > ======================================================================== > === > > I would like to mantain (to not change) this configuration but I could > not foud where this dnsbl are set and so try to change dbsbl or limit > the number. > > Could someone help me ? > > Thanks again Are you running a caching nameserver on the box? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/3212dc07/signature.bin From ssilva at sgvwater.com Wed Mar 26 17:32:58 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 17:35:19 2008 Subject: Correct Configuration of MS with SA In-Reply-To: <2efa9a1639b6dd40adacd93f4fca66dc@solidstatelogic.com> References: <009e01c88f45$d00f7b10$6045000a@micsgx270spar> <2efa9a1639b6dd40adacd93f4fca66dc@solidstatelogic.com> Message-ID: on 3-26-2008 7:01 AM Martin.Hepworth spake the following: > Kevin > > Make the headers verbose about SA scores etc.. > > In mailScanner.conf > > Change the following setting as so: > > SpamScore Number Instead Of Stars = yes > > Detailed Spam Report = yes > > Always Include SpamAssassin Report = yes > > Spam Score = yes > > Spam Score Number Format = %5.2f > > And of course > > Use SpamAssassin = yes > And send yourself a message with the gtube content attached to test it. http://spamassassin.apache.org/gtube/ I'm not going to attach it to this message because it will fire on EVERYBODIES system that reads this. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/c7ad3a3a/signature.bin From ssilva at sgvwater.com Wed Mar 26 17:35:14 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 17:40:16 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: on 3-26-2008 8:00 AM Tim Wolak spake the following: > Morning all, > > I have Mailscanner running with postfix, amavis and spamassasin and am > not recieveing any mail. I can see in the logs its going into the hold > queue and it never comes out, as well as the > /var/spool/MailScanner/incoming there is messages in there as well. I > am posting part of my log. > > Thanks > > Tim Just curious, but why run mailscanner and amavis together? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/c67edadc/signature.bin From twolak at sktydev.com Wed Mar 26 17:52:00 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 17:52:44 2008 Subject: Mailscanner not sending messages Message-ID: I am having issues getting MailScanner to send messages with my postfix/spamassassin setup on centOS 5.1. I?m getting the flowing in my log and mailscanner ?lint. connect from localhost.localdomain[127.0.0.1] Mar 26 12:42:31 sktymx1 postfix/smtpd[5525]: 5E02FDD59FB: client=localhost.localdomain[127.0.0.1] Mar 26 12:43:04 sktymx1 postfix/cleanup[5527]: 5E02FDD59FB: hold: header Received: from localhost (localhost.localdomain [127.0.0.1])??by sktymxdev1.sktydev.com (Postfix) with SMTP id 5E02FDD59FB??for ; Wed, 26 Mar 2008 12:42:20 -0500 (CDT) from localhost.localdomain[127.0.0.1]; from= to= proto=SMTP helo= Mar 26 12:43:04 sktymx1 postfix/cleanup[5527]: 5E02FDD59FB: message-id=<20080326174231.5E02FDD59FB@sktymxdev1.sktydev.com> Mar 26 12:43:06 sktymx1 postfix/smtpd[5525]: disconnect from localhost.localdomain[127.0.0.1] Mar 26 12:43:06 sktymx1 MailScanner[5513]: New Batch: Found 20 messages waiting Mar 26 12:43:06 sktymx1 MailScanner[5513]: New Batch: Scanning 1 messages, 1022 bytes Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamd =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/e7dff6fb/attachment.html From kevin.murphy at midland-ics.ie Wed Mar 26 17:42:15 2008 From: kevin.murphy at midland-ics.ie (Kevin Murphy) Date: Wed Mar 26 17:52:46 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <47EA7F5C.3030801@BeaconPlanning.com> References: <47EA7F5C.3030801@BeaconPlanning.com> Message-ID: <00d501c88f68$bb9c90f0$6045000a@micsgx270spar> service MailScanner restart!! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff Salisbury Sent: 26 March 2008 16:53 To: MailScanner discussion Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf Greetings, How do I restart MailScanner after I've modified MailScanner.conf? Regards, Jeff -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use. From peter at farrows.org Wed Mar 26 17:57:39 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Mar 26 17:58:28 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> References: <47EA7F5C.3030801@BeaconPlanning.com> <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> Message-ID: <47EA8E93.20706@farrows.org> Adam Gross wrote: > #killall -9 MailScanner > Wait a few seconds... > #check_mailscanner > > -Adam > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff > Salisbury > Sent: Wednesday, March 26, 2008 12:53 PM > To: MailScanner discussion > Subject: {Spam?} How To Restart MailScanner After Modifying > MailScanner.conf > > Greetings, How do I restart MailScanner after I've modified > MailScanner.conf? > > Regards, Jeff > > On redhat/centos etc you can use service MailScanner restart anything after ~ 4.65 will wait in the middle of the restart for the old processes to die with the output "waiting for mailscanner to die gracefull" Prior to 4.65 (roughly), it will fail to start cleanly as it doesn't wait before trying to restart P. From ssilva at sgvwater.com Wed Mar 26 17:59:03 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 18:00:04 2008 Subject: [OT] TMDA In-Reply-To: <47EA7FFB.9030708@evi-inc.com> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> <47EA7FFB.9030708@evi-inc.com> Message-ID: on 3-26-2008 9:55 AM Matt Kettler spake the following: > Scott Silva wrote: >>> In both cases, their system just sent me an unsolicited message. Now >>> that they've ticked me off by spamming me, why should I cooperate? As >>> far as I know, nobody has offered to pay me, or even politely asked >>> me to handle their spam filtering. Why should I reward them for such >>> impolite behavior? What would you do if your neighbor took a leaf >>> blower and blew all his leaves into your yard without asking? would >>> you bag them for him? I wouldn't. I'd use my leaf blower to blow them >>> back where they came from. >>> >> Before or after you tossed the burning match into the pile? ;-P > > And is that before or after I toss my neighbor into the pile? :-P > > Then you won't need the leaf blower anymore. Might as well toss the neighbor, HIS leaf blower, a match, and maybe some gasoline to insure complete combustion! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/402171eb/signature.bin From ssilva at sgvwater.com Wed Mar 26 18:12:11 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 18:12:53 2008 Subject: All mail marked as spam? In-Reply-To: <319C0C7776CC4C49AC6CF2F9AD61E9FC@ChrisXPS> References: <47EA0905.3060702@kooinda.net> <319C0C7776CC4C49AC6CF2F9AD61E9FC@ChrisXPS> Message-ID: on 3-26-2008 10:27 AM Chris Smith spake the following: > Same here. It must be one of the spam lists we are using. Anyone else > seeing this and know what needs to be done? > > Thanks, > > Chris I hate to be a jerk, but does anybody actually READ this list? I have seen the same question for three days, and the answer has been posted several times a day for the same 3 days. Don't use the ordb blacklist. You should have stopped using it in 2006 (that is 15 months ago), and if you didn't you probably deserve what is happening. http://it.slashdot.org/article.pl?sid=06/12/18/154259&from=rss http://www.theregister.co.uk/2006/12/22/ordb_shutdown/ http://www.virus.org/news/spyware/ordb-closed.html http://it.slashdot.org/article.pl?sid=08/03/25/2124224&from=rss -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/5ff3b93d/signature.bin From twolak at sktydev.com Wed Mar 26 18:21:52 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 18:22:28 2008 Subject: MailScanner not delivering messages In-Reply-To: Message-ID: I was trying to think multi layer, is it not good to run mailscanner and amavis together? On 3/26/08 12:35 PM, "Scott Silva" wrote: > on 3-26-2008 8:00 AM Tim Wolak spake the following: >> Morning all, >> >> I have Mailscanner running with postfix, amavis and spamassasin and am >> not recieveing any mail. I can see in the logs its going into the hold >> queue and it never comes out, as well as the >> /var/spool/MailScanner/incoming there is messages in there as well. I >> am posting part of my log. >> >> Thanks >> >> Tim > Just curious, but why run mailscanner and amavis together? > Tim Wolak SKTY Trading LLC Network Administrator 312.985.5096 x212 773.954.0869 From MailScanner at ecs.soton.ac.uk Wed Mar 26 18:32:28 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 26 18:33:16 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> References: <47EA7F5C.3030801@BeaconPlanning.com> <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> Message-ID: <47EA96BC.4000401@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Gross wrote: > #killall -9 MailScanner > Please don't do that! It doesn't give MailScanner any chance to clear up, and you'll get loads of junk left behind in /var/spool/MailScanner/incoming. Do a "killall MailScanner" and just give it a few seconds to clear up, or even better /etc/init.d/MailScanner restart or service MailScanner restart which does it properly. > Wait a few seconds... > #check_mailscanner > > -Adam > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff > Salisbury > Sent: Wednesday, March 26, 2008 12:53 PM > To: MailScanner discussion > Subject: {Spam?} How To Restart MailScanner After Modifying > MailScanner.conf > > Greetings, How do I restart MailScanner after I've modified > MailScanner.conf? > > Regards, Jeff > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6pbAEfZZRxQVtlQRAuKZAKDSGsJj2TNTH4TMoJOU4+Pg2nYfAACglBVI aWZMcfq7cZp5EQ7ND26/P3U= =jOLJ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Wed Mar 26 18:57:36 2008 From: peter at farrows.org (Peter Farrow) Date: Wed Mar 26 18:58:13 2008 Subject: [OT] TMDA In-Reply-To: References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> <47EA7FFB.9030708@evi-inc.com> Message-ID: <47EA9CA0.8080808@farrows.org> Scott Silva wrote: > on 3-26-2008 9:55 AM Matt Kettler spake the following: >> Scott Silva wrote: >>>> In both cases, their system just sent me an unsolicited message. >>>> Now that they've ticked me off by spamming me, why should I >>>> cooperate? As far as I know, nobody has offered to pay me, or even >>>> politely asked me to handle their spam filtering. Why should I >>>> reward them for such impolite behavior? What would you do if your >>>> neighbor took a leaf blower and blew all his leaves into your yard >>>> without asking? would you bag them for him? I wouldn't. I'd use my >>>> leaf blower to blow them back where they came from. >>>> >>> Before or after you tossed the burning match into the pile? ;-P >> >> And is that before or after I toss my neighbor into the pile? :-P >> >> > Then you won't need the leaf blower anymore. Might as well toss the > neighbor, HIS leaf blower, a match, and maybe some gasoline to insure > complete combustion! > > TMDA is rather laughable, now that Matt has given me the procedure on how to deal with it (and an excellent methodology it is too!), I just can't wait for the next one I get..... :-) From MailScanner at ecs.soton.ac.uk Wed Mar 26 19:00:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 26 19:01:13 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <47EA8E93.20706@farrows.org> References: <47EA7F5C.3030801@BeaconPlanning.com> <4487B1717589544792AD581CC5D2EC2E7784@GCPMASTER.gpocorp.local> <47EA8E93.20706@farrows.org> Message-ID: <47EA9D4D.6070905@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Farrow wrote: > Adam Gross wrote: >> #killall -9 MailScanner >> Wait a few seconds... >> #check_mailscanner >> >> -Adam >> >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jeff >> Salisbury >> Sent: Wednesday, March 26, 2008 12:53 PM >> To: MailScanner discussion >> Subject: {Spam?} How To Restart MailScanner After Modifying >> MailScanner.conf >> >> Greetings, How do I restart MailScanner after I've modified >> MailScanner.conf? >> >> Regards, Jeff >> >> > On redhat/centos etc you can use > > service MailScanner restart > > anything after ~ 4.65 will wait in the middle of the restart for the > old processes to die with the output "waiting for mailscanner to die > gracefull" > > Prior to 4.65 (roughly), it will fail to start cleanly as it doesn't > wait before trying to restart Yes it does wait, it waits 30 seconds. Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6p1QEfZZRxQVtlQRAnz+AJ949xB7xuWclW2mXLLJVuoI0owDpgCfUh6B z/juXPR9/z2b3UeIbPxxuEE= =zfR+ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mogens at fumlersoft.dk Wed Mar 26 19:16:42 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Wed Mar 26 19:17:36 2008 Subject: {Spam?} How To Restart MailScanner After Modifying MailScanner.conf In-Reply-To: <47EA7F5C.3030801@BeaconPlanning.com> References: <47EA7F5C.3030801@BeaconPlanning.com> Message-ID: <2343.90.184.19.31.1206559002.squirrel@mail.fumlersoft.dk> On Wed, March 26, 2008 17:52, Jeff Salisbury wrote: > Greetings, How do I restart MailScanner after I've modified > MailScanner.conf? > > Regards, Jeff > kill -SIGHUP `pgrep -o MailScanner` -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Wed Mar 26 19:21:19 2008 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Wed Mar 26 19:22:09 2008 Subject: All mail marked as spam? In-Reply-To: References: <47EA0905.3060702@kooinda.net> <319C0C7776CC4C49AC6CF2F9AD61E9FC@ChrisXPS> Message-ID: <200803261921.m2QJLUvQ025792@mxt.1bigthink.com> At 02:12 PM 3/26/2008, you wrote: >on 3-26-2008 10:27 AM Chris Smith spake the following: >>Same here. It must be one of the spam lists we are using. Anyone >>else seeing this and know what needs to be done? >>Thanks, >>Chris >I hate to be a jerk, but does anybody actually READ this list? Yep. Mostly lurking to learn, but occasionally to watch the games ;^). Cheers! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at nkpanama.com Wed Mar 26 19:22:18 2008 From: alex at nkpanama.com (Alex Neuman) Date: Wed Mar 26 19:23:20 2008 Subject: Mailscanner not sending messages In-Reply-To: References: Message-ID: <2AFB283F-22CA-448F-8EEA-B9EB4F789925@nkpanama.com> Mailscanner doesn't send messages. That's your MTA's job, isn't it? On Mar 26, 2008, at 12:52 PM, Tim Wolak wrote: > I am having issues getting MailScanner to send messages with my > postfix/spamassassin setup on centOS 5.1. I?m getting the flowing > in my log and mailscanner ?lint. From alex at nkpanama.com Wed Mar 26 19:23:11 2008 From: alex at nkpanama.com (Alex Neuman) Date: Wed Mar 26 19:23:38 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> No. And throwing postfix into the mix causes swapping! :P (/me ducks!) On Mar 26, 2008, at 1:21 PM, Tim Wolak wrote: > I was trying to think multi layer, is it not good to run mailscanner > and > amavis together? From ssilva at sgvwater.com Wed Mar 26 19:40:59 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 19:42:17 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: on 3-26-2008 11:21 AM Tim Wolak spake the following: > I was trying to think multi layer, is it not good to run mailscanner and > amavis together? > I would think that since they basically are different ways to do the same thing, one of them would have nothing to do. MailScanner was designed by Julian to overcome the serial nature of most of the other solutions like amavis. I ran amavis back in the RedHat 6 days, and think MailScanner is by far way ahead. You can move a larger volume of mail because of the parallel processing tasks that get done in MailScanner. There are MailScanner boxes that process 2 million messages a day. I don't think amavis could keep up with that load. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/1aeac9e0/signature.bin From glenn.steen at gmail.com Wed Mar 26 19:49:08 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 26 19:49:43 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: <223f97700803261249j4cae8b0bmac4d5de4c838292a@mail.gmail.com> On 26/03/2008, Tim Wolak wrote: > I was trying to think multi layer, is it not good to run mailscanner and > amavis together? I think you are the first one with the cycles to burn;-). There are also the .... political.... issues to consider:-). It shouldn't matter much, apart from it being a bit strange as setups go... As with any such setup, the smtp will look local, but ... shouldn't matter. You put the messages back into the correct incoming queue? Any milter? It doesn't look that way, but it can't hurt asking:-). Any other indicators? What does a ps listing ("ps -ef |grep MailScanner") show the children doing? Cheers -- Glenn > > On 3/26/08 12:35 PM, "Scott Silva" wrote: > > > on 3-26-2008 8:00 AM Tim Wolak spake the following: > >> Morning all, > >> > >> I have Mailscanner running with postfix, amavis and spamassasin and am > >> not recieveing any mail. I can see in the logs its going into the hold > >> queue and it never comes out, as well as the > >> /var/spool/MailScanner/incoming there is messages in there as well. I > >> am posting part of my log. > >> > >> Thanks > >> > >> Tim > > Just curious, but why run mailscanner and amavis together? > > > > > Tim Wolak > SKTY Trading LLC > Network Administrator > 312.985.5096 x212 > 773.954.0869 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Mar 26 19:57:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 20:06:08 2008 Subject: [OT] TMDA In-Reply-To: <47EA9CA0.8080808@farrows.org> References: <6423461.1091206474153858.JavaMail.root@office.splatnix.net> <47E976AD.9010703@evi-inc.com> <47EA7FFB.9030708@evi-inc.com> <47EA9CA0.8080808@farrows.org> Message-ID: on 3-26-2008 11:57 AM Peter Farrow spake the following: > Scott Silva wrote: >> on 3-26-2008 9:55 AM Matt Kettler spake the following: >>> Scott Silva wrote: >>>>> In both cases, their system just sent me an unsolicited message. >>>>> Now that they've ticked me off by spamming me, why should I >>>>> cooperate? As far as I know, nobody has offered to pay me, or even >>>>> politely asked me to handle their spam filtering. Why should I >>>>> reward them for such impolite behavior? What would you do if your >>>>> neighbor took a leaf blower and blew all his leaves into your yard >>>>> without asking? would you bag them for him? I wouldn't. I'd use my >>>>> leaf blower to blow them back where they came from. >>>>> >>>> Before or after you tossed the burning match into the pile? ;-P >>> >>> And is that before or after I toss my neighbor into the pile? :-P >>> >>> >> Then you won't need the leaf blower anymore. Might as well toss the >> neighbor, HIS leaf blower, a match, and maybe some gasoline to insure >> complete combustion! >> >> > TMDA is rather laughable, now that Matt has given me the procedure on > how to deal with it (and an excellent methodology it is too!), I just > can't wait for the next one I get..... > > > :-) > I have been waiting for months since the first time I saw this. But no fun for me yet! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/7b6788c2/signature.bin From twolak at sktydev.com Wed Mar 26 20:17:04 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 20:17:42 2008 Subject: Mailscanner not sending messages In-Reply-To: <2AFB283F-22CA-448F-8EEA-B9EB4F789925@nkpanama.com> Message-ID: Copy that, but its not leaving the hold queue.... So MS is not giving it to the incoming postfix queue like its supposed to.... On 3/26/08 2:22 PM, "Alex Neuman" wrote: > Mailscanner doesn't send messages. That's your MTA's job, isn't it? > > On Mar 26, 2008, at 12:52 PM, Tim Wolak wrote: >> I am having issues getting MailScanner to send messages with my >> postfix/spamassassin setup on centOS 5.1. I?m getting the flowing >> in my log and mailscanner ?lint. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Tim Wolak SKTY Trading LLC Network Administrator 312.985.5096 x212 773.954.0869 From ssilva at sgvwater.com Wed Mar 26 20:30:28 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 20:35:36 2008 Subject: MailScanner not delivering messages In-Reply-To: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> References: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> Message-ID: on 3-26-2008 12:23 PM Alex Neuman spake the following: > No. And throwing postfix into the mix causes swapping! :P > (/me ducks!) > On Mar 26, 2008, at 1:21 PM, Tim Wolak wrote: >> I was trying to think multi layer, is it not good to run mailscanner and >> amavis together? > I thought postfix causes you to reply to your own messages? ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/85bcbf78/signature.bin From devonharding at gmail.com Wed Mar 26 20:41:30 2008 From: devonharding at gmail.com (Devon Harding) Date: Wed Mar 26 20:42:04 2008 Subject: BAYES_00 In-Reply-To: <4487B1717589544792AD581CC5D2EC2E7778@GCPMASTER.gpocorp.local> References: <2baac6140803201226k49dfa7e3m277b4a9dd0076d7@mail.gmail.com> <2baac6140803201303m6f8f590fj4679a46433c08641@mail.gmail.com> <4487B1717589544792AD581CC5D2EC2E7778@GCPMASTER.gpocorp.local> Message-ID: <2baac6140803261341r620f655eve4d705f0d350752b@mail.gmail.com> On Thu, Mar 20, 2008 at 5:31 PM, Adam Gross wrote: > Easiest thing? Go into your respective non-spam and spam directories? > > > > Non-spam directories, run: > > Sa-learn ?ham *.* > > > > Spam directories, run: > > Sa-learn ?spam *.* > > > > Anything you still have that this new bayes db doesn't know about is new, > so far as bayes is concerned. > > > > -Adam > > > Hmm...now I think i got something wrong with BAYES. When I run that command in the /var/spool/MailScanner/quarantine/20080315/spam dir., I get the following: [root@mars spam]# sa-learn --spam *.* plugin: failed to parse plugin (from @INC): Bareword "Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS" not allowed while "strict subs" in use at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 967. Compilation failed in require at (eval 71) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::HeaderEval" at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. plugin: failed to parse plugin (from @INC): "CHARSETS_LIKELY_TO_FP_AS_CAPS" is not exported by the Mail::SpamAssassin::Constants module Can't continue after import errors at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22 BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22. Compilation failed in require at (eval 73) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::MIMEEval" at (eval 74) line 1. config: configuration file "/usr/share/spamassassin/20_dynrdns.cf" requires version 3.002004 of SpamAssassin, but this is code version 3.001009. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 345. config: configuration file "/usr/share/spamassassin/72_active.cf" requires version 3.002004 of SpamAssassin, but this is code version 3.001009. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf/Parser.pm line 345. Learned tokens from 0 message(s) (0 message(s) examined) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/21132340/attachment-0001.html From twolak at sktydev.com Wed Mar 26 20:42:36 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 20:43:15 2008 Subject: MailScanner not delivering messages In-Reply-To: <223f97700803261249j4cae8b0bmac4d5de4c838292a@mail.gmail.com> Message-ID: K I get the point after the last few messages and have shut off amavis. So I still have the same problem. When I enter test messages via telnet as this machine is in testing to replace the old one. When the messages are processed postfix picks it up and puts it in the hold queue, then MailScanner says new batch 34 waiting and scanns one and that is it.... Nothing so all these messages are just sitting there... Tim On 3/26/08 2:49 PM, "Glenn Steen" wrote: > On 26/03/2008, Tim Wolak wrote: >> I was trying to think multi layer, is it not good to run mailscanner and >> amavis together? > > > I think you are the first one with the cycles to burn;-). > There are also the .... political.... issues to consider:-). > > It shouldn't matter much, apart from it being a bit strange as setups > go... As with any such setup, the smtp will look local, but ... > shouldn't matter. > You put the messages back into the correct incoming queue? > > Any milter? It doesn't look that way, but it can't hurt asking:-). > > Any other indicators? What does a ps listing ("ps -ef |grep > MailScanner") show the children doing? > > Cheers > -- Glenn >> >> On 3/26/08 12:35 PM, "Scott Silva" wrote: >> >>> on 3-26-2008 8:00 AM Tim Wolak spake the following: >>>> Morning all, >>>> >>>> I have Mailscanner running with postfix, amavis and spamassasin and am >>>> not recieveing any mail. I can see in the logs its going into the hold >>>> queue and it never comes out, as well as the >>>> /var/spool/MailScanner/incoming there is messages in there as well. I >>>> am posting part of my log. >>>> >>>> Thanks >>>> >>>> Tim >>> Just curious, but why run mailscanner and amavis together? >>> >> >> >> Tim Wolak >> SKTY Trading LLC >> Network Administrator >> 312.985.5096 x212 >> 773.954.0869 >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > Tim Wolak SKTY Trading LLC Network Administrator 312.985.5096 x212 773.954.0869 From glenn.steen at gmail.com Wed Mar 26 21:20:43 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 26 21:21:18 2008 Subject: MailScanner not delivering messages In-Reply-To: References: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> Message-ID: <223f97700803261420q4d2f5c14r3f73313185eb9e5b@mail.gmail.com> On 26/03/2008, Scott Silva wrote: > on 3-26-2008 12:23 PM Alex Neuman spake the following: > > > No. And throwing postfix into the mix causes swapping! :P > > (/me ducks!) > > On Mar 26, 2008, at 1:21 PM, Tim Wolak wrote: > >> I was trying to think multi layer, is it not good to run mailscanner and > >> amavis together? > > > > I thought postfix causes you to reply to your own messages? ;-P > Yes.... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Wed Mar 26 21:21:21 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 26 21:21:24 2008 Subject: MailScanner not delivering messages In-Reply-To: <223f97700803261420q4d2f5c14r3f73313185eb9e5b@mail.gmail.com> References: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> <223f97700803261420q4d2f5c14r3f73313185eb9e5b@mail.gmail.com> Message-ID: <223f97700803261421p38466a29o6bc238c2b673ecea@mail.gmail.com> On 26/03/2008, Glenn Steen wrote: > On 26/03/2008, Scott Silva wrote: > > on 3-26-2008 12:23 PM Alex Neuman spake the following: > > > > > No. And throwing postfix into the mix causes swapping! :P > > > (/me ducks!) > > > On Mar 26, 2008, at 1:21 PM, Tim Wolak wrote: > > >> I was trying to think multi layer, is it not good to run mailscanner and > > >> amavis together? > > > > > > > I thought postfix causes you to reply to your own messages? ;-P > > > > Yes.... > ...it does. It is MailScabber that case the swapissue...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From gerard at seibercom.net Wed Mar 26 21:24:02 2008 From: gerard at seibercom.net (Gerard) Date: Wed Mar 26 21:24:54 2008 Subject: Mailscanner not sending messages In-Reply-To: References: <2AFB283F-22CA-448F-8EEA-B9EB4F789925@nkpanama.com> Message-ID: <20080326172402.3c2d8d68@scorpio> On Wed, 26 Mar 2008 15:17:04 -0500 Tim Wolak wrote: > On 3/26/08 2:22 PM, "Alex Neuman" wrote: > > On Mar 26, 2008, at 12:52 PM, Tim Wolak wrote: > >> I am having issues getting MailScanner to send messages with my > >> postfix/spamassassin setup on centOS 5.1. I?m getting the flowing > >> in my log and mailscanner ?lint. > > Mailscanner doesn't send messages. That's your MTA's job, isn't it? > Copy that, but its not leaving the hold queue.... So MS is not giving > it to the incoming postfix queue like its supposed to.... 1) Please supply your mail logs to document what is happening 2) The output of 'postconf -n' would be helpful 3) Describe how you have MailScanner configured By the way, could you also try not 'top posting'? -- Gerard gerard@seibercom.net Law of the Yukon: Only the lead dog gets a change of scenery. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/e2a3bf2d/signature.bin From MailScanner at ecs.soton.ac.uk Wed Mar 26 21:55:39 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Mar 26 21:56:47 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: <47EAC65B.2080804@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Wolak wrote: > K I get the point after the last few messages and have shut off amavis. So > I still have the same problem. When I enter test messages via telnet as > this machine is in testing to replace the old one. When the messages are > processed postfix picks it up and puts it in the hold queue, then > MailScanner says new batch 34 waiting and scanns one and that is it.... > That means 33 of them weren't complete messages ready for scanning. > Nothing so all these messages are just sitting there... > They are still being delivered to the system, or were incomplete messages never fully delivered. You may find they are actually very old. How many messages did you telnet in to the system completely? It should scan that number in total. > Tim > > > On 3/26/08 2:49 PM, "Glenn Steen" wrote: > > >> On 26/03/2008, Tim Wolak wrote: >> >>> I was trying to think multi layer, is it not good to run mailscanner and >>> amavis together? >>> >> I think you are the first one with the cycles to burn;-). >> There are also the .... political.... issues to consider:-). >> >> It shouldn't matter much, apart from it being a bit strange as setups >> go... As with any such setup, the smtp will look local, but ... >> shouldn't matter. >> You put the messages back into the correct incoming queue? >> >> Any milter? It doesn't look that way, but it can't hurt asking:-). >> >> Any other indicators? What does a ps listing ("ps -ef |grep >> MailScanner") show the children doing? >> >> Cheers >> -- Glenn >> >>> On 3/26/08 12:35 PM, "Scott Silva" wrote: >>> >>> >>>> on 3-26-2008 8:00 AM Tim Wolak spake the following: >>>> >>>>> Morning all, >>>>> >>>>> I have Mailscanner running with postfix, amavis and spamassasin and am >>>>> not recieveing any mail. I can see in the logs its going into the hold >>>>> queue and it never comes out, as well as the >>>>> /var/spool/MailScanner/incoming there is messages in there as well. I >>>>> am posting part of my log. >>>>> >>>>> Thanks >>>>> >>>>> Tim >>>>> >>>> Just curious, but why run mailscanner and amavis together? >>>> >>>> >>> Tim Wolak >>> SKTY Trading LLC >>> Network Administrator >>> 312.985.5096 x212 >>> 773.954.0869 >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> > > Tim Wolak > SKTY Trading LLC > Network Administrator > 312.985.5096 x212 > 773.954.0869 > > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6sZlEfZZRxQVtlQRAsvDAKDn/lDt9lxGQc/IFWA/bingPRLxvQCg2Vo5 SAryXrcpdjcIeoKE6Z/kH7E= =cPKd -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Wed Mar 26 22:17:45 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Mar 26 22:18:20 2008 Subject: MailScanner not delivering messages In-Reply-To: References: <223f97700803261249j4cae8b0bmac4d5de4c838292a@mail.gmail.com> Message-ID: <223f97700803261517w5b000fd9k25c24068c7c28d41@mail.gmail.com> On 26/03/2008, Tim Wolak wrote: > K I get the point after the last few messages and have shut off amavis. So > I still have the same problem. When I enter test messages via telnet as > this machine is in testing to replace the old one. When the messages are > processed postfix picks it up and puts it in the hold queue, then > MailScanner says new batch 34 waiting and scanns one and that is it.... > Nothing so all these messages are just sitting there... > > > Tim > Use ps to find out whichchild is doing something, use strace to see what. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Wed Mar 26 22:19:16 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 22:20:12 2008 Subject: MailScanner not delivering messages In-Reply-To: References: <223f97700803261249j4cae8b0bmac4d5de4c838292a@mail.gmail.com> Message-ID: on 3-26-2008 1:42 PM Tim Wolak spake the following: > K I get the point after the last few messages and have shut off amavis. So > I still have the same problem. When I enter test messages via telnet as > this machine is in testing to replace the old one. When the messages are > processed postfix picks it up and puts it in the hold queue, then > MailScanner says new batch 34 waiting and scanns one and that is it.... > Nothing so all these messages are just sitting there... > I'm not a postfix expert, and hopefully one will chime in here, but are there 34 messages in the hold queue? Did you follow all the steps in the howto? http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/19c61ca8/signature.bin From twolak at sktydev.com Wed Mar 26 22:52:12 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 22:52:51 2008 Subject: MailScanner not delivering messages In-Reply-To: Message-ID: Thanks Scott, yes I did follow that document. There are 34 messages in total some in the hold queue and some in the /var/spool/MailScanner/incoming dir. Not sure why they are not leaving the hold queue.... On 3/26/08 5:19 PM, "Scott Silva" wrote: > on 3-26-2008 1:42 PM Tim Wolak spake the following: >> K I get the point after the last few messages and have shut off amavis. So >> I still have the same problem. When I enter test messages via telnet as >> this machine is in testing to replace the old one. When the messages are >> processed postfix picks it up and puts it in the hold queue, then >> MailScanner says new batch 34 waiting and scanns one and that is it.... >> Nothing so all these messages are just sitting there... >> > I'm not a postfix expert, and hopefully one will chime in here, but are there > 34 messages in the hold queue? > Did you follow all the steps in the howto? > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postf > ix:installation > > Tim Wolak SKTY Trading LLC Network Administrator 312.985.5096 x212 773.954.0869 From twolak at sktydev.com Wed Mar 26 23:01:41 2008 From: twolak at sktydev.com (Tim Wolak) Date: Wed Mar 26 23:01:57 2008 Subject: Mailscanner not sending messages In-Reply-To: <20080326172402.3c2d8d68@scorpio> Message-ID: On 3/26/08 4:24 PM, "Gerard" wrote: > On Wed, 26 Mar 2008 15:17:04 -0500 > Tim Wolak wrote: > >> On 3/26/08 2:22 PM, "Alex Neuman" wrote: > >>> On Mar 26, 2008, at 12:52 PM, Tim Wolak wrote: >>>> I am having issues getting MailScanner to send messages with my >>>> postfix/spamassassin setup on centOS 5.1. I?m getting the flowing >>>> in my log and mailscanner ?lint. > >>> Mailscanner doesn't send messages. That's your MTA's job, isn't it? > >> Copy that, but its not leaving the hold queue.... So MS is not giving >> it to the incoming postfix queue like its supposed to.... > > 1) Please supply your mail logs to document what is happening > 2) The output of 'postconf -n' would be helpful > 3) Describe how you have MailScanner configured > > By the way, could you also try not 'top posting'? Here is the postconf -n alias_maps = hash:/etc/postfix/aliasess body_checks = regexp:/etc/postfix/mbl-body-deny command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix delay_warning_time = 4h disable_vrfy_command = yes hash_queue_names = "" header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/postfix-2.3.3/html inet_interfaces = all invalid_hostname_reject_code = 554 local_recipient_maps = mail_owner = postfix mailbox_size_limit = 0 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 200 message_size_limit = 0 minimal_backoff_time = 100 multi_recipient_bounce_reject_code = 554 mydestination = localhost mydomain = sktydev.com myhostname = sktymxdev1.sktydev.com mynetworks = 127.0.0.0/8 newaliases_path = /usr/bin/newaliases non_fqdn_reject_code = 554 owner_request_special = no queue_directory = /var/spool/postfix queue_minfree = 0 queue_run_delay = 100 readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = sktydev.com sktytrading.com relay_domains_reject_code = 554 relay_recipient_maps = hash:/etc/postfix/exchange_recipients sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = sktydev.com ESMTP smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_hostname smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain,reject_unauth_pipelining,permit_mynetworks, smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 smtpd_sender_restrictions = reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 MailScanner was confgured for postfix via the document provided on the site. And this is from the mail log where it quits.... Mar 26 13:00:06 sktymx1 postfix/cleanup[5955]: B7A4ADD5A0D: hold: header Received: from localhsot (localhost.localdomain [127. 0.0.1])??by sktymxdev1.sktydev.com (Postfix) with SMTP id B7A4ADD5A0D??for ; Wed, 26 Mar 2008 12:59:29 -05 00 (CDT) from localhost.localdomain[127.0.0.1]; from= to= proto=SMTP helo= Mar 26 13:00:06 sktymx1 postfix/cleanup[5955]: B7A4ADD5A0D: message-id=<20080326175939.B7A4ADD5A0D@sktymxdev1.sktydev.com> Mar 26 13:00:08 sktymx1 MailScanner[5914]: New Batch: Found 22 messages waiting Mar 26 13:00:08 sktymx1 MailScanner[5914]: New Batch: Scanning 1 messages, 998 bytes Mar 26 13:00:14 sktymx1 postfix/smtpd[5953]: disconnect from localhost.localdomain[127.0.0.1] From ssilva at sgvwater.com Wed Mar 26 23:06:31 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Mar 26 23:07:12 2008 Subject: MailScanner not delivering messages In-Reply-To: <223f97700803261421p38466a29o6bc238c2b673ecea@mail.gmail.com> References: <3D9CA16D-37A1-45BF-BCFF-830A392979E3@nkpanama.com> <223f97700803261420q4d2f5c14r3f73313185eb9e5b@mail.gmail.com> <223f97700803261421p38466a29o6bc238c2b673ecea@mail.gmail.com> Message-ID: on 3-26-2008 2:21 PM Glenn Steen spake the following: > On 26/03/2008, Glenn Steen wrote: >> On 26/03/2008, Scott Silva wrote: >> > on 3-26-2008 12:23 PM Alex Neuman spake the following: >> > >> > > No. And throwing postfix into the mix causes swapping! :P >> > > (/me ducks!) >> > > On Mar 26, 2008, at 1:21 PM, Tim Wolak wrote: >> > >> I was trying to think multi layer, is it not good to run mailscanner and >> > >> amavis together? >> > > >> > >> > I thought postfix causes you to reply to your own messages? ;-P >> > >> >> Yes.... >> > ...it does. > It is MailScabber that case the swapissue...:-) > > Cheers It must, because this joke has been swapping forever! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080326/d7d7a065/signature.bin From chris at unitedok.com Wed Mar 26 23:58:52 2008 From: chris at unitedok.com (Chris Smith) Date: Wed Mar 26 23:59:39 2008 Subject: All mail marked as spam? In-Reply-To: <200803261921.m2QJLUvQ025792@mxt.1bigthink.com> References: <47EA0905.3060702@kooinda.net><319C0C7776CC4C49AC6CF2F9AD61E9FC@ChrisXPS> <200803261921.m2QJLUvQ025792@mxt.1bigthink.com> Message-ID: <05D1D3B4C400404B99CFB58CB8EEA167@ChrisXPS> Sorry, I had deleted the older posts before I knew I was having a problem. I saw a post about it and replied. Sorry! chris ----- Original Message ----- From: "dnsadmin 1bigthink.com" To: "MailScanner discussion" Sent: Wednesday, March 26, 2008 2:21 PM Subject: Re: All mail marked as spam? > At 02:12 PM 3/26/2008, you wrote: > >>on 3-26-2008 10:27 AM Chris Smith spake the following: >>>Same here. It must be one of the spam lists we are using. Anyone else >>>seeing this and know what needs to be done? >>>Thanks, >>>Chris >>I hate to be a jerk, but does anybody actually READ this list? > > Yep. Mostly lurking to learn, but occasionally to watch the games ;^). > > Cheers! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From lukas at spritelink.net Thu Mar 27 01:09:13 2008 From: lukas at spritelink.net (Lukas Garberg) Date: Thu Mar 27 01:10:02 2008 Subject: Problem with Max SpamAssassin Size = ... trackback Message-ID: <47EAF3B9.5090908@spritelink.net> Hi list, I'm running a spam filter gateway using postfix 2.4.6, MailScanner 4.66.5 and SpamAssassin 3.2.4. I have a problem using the trackback feature of the Max SpamAssassin Size configuration directive. I had it set to "100k trackback", but soon noticed alot of short spam not being caught by SpamAssassin. The messages were all on the form one line of text, one empty line and then two lines of text containing one URL, with a large margin below 100kb. Using the trackback option it seems as the last two lines of the messages (up to the empty line) are removed before the message is passed to SpamAssassin, which then fails to identify the message as spam. Most other mail seems to have an empty line at the end, but some spam I receive does not. I peeked into PFDiskStore.pm, and to me it looks like the trackback feature is used no matter what size the message is of. Is this the desired behavior? /Lukas From bcarruthers at iii.net.au Thu Mar 27 02:49:51 2008 From: bcarruthers at iii.net.au (Brett Carruthers) Date: Thu Mar 27 02:50:50 2008 Subject: ALL_TRUSTED RULE due to sendmail to Mailscanner relay Message-ID: Hi, I was hoping someone could nudge me in the correct direction. My configuration has led me to have all of my mail to be listed as trusted due to sendmail sending the mail to mailscanner. Can I stop this extra header being written into the mail so my spam scores are not being lowered? The ALL_TRUSTED_RULE is giving each message a -1.80 score. I use sendmail and Mailscanner with FProt antivirus before mail reaches our mail server Scalix. I?ll give two examples below; 1. A high scoring spam message; Message Headers:Return-Path: Received: from mailserv.iii.net.au (localhost.localdomain [127.0.0.1]) ? ? ?by mailserv.iii.net.au (8.13.8/8.13.8) with ESMTP id m2R1a8hl019090 ? ? ?for ; Thu, 27 Mar 2008 12:36:08 +1100 Received: from mailserv.iii.net.au (root@localhost) ? ? ?by mailserv.iii.net.au (8.13.8/8.13.8/Submit) with ESMTP id m2R1a5xM019074 ? ? ?for ; Thu, 27 Mar 2008 12:36:06 +1100 Received: from 124.51.9.40 ( [124.51.9.40]) by mailserv.iii.net.au (Scalix SMTP Relay 11.1.0.10849) via ESMTP; Thu, 27 Mar 2008 12:36:07 +1100 (EST) Message-ID: <000801c88faa$01d29125$c0bae5b1@fplkysj> From: "Tag Replica" To: "Rolex Watches" Subject: Exquisite Replica Date: Wed, 26 Mar 2008 23:48:39 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; ? ? ?boundary="----=_NextPart_000_0005_01C88FAA.01D24BF7" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Overall score was 31.055 2. Low scoring spam message (would have been blocked without my issue): Return-Path: Received: from mailserv.iii.net.au (localhost.localdomain [127.0.0.1]) by mailserv.iii.net.au (8.13.8/8.13.8) with ESMTP id m2R1fK72019497 for ; Thu, 27 Mar 2008 12:41:20 +1100 Received: from mailserv.iii.net.au (root@localhost) by mailserv.iii.net.au (8.13.8/8.13.8/Submit) with ESMTP id m2R1fI2b019496 for ; Thu, 27 Mar 2008 12:41:19 +1100 Received: from pool-72-93-39-97.bstnma.east.verizon.net (pool-72-93-39-97.bstnma.east.verizon.net [72.93.39.97]) by mailserv.iii.net.au (Scalix SMTP Relay 11.1.0.10849) via ESMTP; Thu, 27 Mar 2008 12:41:19 +1100 (EST) Message-ID: <000a01c88fab$01ab9bd5$d42ec9a1@kfqpn> From: "keefe lalit" To: Subject: New Britney P*ssy shot Date: Wed, 26 Mar 2008 23:53:53 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C88FAB.01A9E35B" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Overall score: 3.562 Thanks, Brett Carruthers iii -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Thu Mar 27 02:58:37 2008 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Thu Mar 27 03:12:50 2008 Subject: Accepting Tiffs Message-ID: <20080327025836.GA22308@doctor.nl2k.ab.ca> Question, how do you tell MAilScanner to accept TIF(F)s? I have an engineering who needs his tifs to turn up on the other side. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Thu Mar 27 08:25:34 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Mar 27 08:26:41 2008 Subject: R: Mailscanner slow queue In-Reply-To: References: <2FA349F95CF3644FAFC92070E642EB6AC7BA5B@beta.dbdomain.database.it> Message-ID: <027701c88fe4$20afb280$2e01a8c0@dbdomain.database.it> On the same machine it's also running a dns server for my site In /etc/resolv.conf there is ========== nameserver 83.216.185.66 ========== Where 83.216.185.66 is the ip address of the server. Is it enough ? -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Scott Silva Inviato: mercoled? 26 marzo 2008 18.31 A: mailscanner@lists.mailscanner.info Oggetto: Re: Mailscanner slow queue on 3-26-2008 4:03 AM Marcello Anderlini spake the following: > Maybe I've found the problem > > In my /etc/mail/spamassassin/init.pre > I've this line > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > > Now running a spammassassin -D < message I'get also these lines > > ====================================================================== > == > === > [23801] dbg: async: starting: URI-DNSBL, > DNSBL:multi.uribl.com.:meetic.com (timeout 10.0s, min 2.0s) [23801] > dbg: dns: URIBL_RED lookup start [23801] dbg: dns: URIBL_GREY lookup > start [23801] dbg: async: starting: URI-DNSBL, > DNSBL:bl.open-whois.org.:meetic.com (timeout 10.0s, min 2.0s) [23801] > dbg: dns: WHOIS_SECUREWHOIS lookup start [23801] dbg: dns: > WHOIS_MYPRIVREG lookup start [23801] dbg: dns: WHOIS_NETSOLPR lookup > start [23801] dbg: dns: WHOIS_AITPRIV lookup start [23801] dbg: async: > starting: URI-DNSBL, DNSBL:multi.surbl.org.:meetic.com (timeout 10.0s, > min 2.0s) [23801] dbg: dns: URIBL_SC_SURBL lookup start [23801] dbg: > dns: URIBL_AB_SURBL lookup start [23801] dbg: dns: WHOIS_CONTACTPRIV > lookup start [23801] dbg: dns: WHOIS_NAMEKING lookup start [23801] > dbg: dns: WHOIS_PRIVPROT lookup start [23801] dbg: dns: > WHOIS_WHOISGUARD lookup start [23801] dbg: dns: URIBL_PH_SURBL lookup > start [23801] dbg: dns: URIBL_BLACK lookup start [23801] dbg: dns: > WHOIS_PRIVACYPOST lookup start [23801] dbg: async: starting: > URI-DNSBL, DNSBL:rhsbl.ahbl.org.:meetic.com (timeout 10.0s, min 2.0s) > [23801] dbg: dns: URIBL_RHS_AHBL lookup start [23801] dbg: async: > starting: URI-DNSBL, > DNSBL:dob.sibl.support-intelligence.net:meetic.com (timeout 10.0s, min > 2.0s) > [omissis] > ====================================================================== > == > === > > I would like to mantain (to not change) this configuration but I could > not foud where this dnsbl are set and so try to change dbsbl or limit > the number. > > Could someone help me ? > > Thanks again Are you running a caching nameserver on the box? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -- Messaggio verificato dal servizio antivirus di Database Informatica From uxbod at splatnix.net Thu Mar 27 08:48:03 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 27 08:49:02 2008 Subject: R: Mailscanner slow queue In-Reply-To: <027701c88fe4$20afb280$2e01a8c0@dbdomain.database.it> Message-ID: <23398910.201206607683061.JavaMail.root@office.splatnix.net> are your DNS requests even getting to the outside world ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > On the same machine it's also running a dns server for my site > In /etc/resolv.conf there is > ========== > nameserver 83.216.185.66 > ========== > Where 83.216.185.66 is the ip address of the server. Is it enough ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 27 09:00:06 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 09:00:50 2008 Subject: Accepting Tiffs In-Reply-To: <20080327025836.GA22308@doctor.nl2k.ab.ca> References: <20080327025836.GA22308@doctor.nl2k.ab.ca> Message-ID: <47EB6216.2080504@ecs.soton.ac.uk> Using either filename.rules.conf or filetype.rules.conf. Just write an "allow" rule for them and put it near the top. If it's just the filename extension you're wanting, then something like allow \.tiff?$ - - with tabs separating each word of that line, would do the job in filename.rules.conf. Then just "service MailScanner reload" to get it to re-read the new configuration. Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Question, how do you tell MAilScanner to accept TIF(F)s? > > > I have an engineering who needs his tifs to turn up on the other side. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From m.anderlini at database.it Thu Mar 27 09:27:13 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Mar 27 09:28:40 2008 Subject: R: R: Mailscanner slow queue In-Reply-To: <23398910.201206607683061.JavaMail.root@office.splatnix.net> References: <027701c88fe4$20afb280$2e01a8c0@dbdomain.database.it> <23398910.201206607683061.JavaMail.root@office.splatnix.net> Message-ID: <029401c88fec$bdb7c3d0$2e01a8c0@dbdomain.database.it> Yes, because are also used by some dialup connections and for legacy I can not changed this :-( Could be this a problem ? -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di --[ UxBoD ]-- Inviato: gioved? 27 marzo 2008 9.48 A: MailScanner discussion Oggetto: Re: R: Mailscanner slow queue are your DNS requests even getting to the outside world ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > On the same machine it's also running a dns server for my site In > /etc/resolv.conf there is ========== nameserver 83.216.185.66 > ========== Where 83.216.185.66 is the ip address of the server. Is it > enough ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From uxbod at splatnix.net Thu Mar 27 09:35:03 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 27 09:35:52 2008 Subject: R: R: Mailscanner slow queue In-Reply-To: <029401c88fec$bdb7c3d0$2e01a8c0@dbdomain.database.it> Message-ID: <11269720.291206610503421.JavaMail.root@office.splatnix.net> ensure your lookups are working by trying dig open-whois.org. Does that return promptly ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > Yes, because are also used by some dialup connections and for legacy I > can > not changed this :-( > Could be this a problem ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Thu Mar 27 09:45:12 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Thu Mar 27 09:52:55 2008 Subject: Watermarking Message-ID: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> Hi I have a couple of questions regarding watermarking, I don't know if anyone else is being hit the same but quite a few domains I look after have been being hit by backscatter attacks over the last week. I already reject all invalid recipients but these backscatters seem to be targeting real aliases. I want to use watermarks to filter out the bounces where the original message did not come from my servers, but only on certain domains. Do I just set Use Watermarking = yes Add Watermark = %rules-dir%/add.watermark.rules add.watermark.rules FromTo: default no From: *@domain.com yes Check Watermarks With No Sender = %rules-dir%/check.watermarks.rules check.watermarks.rules FromTo: default no To: *@domain.com yes Would this add a watermark for e-mail coming from *@domain.com and only check watermarks for e-mail coming into *@domain.com - all other domains would work as they currently do? Is there any other caveats to watch out for? I seem to recall some discussion about it misfiring on Microsoft delivery recipients? Cheers Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/9dcb3511/attachment.html From m.anderlini at database.it Thu Mar 27 09:58:57 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Mar 27 10:04:35 2008 Subject: R: R: R: Mailscanner slow queue In-Reply-To: <11269720.291206610503421.JavaMail.root@office.splatnix.net> References: <029401c88fec$bdb7c3d0$2e01a8c0@dbdomain.database.it> <11269720.291206610503421.JavaMail.root@office.splatnix.net> Message-ID: <02b201c88ff1$2c55cd10$2e01a8c0@dbdomain.database.it> dig open-whois.org It appears ok: ============================ ; <<>> DiG 9.2.4 <<>> open-whois.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32406 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;open-whois.org. IN A ;; ANSWER SECTION: open-whois.org. 86400 IN A 208.113.128.202 ;; AUTHORITY SECTION: open-whois.org. 86340 IN NS ns1.open-whois.org. open-whois.org. 86340 IN NS ns2.open-whois.org. open-whois.org. 86340 IN NS ns3.open-whois.org. ;; Query time: 2224 msec ;; SERVER: 83.216.185.66#53(83.216.185.66) ;; WHEN: Thu Mar 27 10:58:01 2008 ;; MSG SIZE rcvd: 102 ============================ -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di --[ UxBoD ]-- Inviato: gioved? 27 marzo 2008 10.35 A: MailScanner discussion Oggetto: Re: R: R: Mailscanner slow queue ensure your lookups are working by trying dig open-whois.org. Does that return promptly ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > Yes, because are also used by some dialup connections and for legacy I > can not changed this :-( Could be this a problem ? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From alxfrag at gmail.com Thu Mar 27 10:11:25 2008 From: alxfrag at gmail.com (AlxFrag) Date: Thu Mar 27 10:09:46 2008 Subject: how to release blocked files from quarantine Message-ID: <47EB72CD.5020200@gmail.com> Hi, i've been using mailscanner a few months. I can succesfully release "spams" from quarantine by editing the spam.whitelist.rules file like this: From: 127.0.0.1 yes FromOrTo: default no This does not work for blocked files. When i try to release a blocked file it is blocked again. Any ideas? Many thanks in advance, Alex From uxbod at splatnix.net Thu Mar 27 10:13:25 2008 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Mar 27 10:14:19 2008 Subject: R: R: R: Mailscanner slow queue In-Reply-To: <02b201c88ff1$2c55cd10$2e01a8c0@dbdomain.database.it> Message-ID: <25075688.381206612805014.JavaMail.root@office.splatnix.net> wow that is a slow response! if I do the same here :- ; <<>> DiG 9.3.3rc2 <<>> open-whois.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51853 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;open-whois.org. IN A ;; ANSWER SECTION: open-whois.org. 84170 IN A 208.113.128.202 ;; AUTHORITY SECTION: open-whois.org. 24360 IN NS ns2.open-whois.org. open-whois.org. 24360 IN NS ns3.open-whois.org. open-whois.org. 24360 IN NS ns1.open-whois.org. ;; Query time: 0 msec ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX) ;; WHEN: Thu Mar 27 10:12:39 2008 ;; MSG SIZE rcvd: 102 is your internet line saturated ? do you have a upstream ISP where you could forward your DNS requests ? what is the load on your system ? how much free mem does it have ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > dig open-whois.org > > It appears ok: > ============================ > ; <<>> DiG 9.2.4 <<>> open-whois.org > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32406 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;open-whois.org. IN A > > ;; ANSWER SECTION: > open-whois.org. 86400 IN A 208.113.128.202 > > ;; AUTHORITY SECTION: > open-whois.org. 86340 IN NS ns1.open-whois.org. > open-whois.org. 86340 IN NS ns2.open-whois.org. > open-whois.org. 86340 IN NS ns3.open-whois.org. > > ;; Query time: 2224 msec > ;; SERVER: 83.216.185.66#53(83.216.185.66) > ;; WHEN: Thu Mar 27 10:58:01 2008 > ;; MSG SIZE rcvd: 102 > ============================ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Alistair.Carmichael at virginmedia.co.uk Thu Mar 27 10:22:10 2008 From: Alistair.Carmichael at virginmedia.co.uk (Carmichael, Alistair) Date: Thu Mar 27 10:24:04 2008 Subject: clamav module woes Message-ID: Hey Guys, I've ran into a problem with one of our mailscanner servers after doing our regular pagkage update via yum - this included amongst other updates clamav. Since running the updates mailscanner hasn't been scanning and the following message appears in maillog and when running MailScanner -debug: ClamAV Perl module not found, did you install it? I've tried re-installing clamav in it's entirety from the tar.gz on the mailscanner website download page and I've also tried reinstalling just the perl module both via dag.wieers.com rpm respository and cpan. Incase it was one of the other updates which broke the system a full list of the updated packages since we started having this problem is: Mar 25 10:13:25 Updated: krb5-libs.i386 1.3.4-54.el4_6.1 Mar 25 10:13:26 Updated: perl-Archive-Tar.noarch 1.38-1.el4.rf Mar 25 10:13:26 Updated: cups-libs.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 Mar 25 10:13:26 Updated: perl-IO-Zlib.noarch 1.09-1.el4.rf Mar 25 10:13:28 Updated: spamassassin.i386 3.2.4-1.el4.rf Mar 25 10:13:28 Updated: perl-Archive-Zip.noarch 1.23-1.el4.rf Mar 25 10:13:29 Updated: openldap.i386 2.2.13-8.el4_6.4 Mar 25 10:13:30 Updated: clamav-db.i386 0.92.1-1.el4.rf Mar 25 10:13:46 Installed: kernel-smp.i686 2.6.9-67.0.7.EL Mar 25 10:13:57 Installed: kernel.i686 2.6.9-67.0.7.EL Mar 25 10:13:57 Updated: perl-Convert-BER.noarch 1.3101-1.el4.rf Mar 25 10:14:00 Updated: tzdata.noarch 2007k-2.el4 Mar 25 10:14:02 Updated: cups.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 Mar 25 10:14:02 Updated: multitail.i386 5.2.1-1.el4.rf Mar 25 10:14:03 Updated: nagios-plugins.i386 1.4.11-1.el4.rf Mar 25 10:14:03 Updated: gd.i386 2.0.28-5.4E.el4_6.1 Mar 25 10:14:03 Updated: krb5-workstation.i386 1.3.4-54.el4_6.1 Mar 25 10:14:04 Updated: clamav.i386 0.92.1-1.el4.rf Mar 25 10:14:04 Updated: perl-Socket6.i386 0.20-1.el4.rf Mar 27 08:34:09 Installed: perl-IO-Compress-Base.noarch 2.008-1.el4.rf Mar 27 08:34:09 Installed: perl-Compress-Raw-Zlib.i386 2.008-1.el4.rf Mar 27 08:34:09 Installed: perl-IO-Compress-Zlib.noarch 2.008-1.el4.rf Mar 27 08:41:13 Updated: perl-Compress-Zlib.noarch 2.008-1.el4.rf [root@mailscanner2 log]# MailScanner -debug In Debugging mode, not forking... ClamAV Perl module not found, did you install it? at /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 487 [root@mailscanner2 log]# which perl /usr/bin/perl I'm running centos 4.4 with linux kernel version 2.6.9-55.ELsmp We have 2 other identical servers running mailscanner both working fine currently the only difference being is that they haven't yet had the above updates applied. If anyone knows what could be causing the problem or needs any further info please let me know, I've tried to use this as a last resort having exhausted google / most of the hairs on my head any help would be much appreciated! Al ------------------------------------------------------------------------------ Save Paper - Do you really need to print this e-mail? Visit www.virginmedia.com for more information, and more fun. This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237 ============================================================================== -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/6a087b0c/attachment-0001.html From telecaadmin at gmail.com Thu Mar 27 10:52:36 2008 From: telecaadmin at gmail.com (Ronny T. Lampert) Date: Thu Mar 27 10:53:15 2008 Subject: mail from mindspring In-Reply-To: <1122.90.184.19.31.1206529167.squirrel@mail.fumlersoft.dk> References: <1122.90.184.19.31.1206529167.squirrel@mail.fumlersoft.dk> Message-ID: <47EB7C74.1060705@gmail.com> > I would think that messages marked as spam, should not trigger a responce > to sender, who is 99% shure faked, even when config is to notice sender > about unwanted attachments. > > Is there a config combination that would keep MS from doing this ? Yes. What you see is a "bad attachment" informational mail. You can turn it off via the following options in MailScanner.conf # Do you want to notify the people who sent you messages containing # viruses or badly-named filenames? # This can also be the filename of a ruleset. Notify Senders = no # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing viruses? # The default value has been changed to "no" as most viruses now fake # sender addresses and therefore should be on the "Silent Viruses" list. # This can also be the filename of a ruleset. Notify Senders Of Viruses = no # *If* "Notify Senders" is set to yes, do you want to notify people # who sent you messages containing attachments that are blocked due to # their filename or file contents? # This can also be the filename of a ruleset. Notify Senders Of Blocked Filenames Or Filetypes = no Cheers, Ronny From m.anderlini at database.it Thu Mar 27 10:52:33 2008 From: m.anderlini at database.it (Marcello Anderlini) Date: Thu Mar 27 11:01:57 2008 Subject: R: R: R: R: Mailscanner slow queue In-Reply-To: <25075688.381206612805014.JavaMail.root@office.splatnix.net> References: <02b201c88ff1$2c55cd10$2e01a8c0@dbdomain.database.it> <25075688.381206612805014.JavaMail.root@office.splatnix.net> Message-ID: <02c801c88ff8$a946f400$2e01a8c0@dbdomain.database.it> I've noticed that this time could vary many. I've done some test now and the answer range could be from 1 mesc to 406 msec My internet line does not appears to be saturated. In my named.conf I have set to forward request to my ISP dns. My sistem it's a xeon dual core and cpus runs between 85% and 92% This it's my memory usage Mem: 2055628k total, 2006176k used, 49452k free, 53708k buffers Swap: 2031608k total, 18532k used, 2013076k free, 413196k cached Thanks again for your help -----Messaggio originale----- Da: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di --[ UxBoD ]-- Inviato: gioved? 27 marzo 2008 11.13 A: MailScanner discussion Oggetto: Re: R: R: R: Mailscanner slow queue wow that is a slow response! if I do the same here :- ; <<>> DiG 9.3.3rc2 <<>> open-whois.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51853 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;open-whois.org. IN A ;; ANSWER SECTION: open-whois.org. 84170 IN A 208.113.128.202 ;; AUTHORITY SECTION: open-whois.org. 24360 IN NS ns2.open-whois.org. open-whois.org. 24360 IN NS ns3.open-whois.org. open-whois.org. 24360 IN NS ns1.open-whois.org. ;; Query time: 0 msec ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX) ;; WHEN: Thu Mar 27 10:12:39 2008 ;; MSG SIZE rcvd: 102 is your internet line saturated ? do you have a upstream ISP where you could forward your DNS requests ? what is the load on your system ? how much free mem does it have ? Regards, -- --[ UxBoD ]-- // PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84 // Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84 // Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net ----- "Marcello Anderlini" wrote: > dig open-whois.org > > It appears ok: > ============================ > ; <<>> DiG 9.2.4 <<>> open-whois.org > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32406 ;; flags: qr > rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;open-whois.org. IN A > > ;; ANSWER SECTION: > open-whois.org. 86400 IN A 208.113.128.202 > > ;; AUTHORITY SECTION: > open-whois.org. 86340 IN NS ns1.open-whois.org. > open-whois.org. 86340 IN NS ns2.open-whois.org. > open-whois.org. 86340 IN NS ns3.open-whois.org. > > ;; Query time: 2224 msec > ;; SERVER: 83.216.185.66#53(83.216.185.66) ;; WHEN: Thu Mar 27 > 10:58:01 2008 ;; MSG SIZE rcvd: 102 ============================ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- Messaggio verificato dal servizio antivirus di Database Informatica -- Messaggio verificato dal servizio antivirus di Database Informatica From sandro at e-den.it Thu Mar 27 11:04:37 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Thu Mar 27 11:05:43 2008 Subject: how to release blocked files from quarantine In-Reply-To: <47EB72CD.5020200@gmail.com> References: <47EB72CD.5020200@gmail.com> Message-ID: <20080327110437.GE12351@ubuntu> On Thu, Mar 27, 2008 at 12:11:25PM +0200, AlxFrag wrote: > Hi, > > i've been using mailscanner a few months. I can succesfully release > "spams" from quarantine by editing the spam.whitelist.rules file like this: > > From: 127.0.0.1 yes > FromOrTo: default no I've never used this... what do you do "after" you changed the rule, to put messages from quarantine back in the queue? i'd like to do that... sandro *:-) From jaearick at colby.edu Thu Mar 27 12:15:44 2008 From: jaearick at colby.edu (Jeff A. Earickson) Date: Thu Mar 27 12:16:20 2008 Subject: OT: your sendmail throttle setting? Message-ID: Hi, A Quick query of the sendmail users out there in MailScanner-land. What do you use for your sendmail ConnectionRateThrottle setting, if you use it? Thanks, Jeff Earickson Colby College From sandro at e-den.it Thu Mar 27 12:43:18 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Thu Mar 27 12:44:22 2008 Subject: pyzor check Message-ID: <20080327124318.GA13512@ubuntu> Hi, I'm tuning some checks. I found that an (html) message with just "Ciao", sent buy a customer as test got trapped by pyzor with a score of 2.8. Is this due to the algorithm of pyzor (ie the way pyzor checks the similarity to another message) or I have something not working correctly? I'm sorry if this is partly OT... sandro *:-) From mikea at mikea.ath.cx Thu Mar 27 13:08:33 2008 From: mikea at mikea.ath.cx (mikea) Date: Thu Mar 27 13:09:12 2008 Subject: OT: your sendmail throttle setting? In-Reply-To: References: Message-ID: <20080327130833.GB9546@mikea.ath.cx> On Thu, Mar 27, 2008 at 08:15:44AM -0400, Jeff A. Earickson wrote: > Hi, > > A Quick query of the sendmail users out there in MailScanner-land. > What do you use for your sendmail ConnectionRateThrottle setting, > if you use it? >From my current .mc file: dnl ----------------------------------------------------------------------- dnl -- configuration variables mla 20070507 to try to keep sendmail -- dnl -- sort-of working under very heavy load -- dnl -- -- dnl -- references are to Sendmail 3rd edition (O'Reilly) by -- dnl -- Costales and Allman -- dnl ----------------------------------------------------------------------- define(`confCONNECTION_RATE_THROTTLE',`4')dnl 24.9.21 throttle if >4 connections/sec dnl define(`confDELAY_LA',`8')dnl 24.9.30 sleep a second between responses if LA>=8 define(`confDELAY_LA',`12')dnl 24.9.30 sleep a second between responses if LA>=12 define(`confQUEUE_FACTOR',`99')dnl 24.9.83 change computation of point at which dnl sendmail queues and stops delivering define(`confQUEUE_LA',`99')dnl 24.9.85 queue when dnl msgpri > QUEUE_FACTOR/(LA - QUEUE_LA - 1) define(`confQUEUE_SORT_ORDER',`host')dnl 4.9.86 try to deliver together all mail for dnl a given host dnl define(`confREFUSE_LA',`9')dnl define(`confREFUSE_LA',`13')dnl 24.9.90 refuse connections when LA >= 13 All these are what we use at my dayjob; none of them is guaranteed to be optimal, or even to work, for you. Not valid without this signature. Do not take with milk. Caution: manufactured in a facility that also processes nuts. I'm moving from this 1-core 1-CPU 3.4 GHz IBM x335 to a much roomier, much more capable server, and expect to be able to process mail at close to wire speed. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From alex at nkpanama.com Thu Mar 27 13:25:58 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Mar 27 13:27:06 2008 Subject: Watermarking In-Reply-To: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> References: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> Message-ID: <7F353274-1C42-4403-817C-E63F020809A9@nkpanama.com> You could also look into milter-null - it's worked very well for me in the past. From housey at sme-ecom.co.uk Thu Mar 27 14:10:10 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Thu Mar 27 14:14:43 2008 Subject: Watermarking In-Reply-To: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> References: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> Message-ID: <028b01c89014$44b18750$ce1495f0$@co.uk> Hi Ive been trying to use the watermark feature all morning but with no success, I can't seem to get it to add the watermark header? I do use rulesets for most values but setting Use Watermarking = yes Add Watermark = yes Seems to not do anything? Im using Mailscanner 4.65.3 It does add a watermark if I send to my own domain i.e. from paul@domain.com to paul@domain.com but if I send from paul@domain.com to paul@diffdom.com it doesn't add the extra header? I thought it might be to do with other rulesets as I generally don't scan outbound e-mail Scan Messages = %rules-dir%/scan.messages.rules Virus Scanning = %rules-dir%/virus.scanning.rules Spam Checks = %rules-dir%/spam.checks.rules But ive set all these to do FromTo: now instead of just To: and still the watermark doesn't get added? Any ideals, I can see from the lists people are using it so know it works I just must be missing something! Cheers paul From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Houselander (SME) Sent: 27 March 2008 09:45 To: mailscanner@lists.mailscanner.info Subject: Watermarking {Scanned by Allteks Mailsafe} Hi I have a couple of questions regarding watermarking, I don't know if anyone else is being hit the same but quite a few domains I look after have been being hit by backscatter attacks over the last week. I already reject all invalid recipients but these backscatters seem to be targeting real aliases. I want to use watermarks to filter out the bounces where the original message did not come from my servers, but only on certain domains. Do I just set Use Watermarking = yes Add Watermark = %rules-dir%/add.watermark.rules add.watermark.rules FromTo: default no From: *@domain.com yes Check Watermarks With No Sender = %rules-dir%/check.watermarks.rules check.watermarks.rules FromTo: default no To: *@domain.com yes Would this add a watermark for e-mail coming from *@domain.com and only check watermarks for e-mail coming into *@domain.com - all other domains would work as they currently do? Is there any other caveats to watch out for? I seem to recall some discussion about it misfiring on Microsoft delivery recipients? Cheers Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/ae3fdd31/attachment.html From alex at nkpanama.com Thu Mar 27 14:28:30 2008 From: alex at nkpanama.com (Alex Neuman) Date: Thu Mar 27 14:29:38 2008 Subject: Watermarking In-Reply-To: <028b01c89014$44b18750$ce1495f0$@co.uk> References: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> <028b01c89014$44b18750$ce1495f0$@co.uk> Message-ID: What would good reasons not to watermark *all* e-mail be? I don't really see why not since it's not particularly compute-intensive. From gmatt at nerc.ac.uk Thu Mar 27 14:34:51 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Thu Mar 27 14:36:15 2008 Subject: OT: your sendmail throttle setting? In-Reply-To: References: Message-ID: <47EBB08B.1010602@nerc.ac.uk> Jeff A. Earickson wrote: > Hi, > > A Quick query of the sendmail users out there in MailScanner-land. > What do you use for your sendmail ConnectionRateThrottle setting, > if you use it? production relays have it set: ConnectionRateThrottle=10 I also throttle on ClientRate and ClientConn which I vary depending on whether the clients are internal or external (using the access.db). These two are turned off for loopback. GREG > > Thanks, > Jeff Earickson > Colby College -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mkettler at evi-inc.com Thu Mar 27 14:57:21 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 27 14:58:31 2008 Subject: ALL_TRUSTED RULE due to sendmail to Mailscanner relay In-Reply-To: References: Message-ID: <47EBB5D1.9030904@evi-inc.com> Brett Carruthers wrote: > Hi, > > I was hoping someone could nudge me in the correct direction. > > My configuration has led me to have all of my mail to be listed as > trusted due to sendmail sending the mail to mailscanner. Can I stop this > extra header being written into the mail so my spam scores are not being > lowered? The ALL_TRUSTED_RULE is giving each message a -1.80 score. > > I use sendmail and Mailscanner with FProt antivirus before mail reaches > our mail server Scalix. If your mailscanner server resolves "mailserv.iii.net.au " as a reserved IP (ie: 10.* or 192.168.*, 172... etc) then you need to set your trusted_networks manually. SpamAssassin uses a trust-path guessing algorithm, but that algorithm assumes the first public IP is your MX. However, that assumption breaks when your MX is NAT mapped. The fix is to declare trusted_networks manually, to give SA explicit instructions about what hosts are trusted. It won't try to auto guess then. (and no, there's no reliable sure-fire way for SA to figure out what your network topology is based on the headers.. it makes its best guess).. See also: http://wiki.apache.org/spamassassin/TrustPath From housey at sme-ecom.co.uk Thu Mar 27 15:11:12 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Thu Mar 27 15:14:35 2008 Subject: Watermarking SOLVED In-Reply-To: References: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> <028b01c89014$44b18750$ce1495f0$@co.uk> Message-ID: <030501c8901c$cb92d1e0$62b875a0$@co.uk> Feel like jumping off a cliff! Solved my problem I was using a yahoo mail address to do my testing, ive just figured out that when you look at the message headers in yahoo mail they actually filter out a lot of them. It's been working from the very 1st mail I sent! Best part of a day to figure that one out, think I may give up the day job! From cleveland at winnefox.org Thu Mar 27 16:29:47 2008 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu Mar 27 16:30:29 2008 Subject: Error when running MailScanner --debug Message-ID: Hello, I've got a new server I'm setting up on ubuntu, and when I run MailScanner --debug I get these two errors: Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1088. se of uninitialized value in concatenation (.) or string at /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1090. Any ideas on how I can fix that? Thanks! - jody From rcastilloramos at yahoo.es Thu Mar 27 16:30:15 2008 From: rcastilloramos at yahoo.es (roberto martin castillo ramos) Date: Thu Mar 27 16:30:51 2008 Subject: help with MailScanner Message-ID: <692786.14717.qm@web36407.mail.mud.yahoo.com> Hello, I installed the MailScanner using, /install.sh now I want to clear the program, How can i do that? Thanks for your help --------------------------------- Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada m?s inteligente.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/dad5ffba/attachment.html From hvdkooij at vanderkooij.org Thu Mar 27 17:20:15 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 27 17:21:30 2008 Subject: R: R: R: R: Mailscanner slow queue In-Reply-To: <02c801c88ff8$a946f400$2e01a8c0@dbdomain.database.it> References: <02b201c88ff1$2c55cd10$2e01a8c0@dbdomain.database.it> <25075688.381206612805014.JavaMail.root@office.splatnix.net> <02c801c88ff8$a946f400$2e01a8c0@dbdomain.database.it> Message-ID: <47EBD74F.2040506@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcello Anderlini wrote: | I've noticed that this time could vary many. | I've done some test now and the answer range could be from 1 mesc to 406 | msec | | My internet line does not appears to be saturated. | In my named.conf I have set to forward request to my ISP dns. | My sistem it's a xeon dual core and cpus runs between 85% and 92% | | This it's my memory usage | Mem: 2055628k total, 2006176k used, 49452k free, 53708k buffers | Swap: 2031608k total, 18532k used, 2013076k free, 413196k cached Either accept that your system is slow or free this machine from some of the burden. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH69dMBvzDRVjxmYERAjZTAKCo3j+7E47OOVxYEZJZprmy/iJMXwCgix/G 0J8AIbetLK4uWEpp5dHYRb8= =dtCO -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Thu Mar 27 17:22:37 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 27 17:23:08 2008 Subject: O/T: Barracuda [was: Spam Graph] In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C91016E7965@wkits02.knowledgeit.co.uk> References: <23901.194.151.25.68.1204890156.squirrel@balin.waakhond.net> <1638CDD827D51E4D8E9B2741290E1C91016E7965@wkits02.knowledgeit.co.uk> Message-ID: <47EBD7DD.9000503@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Russell wrote: | Speaking of Barracuda. | | Is anyone having issues with their reputation system? We have a server | constantly listed as poor reputation however no matter how many requests | we put through we've yet to receive anything back on exactly why. My rather educated guess: The system is backup MX for one or more Barracuda's which have not listed the system as trusted forwarder. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH69fbBvzDRVjxmYERAmXjAKCHSzQGhURvKvP0g837/7j6RYY+pACeKsS7 d0LcuY/lwenh+yRCN4uabRE= =QMfg -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Mar 27 17:04:33 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 17:26:56 2008 Subject: Error when running MailScanner --debug In-Reply-To: References: Message-ID: <47EBD3A1.5010708@ecs.soton.ac.uk> It's a SpamAssassin problem, but start by doing a MailScanner --lint and see what that produces. What version of SpamAssassin do you think you're running? "MailScanner -v" will tell you for sure. Jody Cleveland wrote: > Hello, > > I've got a new server I'm setting up on ubuntu, and when I run MailScanner > --debug I get these two errors: > > Use of uninitialized value in concatenation (.) or string at > /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1088. > > se of uninitialized value in concatenation (.) or string at > /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1090. > > Any ideas on how I can fix that? > > Thanks! > > - jody > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Thu Mar 27 17:28:51 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Mar 27 17:29:24 2008 Subject: MailScanner marks everything as spam In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103E0BC5F4F@EX2K7VS01.4emm.local> References: <3FF92F1C-FF2D-43AF-8BB8-05B8AE4FF6D6@nkpanama.com> <223f97700803251423k7b43ab65r58c8c4f627d8a626@mail.gmail.com> <6052545A7C35D54FBDD1051DFDD2045103E0BC5F4F@EX2K7VS01.4emm.local> Message-ID: <47EBD953.40909@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Wong wrote: | What do you recommend for blacklist lookups? And how much blacklists does an email have to be on in order for it to be considered spam? I ran into this problem with my mail scanner today. Please consult your config file. # If a message appears in at least this number of "Spam Lists" (as defined # above), then the message will be treated as spam and so the "Spam # Actions" will happen, unless the message reaches the levels for "High # Scoring Spam". By default this is set to 1 to mimic the previous # behaviour, which means that appearing in any "Spam Lists" will cause # the message to be treated as spam. # This can also be the filename of a ruleset. Spam Lists To Be Spam = 2 Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH69lSBvzDRVjxmYERAti+AJwJFmF5tfNt/fD2qrkpIOoQlzikVgCgsc07 hIuOByJ7tmg4rhsCrRbUdIM= =ku1d -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Thu Mar 27 17:29:41 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 17:29:52 2008 Subject: help with MailScanner In-Reply-To: <692786.14717.qm@web36407.mail.mud.yahoo.com> References: <692786.14717.qm@web36407.mail.mud.yahoo.com> Message-ID: <47EBD985.8060108@ecs.soton.ac.uk> Which distribution did you use? If you are using an RPM-based distribution on Linux, you should be able to do rpm -e mailscanner chkconfig sendmail on service sendmail restart and your system will be back running sendmail as before. roberto martin castillo ramos wrote: > Hello, > I installed the MailScanner using, /install.sh now I want to clear the > program, > How can i do that? > Thanks for your help > > ------------------------------------------------------------------------ > > Enviado desde Correo Yahoo! > Disfruta de una bandeja de entrada m?s inteligente. > . Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Mar 27 17:31:17 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 27 17:31:52 2008 Subject: MailScanner not delivering messages In-Reply-To: References: Message-ID: <223f97700803271031m5db39f74i375795354b83403@mail.gmail.com> On 26/03/2008, Tim Wolak wrote: > Thanks Scott, yes I did follow that document. There are 34 messages in > total some in the hold queue and some in the /var/spool/MailScanner/incoming > dir. Not sure why they are not leaving the hold queue.... > If they are in the incoming queue and not leaving that, you should ask yourself why not.... Before concentrating on the hold queue. I saw in your reply to Gerard that you seem to have some typos somewhere in your config (alias file name, localhsot (or similar) in a Recieved line etc), so perhaps you should go through your config _very_ carefully and try deduce what is happening. I suspect we're only seeing the "info" level syslog entries, not the "warning" and "error" ones... Do you employ split logging for mail? If so, could you check the other files (mail.err, mail.warn or similar... Check your syslogd setup for details;-)? Anything useful there? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From cleveland at winnefox.org Thu Mar 27 18:07:09 2008 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu Mar 27 18:07:44 2008 Subject: Error when running MailScanner --debug In-Reply-To: <47EBD3A1.5010708@ecs.soton.ac.uk> Message-ID: For MailScanner --lint I get this: Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.67.6) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp SpamAssassin reported no errors. MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamav =========================================================================== =========================================================================== Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature" If any of your virus scanners (clamav) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. MailScanner -v gives me this for SpamAssassin: 3.002004 Mail::SpamAssassin (I installed it using the SA/ClamAV bundle you have on the MailScanner site) On 3/27/08 12:04 PM, "Julian Field" wrote: > It's a SpamAssassin problem, but start by doing a MailScanner --lint and > see what that produces. What version of SpamAssassin do you think you're > running? "MailScanner -v" will tell you for sure. > > Jody Cleveland wrote: >> Hello, >> >> I've got a new server I'm setting up on ubuntu, and when I run MailScanner >> --debug I get these two errors: >> >> Use of uninitialized value in concatenation (.) or string at >> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1088. >> >> se of uninitialized value in concatenation (.) or string at >> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1090. >> >> Any ideas on how I can fix that? >> >> Thanks! >> >> - jody >> >> >> > > Jules From MailScanner at ecs.soton.ac.uk Thu Mar 27 18:14:07 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 18:19:46 2008 Subject: Error when running MailScanner --debug In-Reply-To: References: Message-ID: <47EBE3EF.2000107@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In which case everything should be okay. Is it just reporting harmless warnings? Does it actually process mail okay? Jody Cleveland wrote: > For MailScanner --lint I get this: > > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.67.6) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > SpamAssassin reported no errors. > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamav > =========================================================================== > =========================================================================== > Virus Scanner test reports: > ClamAV said "eicar.com contains Eicar-Test-Signature" > > If any of your virus scanners (clamav) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > MailScanner -v gives me this for SpamAssassin: 3.002004 > Mail::SpamAssassin > (I installed it using the SA/ClamAV bundle you have on the MailScanner site) > > > On 3/27/08 12:04 PM, "Julian Field" wrote: > > >> It's a SpamAssassin problem, but start by doing a MailScanner --lint and >> see what that produces. What version of SpamAssassin do you think you're >> running? "MailScanner -v" will tell you for sure. >> >> Jody Cleveland wrote: >> >>> Hello, >>> >>> I've got a new server I'm setting up on ubuntu, and when I run MailScanner >>> --debug I get these two errors: >>> >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>> >>> se of uninitialized value in concatenation (.) or string at >>> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>> >>> Any ideas on how I can fix that? >>> >>> Thanks! >>> >>> - jody >>> >>> >>> >>> >> Jules >> > > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6+PxEfZZRxQVtlQRAnulAJ9XLbqdQZ/tTP1t98KRZEbmjHIo2wCZAT6h qfdzrw7i17656hB4NCxlxhs= =mEQp -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From cleveland at winnefox.org Thu Mar 27 18:23:52 2008 From: cleveland at winnefox.org (Jody Cleveland) Date: Thu Mar 27 18:24:31 2008 Subject: Error when running MailScanner --debug In-Reply-To: <47EBE3EF.2000107@ecs.soton.ac.uk> Message-ID: Yeah, everything seems ok. I'm just setting up a new server and trying to eliminate all errors. But, I won't worry about it. Thanks! On 3/27/08 1:14 PM, "Julian Field" wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In which case everything should be okay. > Is it just reporting harmless warnings? > Does it actually process mail okay? > > Jody Cleveland wrote: >> For MailScanner --lint I get this: >> >> Trying to setlogsock(unix) >> Checking version numbers... >> Version number in MailScanner.conf (4.67.6) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> >> Checking for SpamAssassin errors (if you use it)... >> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp >> SpamAssassin reported no errors. >> MailScanner.conf says "Virus Scanners = clamav" >> Found these virus scanners installed: clamav >> =========================================================================== >> =========================================================================== >> Virus Scanner test reports: >> ClamAV said "eicar.com contains Eicar-Test-Signature" >> >> If any of your virus scanners (clamav) >> are not listed there, you should check that they are installed correctly >> and that MailScanner is finding them correctly via its virus.scanners.conf. >> >> MailScanner -v gives me this for SpamAssassin: 3.002004 >> Mail::SpamAssassin >> (I installed it using the SA/ClamAV bundle you have on the MailScanner site) >> >> >> On 3/27/08 12:04 PM, "Julian Field" wrote: >> >> >>> It's a SpamAssassin problem, but start by doing a MailScanner --lint and >>> see what that produces. What version of SpamAssassin do you think you're >>> running? "MailScanner -v" will tell you for sure. >>> >>> Jody Cleveland wrote: >>> >>>> Hello, >>>> >>>> I've got a new server I'm setting up on ubuntu, and when I run MailScanner >>>> --debug I get these two errors: >>>> >>>> Use of uninitialized value in concatenation (.) or string at >>>> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1088. >>>> >>>> se of uninitialized value in concatenation (.) or string at >>>> /usr/local/share/perl/5.8.8/Mail/SpamAssassin.pm line 1090. >>>> >>>> Any ideas on how I can fix that? >>>> >>>> Thanks! >>>> >>>> - jody >>>> >>>> >>>> >>>> >>> Jules >>> >> >> > > Jules > > - -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.8.2 (Build 3005) > Comment: Use Thunderbird Enigmail to verify this message > Charset: ISO-8859-1 > > wj8DBQFH6+PxEfZZRxQVtlQRAnulAJ9XLbqdQZ/tTP1t98KRZEbmjHIo2wCZAT6h > qfdzrw7i17656hB4NCxlxhs= > =mEQp > -----END PGP SIGNATURE----- From ssilva at sgvwater.com Thu Mar 27 18:29:52 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 27 18:30:50 2008 Subject: how to release blocked files from quarantine In-Reply-To: <47EB72CD.5020200@gmail.com> References: <47EB72CD.5020200@gmail.com> Message-ID: on 3-27-2008 3:11 AM AlxFrag spake the following: > Hi, > > i've been using mailscanner a few months. I can succesfully release > "spams" from quarantine by editing the spam.whitelist.rules file like this: > > From: 127.0.0.1 yes > FromOrTo: default no > > > This does not work for blocked files. When i try to release a blocked > file it is blocked again. > Any ideas? > > Many thanks in advance, > > Alex Use a ruleset in Scan Messages; # The purpose of this option is to set it to be a ruleset, so that you # can skip all scanning of mail destined for some of your users/customers # and still scan all the rest. # A sample ruleset would look like this: # To: bad.customer.com no # From: ignore.domain.com no # FromOrTo: default yes # That will scan all mail except mail to bad.customer.com and mail from # ignore.domain.com. To set this up, put the 3 lines above into a file # called /etc/MailScanner/rules/scan.messages.rules and set the next line to # Scan Messages = %rules-dir%/scan.messages.rules # This can also be the filename of a ruleset (as illustrated above). Scan Messages = %rules-dir%/scan.messages.rules -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/bc586788/signature.bin From support at bytesinteractive.com Thu Mar 27 18:33:38 2008 From: support at bytesinteractive.com (David Jourard) Date: Thu Mar 27 18:34:10 2008 Subject: Delete email starting with mail@, uucp@ Message-ID: <47EBE882.6000509@bytesinteractive.com> Hi, I just upgraded MailScanner from an older version I had running. I had a bunch of rules I setup in spam.blacklist.rules Example: FromOrTo: root@clientdomain.com yes FromOrTo: mail@clientdomain.com yes FromOrTo: uucp@clientdomain.com yes FromOrTo: info@clientdomain.com yes They were being deleted. They are now getting delivered. What parameters do I need to set so that they get deleted. Thanks David J. From ssilva at sgvwater.com Thu Mar 27 18:50:21 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Thu Mar 27 18:51:18 2008 Subject: clamav module woes In-Reply-To: References: Message-ID: on 3-27-2008 3:22 AM Carmichael, Alistair spake the following: > Hey Guys, > > I?ve ran into a problem with one of our mailscanner servers after doing > our regular pagkage update via yum ? this included amongst other updates > clamav. > > Since running the updates mailscanner hasn?t been scanning and the > following message appears in maillog and when running MailScanner ?debug: > > ClamAV Perl module not found, did you install it? > > I?ve tried re-installing clamav in it?s entirety from the tar.gz on the > mailscanner website download page and I?ve also tried reinstalling just > the perl module both via dag.wieers.com rpm respository and cpan. You can't install clam from both an rpm and Julian's package as they use different paths. Pick one and stick with it. Also get the perl module from the same place. If you use rpm's get the module from rpmforge also. Don't install from CPAN on an rpm system, you will eventually break something. Use something like cpanflute or cpan2rpm to make rpms of modules you can't find anywhere else. > > Incase it was one of the other updates which broke the system a full > list of the updated packages since we started having this problem is: > > > > Mar 25 10:13:25 Updated: krb5-libs.i386 1.3.4-54.el4_6.1 > > Mar 25 10:13:26 Updated: perl-Archive-Tar.noarch 1.38-1.el4.rf > > Mar 25 10:13:26 Updated: cups-libs.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 > > Mar 25 10:13:26 Updated: perl-IO-Zlib.noarch 1.09-1.el4.rf > > Mar 25 10:13:28 Updated: spamassassin.i386 3.2.4-1.el4.rf > > Mar 25 10:13:28 Updated: perl-Archive-Zip.noarch 1.23-1.el4.rf > > Mar 25 10:13:29 Updated: openldap.i386 2.2.13-8.el4_6.4 > > Mar 25 10:13:30 Updated: clamav-db.i386 0.92.1-1.el4.rf > > Mar 25 10:13:46 Installed: kernel-smp.i686 2.6.9-67.0.7.EL > > Mar 25 10:13:57 Installed: kernel.i686 2.6.9-67.0.7.EL > > Mar 25 10:13:57 Updated: perl-Convert-BER.noarch 1.3101-1.el4.rf > > Mar 25 10:14:00 Updated: tzdata.noarch 2007k-2.el4 > > Mar 25 10:14:02 Updated: cups.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 > > Mar 25 10:14:02 Updated: multitail.i386 5.2.1-1.el4.rf > > Mar 25 10:14:03 Updated: nagios-plugins.i386 1.4.11-1.el4.rf > > Mar 25 10:14:03 Updated: gd.i386 2.0.28-5.4E.el4_6.1 > > Mar 25 10:14:03 Updated: krb5-workstation.i386 1.3.4-54.el4_6.1 > > Mar 25 10:14:04 Updated: clamav.i386 0.92.1-1.el4.rf > > Mar 25 10:14:04 Updated: perl-Socket6.i386 0.20-1.el4.rf > > Mar 27 08:34:09 Installed: perl-IO-Compress-Base.noarch 2.008-1.el4.rf > > Mar 27 08:34:09 Installed: perl-Compress-Raw-Zlib.i386 2.008-1.el4.rf > > Mar 27 08:34:09 Installed: perl-IO-Compress-Zlib.noarch 2.008-1.el4.rf > > Mar 27 08:41:13 Updated: perl-Compress-Zlib.noarch 2.008-1.el4.rf > > > > [root@mailscanner2 log]# MailScanner -debug > > In Debugging mode, not forking... > > ClamAV Perl module not found, did you install it? at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 487 > > > > [root@mailscanner2 log]# which perl > > /usr/bin/perl > > > > I?m running centos 4.4 with linux kernel version 2.6.9-55.ELsmp > Since you updated, you really should reboot to use the new kernel that you just downloaded. > > > We have 2 other identical servers running mailscanner both working fine > currently the only difference being is that they haven?t yet had the > above updates applied. > > > > If anyone knows what could be causing the problem or needs any further > info please let me know, I?ve tried to use this as a last resort having > exhausted google / most of the hairs on my head any help would be much > appreciated! > > > -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/a1ffb411/signature.bin From MailScanner at ecs.soton.ac.uk Thu Mar 27 18:52:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 18:53:38 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBE882.6000509@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> Message-ID: <47EBECFB.9040809@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Where are you using spam.blacklist.rules in your MailScanner.conf, and what are your: Definite Spam Is High-Scoring = Spam Actions = High-Scoring Spam Actions = settings? David Jourard wrote: > Hi, > > I just upgraded MailScanner from an older version I had running. > > I had a bunch of rules I setup in spam.blacklist.rules > > Example: > > FromOrTo: root@clientdomain.com yes > FromOrTo: mail@clientdomain.com yes > FromOrTo: uucp@clientdomain.com yes > FromOrTo: info@clientdomain.com yes > > They were being deleted. > > They are now getting delivered. > > What parameters do I need to set so that they get deleted. > > Thanks > David J. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6+0JEfZZRxQVtlQRAtqKAJ4kwZFXiCvQ76UXMh/Tw+9ym5daCgCfadIH PJt0b3rwF+OELQwD/g4oCic= =tZyk -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 27 18:53:31 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 18:53:54 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBE882.6000509@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> Message-ID: <47EBED2B.9080408@ecs.soton.ac.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And did you run upgrade_MailScanner_conf to upgrade your MailScanner.conf file? Just run it, and it will tell you how to use it. David Jourard wrote: > Hi, > > I just upgraded MailScanner from an older version I had running. > > I had a bunch of rules I setup in spam.blacklist.rules > > Example: > > FromOrTo: root@clientdomain.com yes > FromOrTo: mail@clientdomain.com yes > FromOrTo: uucp@clientdomain.com yes > FromOrTo: info@clientdomain.com yes > > They were being deleted. > > They are now getting delivered. > > What parameters do I need to set so that they get deleted. > > Thanks > David J. > Jules - -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.2 (Build 3005) Comment: Use Thunderbird Enigmail to verify this message Charset: ISO-8859-1 wj8DBQFH6+01EfZZRxQVtlQRAvhYAJsHOp+bMyV8BSvQPcW+ninzeWtmLACghlCb Bu49m8vQE/nO+Cdh6NEDLc4= =vvce -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support at bytesinteractive.com Thu Mar 27 19:20:56 2008 From: support at bytesinteractive.com (David Jourard) Date: Thu Mar 27 19:21:30 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBECFB.9040809@ecs.soton.ac.uk> References: <47EBE882.6000509@bytesinteractive.com> <47EBECFB.9040809@ecs.soton.ac.uk> Message-ID: <47EBF398.50804@bytesinteractive.com> Julian Field wrote: > * PGP Signed by an unverified key: 03/27/08 at 14:52:57 > > Where are you using spam.blacklist.rules in your MailScanner.conf, and > what are your: > Definite Spam Is High-Scoring = > Spam Actions = > High-Scoring Spam Actions = > settings? Definite Spam Is High Scoring = yes Spam Actions = deliver High Scoring Spam Actions = spam.action.rules In spam.action.rules I have To: mail@* delete To: uucp@* delete Question 2 >And did you run upgrade_MailScanner_conf to upgrade your MailScanner.conf file? Just run it, and it will tell you how to use it. Yes I ran it. Thanks for your quick response. David J. From support at bytesinteractive.com Thu Mar 27 19:21:00 2008 From: support at bytesinteractive.com (David Jourard) Date: Thu Mar 27 19:21:33 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBECFB.9040809@ecs.soton.ac.uk> References: <47EBE882.6000509@bytesinteractive.com> <47EBECFB.9040809@ecs.soton.ac.uk> Message-ID: <47EBF39C.2040909@bytesinteractive.com> Julian Field wrote: > * PGP Signed by an unverified key: 03/27/08 at 14:52:57 > > Where are you using spam.blacklist.rules in your MailScanner.conf, and > what are your: > Definite Spam Is High-Scoring = > Spam Actions = > High-Scoring Spam Actions = > settings? Definite Spam Is High Scoring = yes Spam Actions = deliver High Scoring Spam Actions = spam.action.rules In spam.action.rules I have To: mail@* delete To: uucp@* delete Question 2 >And did you run upgrade_MailScanner_conf to upgrade your MailScanner.conf file? Just run it, and it will tell you how to use it. Yes I ran it. Thanks for your quick response. David J. From gwong at linktechit.com Thu Mar 27 19:30:23 2008 From: gwong at linktechit.com (Gregory Wong) Date: Thu Mar 27 19:31:03 2008 Subject: Sync multiple servers Message-ID: Hi everyone. I have a server running Postfix, MailScanner, SA, etc. that is offsite from the main office. I am looking to setup a second server and use round robin to allow mail sent to be "load balanced" between the two servers. Can anyone recommend a way to sync server 2 with server 1 so the configuration is identical? I am also interested in updating one server and syncing the changes onto the second one. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/a13f15be/attachment.html From mkettler at evi-inc.com Thu Mar 27 19:45:12 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 27 19:46:18 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBE882.6000509@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> Message-ID: <47EBF948.9050106@evi-inc.com> David Jourard wrote: > Hi, > > I just upgraded MailScanner from an older version I had running. > > I had a bunch of rules I setup in spam.blacklist.rules > > Example: > > FromOrTo: root@clientdomain.com yes > FromOrTo: mail@clientdomain.com yes > FromOrTo: uucp@clientdomain.com yes > FromOrTo: info@clientdomain.com yes > > They were being deleted. > > They are now getting delivered. > > What parameters do I need to set so that they get deleted. Any reason you're doing this at the MailScanner layer? If you're just going to delete it, save your network the bandwidth of receiving it and just 550 it at the MTA layer. For example, in sendmail you'd edit /etc/mail/access and add: root@clientdomain.com REJECT mail@clientdomain.com REJECT uucp@clientdomain.com REJECT info@clientdomain.com REJECT Then run make in /etc/mail/ directory to rebuild access.db from the access text file. Poof, no more mail to or from that address will ever be accepted by your MTA. From support at bytesinteractive.com Thu Mar 27 20:27:11 2008 From: support at bytesinteractive.com (David Jourard) Date: Thu Mar 27 20:27:44 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBF948.9050106@evi-inc.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> Message-ID: <47EC031F.7030004@bytesinteractive.com> Matt Kettler wrote: > David Jourard wrote: >> Hi, >> >> I just upgraded MailScanner from an older version I had running. >> >> I had a bunch of rules I setup in spam.blacklist.rules >> >> Example: >> >> FromOrTo: root@clientdomain.com yes >> FromOrTo: mail@clientdomain.com yes >> FromOrTo: uucp@clientdomain.com yes >> FromOrTo: info@clientdomain.com yes >> >> They were being deleted. >> >> They are now getting delivered. >> >> What parameters do I need to set so that they get deleted. > > Any reason you're doing this at the MailScanner layer? Ignorance > > If you're just going to delete it, save your network the bandwidth of > receiving it and just 550 it at the MTA layer. This sounds like a wonderful solution. > > For example, in sendmail you'd edit /etc/mail/access and add: > root@clientdomain.com REJECT > mail@clientdomain.com REJECT > uucp@clientdomain.com REJECT > info@clientdomain.com REJECT > > Then run make in /etc/mail/ directory to rebuild access.db from the > access text file. What command do I use. Is it makemap hash (like I've been doing for virtualusertable). Do I need to restart MailScanner (which also restarts sendmail). > > Poof, no more mail to or from that address will ever be accepted by > your MTA. > This would be great. David J. From support at bytesinteractive.com Thu Mar 27 20:27:14 2008 From: support at bytesinteractive.com (David Jourard) Date: Thu Mar 27 20:27:47 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EBF948.9050106@evi-inc.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> Message-ID: <47EC0322.70600@bytesinteractive.com> Matt Kettler wrote: > David Jourard wrote: >> Hi, >> >> I just upgraded MailScanner from an older version I had running. >> >> I had a bunch of rules I setup in spam.blacklist.rules >> >> Example: >> >> FromOrTo: root@clientdomain.com yes >> FromOrTo: mail@clientdomain.com yes >> FromOrTo: uucp@clientdomain.com yes >> FromOrTo: info@clientdomain.com yes >> >> They were being deleted. >> >> They are now getting delivered. >> >> What parameters do I need to set so that they get deleted. > > Any reason you're doing this at the MailScanner layer? Ignorance > > If you're just going to delete it, save your network the bandwidth of > receiving it and just 550 it at the MTA layer. This sounds like a wonderful solution. > > For example, in sendmail you'd edit /etc/mail/access and add: > root@clientdomain.com REJECT > mail@clientdomain.com REJECT > uucp@clientdomain.com REJECT > info@clientdomain.com REJECT > > Then run make in /etc/mail/ directory to rebuild access.db from the > access text file. What command do I use. Is it makemap hash (like I've been doing for virtualusertable). Do I need to restart MailScanner (which also restarts sendmail). > > Poof, no more mail to or from that address will ever be accepted by > your MTA. > This would be great. David J. From mikea at mikea.ath.cx Thu Mar 27 20:50:12 2008 From: mikea at mikea.ath.cx (mikea) Date: Thu Mar 27 20:50:48 2008 Subject: Sync multiple servers In-Reply-To: References: Message-ID: <20080327205012.GA12142@mikea.ath.cx> On Thu, Mar 27, 2008 at 03:30:23PM -0400, Gregory Wong wrote: > Hi everyone. I have a server running Postfix, MailScanner, SA, etc. that is offsite from the main office. I am looking to setup a second server and use round robin to allow mail sent to be "load balanced" between the two servers. Can anyone recommend a way to sync server 2 with server 1 so the configuration is identical? I am also interested in updating one server and syncing the changes onto the second one. > > Thanks. A script using rsync might work very nicely for you. -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin From glenn.steen at gmail.com Thu Mar 27 20:51:18 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Mar 27 20:51:53 2008 Subject: how to release blocked files from quarantine In-Reply-To: <20080327110437.GE12351@ubuntu> References: <47EB72CD.5020200@gmail.com> <20080327110437.GE12351@ubuntu> Message-ID: <223f97700803271351l5ea33626lbc5f86a6a6532e0a@mail.gmail.com> On 27/03/2008, Alessandro Dentella wrote: > On Thu, Mar 27, 2008 at 12:11:25PM +0200, AlxFrag wrote: > > Hi, > > > > i've been using mailscanner a few months. I can succesfully release > > "spams" from quarantine by editing the spam.whitelist.rules file like this: > > > > From: 127.0.0.1 yes > > FromOrTo: default no > > > I've never used this... what do you do "after" you changed the rule, to put > messages from quarantine back in the queue? i'd like to do that... > It depends on what MTA you have and wether you quarantine the queue file(s) or the decoded message. Anyway.... It is all documented pretty good for most MTAs in the wiki.... Go do some rading at http://wiki.mailscanner.info .... ;-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Thu Mar 27 20:56:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 20:57:05 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC0322.70600@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> Message-ID: <47EC09F9.4000006@ecs.soton.ac.uk> David Jourard wrote: > Matt Kettler wrote: >> David Jourard wrote: >>> Hi, >>> >>> I just upgraded MailScanner from an older version I had running. >>> >>> I had a bunch of rules I setup in spam.blacklist.rules >>> >>> Example: >>> >>> FromOrTo: root@clientdomain.com yes >>> FromOrTo: mail@clientdomain.com yes >>> FromOrTo: uucp@clientdomain.com yes >>> FromOrTo: info@clientdomain.com yes >>> >>> They were being deleted. >>> >>> They are now getting delivered. >>> >>> What parameters do I need to set so that they get deleted. >> >> Any reason you're doing this at the MailScanner layer? > Ignorance > >> >> If you're just going to delete it, save your network the bandwidth of >> receiving it and just 550 it at the MTA layer. > > This sounds like a wonderful solution. >> >> For example, in sendmail you'd edit /etc/mail/access and add: >> root@clientdomain.com REJECT >> mail@clientdomain.com REJECT >> uucp@clientdomain.com REJECT >> info@clientdomain.com REJECT >> >> Then run make in /etc/mail/ directory to rebuild access.db from the >> access text file. > What command do I use. Is it makemap hash (like I've been doing for > virtualusertable). cd /etc/mail make -n That will show you what it's going to do, without actually doing it. Make sure it prints a command that looks like it will rebuild the access db. make That will actually do it. > > Do I need to restart MailScanner (which also restarts sendmail). Easy enough to test. Try sendmail -bv info@clientdomain.com and see what it says it will do with it. If it looks like it's going to try to deliver it, then do a quick service MailScanner restart I don't *think* you need to, but someone will surely correct me if I'm wrong. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Mar 27 21:05:10 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Mar 27 21:05:21 2008 Subject: Sync multiple servers In-Reply-To: References: Message-ID: <47EC0C06.9030807@ecs.soton.ac.uk> Read "man rsync" :-) You can do your entire MailScanner config (on your primary config host, which might be a Linux box) with rsync -av --rsh=ssh /etc/MailScanner/ root@second.mail.host.com:/etc/MailScanner/ If you want to see what it will do, but without actually doing it, add "--dry-run" to the list of options near the start of that command. You'll need to set up ssh keys so that the primary config host can successfully ssh root@second.mail.host.com date without asking for a password. Then you can bung it in a crontab entry and it will do it regularly. Personally I prefer to do it just on demand, so typing in a password isn't a big deal, and makes me stop and think before I do it (which I regard as a good thing :-) You could copy the sendmail configuration similarly by copying /etc/aliases* and /etc/mail/ the same way. Once you have copied the files over, do an ssh root@second.mail.host.com /sbin/service MailScanner restart to force it to start up afresh with the new configuration files in place. Do it with a nice new copy of MailScanner and the service MailScanner restart will reliably and completely do the job, I recently improved it. If your "service MailScanner restart" prints "....5....0 "then you have a recent enough version. If it just prints a long string of dots, without any digits every 5th dot, then you need a more recent version of the init.d script. Best regards, Jules. Gregory Wong wrote: > Hi everyone. I have a server running Postfix, MailScanner, SA, etc. > that is offsite from the main office. I am looking to setup a second > server and use round robin to allow mail sent to be ?load balanced? > between the two servers. Can anyone recommend a way to sync server 2 > with server 1 so the configuration is identical? I am also interested > in updating one server and syncing the changes onto the second one. > > Thanks. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Thu Mar 27 21:25:44 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Thu Mar 27 21:26:23 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC031F.7030004@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC031F.7030004@bytesinteractive.com> Message-ID: <47EC10D8.8000207@evi-inc.com> David Jourard wrote: > Matt Kettler wrote: >> If you're just going to delete it, save your network the bandwidth of >> receiving it and just 550 it at the MTA layer. > > This sounds like a wonderful solution. >> >> For example, in sendmail you'd edit /etc/mail/access and add: >> root@clientdomain.com REJECT >> mail@clientdomain.com REJECT >> uucp@clientdomain.com REJECT >> info@clientdomain.com REJECT >> >> Then run make in /etc/mail/ directory to rebuild access.db from the >> access text file. > What command do I use. Is it makemap hash (like I've been doing for > virtualusertable). Yes, it's makemap hash if you want to do it explicitly. However, odds are there's a Makefile in your /etc/mail. If there is, you can just do: cd /etc/mail make and it should automatically rebuild any db hash files that are older than their corresponding source file. > > Do I need to restart MailScanner (which also restarts sendmail). I don't believe so. I'm pretty sure sendmail reads changes to all of the .db files on the fly. > >> >> Poof, no more mail to or from that address will ever be accepted by >> your MTA. >> > This would be great. > > David J. From shuttlebox at gmail.com Thu Mar 27 21:42:36 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Thu Mar 27 21:43:12 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC10D8.8000207@evi-inc.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC031F.7030004@bytesinteractive.com> <47EC10D8.8000207@evi-inc.com> Message-ID: <625385e30803271442t368f737bsb90684e075a4fcc3@mail.gmail.com> On Thu, Mar 27, 2008 at 10:25 PM, Matt Kettler wrote: > > Do I need to restart MailScanner (which also restarts sendmail). > > I don't believe so. I'm pretty sure sendmail reads changes to all of the .db > files on the fly. That's correct. -- /peter From linuxmasterjedi at free.fr Thu Mar 27 21:34:25 2008 From: linuxmasterjedi at free.fr (L.M.J) Date: Fri Mar 28 00:36:40 2008 Subject: Mailscanner acts crazy since yesterday Message-ID: <20080327223425.5426bb5e@netstation.linuxnetwork.local> hi, I'm running Mailscanner 4.62.9-3 on Ubuntu 6.10 since more then 1 year. I'm also running a Web interface called Mailwatch. EVERYTHING runs fine since more then 1 years, I have black/white list in &sql, i'm using razor/pyzor/grey list + spamassasin, each day, phis-hing list is updated, spamassassin learns his mistakes via a share mail folder : well, it's a perfect life. Yesterday evening, a collegue asked me to ass an email in the whitelist (what I already did more then 60 time!) Worked fine. The next morning, I'm wondering if it's linked or not to my previous action, but ALL emails with a score inferior at 0 is marked as spam! I have double check the conf, I can figure out what changed. I have a backup of the September 2007 conf file, everywhere is pretty similar (score and high score is set to 3,1 and 5,0) Have you seen that before? Any clue to fix that? I even restarted the machine, nothing change. Help me out please, I'm screwed :-/ Best regards. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080327/942930ed/signature.bin From sandro at e-den.it Fri Mar 28 01:05:25 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Fri Mar 28 01:06:28 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080327223425.5426bb5e@netstation.linuxnetwork.local> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> Message-ID: <20080328010525.GA24549@ubuntu> > The next morning, I'm wondering if it's linked or not to my previous action, but ALL emails with a score > inferior at 0 is marked as spam! I have double check the conf, I can figure out what changed. I have a backup > of the September 2007 conf file, everywhere is pretty similar (score and high score is set to 3,1 and 5,0) > > Have you seen that before? Any clue to fix that? I even restarted the machine, nothing change. Help me out > please, I'm screwed :-/ This has been discussed in the last few days several times. Search for mailscanner marking as spam. The issue is you are using ORDB ad rbl: http://it.slashdot.org/article.pl?sid=08/03/25/2124224 Remove ORDB from 'Spam List' in mailscanner.conf and any place where you defined rbl. *;-) From michel at mitch-it.nl Fri Mar 28 01:17:38 2008 From: michel at mitch-it.nl (michel@mitch-it.nl) Date: Fri Mar 28 01:19:24 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080327223425.5426bb5e@netstation.linuxnetwork.local> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> Message-ID: <20080328011738.GA16145@mitch-it.nl> On Thu, Mar 27, 2008 at 10:34:25PM +0100, L.M.J wrote: > The next morning, I'm wondering if it's linked or not to my previous action, but ALL emails with a score > inferior at 0 is marked as spam! I have double check the conf, I can figure out what changed. I have a backup > of the September 2007 conf file, everywhere is pretty similar (score and high score is set to 3,1 and 5,0) > > Have you seen that before? Any clue to fix that? I even restarted the machine, nothing change. Help me out > please, I'm screwed :-/ Hi, Remove the ORDB RBL from your configuration and it should work fine again. http://it.slashdot.org/article.pl?sid=08/03/25/2124224# -- Met vriendelijk groet, Michel van der Klei http://www.mitch-it.nl A brain is a wonderful thing, everybody should have one! From edward at tdcs.com.au Fri Mar 28 02:01:17 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Fri Mar 28 02:02:14 2008 Subject: Wow - serious issues Message-ID: I unsubscribed 10 days agao - as I've been doing the work of multiple people due to various reason, and I simply ran out of time to keep up to date and read all the MailScanner stuff. I had to come subscribe back today though - as MailScanner (or part thereof - I'm not sure) developed a serious issue. Basically - the configuration has not been changed for ages - certainly not since this started. >From what I can tell, this started March 27 at 17:31. Basically, messages would come in as per normal. For some reason they all get marked by MailScanner as {Spam} Notify message goes out to myself and the sender When it gets delivered to me, it gets marked and processed again. Rinse and repeat. over 2600 spam notifications waiting for me this morning and messages usually OK now marked as spam. I'm normally lucky to get 50 or so legitimate e-mails a day. No updates done to the server at this time nor configuration changes. Extract from "cat /var/log/mail.info.0 | grep 'deliver,notify'" Mar 27 17:31:11 ubuntu MailScanner[19413]: Spam Actions: message 44A0BC702F8.267B2 actions are deliver,notify,striphtml Mar 27 17:47:38 ubuntu MailScanner[19386]: Spam Actions: message 99153C703A9.9B31C actions are deliver,notify,striphtml Mar 27 18:01:42 ubuntu MailScanner[19413]: Spam Actions: message C41F8C703A6.1D502 actions are deliver,notify,striphtml Mar 27 18:02:00 ubuntu MailScanner[19413]: Spam Actions: message 77C50C703AB.EB565 actions are deliver,notify,striphtml Mar 27 18:02:17 ubuntu MailScanner[19413]: Spam Actions: message E3C6CC703AE.0697C actions are deliver,notify,striphtml Mar 27 18:02:33 ubuntu MailScanner[19278]: Spam Actions: message ABA16C703A9.313E5 actions are deliver,notify,striphtml Mar 27 18:02:49 ubuntu MailScanner[19278]: Spam Actions: message 73A6DC703AB.CB0BB actions are deliver,notify,striphtml Mar 27 18:03:03 ubuntu MailScanner[19413]: Spam Actions: message DC83AC703A9.E11AE actions are deliver,notify,striphtml Mar 27 18:03:23 ubuntu MailScanner[19278]: Spam Actions: message F0BDAC703AB.01034 actions are deliver,notify,striphtml Mar 27 18:03:42 ubuntu MailScanner[19386]: Spam Actions: message 1E2BFC703AE.7B976 actions are deliver,notify,striphtml Mar 27 18:04:00 ubuntu MailScanner[19278]: Spam Actions: message A44DEC703AB.8A1DA actions are deliver,notify,striphtml Mar 27 18:04:20 ubuntu MailScanner[19413]: Spam Actions: message 6DCE5C703A9.213FA actions are deliver,notify,striphtml Mar 27 18:04:40 ubuntu MailScanner[19278]: Spam Actions: message 28293C703AB.66668 actions are deliver,notify,striphtml Mar 27 18:04:57 ubuntu MailScanner[19413]: Spam Actions: message 1B9FEC703AE.3D671 actions are deliver,notify,striphtml Mar 27 18:05:18 ubuntu MailScanner[19413]: Spam Actions: message 69C49C703A9.288EE actions are deliver,notify,striphtml Mar 27 18:05:34 ubuntu MailScanner[19413]: Spam Actions: message 7107DC703AB.4D1C0 actions are deliver,notify,striphtml Basically she started hammering. My server was at a standstill this morning, As were Outlook clients trying to update the IMAP with the server. I've temporarily told postfix not to hold the queue (so MailScanner just stares at an empty hold queue) and this has stopped the madness and allowed me to do my work (minus spam checks ofcourse). Has this happened to other and if not, where do I go about looking for this - this has never happened before. Oh, and stopping postfix, clearing the queue, and re-starting postfix seems ok until the first message gets processed by MailScanner, then slowly she doubles up and kills my server again. Please take it slow - I'm not a total noob, but far removed from a guru as well. Regards, Ed. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/ad6f740d/attachment.html From mike at vesol.com Fri Mar 28 02:25:48 2008 From: mike at vesol.com (Mike Kercher) Date: Fri Mar 28 02:28:47 2008 Subject: Wow - serious issues In-Reply-To: References: Message-ID: <015501c8907b$09b6a100$4b0ba8c0@home.middlefinger.net> Read the thread just previous to this one...ORDB.org ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Edward Dekkers Sent: Thursday, March 27, 2008 9:01 PM To: mailscanner@lists.mailscanner.info Subject: Wow - serious issues I unsubscribed 10 days agao - as I've been doing the work of multiple people due to various reason, and I simply ran out of time to keep up to date and read all the MailScanner stuff. I had to come subscribe back today though - as MailScanner (or part thereof - I'm not sure) developed a serious issue. Basically - the configuration has not been changed for ages - certainly not since this started. From what I can tell, this started March 27 at 17:31. Basically, messages would come in as per normal. For some reason they all get marked by MailScanner as {Spam} Notify message goes out to myself and the sender When it gets delivered to me, it gets marked and processed again. Rinse and repeat. over 2600 spam notifications waiting for me this morning and messages usually OK now marked as spam. I'm normally lucky to get 50 or so legitimate e-mails a day. No updates done to the server at this time nor configuration changes. Extract from "cat /var/log/mail.info.0 | grep 'deliver,notify'" Mar 27 17:31:11 ubuntu MailScanner[19413]: Spam Actions: message 44A0BC702F8.267B2 actions are deliver,notify,striphtml Mar 27 17:47:38 ubuntu MailScanner[19386]: Spam Actions: message 99153C703A9.9B31C actions are deliver,notify,striphtml Mar 27 18:01:42 ubuntu MailScanner[19413]: Spam Actions: message C41F8C703A6.1D502 actions are deliver,notify,striphtml Mar 27 18:02:00 ubuntu MailScanner[19413]: Spam Actions: message 77C50C703AB.EB565 actions are deliver,notify,striphtml Mar 27 18:02:17 ubuntu MailScanner[19413]: Spam Actions: message E3C6CC703AE.0697C actions are deliver,notify,striphtml Mar 27 18:02:33 ubuntu MailScanner[19278]: Spam Actions: message ABA16C703A9.313E5 actions are deliver,notify,striphtml Mar 27 18:02:49 ubuntu MailScanner[19278]: Spam Actions: message 73A6DC703AB.CB0BB actions are deliver,notify,striphtml Mar 27 18:03:03 ubuntu MailScanner[19413]: Spam Actions: message DC83AC703A9.E11AE actions are deliver,notify,striphtml Mar 27 18:03:23 ubuntu MailScanner[19278]: Spam Actions: message F0BDAC703AB.01034 actions are deliver,notify,striphtml Mar 27 18:03:42 ubuntu MailScanner[19386]: Spam Actions: message 1E2BFC703AE.7B976 actions are deliver,notify,striphtml Mar 27 18:04:00 ubuntu MailScanner[19278]: Spam Actions: message A44DEC703AB.8A1DA actions are deliver,notify,striphtml Mar 27 18:04:20 ubuntu MailScanner[19413]: Spam Actions: message 6DCE5C703A9.213FA actions are deliver,notify,striphtml Mar 27 18:04:40 ubuntu MailScanner[19278]: Spam Actions: message 28293C703AB.66668 actions are deliver,notify,striphtml Mar 27 18:04:57 ubuntu MailScanner[19413]: Spam Actions: message 1B9FEC703AE.3D671 actions are deliver,notify,striphtml Mar 27 18:05:18 ubuntu MailScanner[19413]: Spam Actions: message 69C49C703A9.288EE actions are deliver,notify,striphtml Mar 27 18:05:34 ubuntu MailScanner[19413]: Spam Actions: message 7107DC703AB.4D1C0 actions are deliver,notify,striphtml Basically she started hammering. My server was at a standstill this morning, As were Outlook clients trying to update the IMAP with the server. I've temporarily told postfix not to hold the queue (so MailScanner just stares at an empty hold queue) and this has stopped the madness and allowed me to do my work (minus spam checks ofcourse). Has this happened to other and if not, where do I go about looking for this - this has never happened before. Oh, and stopping postfix, clearing the queue, and re-starting postfix seems ok until the first message gets processed by MailScanner, then slowly she doubles up and kills my server again. Please take it slow - I'm not a total noob, but far removed from a guru as well. Regards, Ed. From edward at tdcs.com.au Fri Mar 28 02:53:28 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Fri Mar 28 02:54:44 2008 Subject: Wow - serious issues In-Reply-To: <015501c8907b$09b6a100$4b0ba8c0@home.middlefinger.net> References: <015501c8907b$09b6a100$4b0ba8c0@home.middlefinger.net> Message-ID: > Read the thread just previous to this one...ORDB.org > Found the archives, read the thread, fixed the issue. Thanks guys. Took me a while to learn where and how to work the archives, but got there in the end. So, do we just leave ORDB out or should we replace with another BL? I currently still have SBL+XBL in there. Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From support at bytesinteractive.com Fri Mar 28 03:22:35 2008 From: support at bytesinteractive.com (David Jourard) Date: Fri Mar 28 03:23:06 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC09F9.4000006@ecs.soton.ac.uk> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> <47EC09F9.4000006@ecs.soton.ac.uk> Message-ID: <47EC647B.9010700@bytesinteractive.com> Julian Field wrote: >>> >>> Then run make in /etc/mail/ directory to rebuild access.db from the >>> access text file. That seems to work. > Easy enough to test. Try > sendmail -bv info@clientdomain.com > and see what it says it will do with it. If it looks like it's going > to try to deliver it, then do a quick > service MailScanner restart > I don't *think* you need to, but someone will surely correct me if I'm > wrong. Further question. When I run sendmail -bv info@clientdomain.com info@clientdomain.com... deliverable: mailer local, user info What does this mean if its says deliverable yet I'm not getting these emails anymore Thanks David J. From linuxmasterjedi at free.fr Fri Mar 28 06:21:05 2008 From: linuxmasterjedi at free.fr (L.M.J) Date: Fri Mar 28 06:21:46 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080328011738.GA16145@mitch-it.nl> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328011738.GA16145@mitch-it.nl> Message-ID: <20080328072105.359df5e2@netstation.linuxnetwork.local> Le Fri, 28 Mar 2008 02:17:38 +0100, michel@mitch-it.nl a ?crit : > On Thu, Mar 27, 2008 at 10:34:25PM +0100, L.M.J wrote: > > > The next morning, I'm wondering if it's linked or not to my previous action, but ALL emails with a score > > inferior at 0 is marked as spam! I have double check the conf, I can figure out what changed. I have a > > backup of the September 2007 conf file, everywhere is pretty similar (score and high score is set to 3,1 > > and 5,0) > > > > Have you seen that before? Any clue to fix that? I even restarted the machine, nothing change. Help me > > out please, I'm screwed :-/ > > Hi, > > Remove the ORDB RBL from your configuration and it should work fine again. > > http://it.slashdot.org/article.pl?sid=08/03/25/2124224# > THANKS a lot for your help, I will check it out! thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/f6445fd0/signature.bin From oliver at linux-kernel.at Fri Mar 28 08:15:59 2008 From: oliver at linux-kernel.at (Oliver Falk) Date: Fri Mar 28 08:17:04 2008 Subject: Sync multiple servers In-Reply-To: <47EC0C06.9030807@ecs.soton.ac.uk> References: <47EC0C06.9030807@ecs.soton.ac.uk> Message-ID: <47ECA93F.6010100@linux-kernel.at> Have a look at csync2: http://oss.linbit.com/csync2/ I use it for my firewalls. Every time I change something on one of these, I ran csync2 and the new configs get delivered to the other node and all relevant services get restarted. Very easy configuration. Uses shared keys. Include single files or whole directory structures... Blah... Give it a try... -of Julian Field wrote: > Read "man rsync" :-) > > You can do your entire MailScanner config (on your primary config host, > which might be a Linux box) with > rsync -av --rsh=ssh /etc/MailScanner/ > root@second.mail.host.com:/etc/MailScanner/ > If you want to see what it will do, but without actually doing it, add > "--dry-run" to the list of options near the start of that command. > > You'll need to set up ssh keys so that the primary config host can > successfully > ssh root@second.mail.host.com date > without asking for a password. Then you can bung it in a crontab entry > and it will do it regularly. Personally I prefer to do it just on > demand, so typing in a password isn't a big deal, and makes me stop and > think before I do it (which I regard as a good thing :-) > > You could copy the sendmail configuration similarly by copying > /etc/aliases* and /etc/mail/ the same way. > Once you have copied the files over, do an > ssh root@second.mail.host.com /sbin/service MailScanner restart > to force it to start up afresh with the new configuration files in place. > > Do it with a nice new copy of MailScanner and the service MailScanner > restart will reliably and completely do the job, I recently improved it. > If your "service MailScanner restart" prints "....5....0 "then you have > a recent enough version. If it just prints a long string of dots, > without any digits every 5th dot, then you need a more recent version of > the init.d script. > > Best regards, > Jules. > > Gregory Wong wrote: >> Hi everyone. I have a server running Postfix, MailScanner, SA, etc. >> that is offsite from the main office. I am looking to setup a second >> server and use round robin to allow mail sent to be ?load balanced? >> between the two servers. Can anyone recommend a way to sync server 2 >> with server 1 so the configuration is identical? I am also interested >> in updating one server and syncing the changes onto the second one. >> >> Thanks. > > Jules > From Alistair.Carmichael at virginmedia.co.uk Fri Mar 28 09:25:29 2008 From: Alistair.Carmichael at virginmedia.co.uk (Carmichael, Alistair) Date: Fri Mar 28 09:27:28 2008 Subject: clamav module woes References: Message-ID: From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Scott Silva Sent: 27 March 2008 18:50 To: mailscanner@lists.mailscanner.info Subject: Re: clamav module woes on 3-27-2008 3:22 AM Carmichael, Alistair spake the following: > Hey Guys, > > I've ran into a problem with one of our mailscanner servers after doing > our regular pagkage update via yum - this included amongst other updates > clamav. > > Since running the updates mailscanner hasn't been scanning and the > following message appears in maillog and when running MailScanner -debug: > > ClamAV Perl module not found, did you install it? > > I've tried re-installing clamav in it's entirety from the tar.gz on the > mailscanner website download page and I've also tried reinstalling just > the perl module both via dag.wieers.com rpm respository and cpan. >You can't install clam from both an rpm and Julian's package as they use >different paths. Pick one and stick with it. >Also get the perl module from the same place. If you use rpm's get the >module >from rpmforge also. Don't install from CPAN on an rpm system, you will >eventually break something. Use something like cpanflute or cpan2rpm to >make >rpms of modules you can't find anywhere else. Sorry I didn't mean that I had installed over the top using alternative methods, I uninstalled clam from its previous rpm and then tried installing from Julian's package but both led to the same error. There have been instances in the past where I've had to resort to cpan for a perl module, I haven't come across either of those tools to make rpms from cpan so I will definitely look into that for future reference. > > Incase it was one of the other updates which broke the system a full > list of the updated packages since we started having this problem is: > > > > Mar 25 10:13:25 Updated: krb5-libs.i386 1.3.4-54.el4_6.1 > > Mar 25 10:13:26 Updated: perl-Archive-Tar.noarch 1.38-1.el4.rf > > Mar 25 10:13:26 Updated: cups-libs.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 > > Mar 25 10:13:26 Updated: perl-IO-Zlib.noarch 1.09-1.el4.rf > > Mar 25 10:13:28 Updated: spamassassin.i386 3.2.4-1.el4.rf > > Mar 25 10:13:28 Updated: perl-Archive-Zip.noarch 1.23-1.el4.rf > > Mar 25 10:13:29 Updated: openldap.i386 2.2.13-8.el4_6.4 > > Mar 25 10:13:30 Updated: clamav-db.i386 0.92.1-1.el4.rf > > Mar 25 10:13:46 Installed: kernel-smp.i686 2.6.9-67.0.7.EL > > Mar 25 10:13:57 Installed: kernel.i686 2.6.9-67.0.7.EL > > Mar 25 10:13:57 Updated: perl-Convert-BER.noarch 1.3101-1.el4.rf > > Mar 25 10:14:00 Updated: tzdata.noarch 2007k-2.el4 > > Mar 25 10:14:02 Updated: cups.i386 1:1.1.22-0.rc1.9.20.2.el4_6.5 > > Mar 25 10:14:02 Updated: multitail.i386 5.2.1-1.el4.rf > > Mar 25 10:14:03 Updated: nagios-plugins.i386 1.4.11-1.el4.rf > > Mar 25 10:14:03 Updated: gd.i386 2.0.28-5.4E.el4_6.1 > > Mar 25 10:14:03 Updated: krb5-workstation.i386 1.3.4-54.el4_6.1 > > Mar 25 10:14:04 Updated: clamav.i386 0.92.1-1.el4.rf > > Mar 25 10:14:04 Updated: perl-Socket6.i386 0.20-1.el4.rf > > Mar 27 08:34:09 Installed: perl-IO-Compress-Base.noarch 2.008-1.el4.rf > > Mar 27 08:34:09 Installed: perl-Compress-Raw-Zlib.i386 2.008-1.el4.rf > > Mar 27 08:34:09 Installed: perl-IO-Compress-Zlib.noarch 2.008-1.el4.rf > > Mar 27 08:41:13 Updated: perl-Compress-Zlib.noarch 2.008-1.el4.rf > > > > [root@mailscanner2 log]# MailScanner -debug > > In Debugging mode, not forking... > > ClamAV Perl module not found, did you install it? at > /usr/lib/MailScanner/MailScanner/SweepViruses.pm line 487 > > > > [root@mailscanner2 log]# which perl > > /usr/bin/perl > > > > I'm running centos 4.4 with linux kernel version 2.6.9-55.ELsmp > >Since you updated, you really should reboot to use the new kernel that you >just downloaded. Reboots are already scheduled in but (not my decision so save the flames!) live servers only get rebooted out of hours on the weekend as some of our ibm kit is really fussy with some kernels but at least its good overtime ;) > > > We have 2 other identical servers running mailscanner both working fine > currently the only difference being is that they haven't yet had the > above updates applied. > > > > If anyone knows what could be causing the problem or needs any further > info please let me know, I've tried to use this as a last resort having > exhausted google / most of the hairs on my head any help would be much > appreciated! > > > We've switched over to using clamd now which looks to be running well and will probably be rolled out to the other mailscanners before they get the update treatment next week! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! ------------------------------------------------------------------------------ Save Paper - Do you really need to print this e-mail? Visit www.virginmedia.com for more information, and more fun. This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237 ============================================================================== From gmatt at nerc.ac.uk Fri Mar 28 10:14:42 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 28 10:15:45 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC647B.9010700@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> <47EC09F9.4000006@ecs.soton.ac.uk> <47EC647B.9010700@bytesinteractive.com> Message-ID: <47ECC512.9030200@nerc.ac.uk> David Jourard wrote: > Julian Field wrote: > >>>> >>>> Then run make in /etc/mail/ directory to rebuild access.db from the >>>> access text file. > > That seems to work. > >> Easy enough to test. Try >> sendmail -bv info@clientdomain.com >> and see what it says it will do with it. If it looks like it's going >> to try to deliver it, then do a quick >> service MailScanner restart >> I don't *think* you need to, but someone will surely correct me if I'm >> wrong. > > Further question. When I run sendmail -bv info@clientdomain.com > > info@clientdomain.com... deliverable: mailer local, user info > > What does this mean if its says deliverable yet I'm not getting these > emails anymore sendmail -bv does not check the recipient address against your access.db To to that, try the following: # sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> check_rcpt ...lots of output... D returns: < REJECT > < > SearchList returns: < REJECT > SearchList returns: < REJECT > Rcpt_ok returns: $# error $@ 5 . 2 . 1 $: "550 Mailbox disabled for this recipient" Basic_check_rcpt returns: $# error $@ 5 . 2 . 1 $: "550 Mailbox disabled for this recipient" check_rcpt returns: $# error $@ 5 . 2 . 1 $: "550 Mailbox disabled for this recipient" alternatively, use telnet to fake an SMTP connection to your server. GREG > > Thanks > David J. > > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From gmatt at nerc.ac.uk Fri Mar 28 10:25:34 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Fri Mar 28 10:26:25 2008 Subject: Sync multiple servers In-Reply-To: <47ECA93F.6010100@linux-kernel.at> References: <47EC0C06.9030807@ecs.soton.ac.uk> <47ECA93F.6010100@linux-kernel.at> Message-ID: <47ECC79E.1050800@nerc.ac.uk> Oliver Falk wrote: > Have a look at csync2: > > http://oss.linbit.com/csync2/ > > -of > > Julian Field wrote: >> Read "man rsync" :-) I use rdist with a config file that provides a few different file groups and exceptions, like this: ssh-add -l && rdist -P /usr/bin/ssh -f ~/mydistfile mail where "mail" is a section in ~/mydistfile, a cut down version of which looks a bit like this: # dist file for use with rdist # usage: rdist -f -P /usr/bin/ssh [target] HOSTS = ( root@mailserver1 root@mailserver2 ) MAILFILES = ( /etc/mail /etc/MailScanner /etc/sysconfig/RulesDuJour /etc/logwatch /var/www/html/mailscanner/docs* ) EXMAIL = ( /etc/mail/localnames /usr/local/bin/mailq.php /etc/mail/namelist /etc/mail/logs /etc/mail/saveweek /etc/mail/statistics /etc/mail/stats /etc/mail/sendmail.cf* /etc/mail/sendmail.mc* /etc/mail/*.db /etc/MailScanner/bayes* /etc/mail/curdfile /etc/mail/curdfile.new /etc/mail/spamassassin/RulesDuJour/*.cf.* /etc/mail/nosanity /etc/mail/*.temporary /etc/mail/warnaliases /etc/MailScanner/phishing.safe.sites.conf.old /etc/mail/spamassassin/sa-update-keys/* /etc/mail/list/pol-staff-list /etc/mail/list/mba-staff-list /etc/mail/list/itss-staff-list /etc/mail/extraaliases /etc/mail/access /etc/mail/spamassassin/RulesDuJour ) EXSOFT = ( /local/software/build/* ) mail: ${MAILFILES} -> ${HOSTS} # install -owhole,remove /tmp/rdist-test ; # testing install -owhole,remove /; except ${EXMAIL} ; the use of ssh-add -l before calling rdist is to check that you have added the ssh keys to your agent otherwise you get into a tangle with password prompts if you are trying to rdist to more than one host at a time. I have other sections in mydistfile for syncing other areas (such as the software package area containing tar files for current software). Has worked great for a few years now. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From linuxmasterjedi at free.fr Fri Mar 28 11:51:55 2008 From: linuxmasterjedi at free.fr (L.M.J.) Date: Fri Mar 28 11:52:32 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080328011738.GA16145@mitch-it.nl> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328011738.GA16145@mitch-it.nl> Message-ID: <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> > Hi, > > Remove the ORDB RBL from your configuration and it should work fine again. In my mailscanner.conf, I have this line "Spam List = ORDB-RBL SBL+XBL" Should I keep "SBL+XBL" or not ("Spam List = SBL+XBL") ? Thanks by advance From martinh at solidstatelogic.com Fri Mar 28 12:08:22 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 28 12:08:58 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> Message-ID: Hi Yes just keep the SBL part, if you don't ask them too much and they don't block you. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of L.M.J. > Sent: 28 March 2008 11:52 > To: MailScanner discussion > Subject: Re: Mailscanner acts crazy since yesterday > > > Hi, > > > > Remove the ORDB RBL from your configuration and it should work fine > again. > > In my mailscanner.conf, I have this line "Spam List = ORDB-RBL SBL+XBL" > Should I keep "SBL+XBL" or not ("Spam List = SBL+XBL") ? > > Thanks by advance > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From michel at mitch-it.nl Fri Mar 28 12:32:02 2008 From: michel at mitch-it.nl (michel@mitch-it.nl) Date: Fri Mar 28 12:33:49 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328011738.GA16145@mitch-it.nl> <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> Message-ID: <20080328123202.GA22083@mitch-it.nl> On Fri, Mar 28, 2008 at 12:51:55PM +0100, L.M.J. wrote: > > Hi, > > > > Remove the ORDB RBL from your configuration and it should work fine again. > > In my mailscanner.conf, I have this line "Spam List = ORDB-RBL SBL+XBL" > Should I keep "SBL+XBL" or not ("Spam List = SBL+XBL") ? Just remove ORDB-RBL yu can keep SBL+XBL if you like. -- Kind Regards Michel van der Klei Mitch IT http://www.mitch-it.nl A brain is a wonderful thing, everybody should have one! From MailScanner at ecs.soton.ac.uk Fri Mar 28 13:07:21 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 28 13:08:02 2008 Subject: Signature Image Filename Message-ID: <47ECED89.2060700@ecs.soton.ac.uk> Does anyone know if this feature works at the moment? It keeps adding my image as an attachment, and I can't get it to put it in-line in the text at all. Thunderbird displays the signature attachment after the message, not as part of it. All I get in the message body is a "broken image" indicator. Does anyone use this feature at all? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamlists at coders.co.uk Fri Mar 28 13:24:16 2008 From: spamlists at coders.co.uk (Matt Hampton) Date: Fri Mar 28 13:25:35 2008 Subject: Signature Image Filename In-Reply-To: <47ECED89.2060700@ecs.soton.ac.uk> References: <47ECED89.2060700@ecs.soton.ac.uk> Message-ID: <47ECF180.2060402@coders.co.uk> Julian Field wrote: > Does anyone know if this feature works at the moment? > It keeps adding my image as an attachment, and I can't get it to put > it in-line in the text at all. Thunderbird displays the signature > attachment after the message, not as part of it. All I get in the > message body is a "broken image" indicator. > > Does anyone use this feature at all? > > Jules > Yes it works. You need to specify in the HTML signature the img tag pointing to it. Otherwise it is just an attached image. matt From dstraka at caspercollege.edu Fri Mar 28 13:37:03 2008 From: dstraka at caspercollege.edu (Daniel Straka) Date: Fri Mar 28 13:37:58 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47ECC512.9030200@nerc.ac.uk> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> <47EC09F9.4000006@ecs.soton.ac.uk> <47EC647B.9010700@bytesinteractive.com><47EC647B.9010700@bytesinteractive.com> <47ECC512.9030200@nerc.ac.uk> Message-ID: <47ECA01E.61A4.0000.0@caspercollege.edu> Wouldn't it be easier to add this to your spam.blacklist.rules? From: uucp@* yes From: mail@* yes -- Dan Straka Systems Coordinator Casper College 307.268.2399 www.caspercollege.edu From ja at conviator.com Fri Mar 28 14:06:14 2008 From: ja at conviator.com (Jan Agermose) Date: Fri Mar 28 14:07:20 2008 Subject: reject Message-ID: Hi Using mailscanner I can delete, store, forward spammail, but Im missing the "reject"? Is this not possible or am I simply misreading the docs :-) Thanks Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/b9a7c81e/attachment.html From martinh at solidstatelogic.com Fri Mar 28 14:21:32 2008 From: martinh at solidstatelogic.com (Martin.Hepworth) Date: Fri Mar 28 14:22:07 2008 Subject: reject In-Reply-To: Message-ID: <9d4cbae1e5bcf94aa118251671436ab4@solidstatelogic.com> Jan Not possible, you've already accepted the message by time Mailscanner gets it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Agermose > Sent: 28 March 2008 14:06 > To: mailscanner@lists.mailscanner.info > Subject: reject > > Hi > > > > Using mailscanner I can delete, store, forward spammail, but Im missing > the "reject"? Is this not possible or am I simply misreading the docs :-) > > > > Thanks > > Jan > > ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom ********************************************************************** From ecasarero at gmail.com Fri Mar 28 14:29:47 2008 From: ecasarero at gmail.com (Eduardo Casarero) Date: Fri Mar 28 14:30:23 2008 Subject: reject In-Reply-To: References: Message-ID: <7d9b3cf20803280729n485406edv4e3612cee0674e7f@mail.gmail.com> The reject only can be done in the MTA stage, so look in your mta documentacion, if using sendmail check milter-ahed milter-greylisting, rbls, etc. All this has to be done at MTA level. Regards, 2008/3/28, Jan Agermose : > > > > > Hi > > > > Using mailscanner I can delete, store, forward spammail, but Im missing the > "reject"? Is this not possible or am I simply misreading the docs J > > > > Thanks > > Jan > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > From mkettler at evi-inc.com Fri Mar 28 14:40:17 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 28 14:41:37 2008 Subject: reject In-Reply-To: References: Message-ID: <47ED0351.6040406@evi-inc.com> Jan Agermose wrote: > Hi > > > > Using mailscanner I can delete, store, forward spammail, but Im missing > the ?reject?? Is this not possible or am I simply misreading the docs J MailScanner gets called after the message has been accepted and queued. At that point, it is by far too late to reject a message. In theory MailScanner could do a post-delivery bounce on it, but that will generally get your server blacklisted pretty quickly. This really boils down to one of the fundamental trade offs of when to call a spam scanner in your mail chain. There's 4 primary points this can be done at, each with various advantages and disadvantages. Mailscanner would be "MTA, Mail Queue" in the list below. rejecting is only possible at the "MTA, SMTP session" configuration, which MailScanner isn't. MTA, SMTP session: can reject, one scan per message, bogs down under bursty traffic, limited per-user configuration. MTA, Mail Queue: cannot reject, one scan per message, handles bursts well, limited per-user configuration. MDA, Mailbox Delivery: cannot reject, one scan per recipient per message (more load), handles bursts well, flexible per-user configuration. MUA, Desktop delivery: cannot reject, one scan per recipient per message (more load), handles bursts well, flexible per-user configuration, uses desktop resources for scanning (distributes load). From campbell at cnpapers.com Fri Mar 28 14:44:19 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Mar 28 14:58:56 2008 Subject: OT: Sendmail REJECT or DISCARD preference Message-ID: <47ED0443.6030502@cnpapers.com> Since we're hitting the access file pretty hard today, I thought I'd ask a question about what most might put in there. I typically use the DISCARD parameter instead of the REJECT, with the reason being I don't want to add to the trash on the web. What do most use here and am I correct in thinking that DISCARD is less bandwidth and CPU intensive? Thanks for any thoughts. Steve From simonmjones at gmail.com Fri Mar 28 15:00:47 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Mar 28 15:01:27 2008 Subject: backscatter problem Message-ID: <70572c510803280800s37932c39ue31e055313c8c135@mail.gmail.com> Hi all, anyone help with some good rules to combat backscatter email? i seem to have a real problem with this at the moment, mostly bouncing back from .ru domains to my customers. i'm sure a ruleset will help but i'm not certain what would be best, header checks or something in the spam rules? thanks SMJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/3982e680/attachment.html From peter at farrows.org Fri Mar 28 15:01:37 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 15:02:28 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0443.6030502@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> Message-ID: <47ED0851.9090807@farrows.org> Steve Campbell wrote: > Since we're hitting the access file pretty hard today, I thought I'd > ask a question about what most might put in there. > > I typically use the DISCARD parameter instead of the REJECT, with the > reason being I don't want to add to the trash on the web. What do most > use here and am I correct in thinking that DISCARD is less bandwidth > and CPU intensive? > > Thanks for any thoughts. > > Steve > DISCARD every time... because if its spoofed you'll only get it back in your postmaster account.... From steve at fsl.com Fri Mar 28 15:10:11 2008 From: steve at fsl.com (Stephen Swaney) Date: Fri Mar 28 15:10:50 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0443.6030502@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> Message-ID: <47ED0A53.2050309@fsl.com> Steve Campbell wrote: > Since we're hitting the access file pretty hard today, I thought I'd > ask a question about what most might put in there. > > I typically use the DISCARD parameter instead of the REJECT, with the > reason being I don't want to add to the trash on the web. What do most > use here and am I correct in thinking that DISCARD is less bandwidth > and CPU intensive? > > Thanks for any thoughts. > > Steve > Steve, REJECT: reject the e-mail with a general error message. DISCARD: silently discard the message completely. Looks like DISCARD uses less local and network resources. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From marcel-ml at irc-addicts.de Fri Mar 28 15:00:38 2008 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Fri Mar 28 15:13:39 2008 Subject: SMTP AUTH and no Scanning Message-ID: Hi there, this question is really easy..i guess.. .) As i am now using SMTP Auth and got almost every user on the system to do so, i would love to skip those mails, sended by those users who used smtp auth, for scanning. Means, a user sends a mail with smtp auth and the mail will go through unscanned. Or do you think this is a bad idea? Any advice is welcome :) as always.. Thanks Marcel From damian at cht.com.ar Fri Mar 28 15:21:30 2008 From: damian at cht.com.ar (Damian Rivas) Date: Fri Mar 28 15:25:14 2008 Subject: backscatter problem Message-ID: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> >Hi all, anyone help with some good rules to combat backscatter email? i seem to have a real problem with this at the moment, mostly bouncing back from .ru domains to my customers. i'm sure a ruleset will help but i'm not certain what would >be best, header checks or something in the spam rules? > >thanks > >SMJ The solutions depends on your MTA, if you are using sendmail check this: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html And this: http://www.spamcop.net/fom-serve/cache/329.html If you are using postfix check this: http://www.postfix.org/BACKSCATTER_README.html If you have another MTA just google "mta+backscatter" and you'll find tons of information. From steve.freegard at fsl.com Fri Mar 28 15:32:15 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 28 15:34:03 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0443.6030502@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> Message-ID: <47ED0F7F.7010502@fsl.com> Steve Campbell wrote: > Since we're hitting the access file pretty hard today, I thought I'd ask > a question about what most might put in there. > > I typically use the DISCARD parameter instead of the REJECT, with the > reason being I don't want to add to the trash on the web. What do most > use here and am I correct in thinking that DISCARD is less bandwidth and > CPU intensive? Nope - 100% wrong in my opinion. If you use DISCARD, then you take the message all the way to the end, pretend to accept it and then /dev/null it. There are two really important disadvantages: 1) Throwing messages into the bit-bucket is really dangerous as if you get an FP here (say through a mistake in the LHS of the access-map) then you'll never know and neither will the server without some debugging. 2) You'll use extra bandwidth as DISCARD will take all of the message data, then throw it away. REJECT is better because: 1) It is done pre-DATA, so therefore potentially saves a lot of bandwidth. 2) As per the RFC - the sending MTA has to deal with the rejection, this means for a FP the sending MTA that receives the rejection must generate a DSN to the originating user. Hope this helps. Kind regards, Steve. From richard.siddall at elirion.net Fri Mar 28 15:34:58 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 28 15:35:51 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0443.6030502@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> Message-ID: <47ED1022.40507@elirion.net> Steve Campbell wrote: > Since we're hitting the access file pretty hard today, I thought I'd ask > a question about what most might put in there. > > I typically use the DISCARD parameter instead of the REJECT, with the > reason being I don't want to add to the trash on the web. What do most > use here and am I correct in thinking that DISCARD is less bandwidth and > CPU intensive? > > Thanks for any thoughts. > I think it depends on your confidence factor that the message is spam. If there's any chance it's a false positive, you'll want to REJECT it so that the sender gets a useful error message. Regards, Richard Siddall From simonmjones at gmail.com Fri Mar 28 15:53:21 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Mar 28 15:54:04 2008 Subject: backscatter problem In-Reply-To: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> Message-ID: <70572c510803280853s692c854ei7cb8435eaaeb3027@mail.gmail.com> On 28/03/2008, Damian Rivas wrote: > > > >Hi all, anyone help with some good rules to combat backscatter email? > i seem to have a real problem with this at the moment, mostly bouncing > back from .ru domains to my customers. i'm sure a ruleset will help but > i'm not certain what would >be best, header checks or something in the > spam rules? > > > >thanks > > > >SMJ > > The solutions depends on your MTA, if you are using sendmail check this: > > http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > > And this: > > http://www.spamcop.net/fom-serve/cache/329.html > > If you are using postfix check this: > > http://www.postfix.org/BACKSCATTER_README.html > > If you have another MTA just google "mta+backscatter" and you'll find > tons of information. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > thanks, the unknown_local_recipient_reject_code = 450 and relay_recipient_maps = hash:/etc/postfix/relay_recipients is a good start but it doesn't help if a customer has something like info@ / enquiries@ etc that are easy to guess. i'm also running version 2.3.4 so it's well protected against backscatter by default. if you have seen something else i've missed on google relating to postfix i'd appreciate a pointer. SMJ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/7ebe0e47/attachment.html From housey at sme-ecom.co.uk Fri Mar 28 16:10:42 2008 From: housey at sme-ecom.co.uk (Paul Houselander (SME)) Date: Fri Mar 28 16:12:28 2008 Subject: backscatter problem {Scanned by Allteks Mailsafe} In-Reply-To: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> Message-ID: <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> >Hi all, anyone help with some good rules to combat backscatter email? i seem to have a real problem with this at the moment, mostly bouncing back from .ru domains to my customers. i'm sure a ruleset will help but i'm not certain what would >be best, header checks or something in the spam rules? > >thanks > >SMJ >>The solutions depends on your MTA, if you are using sendmail check this: >> >>http://elqui.dcsc.utfsm.cl/util/email/backscatter.html >> >>And this: >> >>http://www.spamcop.net/fom-serve/cache/329.html >> >>If you are using postfix check this: >> >>http://www.postfix.org/BACKSCATTER_README.html >> >>If you have another MTA just google "mta+backscatter" and you'll find >>tons of information. I think most of the suggestions are to use something like milter-ahead to reject invalid users, however since the beginning of the week ive been seeing more and more backscatter targeted at valid aliases in which case recipient verification will not make any difference. I spent a while yesterday looking at the watermark feature of mailscanner, if your customers send their outbound e-mail via a server you control it works a treat. Only problem I can see is it seems to incorrectly flag, read receipts and some out of office replies (which I think has been discussed quite a bit on this list) but I personally think it's a small price to pay for a clean inbox! An alternative that I was using was I use mimedefang as while as mailscanner, I wrote a mimedefang filter to reject all bounces for certain domains that were being targeted, not really a great ideal as I understand it breaks certain RFC's but was the only way I could control mail flow on my servers. Good Luck Paul From simonmjones at gmail.com Fri Mar 28 16:34:40 2008 From: simonmjones at gmail.com (Simon Jones) Date: Fri Mar 28 16:40:23 2008 Subject: backscatter problem {Scanned by Allteks Mailsafe} In-Reply-To: <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> Message-ID: <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> On 28/03/2008, Paul Houselander (SME) wrote: > > >Hi all, anyone help with some good rules to combat backscatter email? > i seem to have a real problem with this at the moment, mostly bouncing > back from .ru domains to my customers. i'm sure a ruleset will help but > i'm not certain what would >be best, header checks or something in the > spam rules? > > > >thanks > > > >SMJ > > >>The solutions depends on your MTA, if you are using sendmail check this: > >> > >>http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > >> > >>And this: > >> > >>http://www.spamcop.net/fom-serve/cache/329.html > >> > >>If you are using postfix check this: > >> > >>http://www.postfix.org/BACKSCATTER_README.html > >> > >>If you have another MTA just google "mta+backscatter" and you'll find > >>tons of information. > > I think most of the suggestions are to use something like milter-ahead to > reject invalid users, however since the beginning of the week ive been > seeing more and more backscatter targeted at valid aliases in which case > recipient verification will not make any difference. > > I spent a while yesterday looking at the watermark feature of mailscanner, > if your customers send their outbound e-mail via a server you control it > works a treat. > > Only problem I can see is it seems to incorrectly flag, read receipts and > some out of office replies (which I think has been discussed quite a bit > on > this list) but I personally think it's a small price to pay for a clean > inbox! > > An alternative that I was using was I use mimedefang as while as > mailscanner, I wrote a mimedefang filter to reject all bounces for certain > domains that were being targeted, not really a great ideal as I understand > it breaks certain RFC's but was the only way I could control mail flow on > my > servers. > > Good Luck > > Paul > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Thanks Paul, mmm, that's the problem isn't it - valid addresses! I've seen this increase a LOT this week it's nice to know i've not been the only one. I think milter-ahead is a sendmail app isn't it? I used to use that a few years ago before switching to postfix (it's easier to administer!) I played around with some of snertsoft's filters back then and they seemed to work really well. I'm sure I can crack this with some sort of rule set, anyways I'll keep plugging away but any comments are really appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/48ff8b49/attachment.html From marcel-ml at irc-addicts.de Fri Mar 28 16:25:14 2008 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Fri Mar 28 16:42:43 2008 Subject: reject In-Reply-To: References: Message-ID: <47438.85.178.122.32.1206721514.squirrel@webmail.net-addicts.de> Hi Jan, > Using mailscanner I can delete, store, forward spammail, but Im missing > the "reject"? Is this not possible or am I simply misreading the docs > :-) > as the others stated before, this is only possible directly at the mta. Now, you could go and check Mails via different lists directly at the mta and block them, but this leaves me somekind of headache. See, for example you are using ordb. :) all the incoming mails would get blocked now directly at the mta and the users wouldn't even notice it. As i think how we could help the user and let them decide if they want the mail or not i try not to block via external hosted blacklists, but i do create my own. Therefore the Script ViSPAN is a really great help. It checks the Maillog and the output generated by mailscanner. Then it blocks IPs if they send x spam/virus-mails within y hour. As you can config this script almost into everything, you can check out which ips should never get blocked, or you can also receive an email after an ip is blocked. Whats also a nice goody is the Graphics-Function, as it generates a webpage where you can see how many mails got through, how many where spam (or high-scoring-spam) etc. I am using this script and i must say, i am almost happy with it. Some things do bug me, but these thinks are minor flaws, as the script does what it should do. You can find it here: http://www.while.org.uk/content/view/9/5/ Greetings, Marcel From peter at farrows.org Fri Mar 28 16:45:13 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 16:46:02 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0F7F.7010502@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> Message-ID: <47ED2099.5040201@farrows.org> Steve Freegard wrote: > Steve Campbell wrote: >> Since we're hitting the access file pretty hard today, I thought I'd >> ask a question about what most might put in there. >> >> I typically use the DISCARD parameter instead of the REJECT, with the >> reason being I don't want to add to the trash on the web. What do >> most use here and am I correct in thinking that DISCARD is less >> bandwidth and CPU intensive? > > Nope - 100% wrong in my opinion. > > If you use DISCARD, then you take the message all the way to the end, > pretend to accept it and then /dev/null it. > > There are two really important disadvantages: > > 1) Throwing messages into the bit-bucket is really dangerous as if > you get an FP here (say through a mistake in the LHS of the > access-map) then you'll never know and neither will the server without > some debugging. > > 2) You'll use extra bandwidth as DISCARD will take all of the message > data, then throw it away. > > REJECT is better because: > > 1) It is done pre-DATA, so therefore potentially saves a lot of > bandwidth. > > 2) As per the RFC - the sending MTA has to deal with the rejection, > this means for a FP the sending MTA that receives the rejection must > generate a DSN to the originating user. > > Hope this helps. > > Kind regards, > Steve. If you reject, and its spoofed you'll get it back anyway, so you end up receiving and then storing it in the postmaster address, it is always best to discard in this scenario...or even worse bouncing it again Remember we are dealing with spammers here, since when is the RFC about what is supposed to happen at the sending end/mta from the spammer going to be adhered to.... DISCARD is the way to go... P. From mkettler at evi-inc.com Fri Mar 28 17:10:54 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 28 17:12:14 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0851.9090807@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> Message-ID: <47ED269E.9090403@evi-inc.com> Peter Farrow wrote: > > > Steve Campbell wrote: >> Since we're hitting the access file pretty hard today, I thought I'd >> ask a question about what most might put in there. >> >> I typically use the DISCARD parameter instead of the REJECT, with the >> reason being I don't want to add to the trash on the web. What do most >> use here and am I correct in thinking that DISCARD is less bandwidth >> and CPU intensive? DISCARD is more CPU and resource intensive, as it occurs after the DATA phase. You have to recieve the whole message to DISCARD it. REJECT occurs prior to the completion of the SMTP transfer, generally at the RCPT TO: command. If you can do it here, this is a *MUCH* better idea. >> >> Thanks for any thoughts. >> >> Steve >> > > DISCARD every time... because if its spoofed you'll only get it back in > your postmaster account.... Um, this is rejecting during the SMTP session, not bouncing after delivery. The two concepts are very different. If you REJECT at the sendmail layer, a SMTP 550 is generated and the sending server will get it in THEIR postmaster box (assuming that it really is a server. if it's a spambot it vanishes into the ether). It will not end up in your postmaster box. Ending up in your postmaster box is what happens when you bounce email on a post-delivery basis, which is not the same as REJECT. Bouncing is stupid, rejecting with a 5xx error at the SMTP layer is not. Quite frankly REJECT is the proper and best behavior. It does not generally create backscatter, and when it does, all the backscatter is sourced by the single server that is sourcing or relaying the spam. Bots won't backscatter at all with rejects, as they don't retry or queue mail. Rejecting reduces the typical DDoS nature of backscatter to a single-source problem that can easily be handled by blacklisting the server that's the spam source. (unlike post delivery bouncing, those messages will come from servers all over the world) Rejecting also has exactly the same consequences as email being sent to an invalid recipient and having your mailserver 550 that. This is normal, and how nearly every intelligent SMTP server (baring unpatched qmail) behaves. From mkettler at evi-inc.com Fri Mar 28 17:12:35 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 28 17:12:59 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2099.5040201@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> Message-ID: <47ED2703.4030802@evi-inc.com> Peter Farrow wrote: >> Steve. > If you reject, and its spoofed you'll get it back anyway, so you end up > receiving and then storing it in the postmaster address, it is always > best to discard in this scenario...or even worse bouncing it again > Stop confusing REJECT with post delivery bouncing :) See my other post in this thread. From mkettler at evi-inc.com Fri Mar 28 17:12:57 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 28 17:13:50 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0A53.2050309@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED0A53.2050309@fsl.com> Message-ID: <47ED2719.1000204@evi-inc.com> Stephen Swaney wrote: > Steve Campbell wrote: >> Since we're hitting the access file pretty hard today, I thought I'd >> ask a question about what most might put in there. >> >> I typically use the DISCARD parameter instead of the REJECT, with the >> reason being I don't want to add to the trash on the web. What do most >> use here and am I correct in thinking that DISCARD is less bandwidth >> and CPU intensive? >> >> Thanks for any thoughts. >> >> Steve >> > Steve, > > REJECT: reject the e-mail with a general error message. > DISCARD: silently discard the message completely. > > > Looks like DISCARD uses less local and network resources. > Not so, as DISCARD actually accepts the message before discarding it. REJECT can occur at the RCPT TO: command. From steve.freegard at fsl.com Fri Mar 28 17:13:37 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 28 17:15:20 2008 Subject: backscatter problem {Scanned by Allteks Mailsafe} In-Reply-To: <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> Message-ID: <47ED2741.9050705@fsl.com> Hi Simon, Simon Jones wrote: > mmm, that's the problem isn't it - valid addresses! I've seen this > increase a LOT this week it's nice to know i've not been the only one. > > I think milter-ahead is a sendmail app isn't it? I used to use that a > few years ago before switching to postfix (it's easier to administer!) I > played around with some of snertsoft's filters back then and they seemed > to work really well. Postfix can run Sendmail milters now so I would suggest checking out milter-null (free) which works in a similar fashion to the watermarking in MailScanner but should not suffer from the same problems with the read-receipts. See http://www.snertsoft.com/sendmail/milter-null/ Alternatively, our BarricadeMX product written by SnertSoft and FSL has an advanced watermarking features and a whole bunch of other stuff that can nuke this stuff at the SMTP level and help reduce the load on MailScanner at the same time. See http://www.snertsoft.com/smtp/smtpf/ All watermarking software will require that all your outbound mail go out via gateways running them otherwise valid bounces will be rejected in addition to the bad ones. > I'm sure I can crack this with some sort of rule set, anyways I'll keep > plugging away but any comments are really appreciated. If you haven't already, check out the VBOUNCE plug-in for SA - http://wiki.apache.org/spamassassin/VBounceRuleset as this will do something similar (without the watermarks) but in SA instead. Regards, Steve. From MailScanner at ecs.soton.ac.uk Fri Mar 28 17:14:53 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Mar 28 17:15:39 2008 Subject: backscatter problem {Scanned by Allteks Mailsafe} In-Reply-To: <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> Message-ID: <47ED278D.5090305@ecs.soton.ac.uk> Simon Jones wrote: > > > On 28/03/2008, *Paul Houselander (SME)* > wrote: > > >Hi all, anyone help with some good rules to combat backscatter > email? > i seem to have a real problem with this at the moment, mostly bouncing > back from .ru domains to my customers. i'm sure a ruleset will > help but > i'm not certain what would >be best, header checks or something in the > spam rules? > > > >thanks > > > >SMJ > > >>The solutions depends on your MTA, if you are using sendmail > check this: > >> > >>http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > >> > >>And this: > >> > >>http://www.spamcop.net/fom-serve/cache/329.html > >> > >>If you are using postfix check this: > >> > >>http://www.postfix.org/BACKSCATTER_README.html > >> > >>If you have another MTA just google "mta+backscatter" and you'll > find > >>tons of information. > > I think most of the suggestions are to use something like > milter-ahead to > reject invalid users, however since the beginning of the week ive been > seeing more and more backscatter targeted at valid aliases in > which case > recipient verification will not make any difference. > > I spent a while yesterday looking at the watermark feature of > mailscanner, > if your customers send their outbound e-mail via a server you > control it > works a treat. > > Only problem I can see is it seems to incorrectly flag, read > receipts and > some out of office replies (which I think has been discussed quite > a bit on > this list) but I personally think it's a small price to pay for a > clean > inbox! > > An alternative that I was using was I use mimedefang as while as > mailscanner, I wrote a mimedefang filter to reject all bounces for > certain > domains that were being targeted, not really a great ideal as I > understand > it breaks certain RFC's but was the only way I could control mail > flow on my > servers. > > Good Luck > > Paul > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Thanks Paul, > > mmm, that's the problem isn't it - valid addresses! I've seen this > increase a LOT this week it's nice to know i've not been the only one. > > I think milter-ahead is a sendmail app isn't it? I used to use that a > few years ago before switching to postfix (it's easier to administer!) > I played around with some of snertsoft's filters back then and they > seemed to work really well. > > I'm sure I can crack this with some sort of rule set, anyways I'll > keep plugging away but any comments are really appreciated. If you send the bulk of your outgoing mail through your own servers, then you could try the Watermarking feature in MailScanner? If you don't control the outgoing mail, then you've got a problem... You can easily temporarily bin all mail that doesn't have a sender address, but that's only really effective as a temporary measure. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Fri Mar 28 17:26:29 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 17:27:07 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED269E.9090403@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> Message-ID: <47ED2A45.2080605@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: >> >> >> Steve Campbell wrote: >>> Since we're hitting the access file pretty hard today, I thought I'd >>> ask a question about what most might put in there. >>> >>> I typically use the DISCARD parameter instead of the REJECT, with >>> the reason being I don't want to add to the trash on the web. What >>> do most use here and am I correct in thinking that DISCARD is less >>> bandwidth and CPU intensive? > > DISCARD is more CPU and resource intensive, as it occurs after the > DATA phase. You have to recieve the whole message to DISCARD it. > > REJECT occurs prior to the completion of the SMTP transfer, generally > at the RCPT TO: command. If you can do it here, this is a *MUCH* > better idea. > >>> >>> Thanks for any thoughts. >>> >>> Steve >>> >> >> DISCARD every time... because if its spoofed you'll only get it back >> in your postmaster account.... > > Um, this is rejecting during the SMTP session, not bouncing after > delivery. The two concepts are very different. > > If you REJECT at the sendmail layer, a SMTP 550 is generated and the > sending server will get it in THEIR postmaster box (assuming that it > really is a server. if it's a spambot it vanishes into the ether). It > will not end up in your postmaster box. Ending up in your postmaster > box is what happens when you bounce email on a post-delivery basis, > which is not the same as REJECT. > > Bouncing is stupid, rejecting with a 5xx error at the SMTP layer is not. > > Quite frankly REJECT is the proper and best behavior. It does not > generally create backscatter, and when it does, all the backscatter is > sourced by the single server that is sourcing or relaying the spam. > Bots won't backscatter at all with rejects, as they don't retry or > queue mail. > > Rejecting reduces the typical DDoS nature of backscatter to a > single-source problem that can easily be handled by blacklisting the > server that's the spam source. (unlike post delivery bouncing, those > messages will come from servers all over the world) > > > Rejecting also has exactly the same consequences as email being sent > to an invalid recipient and having your mailserver 550 that. This is > normal, and how nearly every intelligent SMTP server (baring unpatched > qmail) behaves. > > > > > Well, actually my practical experience says exactly the opposite, I have quite an extensive evolved access list on my sendmail MTA with over 1000 discards in it. Once this was implemented it greatly reduced to cr*p that was ending up in the postmaster addresses. So I still disagree, discard works best for me across my enterprise, however I would add that my enterprise is probably atypical to most in that I process nearly a million emails per week.... All this discussion has certainly made me think again about it so its not all bad... Regards Pete From peter at farrows.org Fri Mar 28 17:34:30 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 17:34:46 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2703.4030802@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> Message-ID: <47ED2C26.1070006@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: > >>> Steve. >> If you reject, and its spoofed you'll get it back anyway, so you end >> up receiving and then storing it in the postmaster address, it is >> always best to discard in this scenario...or even worse bouncing it >> again >> > > Stop confusing REJECT with post delivery bouncing :) See my other post > in this thread. I am talking about sendmail access file entries at the MTA level.... nothing else...my point is the general notice supplied in the REJECT directive often ends up coming back round...I've seen it many times.. From philip at zeiglers.net Fri Mar 28 17:46:41 2008 From: philip at zeiglers.net (Philip Zeigler) Date: Fri Mar 28 17:48:08 2008 Subject: backscatter problem {Scanned by Allteks Mailsafe} In-Reply-To: <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> References: <484E9B509664CA499A78F777A2D59A30A20246@server6.chtnet.com.ar> <011e01c890ee$45e5e690$d1b1b3b0$@co.uk> <70572c510803280934v16abaf06oc53ed951037ab86@mail.gmail.com> Message-ID: <47ED2F01.3080302@zeiglers.net> Simon Jones wrote: > > > On 28/03/2008, *Paul Houselander (SME)* > wrote: > > >Hi all, anyone help with some good rules to combat backscatter > email? > i seem to have a real problem with this at the moment, mostly bouncing > back from .ru domains to my customers. i'm sure a ruleset will > help but > i'm not certain what would >be best, header checks or something in the > spam rules? > > > >thanks > > > >SMJ > > >>The solutions depends on your MTA, if you are using sendmail > check this: > >> > >>http://elqui.dcsc.utfsm.cl/util/email/backscatter.html > >> > >>And this: > >> > >>http://www.spamcop.net/fom-serve/cache/329.html > >> > >>If you are using postfix check this: > >> > >>http://www.postfix.org/BACKSCATTER_README.html > >> > >>If you have another MTA just google "mta+backscatter" and you'll > find > >>tons of information. > > I think most of the suggestions are to use something like > milter-ahead to > reject invalid users, however since the beginning of the week ive been > seeing more and more backscatter targeted at valid aliases in > which case > recipient verification will not make any difference. > > I spent a while yesterday looking at the watermark feature of > mailscanner, > if your customers send their outbound e-mail via a server you > control it > works a treat. > > Only problem I can see is it seems to incorrectly flag, read > receipts and > some out of office replies (which I think has been discussed quite > a bit on > this list) but I personally think it's a small price to pay for a > clean > inbox! > > An alternative that I was using was I use mimedefang as while as > mailscanner, I wrote a mimedefang filter to reject all bounces for > certain > domains that were being targeted, not really a great ideal as I > understand > it breaks certain RFC's but was the only way I could control mail > flow on my > servers. > > Good Luck > > Paul > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Thanks Paul, > > mmm, that's the problem isn't it - valid addresses! I've seen this > increase a LOT this week it's nice to know i've not been the only one. > > I think milter-ahead is a sendmail app isn't it? I used to use that a > few years ago before switching to postfix (it's easier to administer!) > I played around with some of snertsoft's filters back then and they > seemed to work really well. > > I'm sure I can crack this with some sort of rule set, anyways I'll > keep plugging away but any comments are really appreciated. > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. I'm also seeing a big backscatter issue on 2 of the domains I administer. I looked at using the watermarking feature built into mailscanner. It is all going to a valid user so milter-ahead isn't a factor. The watermarking is flagging the backscatter as spam but it is also flagging all generated responses. For example, one internal user (we scan all email) sent another internal user an email with a .exe attachment. The mailscanner generated message that says that the email was rejected due to the bad filename apparently does not have a watermark or sender address so it gets flagged as spam. Not sure why it is not getting a watermark. Philip Zeigler -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Fri Mar 28 18:07:59 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Fri Mar 28 18:09:09 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2A45.2080605@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> <47ED2A45.2080605@farrows.org> Message-ID: <47ED33FF.1030203@evi-inc.com> Peter Farrow wrote: > Well, actually my practical experience says exactly the opposite, I have > quite an extensive evolved access list on my sendmail MTA with over 1000 > discards in it. Once this was implemented it greatly reduced to cr*p > that was ending up in the postmaster addresses. as compared to REJECT? Clearly there's something wrong with your MTA if REJECT is causing stuff to end up in your postmaster box. Unless of course you've got a secondary MX which lacks the same REJECT clause... However, that's just a mistake on the part of configuring your secondaries. From campbell at cnpapers.com Fri Mar 28 18:10:44 2008 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Mar 28 18:12:49 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2A45.2080605@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> <47ED2A45.2080605@farrows.org> Message-ID: <47ED34A4.3080202@cnpapers.com> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >>> >>> >>> Steve Campbell wrote: >>>> Since we're hitting the access file pretty hard today, I thought >>>> I'd ask a question about what most might put in there. >>>> >>>> I typically use the DISCARD parameter instead of the REJECT, with >>>> the reason being I don't want to add to the trash on the web. What >>>> do most use here and am I correct in thinking that DISCARD is less >>>> bandwidth and CPU intensive? >> >> DISCARD is more CPU and resource intensive, as it occurs after the >> DATA phase. You have to recieve the whole message to DISCARD it. >> >> REJECT occurs prior to the completion of the SMTP transfer, generally >> at the RCPT TO: command. If you can do it here, this is a *MUCH* >> better idea. >> >>>> >>>> Thanks for any thoughts. >>>> >>>> Steve >>>> >>> >>> DISCARD every time... because if its spoofed you'll only get it back >>> in your postmaster account.... >> >> Um, this is rejecting during the SMTP session, not bouncing after >> delivery. The two concepts are very different. >> >> If you REJECT at the sendmail layer, a SMTP 550 is generated and the >> sending server will get it in THEIR postmaster box (assuming that it >> really is a server. if it's a spambot it vanishes into the ether). It >> will not end up in your postmaster box. Ending up in your postmaster >> box is what happens when you bounce email on a post-delivery basis, >> which is not the same as REJECT. >> >> Bouncing is stupid, rejecting with a 5xx error at the SMTP layer is not. >> >> Quite frankly REJECT is the proper and best behavior. It does not >> generally create backscatter, and when it does, all the backscatter >> is sourced by the single server that is sourcing or relaying the >> spam. Bots won't backscatter at all with rejects, as they don't retry >> or queue mail. >> >> Rejecting reduces the typical DDoS nature of backscatter to a >> single-source problem that can easily be handled by blacklisting the >> server that's the spam source. (unlike post delivery bouncing, those >> messages will come from servers all over the world) >> >> >> Rejecting also has exactly the same consequences as email being sent >> to an invalid recipient and having your mailserver 550 that. This is >> normal, and how nearly every intelligent SMTP server (baring >> unpatched qmail) behaves. >> >> >> >> >> > Well, actually my practical experience says exactly the opposite, I > have quite an extensive evolved access list on my sendmail MTA with > over 1000 discards in it. Once this was implemented it greatly > reduced to cr*p that was ending up in the postmaster addresses. So I > still disagree, discard works best for me across my enterprise, > however I would add that my enterprise is probably atypical to most in > that I process nearly a million emails per week.... > > All this discussion has certainly made me think again about it so its > not all bad... > > Regards > > Pete Pete, I have to agree with you on your "thinking" part. I sort of ask this question originally to verify what I thought I knew to be fact, but as usual, I'm having to rethink my conceptual ideas. I did try to change all of my DISCARDs to REJECTs to see if there was an immediate difference. I seem to have a small problem of slowness whenever I get bombarded with hundreds of spams. Today was a good day to test my changes, as I had quite a few in incoming, and was already monitoring my LA. I was hoping to see my backup of incoming messages drop a little faster along with a reduced LA once I used REJECT based on the fact that I would spend less time on new emails arriving for the incoming queue. After rehashing the access file, it showed no improvement, so I'm not sure whether there is an advantage or not, so I changed them all back to DISCARDs. Only for the simple reason that Friday is not a good day to make changes and leave for the weekend. I have to thank everyone, though, for all of the thought provoking ideas. Steve From steve.freegard at fsl.com Fri Mar 28 18:16:41 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 28 18:18:29 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2099.5040201@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> Message-ID: <47ED3609.1010801@fsl.com> Peter Farrow wrote: > If you reject, and its spoofed you'll get it back anyway, so you end up > receiving and then storing it in the postmaster address, it is always > best to discard in this scenario...or even worse bouncing it again Huh? - explain this a bit better as it doesn't make sense to me. If someone is spoofing your MAIL FROM, then there are a number of ways to combat this without using DISCARD and it's associated disadvantages (SPF testing at SMTP time, milter-null, custom ruleset etc.). Using REJECT in an access-map is no different to using DNSBLs at the SMTP phase and that doesn't cause this. I would only personally use DISCARD in a couple of instances: 1) To nuke junk from my own secondary MX to prevent it from generating backscatter. 2) To prevent duplicated messages. 3) To prevent any other sort of backscatter emanating from machines under my administrative control. In all other cases I would send an SMTP level rejection, it's far less costly. Regards, Steve. From mogens at fumlersoft.dk Fri Mar 28 18:36:54 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Fri Mar 28 18:37:52 2008 Subject: mail from mindspring In-Reply-To: <47EB7C74.1060705@gmail.com> References: <1122.90.184.19.31.1206529167.squirrel@mail.fumlersoft.dk> <47EB7C74.1060705@gmail.com> Message-ID: <3602.90.184.19.31.1206729414.squirrel@mail.fumlersoft.dk> On Thu, March 27, 2008 11:52, Ronny T. Lampert wrote: >> I would think that messages marked as spam, should not trigger a responce >> to sender, who is 99% shure faked, even when config is to notice sender >> about unwanted attachments. >> >> Is there a config combination that would keep MS from doing this ? > > Yes. What you see is a "bad attachment" informational mail. > You can turn it off via the following options in MailScanner.conf > Yes, i do realize that, but i think there must be a way to avoid sending notice to senders who already scored 14+ in spamcheck. Maybe a ruleset/custom function checking /etc/mail/access (Help needed ;^) to catch the ERROR:"550 Reject : mindspring.com - Spam source" I need the notice for legitimate senders, who frequently send weird stuff to "my" local users. My current Notify config is as follow: Notify Senders = yes Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes Notify Senders Of Blocked Size Attachments = yes Notify Senders Of Other Blocked Content = yes Never Notify Senders Of Precedence = list bulk -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmane at tippingmar.com Fri Mar 28 18:38:02 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 28 18:39:08 2008 Subject: pyzor check In-Reply-To: <20080327124318.GA13512@ubuntu> References: <20080327124318.GA13512@ubuntu> Message-ID: Alessandro Dentella wrote: > Hi, > > I'm tuning some checks. I found that an (html) message with just "Ciao", > sent buy a customer as test got trapped by pyzor with a score of 2.8. > > Is this due to the algorithm of pyzor (ie the way pyzor checks the > similarity to another message) or I have something not working correctly? > > I'm sorry if this is partly OT... I've noticed that pyzor often triggers on very short messages. I don't think there is anything wrong with your setup. Mark From richard.siddall at elirion.net Fri Mar 28 18:50:22 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Fri Mar 28 18:51:19 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED3609.1010801@fsl.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED3609.1010801@fsl.com> Message-ID: <47ED3DEE.70806@elirion.net> Steve Freegard wrote: > Peter Farrow wrote: >> If you reject, and its spoofed you'll get it back anyway, so you end >> up receiving and then storing it in the postmaster address, it is >> always best to discard in this scenario...or even worse bouncing it again > > Huh? - explain this a bit better as it doesn't make sense to me. > I believe you can get in this situation if you get a lot of e-mail forwarded to your servers on behalf of your clients by an intermediate ISP. If you then reject the e-mail at SMTP time the intermediate ISP tries to relay the reject as a bounce and you then get backscatter. Quietly discarding the spam gets rid of the backscatter, along with any false positives. Unfortunately, there's no easy way of pushing your rejection criteria out to the intermediate ISPs so they can avoid accepting e-mail you won't accept from them. Regards, Richard Siddall From gmane at tippingmar.com Fri Mar 28 18:57:09 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Fri Mar 28 18:58:01 2008 Subject: preventing backscatter at the source Message-ID: The solutions discussed in the "backscatter problem" thread are all about preventing delivery of backscatter to our users. Does anyone have information on preventing my mail server from generating backscatter in the first place? I'd like to avoid sending bounce messages to innocent victims of address spoofing. One thought I had was checking SPF records before sending a DSN, but I'm not sure if milter-SPF could do this as it is not the normal sequence. The headers below that that google sends DSNs to addresses it knows are spoofed. Can I do better? Mark ----- Original message ----- Received: by 10.82.127.14 with SMTP id z14mr20702976buc.3.1205350830492; Wed, 12 Mar 2008 12:40:30 -0700 (PDT) Return-Path: Received: from equipo-11 ([190.3.243.146]) by mx.google.com with SMTP id 4si11810172fge.3.2008.03.12.12.40.24; Wed, 12 Mar 2008 12:40:30 -0700 (PDT) Received-SPF: fail (google.com: domain of xxxx@tippingmar.com does not designate 190.3.243.146 as permitted sender) client-ip=190.3.243.146; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of xxxx@tippingmar.com does not designate 190.3.243.146 as permitted sender) smtp.mail=xxxx@tippingmar.com Date: Wed, 12 Mar 2008 12:40:29 -0700 (PDT) Content-Return: allowed From steve.freegard at fsl.com Fri Mar 28 20:12:16 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Mar 28 20:14:08 2008 Subject: preventing backscatter at the source In-Reply-To: References: Message-ID: <47ED5120.1030408@fsl.com> Hi Mark, Mark Nienberg wrote: > The solutions discussed in the "backscatter problem" thread are all > about preventing delivery of backscatter to our users. Does anyone have > information on preventing my mail server from generating backscatter in > the first place? I'd like to avoid sending bounce messages to innocent > victims of address spoofing. Preventing backscatter from your own servers is easy and the rule-of-thumb is "don't accept anything at the SMTP level that you are going to 'bounce' later", off the top of my head - here's a list of the common causes that I can think of: 1) Reject unknown recipients at the SMTP level This will prevent the majority of backscatter and reduce the load on MailScanner significantly (usually between 20-60% in my experience). 2) Don't run a secondary MX unless it is configured to reject exactly as the primary. A secondary MX delivering to the primary MX which does an SMTP rejection will cause the secondary MX to 'bounce' the message which is backscatter. 3) Don't do any form of Challenge/Response, don't allow Out-of-Office replies to the internet or run any form of e-mail auto-responder. As these will all respond to the sender which could be forged. These would be acceptable if SPF=PASS or with a valid DKIM/DK signature or sent from an IP with fcRDNS or an MX from the same domain as the from address (e.g. spf-best-guess='v=spf1 a ptr mx'). 4) Only send MailScanner notices to the recipient and not the sender. If we can get a good list together, this is definitely worth adding to the Wiki. Cheers, Steve. From mark at msapiro.net Fri Mar 28 20:23:17 2008 From: mark at msapiro.net (Mark Sapiro) Date: Fri Mar 28 20:24:02 2008 Subject: preventing backscatter at the source In-Reply-To: Message-ID: Mark Nienberg wrote: >The solutions discussed in the "backscatter problem" thread are all about preventing >delivery of backscatter to our users. Does anyone have information on preventing my >mail server from generating backscatter in the first place? I'd like to avoid >sending bounce messages to innocent victims of address spoofing. > >One thought I had was checking SPF records before sending a DSN, but I'm not sure if >milter-SPF could do this as it is not the normal sequence. > >The headers below that that google sends DSNs to addresses it knows are spoofed. Can >I do better? There is a long thread that touches on these issues on the Mailman-Developers list. See the "before next release: disable backscatter in default installation" thread at . Some people do advocate checking SPF before returning a DSN, but this will supress some legitimate DSNs, and in any case, my question is "how do I set it up" Here's the particular scenario that I am concerned about. I have a number of forwarding aliases on my server. At least one of the targets of these has a very agressive content filter at SMTP time. So, I (Postfix) receive mail for s@example.com, scan it with MailScanner and it passes, and I attempt to deliver it to y@example.net. example.net rejects the message with "550 5.7.1 Requested action not taken: message refused (in reply to end of DATA command)". Then Postfix sends a DSN to the possibly innocent 3rd party envelope sender of the original mail. So currently, MailScanner doesn't scan the DSN that Postfix sends because it doesn't scan locally generated mail, but I could easily change that, but does anyone know or have recommendations for what specific rules and/or actions I should apply to this DSN. Postfix 2.3.3 MailScanner 4.68.3 ClamAV 0.92.1 SpamAssassin 3.2.4 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alex at nkpanama.com Fri Mar 28 21:16:56 2008 From: alex at nkpanama.com (Alex Neuman) Date: Fri Mar 28 21:17:59 2008 Subject: preventing backscatter at the source In-Reply-To: References: Message-ID: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> Our MailScanner believes that the attachment to this message sent to you From: alex@nkpanama.com Subject: Re: preventing backscatter at the source is Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this message without opening it. Opening spam messages might allow the spammer to verify your email address. If you believe that this message has been incorrectly marked as spam, please forward this email to postmaster. Date: 20080328 pts rule name description ---- ---------------------- -------------------------------------------------- 4.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC) 1.4 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?id=alex%40nkpanama.com&ip=190.140.59.111&receiver=nkserver.nkpanama.com] -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS -------------- next part -------------- An embedded message was scrubbed... From: Alex Neuman Subject: Re: preventing backscatter at the source Date: Fri, 28 Mar 2008 16:16:56 -0500 Size: 3432 Url: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/b46a5c34/attachment.mht From lists at openenterprise.ca Fri Mar 28 21:29:55 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Fri Mar 28 21:30:35 2008 Subject: How to check for existing mail accounts? Message-ID: <47ED6353.4060601@openenterprise.ca> I have noticed a large increase in the amount of spam coming in to MS (latest) running on CentOS 5 and many are coming into non-existent email accounts. Is there a check that can be done for the existence of an account first, and then if non-existent, block even before any scanning is done, let alone processing through MS. Thanks for any suggestions that anyone can give From Kevin_Miller at ci.juneau.ak.us Fri Mar 28 21:42:06 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 28 21:42:49 2008 Subject: How to check for existing mail accounts? In-Reply-To: <47ED6353.4060601@openenterprise.ca> References: <47ED6353.4060601@openenterprise.ca> Message-ID: Johnny Stork wrote: > I have noticed a large increase in the amount of spam coming in to MS > (latest) running on CentOS 5 and many are coming into non-existent > email accounts. Is there a check that can be done for the existence > of an account first, and then if non-existent, block even before any > scanning is done, let alone processing through MS. > > Thanks for any suggestions that anyone can give What MTA are you using? You can run recipeint verification on sendmail via milters, and I'm sure Postfix has similar functionality... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From peter at farrows.org Fri Mar 28 21:51:42 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 21:52:32 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED33FF.1030203@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> <47ED2A45.2080605@farrows.org> <47ED33FF.1030203@evi-inc.com> Message-ID: <47ED686E.7010109@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: > >> Well, actually my practical experience says exactly the opposite, I >> have quite an extensive evolved access list on my sendmail MTA with >> over 1000 discards in it. Once this was implemented it greatly >> reduced to cr*p that was ending up in the postmaster addresses. > > as compared to REJECT? > > Clearly there's something wrong with your MTA if REJECT is causing > stuff to end up in your postmaster box. > > Unless of course you've got a secondary MX which lacks the same REJECT > clause... However, that's just a mistake on the part of configuring > your secondaries. > > > Not at all... From lists at openenterprise.ca Fri Mar 28 21:55:26 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Fri Mar 28 21:56:03 2008 Subject: How to check for existing mail accounts? In-Reply-To: References: <47ED6353.4060601@openenterprise.ca> Message-ID: <47ED694E.2040807@openenterprise.ca> its sendmail Kevin Miller wrote: > Johnny Stork wrote: > >> I have noticed a large increase in the amount of spam coming in to MS >> (latest) running on CentOS 5 and many are coming into non-existent >> email accounts. Is there a check that can be done for the existence >> of an account first, and then if non-existent, block even before any >> scanning is done, let alone processing through MS. >> >> Thanks for any suggestions that anyone can give >> > > What MTA are you using? You can run recipeint verification on sendmail > via milters, and I'm sure Postfix has similar functionality... > > ...Kevin > From peter at farrows.org Fri Mar 28 21:58:09 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 21:58:22 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED3DEE.70806@elirion.net> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED3609.1010801@fsl.com> <47ED3DEE.70806@elirion.net> Message-ID: <47ED69F1.1000603@farrows.org> Richard Siddall wrote: > Steve Freegard wrote: >> Peter Farrow wrote: >>> If you reject, and its spoofed you'll get it back anyway, so you >>> end up receiving and then storing it in the postmaster address, it >>> is always best to discard in this scenario...or even worse bouncing >>> it again >> >> Huh? - explain this a bit better as it doesn't make sense to me. >> > > I believe you can get in this situation if you get a lot of e-mail > forwarded to your servers on behalf of your clients by an intermediate > ISP. If you then reject the e-mail at SMTP time the intermediate ISP > tries to relay the reject as a bounce and you then get backscatter. > > Quietly discarding the spam gets rid of the backscatter, along with > any false positives. > > Unfortunately, there's no easy way of pushing your rejection criteria > out to the intermediate ISPs so they can avoid accepting e-mail you > won't accept from them. > > Regards, > > Richard Siddall Precisely, If you're running a mail server that is an intermediate scanner for hundreds of domains prior to final delivery at the clients servers, a REJECT notice that you send back which is to a false address will quite correctly come back to the postmaster box of the REJECT machine. In this way a discard is MUCH better as you don't bother to report the failure to the intermediate MTA because it was junk anyway. With a discard you silently bin it saving everyones time, diskspace and bandwidth. This has to be considered in the context of a machine that scans mail for lots of domains for delivery to lots of clients disparate servers. In this context you'll find that a DISCARD is far better... From peter at farrows.org Fri Mar 28 21:59:47 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 22:00:00 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED686E.7010109@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> <47ED2A45.2080605@farrows.org> <47ED33FF.1030203@evi-inc.com> <47ED686E.7010109@farrows.org> Message-ID: <47ED6A53.9020905@farrows.org> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >> >>> Well, actually my practical experience says exactly the opposite, I >>> have quite an extensive evolved access list on my sendmail MTA with >>> over 1000 discards in it. Once this was implemented it greatly >>> reduced to cr*p that was ending up in the postmaster addresses. >> >> as compared to REJECT? >> >> Clearly there's something wrong with your MTA if REJECT is causing >> stuff to end up in your postmaster box. >> >> Unless of course you've got a secondary MX which lacks the same >> REJECT clause... However, that's just a mistake on the part of >> configuring your secondaries. >> >> >> > Not at all... BTW all my secondaries use the same configuration. Read my subsequent post, then I think you'll get what I am talking about... From peter at farrows.org Fri Mar 28 22:01:22 2008 From: peter at farrows.org (Peter Farrow) Date: Fri Mar 28 22:01:36 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2719.1000204@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0A53.2050309@fsl.com> <47ED2719.1000204@evi-inc.com> Message-ID: <47ED6AB2.1090700@farrows.org> Matt Kettler wrote: > Stephen Swaney wrote: >> Steve Campbell wrote: >>> Since we're hitting the access file pretty hard today, I thought I'd >>> ask a question about what most might put in there. >>> >>> I typically use the DISCARD parameter instead of the REJECT, with >>> the reason being I don't want to add to the trash on the web. What >>> do most use here and am I correct in thinking that DISCARD is less >>> bandwidth and CPU intensive? >>> >>> Thanks for any thoughts. >>> >>> Steve >>> >> Steve, >> >> REJECT: reject the e-mail with a general error message. >> DISCARD: silently discard the message completely. >> >> >> Looks like DISCARD uses less local and network resources. >> > > Not so, as DISCARD actually accepts the message before discarding it. > REJECT can occur at the RCPT TO: command. One other point here, DISCARD doesn't drops it quietly which itself will reduce backscatter... From Kevin_Miller at ci.juneau.ak.us Fri Mar 28 22:14:34 2008 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Fri Mar 28 22:15:14 2008 Subject: How to check for existing mail accounts? In-Reply-To: <47ED694E.2040807@openenterprise.ca> References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> Message-ID: Johnny Stork wrote: > its sendmail > > Kevin Miller wrote: >> Johnny Stork wrote: >> >>> I have noticed a large increase in the amount of spam coming in to >>> MS (latest) running on CentOS 5 and many are coming into >>> non-existent email accounts. Is there a check that can be done for >>> the existence of an account first, and then if non-existent, block >>> even before any scanning is done, let alone processing through MS. >>> >>> Thanks for any suggestions that anyone can give >>> >> >> What MTA are you using? You can run recipeint verification on >> sendmail via milters, and I'm sure Postfix has similar >> functionality... >> >> ...Kevin Then see http://smfs.sourceforge.net/smf-sav.html Note that this does both sender and recipient address verification. I presume your gateway is forwarding on to another host where the recipients actually reside. The milter uses ldap calls to get the recipient data, so your internal email server will need to be able to do that. Ours is Exchange, which does. HTH... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From r.berber at computer.org Fri Mar 28 22:33:49 2008 From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=) Date: Fri Mar 28 22:33:57 2008 Subject: How to check for existing mail accounts? In-Reply-To: <47ED694E.2040807@openenterprise.ca> References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> Message-ID: Johnny Stork wrote: > its sendmail You don't need a milter (but you can choose to), you can use the 3rd party FEATURE(`local_sender_check') : http://ultra.ap.krakow.pl/~raj/sendmail/english.html I've been using it for 2 years with no problems. Of course this is for local users, if you have users defined in LDAP or something similar, then something else has to be used. -- Ren? Berber From ssilva at sgvwater.com Fri Mar 28 23:16:14 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 28 23:16:32 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080328010525.GA24549@ubuntu> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> Message-ID: on 3-27-2008 6:05 PM Alessandro Dentella spake the following: >> The next morning, I'm wondering if it's linked or not to my previous action, but ALL emails with a score >> inferior at 0 is marked as spam! I have double check the conf, I can figure out what changed. I have a backup >> of the September 2007 conf file, everywhere is pretty similar (score and high score is set to 3,1 and 5,0) >> >> Have you seen that before? Any clue to fix that? I even restarted the machine, nothing change. Help me out >> please, I'm screwed :-/ > > This has been discussed in the last few days several times. Search for > mailscanner marking as spam. The issue is you are using ORDB ad rbl: > > http://it.slashdot.org/article.pl?sid=08/03/25/2124224 > > Remove ORDB from 'Spam List' in mailscanner.conf and any place where you > defined rbl. > > > > *;-) This just reinforces my previous statement that many people don't even pay attention to this list unless they have a problem. Come on people! Pay attention! There is a lot of good stuff pouring from some of the fine minds on this list. Look. Listen. Pay attention. You will be a better admin for your users, and your job will be easier. You might even catch problems and fix them BEFORE the boss is calling you! Then when you have these super skills, you can give back by helping with some of the questions and leave more time for Julian and the many other contributors to sharpen MailScanner to an even finer edge!!! Have a great weekend people!!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/16e0fbfc/signature.bin From ssilva at sgvwater.com Fri Mar 28 23:22:19 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 28 23:22:45 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED0443.6030502@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> Message-ID: on 3-28-2008 7:44 AM Steve Campbell spake the following: > Since we're hitting the access file pretty hard today, I thought I'd ask > a question about what most might put in there. > > I typically use the DISCARD parameter instead of the REJECT, with the > reason being I don't want to add to the trash on the web. What do most > use here and am I correct in thinking that DISCARD is less bandwidth and > CPU intensive? > > Thanks for any thoughts. > > Steve > Since both happen while you are connected to the sending server, it isn't that big of a deal. The difference is that while the sender is still talking do you say "woah there" and then hang up, or do you just silently drop the connection. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/98a55e36/signature.bin From ssilva at sgvwater.com Fri Mar 28 23:30:23 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 28 23:30:41 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2C26.1070006@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> Message-ID: on 3-28-2008 10:34 AM Peter Farrow spake the following: > Matt Kettler wrote: >> Peter Farrow wrote: >> >>>> Steve. >>> If you reject, and its spoofed you'll get it back anyway, so you end >>> up receiving and then storing it in the postmaster address, it is >>> always best to discard in this scenario...or even worse bouncing it >>> again >>> >> >> Stop confusing REJECT with post delivery bouncing :) See my other post >> in this thread. > I am talking about sendmail access file entries at the MTA level.... > nothing else...my point is the general notice supplied in the REJECT > directive often ends up coming back round...I've seen it many times.. There is no backscatter unless it comes through a third parties relay. The reject and discard both happen during the time that the sending server is connected to your server. There is no separate message to backscatter. It is just as if someone was talking to you and in mid sentence you put up your hand and said "stop talking", or just stuck your fingers in your ears and stopped listening. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/ab177f3b/signature.bin From ssilva at sgvwater.com Fri Mar 28 23:32:37 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Mar 28 23:35:37 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED69F1.1000603@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED3609.1010801@fsl.com> <47ED3DEE.70806@elirion.net> <47ED69F1.1000603@farrows.org> Message-ID: on 3-28-2008 2:58 PM Peter Farrow spake the following: > Richard Siddall wrote: >> Steve Freegard wrote: >>> Peter Farrow wrote: >>>> If you reject, and its spoofed you'll get it back anyway, so you >>>> end up receiving and then storing it in the postmaster address, it >>>> is always best to discard in this scenario...or even worse bouncing >>>> it again >>> >>> Huh? - explain this a bit better as it doesn't make sense to me. >>> >> >> I believe you can get in this situation if you get a lot of e-mail >> forwarded to your servers on behalf of your clients by an intermediate >> ISP. If you then reject the e-mail at SMTP time the intermediate ISP >> tries to relay the reject as a bounce and you then get backscatter. >> >> Quietly discarding the spam gets rid of the backscatter, along with >> any false positives. >> >> Unfortunately, there's no easy way of pushing your rejection criteria >> out to the intermediate ISPs so they can avoid accepting e-mail you >> won't accept from them. >> >> Regards, >> >> Richard Siddall > Precisely, > If you're running a mail server that is an intermediate scanner for > hundreds of domains prior to final delivery at the clients servers, a > REJECT notice that you send back which is to a false address will quite > correctly come back to the postmaster box of the REJECT machine. In > this way a discard is MUCH better as you don't bother to report the > failure to the intermediate MTA because it was junk anyway. With a > discard you silently bin it saving everyones time, diskspace and bandwidth. > > This has to be considered in the context of a machine that scans mail > for lots of domains for delivery to lots of clients disparate servers. > In this context you'll find that a DISCARD is far better... > > > > That I agree with. But that is a special case. But wouldn't dumping the double bounces stop this? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080328/c508641e/signature.bin From gmane at tippingmar.com Sat Mar 29 00:07:40 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Mar 29 00:08:27 2008 Subject: preventing backscatter at the source In-Reply-To: <47ED5120.1030408@fsl.com> References: <47ED5120.1030408@fsl.com> Message-ID: Steve Freegard wrote: > 1) Reject unknown recipients at the SMTP level OK, sendmail does this by default. I was worried that my MailScanner/sendmail server generated bounce messages for unknown users, but now I see that sendmail simply rejects the message during the SMTP session, so there is no problem here. > 2) Don't run a secondary MX unless it is configured to reject exactly > as the primary. > A secondary MX delivering to the primary MX which does an SMTP rejection > will cause the secondary MX to 'bounce' the message which is backscatter. Uh oh, this is a bit harder. I have my ISP functioning as my secondary MX, so it really isn't under my control. I guess I could ask them if they use milter-ahead or some other method. > 3) Don't do any form of Challenge/Response, don't allow Out-of-Office > replies to the internet or run any form of e-mail auto-responder. > As these will all respond to the sender which could be forged. These > would be acceptable if SPF=PASS or with a valid DKIM/DK signature or > sent from an IP with fcRDNS or an MX from the same domain as the from > address (e.g. spf-best-guess='v=spf1 a ptr mx'). I caved to popular demand (and PHB) and set up Out-of-office for my users, but I discourage its use and I tried pretty hard to avoid the common pitfalls. It will not respond if SPF_FAIL or SPF_SOFTFAIL triggered on the incoming message, but I have not gone the extra step of requiring SPF_PASS due the somewhat limited penetration of SPF. Maybe I should start experimenting with the DKIM plugin. I haven't tried that yet. > 4) Only send MailScanner notices to the recipient and not the sender. I think I am notifying senders of blocked filenames and filetypes and password protected zip files. Maybe this is a throwback to more innocent times. Should I turn these off and never ever notify a sender? Thanks for the info! Mark Nienberg From mark at msapiro.net Sat Mar 29 00:29:42 2008 From: mark at msapiro.net (Mark Sapiro) Date: Sat Mar 29 00:30:13 2008 Subject: preventing backscatter at the source In-Reply-To: References: <47ED5120.1030408@fsl.com> Message-ID: <20080329002942.GA1232@msapiro> On Fri, Mar 28, 2008 at 05:07:40PM -0700, Mark Nienberg wrote: > Steve Freegard wrote: > > >2) Don't run a secondary MX unless it is configured to reject exactly > >as the primary. > >A secondary MX delivering to the primary MX which does an SMTP rejection > >will cause the secondary MX to 'bounce' the message which is backscatter. > > Uh oh, this is a bit harder. I have my ISP functioning as my secondary MX, > so it really isn't under my control. I guess I could ask them if they use > milter-ahead or some other method. The anti-backscatter militants will tell you you just can't have a backup MX unless it always has access to your user database. Since mail never goes to your backup unless your primary is down, there's no way the backup can call forward to the primary to validate an address. But, the bright side of this is you are just rejecting the backup's mail at SMTP time, so the backscatter DSN is the ISP's problem ;) > >4) Only send MailScanner notices to the recipient and not the sender. > > I think I am notifying senders of blocked filenames and filetypes and > password protected zip files. Maybe this is a throwback to more innocent > times. Should I turn these off and never ever notify a sender? That's what I do. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gmane at tippingmar.com Sat Mar 29 00:56:12 2008 From: gmane at tippingmar.com (Mark Nienberg) Date: Sat Mar 29 00:57:12 2008 Subject: preventing backscatter at the source In-Reply-To: <20080329002942.GA1232@msapiro> References: <47ED5120.1030408@fsl.com> <20080329002942.GA1232@msapiro> Message-ID: Mark Sapiro wrote: > The anti-backscatter militants will tell you you just can't have a > backup MX unless it always has access to your user database. Since > mail never goes to your backup unless your primary is down, there's > no way the backup can call forward to the primary to validate an > address. But, the bright side of this is you are just rejecting the > backup's mail at SMTP time, so the backscatter DSN is the ISP's > problem ;) Interesting. A lot of spammers seem to send deliberately to secondary or teriary MXs instead of the primary even when the primary is up and running, in hopes of that it will not be as well protected. So most of the time the backup at my ISP could call forward (but I doubt that it is, I'll have to check). Mark Nienberg From steve.freegard at fsl.com Sat Mar 29 01:13:51 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Mar 29 01:15:37 2008 Subject: preventing backscatter at the source In-Reply-To: References: <47ED5120.1030408@fsl.com> <20080329002942.GA1232@msapiro> Message-ID: <47ED97CF.2040003@fsl.com> Mark Nienberg wrote: > Interesting. A lot of spammers seem to send deliberately to secondary > or teriary MXs instead of the primary even when the primary is up and > running, in hopes of that it will not be as well protected. Yes - been doing that for years now. It's a real pain if you use DNSBLs on the primary and the ISP secondary doesn't use any as the secondary then becomes the source of all your spam which you can't then reject via DNSBLs as the connecting IP is the secondary. I don't advocate backup MXes at all any more, you might as well just add another equal MX and configure it in the same way as the primary and have it forward messages directly to the mail store. > So most of the time the backup at my ISP could call forward (but I doubt that it is, I'll have to check). I would be doubtful that it is doing call-aheads. Milter-ahead has a nice facility called +backup-mx, which means that if the primary is down it will still accept the messages (but it will still reject any unknown users that are in it's cache file) as normally call-aheads return a tempfail when the call-ahead host is down. Cheers, Steve. From steve.freegard at fsl.com Sat Mar 29 01:18:12 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Sat Mar 29 01:20:00 2008 Subject: preventing backscatter at the source In-Reply-To: References: <47ED5120.1030408@fsl.com> Message-ID: <47ED98D4.9030700@fsl.com> Mark Nienberg wrote: >> 3) Don't do any form of Challenge/Response, don't allow Out-of-Office >> replies to the internet or run any form of e-mail auto-responder. >> As these will all respond to the sender which could be forged. These >> would be acceptable if SPF=PASS or with a valid DKIM/DK signature or >> sent from an IP with fcRDNS or an MX from the same domain as the from >> address (e.g. spf-best-guess='v=spf1 a ptr mx'). > > I caved to popular demand (and PHB) and set up Out-of-office for my > users, but I discourage its use and I tried pretty hard to avoid the > common pitfalls. It will not respond if SPF_FAIL or SPF_SOFTFAIL > triggered on the incoming message, but I have not gone the extra step of > requiring SPF_PASS due the somewhat limited penetration of SPF. Maybe I > should start experimenting with the DKIM plugin. I haven't tried that yet. Most admins face the same problem with out-of-office replies and you're doing more than most with regards to preventing backscatter for those that have configured their domains well (e.g. with SPF or sensible DNS). >> 4) Only send MailScanner notices to the recipient and not the sender. > > I think I am notifying senders of blocked filenames and filetypes and > password protected zip files. Maybe this is a throwback to more > innocent times. Should I turn these off and never ever notify a sender? Up to you - I would personally only notify the recipient as they can contact the sender manually if they actually need the file, it really depends on your policies. Cheers, Steve. From brian at mckerrs.net Sat Mar 29 01:42:08 2008 From: brian at mckerrs.net (Brian McKerr) Date: Sat Mar 29 01:44:15 2008 Subject: How to check for existing mail accounts? In-Reply-To: Message-ID: <12776790.391206754928334.JavaMail.root@zimbra.mckerrs.net> ----- "Kevin Miller" wrote: > Johnny Stork wrote: > > its sendmail > > > > Kevin Miller wrote: > >> Johnny Stork wrote: > >> > >>> I have noticed a large increase in the amount of spam coming in > to > >>> MS (latest) running on CentOS 5 and many are coming into > >>> non-existent email accounts. Is there a check that can be done > for > >>> the existence of an account first, and then if non-existent, > block > >>> even before any scanning is done, let alone processing through > MS. > >>> > >>> Thanks for any suggestions that anyone can give > >>> > >> > >> What MTA are you using? You can run recipeint verification on > >> sendmail via milters, and I'm sure Postfix has similar > >> functionality... > >> > >> ...Kevin > > Then see http://smfs.sourceforge.net/smf-sav.html > > Note that this does both sender and recipient address verification. > I > presume your gateway is forwarding on to another host where the > recipients actually reside. The milter uses ldap calls to get the > recipient data, so your internal email server will need to be able to > do > that. Ours is Exchange, which does. > I have a Zimbra server which, of course, runs openldap and I *used* to do dynamic LDAP look ups to see if user accounts were valid from my MS/Postfix gateway. It worked well, but I have since changed to *not* use LDAP dynamically because whenever I do maintenance on the zimbra box, the gateway box cannot validate users and therefor bounces mail. Not good. I now have a script that runs every hour and it does an LDAP lookup and dumps all valid user account names into a file that then gets hashed for postfix to look up. Now I can leave the zimbra machine (vm) down for any amount of time during the night to take a 'cold' backup of it, without worrying about bouncing emails. Cheers, Brian. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.list at pixelhammer.com Sat Mar 29 05:14:06 2008 From: dave.list at pixelhammer.com (DAve) Date: Sat Mar 29 05:14:48 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> Message-ID: <47EDD01E.4050109@pixelhammer.com> Scott Silva wrote: > This just reinforces my previous statement that many people don't even > pay attention to this list unless they have a problem. > > > > Come on people! Pay attention! There is a lot of good stuff pouring from > some of the fine minds on this list. > Look. > Listen. > Pay attention. > You will be a better admin for your users, and your job will be easier. > You might even catch problems and fix them BEFORE the boss is calling you! > > Then when you have these super skills, you can give back by helping with > some of the questions and leave more time for Julian and the many other > contributors to sharpen MailScanner to an even finer edge!!! > > > If anyone else asks about ordb, I say we politely ask the IP of the server in question, for troubleshooting purposes ya know, and then block it. Not certain I want to accept connections from anyone who has not looked at their server logs in months. > > Have a great weekend people!!! > Out of state for a night, Hotel suite! Cable! Room service! On my wife's employers dime! Can I get a hey yea on that? Of course I will have my cell, my wireless card, and my laptop. Spammers never sleep 8^( DAve -- In 50 years, our descendants will look back on the early years of the internet, and much like we now look back on men with rockets on their back and feathers glued to their arms, marvel that we had the intelligence to wipe the drool from our chins. From hvdkooij at vanderkooij.org Sat Mar 29 07:45:35 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 07:47:05 2008 Subject: Watermarking SOLVED In-Reply-To: <030501c8901c$cb92d1e0$62b875a0$@co.uk> References: <00ef01c88fef$40bf3e50$c23dbaf0$@co.uk> <028b01c89014$44b18750$ce1495f0$@co.uk> <030501c8901c$cb92d1e0$62b875a0$@co.uk> Message-ID: <47EDF39F.5050301@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Houselander (SME) wrote: | Feel like jumping off a cliff! | | Solved my problem I was using a yahoo mail address to do my testing, ive | just figured out that when you look at the message headers in yahoo mail | they actually filter out a lot of them. | | It's been working from the very 1st mail I sent! | | Best part of a day to figure that one out, think I may give up the day job! Yahoo is evil. I have stopped accepting email from them. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fOeBvzDRVjxmYERAhiNAJ9c12iO7ksja5nsMMHYExFSLEnTZACgmxyY UtqXS9JRGmfLcN12MvUlBAo= =gNn2 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 07:53:17 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 07:53:53 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <47EDD01E.4050109@pixelhammer.com> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> <47EDD01E.4050109@pixelhammer.com> Message-ID: <47EDF56D.5020009@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DAve wrote: | Out of state for a night, Hotel suite! Cable! Room service! On my wife's | employers dime! Can I get a hey yea on that? Hmm. Wife + hotel suite. Why do you need anything else at all? Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fVsBvzDRVjxmYERAgwjAKCI+himBHyMlOX6W0Flkk2xXOyZoACgtPnu tYzxEGumTACfGlTOeGcfSnQ= =f67z -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 07:55:21 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 07:55:50 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328011738.GA16145@mitch-it.nl> <25792.195.25.100.21.1206705115.squirrel@serwou.no-ip.org> Message-ID: <47EDF5E9.9010306@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 L.M.J. wrote: |> Hi, |> |> Remove the ORDB RBL from your configuration and it should work fine again. | | In my mailscanner.conf, I have this line "Spam List = ORDB-RBL SBL+XBL" | Should I keep "SBL+XBL" or not ("Spam List = SBL+XBL") ? If you need to ask you are not paying attention to you logs. I admit looking at logs is no fun to do it manually so write up scripts to do the hard work for you. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fXnBvzDRVjxmYERAnZaAJ46KYzgJYr54r3ISsjMpcEYmMYXIQCeNlj5 2CK3tV2tpLbkaOcVEM1Z2Qg= =TVWs -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:00:24 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:01:06 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47ECA01E.61A4.0000.0@caspercollege.edu> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> <47EC09F9.4000006@ecs.soton.ac.uk> <47EC647B.9010700@bytesinteractive.com><47EC647B.9010700@bytesinteractive.com> <47ECC512.9030200@nerc.ac.uk> <47ECA01E.61A4.0000.0@caspercollege.edu> Message-ID: <47EDF718.10101@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Straka wrote: | Wouldn't it be easier to add this to your spam.blacklist.rules? | | From: uucp@* yes | From: mail@* yes It might be easier for you. But not easier on your system. Anything that you can bash away at the MTA level should be done there. Don't even wake up MailScanner to do a job your MTA can do reliably. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fcWBvzDRVjxmYERAv1eAJ0fmQj7iUrCz+5YHEuz8M+gvwhwFwCdHMPB aztDUEmc0rvLZ5ac5vMlVKo= =sGPE -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:08:25 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:09:18 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED34A4.3080202@cnpapers.com> References: <47ED0443.6030502@cnpapers.com> <47ED0851.9090807@farrows.org> <47ED269E.9090403@evi-inc.com> <47ED2A45.2080605@farrows.org> <47ED34A4.3080202@cnpapers.com> Message-ID: <47EDF8F9.5040106@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Campbell wrote: ~ > I have to agree with you on your "thinking" part. I sort of ask this | question originally to verify what I thought I knew to be fact, but as | usual, I'm having to rethink my conceptual ideas. | | I did try to change all of my DISCARDs to REJECTs to see if there was an | immediate difference. I seem to have a small problem of slowness | whenever I get bombarded with hundreds of spams. Today was a good day to | test my changes, as I had quite a few in incoming, and was already | monitoring my LA. I was hoping to see my backup of incoming messages | drop a little faster along with a reduced LA once I used REJECT based on | the fact that I would spend less time on new emails arriving for the | incoming queue. After rehashing the access file, it showed no | improvement, so I'm not sure whether there is an advantage or not, so I | changed them all back to DISCARDs. Only for the simple reason that | Friday is not a good day to make changes and leave for the weekend. | | I have to thank everyone, though, for all of the thought provoking ideas. Wether you DISCARD or REJECT them is propably not that much of a difference on your system. The main load will not be your MTA. MS, SA and friends eat up much more resources. But the argument in favor for RECJECT is bandwidth. And some relay test that will not get a REJECT will considere your system open and send you even more rubbish. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fj3BvzDRVjxmYERAqPWAJ9dSBdSmXzxOw3Gz3q0jRnlVe8x6wCfYR8m esdSi3T0WmDx87ZCMfnebD0= =zbOs -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:11:47 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:12:21 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2703.4030802@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> Message-ID: <47EDF9C3.6040103@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt Kettler wrote: | Peter Farrow wrote: | |>> Steve. |> If you reject, and its spoofed you'll get it back anyway, so you end |> up receiving and then storing it in the postmaster address, it is |> always best to discard in this scenario...or even worse bouncing it again |> | | Stop confusing REJECT with post delivery bouncing :) See my other post | in this thread. There is one point to take in account. REJECT works great if the spammers delivers directly. But if you get it through an open relay the whole notification game goes into play. Hugo - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fnCBvzDRVjxmYERApjBAKCqYv3DRmwuLLWgtft7hYVNM8rwXACglkB2 /LgXHAE28hd1D+H5xiTN1CQ= =V0Bs -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:19:06 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:19:36 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: References: Message-ID: <47EDFB7A.80603@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcel Blenkers wrote: | Hi there, | | this question is really easy..i guess.. .) | | As i am now using SMTP Auth and got almost every user on the system to do | so, i would love to skip those mails, sended by those users who used smtp | auth, for scanning. | | Means, | | a user sends a mail with smtp auth and the mail will go through unscanned. | Or do you think this is a bad idea? | | Any advice is welcome :) I have been thinking about this myself. One of the requirements would be ~ proper control on your users and another one would be to require TLS so this information does not go out in the clear. I have not yet taken time to investigate enough to see if I can make it work. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7ft5BvzDRVjxmYERAlHUAJsFisKfd2g8hiwkabQBt0PBI/P8ygCePBXX DUFqNihJQStLymDRVXpIZdI= =Rzts -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:23:42 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:24:20 2008 Subject: preventing backscatter at the source In-Reply-To: References: <47ED5120.1030408@fsl.com> Message-ID: <47EDFC8E.3020808@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: | Steve Freegard wrote: | |> 2) Don't run a secondary MX unless it is configured to reject exactly |> as the primary. |> A secondary MX delivering to the primary MX which does an SMTP |> rejection will cause the secondary MX to 'bounce' the message which is |> backscatter. | | Uh oh, this is a bit harder. I have my ISP functioning as my secondary | MX, so it really isn't under my control. I guess I could ask them if | they use milter-ahead or some other method. I have seen one ISP do a smart thing here. Their SMTP backup servers will monitor your system. Unless your system is down there is no need for them to accept email on your behalf. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7fyMBvzDRVjxmYERAoJcAJ4r1jJfltQj94C/mIdsQBd8WBF7WQCeL4yd f68ftOoOVDJ1if4wjTPc2V4= =7wV3 -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:27:52 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:28:50 2008 Subject: preventing backscatter at the source In-Reply-To: References: <47ED5120.1030408@fsl.com> <20080329002942.GA1232@msapiro> Message-ID: <47EDFD88.1040401@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Nienberg wrote: | Mark Sapiro wrote: | |> The anti-backscatter militants will tell you you just can't have a |> backup MX unless it always has access to your user database. Since |> mail never goes to your backup unless your primary is down, there's |> no way the backup can call forward to the primary to validate an |> address. But, the bright side of this is you are just rejecting the |> backup's mail at SMTP time, so the backscatter DSN is the ISP's |> problem ;) | | Interesting. A lot of spammers seem to send deliberately to secondary | or teriary MXs instead of the primary even when the primary is up and | running, in hopes of that it will not be as well protected. So most of | the time the backup at my ISP could call forward (but I doubt that it | is, I'll have to check). There are some ways to defeating this. They started by picking the worst MX record. So add your own server as worst record and these messages are are toast again. Then they started to do the random thing. So now you just add more worse case entries that point back to aliases and they propably will hit you instead of your backup. It just becomes a number game. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7f2HBvzDRVjxmYERAn2yAKCHODkB9nnocBGwZoPZcCq+P8r1VwCfYxQK xgp2Lc1W0HT37qJEWIpW7bg= =WtIq -----END PGP SIGNATURE----- From hvdkooij at vanderkooij.org Sat Mar 29 08:33:08 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 08:33:50 2008 Subject: preventing backscatter at the source In-Reply-To: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> Message-ID: <47EDFEC4.10306@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Our MailScanner believes that the attachment to this message sent to you | | From: alex@nkpanama.com | Subject: Re: preventing backscatter at the source | | is Unsolicited Commercial Email (spam). Unless you are sure that this message | is incorrectly thought to be spam, please delete this message without opening | it. Opening spam messages might allow the spammer to verify your email | address. Well, This proves that some people are able to commit a capital SMTP offence by using MS and configure it incorrectly. Jules: You have my vote in favor of permanent removal of the list of the offender. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7f7CBvzDRVjxmYERAn2LAKC3CGTuqQpRIjuYDu72Kj3jpdochQCeOEof NtPv7NsaGdJcdRwowQW7xp8= =lAfT -----END PGP SIGNATURE----- From linuxmasterjedi at free.fr Sat Mar 29 09:56:47 2008 From: linuxmasterjedi at free.fr (L.M.J) Date: Sat Mar 29 09:57:17 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> Message-ID: <20080329105647.0d3e48b6@netstation.linuxnetwork.local> Le Fri, 28 Mar 2008 16:16:14 -0700, Scott Silva a ?crit : > This just reinforces my previous statement that many people don't even pay > attention to this list unless they have a problem. > > > > Come on people! Pay attention! There is a lot of good stuff pouring from some > of the fine minds on this list. > Look. > Listen. > Pay attention. > You will be a better admin for your users, and your job will be easier. > You might even catch problems and fix them BEFORE the boss is calling you! > > Then when you have these super skills, you can give back by helping with some > of the questions and leave more time for Julian and the many other > contributors to sharpen MailScanner to an even finer edge!!! > > > you are totally right rant but you should also know i'm trying to pay attention at a couple of mailing-list + maitain a quite huge quantity of Linux / SunOS / AIX servers running a bunch of service who could be Apache, MySQL, Oracle, SAP, MailScanner ;), NFS shares, FTP servers, Samba servers, maintenance scripts and so soon. At least, I have been the first to notify emails was all marked as SPAM Thanks for the help, the problem is solved! Glad to use this software & OSS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080329/11a497e8/signature.bin From alex at nkpanama.com Sat Mar 29 14:16:26 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sat Mar 29 15:03:16 2008 Subject: preventing backscatter at the source In-Reply-To: <47EDFEC4.10306@vanderkooij.org> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> <47EDFEC4.10306@vanderkooij.org> Message-ID: <528C2D05-8962-4DCE-BC29-E6C753889604@nkpanama.com> Come on... like you've never forgotten to put someone important or your whitelist... Or sent a message from a less-than-reputable-IP... :D It's not configured incorrectly, it's not configured correctly enough! :D On Mar 29, 2008, at 3:33 AM, Hugo van der Kooij wrote: > Well, This proves that some people are able to commit a capital SMTP > offence by using MS and configure it incorrectly. > > Jules: You have my vote in favor of permanent removal of the list of > the > offender. > > Hugo. From MailScanner at ecs.soton.ac.uk Sat Mar 29 15:29:47 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 29 15:30:36 2008 Subject: preventing backscatter at the source In-Reply-To: <47ED97CF.2040003@fsl.com> References: <47ED5120.1030408@fsl.com> <20080329002942.GA1232@msapiro> <47ED97CF.2040003@fsl.com> Message-ID: <47EE606B.7050609@ecs.soton.ac.uk> Steve Freegard wrote: > Mark Nienberg wrote: >> Interesting. A lot of spammers seem to send deliberately to >> secondary or teriary MXs instead of the primary even when the primary >> is up and running, in hopes of that it will not be as well protected. > > Yes - been doing that for years now. It's a real pain if you use > DNSBLs on the primary and the ISP secondary doesn't use any as the > secondary then becomes the source of all your spam which you can't > then reject via DNSBLs as the connecting IP is the secondary. I believe that SpamAssassin will check all the Received: headers, not just the IP address of the box that started the SMTP connection to your MX. But you can't do it in "Spam List =" settings. > > I don't advocate backup MXes at all any more, you might as well just > add another equal MX and configure it in the same way as the primary > and have it forward messages directly to the mail store. I have 1 use for a backup MX (or 2 MXs in my case). Unless your primary MXs are *all* down, your backup MX should only receive spam (99% true). So it doesn't matter too much if your backup MXs cannot quite keep up with mail during the working day, as most people don't care much exactly what time their spam is deleted for them. So if some of your mail servers are old and relatively slow, setting them to be high-cost backup MXs is quie a good use for them. I have 2 MX records, one pointing to mx.mydomain.com and one pointing to backup-mx.mydomain.com. The mx.mydomain.com has 4 A records for it, which are roughly equal machines, nice and fast. The backup-mx.mydomain.com has 2 A records for it, which are roughly equal machines, but old and fairly slow. This means that all the machines are working quite hard for the supper, but you don't get some of your real (wanted) incoming mail being held up for an hour just because it randomly happened to hit an old slow MX server. The interesting bits of a "dig ecs.soton.ac.uk MX" produces this: ;; ANSWER SECTION: ecs.soton.ac.uk. 3600 IN MX 5 mx.ecs.soton.ac.uk. ecs.soton.ac.uk. 3600 IN MX 10 mxbackup.ecs.soton.ac.uk. ;; ADDITIONAL SECTION: mx.ecs.soton.ac.uk. 3600 IN A 152.78.71.14 mx.ecs.soton.ac.uk. 3600 IN A 152.78.71.210 mx.ecs.soton.ac.uk. 3600 IN A 152.78.68.132 mx.ecs.soton.ac.uk. 3600 IN A 152.78.68.137 mx.ecs.soton.ac.uk. 3600 IN AAAA 2001:630:d0:f102:21e:c9ff:fe2b:9b4c mx.ecs.soton.ac.uk. 3600 IN AAAA 2001:630:d0:f110:21a:a0ff:fe16:2a9e mx.ecs.soton.ac.uk. 3600 IN AAAA 2001:630:d0:f110:21e:c9ff:fe2b:a7d5 mx.ecs.soton.ac.uk. 3600 IN AAAA 2001:630:d0:f102:21a:a0ff:fe14:ab9d mxbackup.ecs.soton.ac.uk. 3600 IN A 152.78.71.84 mxbackup.ecs.soton.ac.uk. 3600 IN A 152.78.68.178 And yes, I know there currently aren't any IPv6 mxbackup machines :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sat Mar 29 15:41:26 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sat Mar 29 15:42:34 2008 Subject: preventing backscatter at the source In-Reply-To: <528C2D05-8962-4DCE-BC29-E6C753889604@nkpanama.com> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> <47EDFEC4.10306@vanderkooij.org> <528C2D05-8962-4DCE-BC29-E6C753889604@nkpanama.com> Message-ID: <47EE6326.1090504@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Neuman wrote: | Come on... like you've never forgotten to put someone important or your | whitelist... Or sent a message from a less-than-reputable-IP... :D | | It's not configured incorrectly, it's not configured correctly enough! :D If you use the sender info in ANY spam message after you did content scanning and send a reply then you have a major problem in your config. There is no valid reason what so ever to bugger a sender about spam. With spam you got the following options if you do content scanning: ~ - discard it (with or without logging) ~ - quarantine it ~ - tag it ~ - just let it pass Warning a sender when fake senders is as close to 100% as one can get is simply sending out spam. If that is your config you might as well send spam of your own and make a few bucks. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH7mMjBvzDRVjxmYERAtPWAJ9MZ/5dAgHnFTiZRGim8UyZwneO7wCeMtcY qkO2VCXX2nvOz34YmiOloZk= =es2/ -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sat Mar 29 15:43:57 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 29 15:44:14 2008 Subject: preventing backscatter at the source In-Reply-To: <47EDFEC4.10306@vanderkooij.org> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> <47EDFEC4.10306@vanderkooij.org> Message-ID: <47EE63BD.10908@ecs.soton.ac.uk> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alex Neuman wrote: > | Our MailScanner believes that the attachment to this message sent to > you > | > | From: alex@nkpanama.com > | Subject: Re: preventing backscatter at the source > | > | is Unsolicited Commercial Email (spam). Unless you are sure that this > message > | is incorrectly thought to be spam, please delete this message without > opening > | it. Opening spam messages might allow the spammer to verify your email > | address. The "web bug" trap in MailScanner catches most of those and disables them. And since I got the anycast stuff up and running (thanks again, Matt!) it doesn't even hammer my web server any more. It's pretty effective. > > Well, This proves that some people are able to commit a capital SMTP > offence by using MS and configure it incorrectly. > > Jules: You have my vote in favor of permanent removal of the list of the > offender. Need to catch him at it again, just to be sure I've got the right address. > > Hugo. > > - -- > hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc > > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > > Bored? Click on http://spamornot.org/ and rate those images. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > > iD8DBQFH7f7CBvzDRVjxmYERAn2LAKC3CGTuqQpRIjuYDu72Kj3jpdochQCeOEof > NtPv7NsaGdJcdRwowQW7xp8= > =lAfT > -----END PGP SIGNATURE----- Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simon at kmun.gov.kw Sat Mar 29 16:03:34 2008 From: simon at kmun.gov.kw (Benedict simon) Date: Sat Mar 29 15:49:31 2008 Subject: gettin all mails blacklisted by relays.ordb.org Message-ID: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> Dear All, i m sorry if i post this to the wrong post but really apprecite your help guys I had the following config for past year working perfectly fine Centos 5.0 DNS server + sendmail on the same server sendmail ver 8.13.8-2.el5 Mailscanner ver 4.66.5 In my sendmail.mc file i had the following RBLs FEATURE(`dnsbl',`relays.ordb.org')dnl FEATURE(`dnsbl',`list.dsbl.org')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl this hs been workin perfectly for all this time for lmost a year but jus yesterday i see that no mails being received when i check the maillog i saw the standard message Rejected: 92.83.138.190 listed at relays.ordb.org which is normal message if the IP is actually listed in the above server. also i found that no mails were recived for almost about 12 hrs so i send a mail from my server to my yahoo ccount and it was received perfectly but when i sent a mail from my yahoo account to my local account the mail bounced back saying that Rejected: xx.xx.xx.xx listed at relays.ordb.org xx.xx.xx.xx is the ip of the yahoo server i then tried to send from my hotmail account and again the mail bounce back with a similar error .. tht is listed at relays.ordb.org 1) now is the relays.ordb.org server has a problem or down 2) or wht else could be the problem i have temprory commented the Faeture statement for relays.ordb.org keeping the other 2 RBL servers enabled rebuilt the sendmail.cf file and restarted mailscanner and now the mails are being recived perfect appreciate your help Regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 29 15:53:52 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 29 15:54:38 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <20080329105647.0d3e48b6@netstation.linuxnetwork.local> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> <20080329105647.0d3e48b6@netstation.linuxnetwork.local> Message-ID: <47EE6610.5050403@ecs.soton.ac.uk> L.M.J wrote: > Le Fri, 28 Mar 2008 16:16:14 -0700, > Scott Silva a ?crit : > > >> This just reinforces my previous statement that many people don't even pay >> attention to this list unless they have a problem. >> >> >> >> Come on people! Pay attention! There is a lot of good stuff pouring from some >> of the fine minds on this list. >> Look. >> Listen. >> Pay attention. >> You will be a better admin for your users, and your job will be easier. >> You might even catch problems and fix them BEFORE the boss is calling you! >> >> Then when you have these super skills, you can give back by helping with some >> of the questions and leave more time for Julian and the many other >> contributors to sharpen MailScanner to an even finer edge!!! >> >> >> >> > > you are totally right rant but you should also know i'm trying to pay attention at a couple of mailing-list + > maitain a quite huge quantity of Linux / SunOS / AIX servers running a bunch of service who could be Apache, > MySQL, Oracle, SAP, MailScanner ;), NFS shares, FTP servers, Samba servers, maintenance scripts and so soon. > At least, I have been the first to notify emails was all marked as SPAM > > Thanks for the help, the problem is solved! Glad to use this software & OSS > I'm just glad to hear we got the problem fixed for you. But, in future, please spend 5 minutes searching the mailing list archives. Googling for "mailscanner mailing list archive" took me straight to the list archive, and just cruising this month's Subject: lines very quickly led to the answer. Took about 2 minutes in total. Thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Sat Mar 29 15:56:34 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sat Mar 29 15:59:47 2008 Subject: Work dir permissions error on --lint Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> I've an odd error, and so far can't seem to track down cause... MailScanner 4.67.6 on postfix with clamd as virus scanner on a Centos 5.1 machine I'm working on a script to update the postfix and MailScanner config on a couple of remote servers once I've configured it correctly on the first server. When I run a MailScanner -lint from the script file I get the following in the output. ------------------------------------- SpamAssassin temp dir = /tmp/SpamAssassin-Temp SpamAssassin reported no errors. Cannot create temporary Work Dir /6203. Are the permissions and ownership of correct? at /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 -------------------------------------- It works fine when run from command line. I've the incoming work dir settings as below. I run clamd under the postfix user as it seemed to work that way and has been working properly for a while.. Incoming Work Dir = /tmp Incoming Work User = postfix Incoming Work Group = postfix Incoming Work Permissions = 0640 Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080329/5810f3c0/attachment.html From csweeney at osubucks.org Sat Mar 29 16:35:19 2008 From: csweeney at osubucks.org (Chris Sweeney) Date: Sat Mar 29 16:36:03 2008 Subject: gettin all mails blacklisted by relays.ordb.org Message-ID: <200803291635.m2TGZ3Ax003615@stewie.osubucks.org> It would be if ordb was still valid remove it and you will be fine -----Original Message----- From: Benedict simon Sent: Saturday, March 29, 2008 12:03 PM To: mailscanner@lists.mailscanner.info Subject: gettin all mails blacklisted by relays.ordb.org Dear All, i m sorry if i post this to the wrong post but really apprecite your help guys I had the following config for past year working perfectly fine Centos 5.0 DNS server + sendmail on the same server sendmail ver 8.13.8-2.el5 Mailscanner ver 4.66.5 In my sendmail.mc file i had the following RBLs FEATURE(`dnsbl',`relays.ordb.org')dnl FEATURE(`dnsbl',`list.dsbl.org')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl this hs been workin perfectly for all this time for lmost a year but jus yesterday i see that no mails being received when i check the maillog i saw the standard message Rejected: 92.83.138.190 listed at relays.ordb.org which is normal message if the IP is actually listed in the above server. also i found that no mails were recived for almost about 12 hrs so i send a mail from my server to my yahoo ccount and it was received perfectly but when i sent a mail from my yahoo account to my local account the mail bounced back saying that Rejected: xx.xx.xx.xx listed at relays.ordb.org xx.xx.xx.xx is the ip of the yahoo server i then tried to send from my hotmail account and again the mail bounce back with a similar error .. tht is listed at relays.ordb.org 1) now is the relays.ordb.org server has a problem or down 2) or wht else could be the problem i have temprory commented the Faeture statement for relays.ordb.org keeping the other 2 RBL servers enabled rebuilt the sendmail.cf file and restarted mailscanner and now the mails are being recived perfect appreciate your help Regards simon -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Sat Mar 29 16:47:57 2008 From: steve.swaney at fsl.com (Stephen Swaney) Date: Sat Mar 29 16:48:39 2008 Subject: gettin all mails blacklisted by relays.ordb.org In-Reply-To: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> Message-ID: <2edd01c891bc$a487edf0$ed97c9d0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Benedict simon > Sent: Saturday, March 29, 2008 12:04 PM > To: mailscanner@lists.mailscanner.info > Subject: gettin all mails blacklisted by relays.ordb.org > > > Dear All, > > i m sorry if i post this to the wrong post but really apprecite your > help > guys > > I had the following config for past year working perfectly fine > > Centos 5.0 > DNS server + sendmail on the same server > > sendmail ver 8.13.8-2.el5 > Mailscanner ver 4.66.5 > > In my sendmail.mc file i had the following RBLs > > FEATURE(`dnsbl',`relays.ordb.org')dnl > FEATURE(`dnsbl',`list.dsbl.org')dnl > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl > > this hs been workin perfectly for all this time for lmost a year but > jus > yesterday i see that no mails being received > > when i check the maillog i saw the standard message > > Rejected: 92.83.138.190 listed at relays.ordb.org which is normal > message > if the IP is actually listed in the above server. > also i found that no mails were recived for almost about 12 hrs > so i send a mail from my server to my yahoo ccount and it was received > perfectly but when i sent a mail from my yahoo account to my local > account > the mail bounced back saying that > > Rejected: xx.xx.xx.xx listed at relays.ordb.org > > xx.xx.xx.xx is the ip of the yahoo server > > i then tried to send from my hotmail account and again the mail bounce > back with a similar error .. tht is listed at relays.ordb.org > > 1) now is the relays.ordb.org server has a problem or down > 2) or wht else could be the problem > > i have temprory commented the Faeture statement for relays.ordb.org > keeping the other 2 RBL servers enabled rebuilt the sendmail.cf file > and > restarted mailscanner and now the mails are being recived perfect > > appreciate your help > > Regards > > simon Remove: FEATURE(`dnsbl',`relays.ordb.org')dnl Steve Steve Swaney steve@fsl.com From simon at kmun.gov.kw Sat Mar 29 17:24:32 2008 From: simon at kmun.gov.kw (Benedict simon) Date: Sat Mar 29 17:10:18 2008 Subject: gettin all mails blacklisted by relays.ordb.org In-Reply-To: <2edd01c891bc$a487edf0$ed97c9d0$@swaney@fsl.com> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <2edd01c891bc$a487edf0$ed97c9d0$@swaney@fsl.com> Message-ID: <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> > > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Benedict simon >> Sent: Saturday, March 29, 2008 12:04 PM >> To: mailscanner@lists.mailscanner.info >> Subject: gettin all mails blacklisted by relays.ordb.org >> >> >> Dear All, >> >> i m sorry if i post this to the wrong post but really apprecite your >> help >> guys >> >> I had the following config for past year working perfectly fine >> >> Centos 5.0 >> DNS server + sendmail on the same server >> >> sendmail ver 8.13.8-2.el5 >> Mailscanner ver 4.66.5 >> >> In my sendmail.mc file i had the following RBLs >> >> FEATURE(`dnsbl',`relays.ordb.org')dnl >> FEATURE(`dnsbl',`list.dsbl.org')dnl >> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl >> >> this hs been workin perfectly for all this time for lmost a year but >> jus >> yesterday i see that no mails being received >> >> when i check the maillog i saw the standard message >> >> Rejected: 92.83.138.190 listed at relays.ordb.org which is normal >> message >> if the IP is actually listed in the above server. >> also i found that no mails were recived for almost about 12 hrs >> so i send a mail from my server to my yahoo ccount and it was received >> perfectly but when i sent a mail from my yahoo account to my local >> account >> the mail bounced back saying that >> >> Rejected: xx.xx.xx.xx listed at relays.ordb.org >> >> xx.xx.xx.xx is the ip of the yahoo server >> >> i then tried to send from my hotmail account and again the mail bounce >> back with a similar error .. tht is listed at relays.ordb.org >> >> 1) now is the relays.ordb.org server has a problem or down >> 2) or wht else could be the problem >> >> i have temprory commented the Faeture statement for relays.ordb.org >> keeping the other 2 RBL servers enabled rebuilt the sendmail.cf file >> and >> restarted mailscanner and now the mails are being recived perfect >> >> appreciate your help >> >> Regards >> >> simon > > Remove: > > FEATURE(`dnsbl',`relays.ordb.org')dnl > > Steve > > Steve Swaney > steve@fsl.com Thanks steve for ur quick reply I had already removed the feature statement for relays.ordb.org earlier as i have metioned above in my post and after tht it was workin fine but i would like to know why it was workin earlier for almost a year and suddenly relays.ordb.org start to give problem and also i do have the 2 RBLS now instead of 3 FEATURE(`dnsbl',`list.dsbl.org')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl apprecite your help regards simon > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sat Mar 29 17:13:57 2008 From: mark at msapiro.net (Mark Sapiro) Date: Sat Mar 29 17:14:40 2008 Subject: preventing backscatter at the source In-Reply-To: <47EE6326.1090504@vanderkooij.org> Message-ID: Hugo van der Kooij wrote: > >Alex Neuman wrote: >| Come on... like you've never forgotten to put someone important or your >| whitelist... Or sent a message from a less-than-reputable-IP... :D >| >| It's not configured incorrectly, it's not configured correctly enough! :D > >If you use the sender info in ANY spam message after you did content >scanning and send a reply then you have a major problem in your config. > >There is no valid reason what so ever to bugger a sender about spam. I think you are misinterpreting what happened. If you look carefully at the message (archived at ), I think you'll see that he did not bounce a list message. He replied to a list message and his reply was flagged by MailScanner on the way out so the notice we received (with his reply attached) was a notice to the recipient, not a bounce to the sender. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shuttlebox at gmail.com Sat Mar 29 17:27:58 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Mar 29 17:28:32 2008 Subject: gettin all mails blacklisted by relays.ordb.org In-Reply-To: <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> Message-ID: <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon wrote: > but i would like to know why it was workin earlier for almost a year > and suddenly relays.ordb.org start to give problem Because ORDB has not been working for 15 months and to stop people like you from using it forever they finally delivered hits on every query. Woke you up, didn't it? :-) http://it.slashdot.org/article.pl?sid=08/03/25/2124224 -- /peter From simon at kmun.gov.kw Sat Mar 29 18:19:42 2008 From: simon at kmun.gov.kw (Benedict simon) Date: Sat Mar 29 18:05:28 2008 Subject: thnkss guys In-Reply-To: <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> Message-ID: <4191.91.198.134.226.1206814782.squirrel@webmail.baladia.gov.kw> > On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon wrote: >> but i would like to know why it was workin earlier for almost a year >> and suddenly relays.ordb.org start to give problem > > Because ORDB has not been working for 15 months and to stop people > like you from using it forever they finally delivered hits on every > query. Woke you up, didn't it? :-) > > http://it.slashdot.org/article.pl?sid=08/03/25/2124224 > Dear Peter, Thnks a lot for the reply honestly guess it really woke me up simon smiles n thnks to the link also btw do you have any good RBL servers i cd include in my Sendmail config thnksss n really apprecite > -- > /peter > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 29 18:54:29 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 29 18:55:20 2008 Subject: Work dir permissions error on --lint In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> Message-ID: <47EE9065.3060706@ecs.soton.ac.uk> Jason Ede wrote: > > I?ve an odd error, and so far can?t seem to track down cause... > > MailScanner 4.67.6 on postfix with clamd as virus scanner on a Centos > 5.1 machine > > I?m working on a script to update the postfix and MailScanner config > on a couple of remote servers once I?ve configured it correctly on the > first server. When I run a MailScanner ?lint from the script file I > get the following in the output. > > ------------------------------------- > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > SpamAssassin reported no errors. > > Cannot create temporary Work Dir /6203. Are the permissions and > ownership of correct? at > That /6203 is definitely wrong. You're missing a directory setting somewhere. It should be trying to create it under /var/spool/MailScanner/incoming. > > /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 > > -------------------------------------- > > It works fine when run from command line. I?ve the incoming work dir > settings as below. I run clamd under the postfix user as it seemed to > work that way and has been working properly for a while.. > > Incoming Work Dir = /tmp > Put that setting back the way you found it, i.e. /var/spool/MailScanner/incoming. Follow the instructions on the website or in the wiki to the letter to start with. Once you've got it all going fine, then and only then can you start tweaking stuff :-) > > Incoming Work User = postfix > > Incoming Work Group = postfix > > Incoming Work Permissions = 0640 > I would try 0644 as otherwise you might hit trouble with clamd not being able to access the extracted attachment. Again, start tweaking later. > > Any ideas? > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Mar 29 19:00:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Mar 29 19:00:51 2008 Subject: thnkss guys In-Reply-To: <4191.91.198.134.226.1206814782.squirrel@webmail.baladia.gov.kw> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> <4191.91.198.134.226.1206814782.squirrel@webmail.baladia.gov.kw> Message-ID: <47EE91D0.7050206@ecs.soton.ac.uk> Benedict simon wrote: >> On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon wrote: >> >>> but i would like to know why it was workin earlier for almost a year >>> and suddenly relays.ordb.org start to give problem >>> >> Because ORDB has not been working for 15 months and to stop people >> like you from using it forever they finally delivered hits on every >> query. Woke you up, didn't it? :-) >> >> http://it.slashdot.org/article.pl?sid=08/03/25/2124224 >> >> > > Dear Peter, > > Thnks a lot for the reply > > honestly guess it really woke me up > > simon smiles > n thnks to the link also > > btw do you have any good RBL servers i cd include in my Sendmail config > Take a good look at any of the Spamhaus lists. Start at www.spamhaus.org. Beware, however, that you are only allowed to use their lists directly (and for free) if you do a small number of checks per day. If you use it too much, they will block your access and request that you pay for a subscription. If you find that is too expensive, look at spending the money on a copy of BarricadeMX from www.fsl.com instead, it works out about the same cost for a lot of people and does a much better job of removing spam. Cheers, Jules. > thnksss n really apprecite > > > >> -- >> /peter >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From bpirie at rma.edu Sat Mar 29 20:57:49 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Sat Mar 29 20:56:52 2008 Subject: How to check for existing mail accounts? In-Reply-To: References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> Message-ID: <47EEAD4D.2040200@rma.edu> Kevin Miller wrote: > Johnny Stork wrote: >> its sendmail >> >> Kevin Miller wrote: >>> Johnny Stork wrote: >>> >>>> I have noticed a large increase in the amount of spam coming in to >>>> MS (latest) running on CentOS 5 and many are coming into >>>> non-existent email accounts. Is there a check that can be done for >>>> the existence of an account first, and then if non-existent, block >>>> even before any scanning is done, let alone processing through MS. >>>> >>>> Thanks for any suggestions that anyone can give >>>> >>> What MTA are you using? You can run recipeint verification on >>> sendmail via milters, and I'm sure Postfix has similar >>> functionality... >>> >>> ...Kevin > > Then see http://smfs.sourceforge.net/smf-sav.html > > Note that this does both sender and recipient address verification. I > presume your gateway is forwarding on to another host where the > recipients actually reside. The milter uses ldap calls to get the > recipient data, so your internal email server will need to be able to do > that. Ours is Exchange, which does. > > HTH... > > ...Kevin Correction - smf-sav milter does not use ldap. It uses the call-ahead method, so ldap is not required (one of the reasons I chose it). Clarification - smf-sav milter is capable of doing both sender and recipient address verification. Sender verification can (and in many cases should) be disabled. Brendan From marcel-ml at irc-addicts.de Sat Mar 29 21:38:54 2008 From: marcel-ml at irc-addicts.de (Marcel Blenkers) Date: Sat Mar 29 21:41:33 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <47EDFB7A.80603@vanderkooij.org> References: <47EDFB7A.80603@vanderkooij.org> Message-ID: <55381.85.178.123.245.1206826734.squirrel@webmail.net-addicts.de> Hi there, > > I have been thinking about this myself. One of the requirements would be > ~ proper control on your users and another one would be to require TLS so > this information does not go out in the clear. > > I have not yet taken time to investigate enough to see if I can make it > work. thats all done on my server. I am running a server with up to 10 Users. Those users do login with SMTP Auth and this with tls. But, as they are using some dynamic ips, it could happen that their mail got blocked due to spamassassin and the different scan-tests i am running. I am not into running a rule with "from xy@dc.de yes" for no scanning or whitelisting, as i think it should be possible to get the server to accept their mails. But, when it is getting blocked and they have to login into the MailWatch-Webinterface to release their mails, they are asking why the heck the had to change the whole system, as it is not getting better.. Ok, if i tell them, due to greylisting pop-before-smtp is no option, the do calm down a bit..but not for long.. So, any kind of help would be really great Thanks in advance.. Marcel From edward at tdcs.com.au Sat Mar 29 22:49:45 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Sat Mar 29 22:51:10 2008 Subject: getting all mails blacklisted by relays.ordb.org In-Reply-To: <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> Message-ID: > On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon > wrote: > > but i would like to know why it was workin earlier for almost a year > > and suddenly relays.ordb.org start to give problem > > Because ORDB has not been working for 15 months and to stop people > like you from using it forever they finally delivered hits on every > query. Woke you up, didn't it? :-) > > http://it.slashdot.org/article.pl?sid=08/03/25/2124224 > > -- > /peter Hey guys, I'm really honestly am not digging up old trash, but can you guys help me to become a better admin? In relation to the various posts here regarding ordb (and myself getting caught out), I've seen various posts on this list (which is usually rather friendly) which are bordering on nasty saying "you should've known this was going to happen". Most of you guys mention that if we had have been monitoring our logs properly we could have prevented this. Now, I must first mention I agree - if something is preventable and I screw up I'm the first to admit it. But I have just flogged the hell out of ALL my mail logs (/etc/mail.*) and all the archived/rotated ones but I cannot find the warning about the black list going down. Now, I normally use Logwatch to monitor my logs, that certainly made no mention, and I cannot seems to find any reference to the ORDB in my other mail logs. Again, I'm not making excuses, let me make that really clear! I really do want to learn. I feel like a fool when I miss something and want to stop it from happening. Really. But I cannot seem to find this warning you guys mention. What do I need to change in my log setup to catch this kind of stuff? Where is it? Regards, Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From csweeney at osubucks.org Sat Mar 29 23:16:10 2008 From: csweeney at osubucks.org (Chris Sweeney) Date: Sat Mar 29 23:16:55 2008 Subject: getting all mails blacklisted by relays.ordb.org In-Reply-To: References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw><625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> Message-ID: <78F3693970F4451DB408D0123D755B9C@osubucks.org> Here is a simple and nice answer. If your using someone's service then you have a responsibility to subscribe to their mailing list so you can be kept up to date on what is going on with the service. If you had, you would have known over a year ago that the service was shutting down. Even if you had been subscribed to this list and reading emails you would have seen it posted back when they shut down and again this last week as a reminder. So short answer, if you don't stay educated and keep on top this happens. ----- Original Message ----- From: "Edward Dekkers" To: "'MailScanner discussion'" Sent: Saturday, March 29, 2008 6:49 PM Subject: RE: getting all mails blacklisted by relays.ordb.org >> On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon >> wrote: >> > but i would like to know why it was workin earlier for almost a year >> > and suddenly relays.ordb.org start to give problem >> >> Because ORDB has not been working for 15 months and to stop people >> like you from using it forever they finally delivered hits on every >> query. Woke you up, didn't it? :-) >> >> http://it.slashdot.org/article.pl?sid=08/03/25/2124224 >> >> -- >> /peter > > Hey guys, I'm really honestly am not digging up old trash, but can you > guys > help me to become a better admin? > > In relation to the various posts here regarding ordb (and myself getting > caught out), I've seen various posts on this list (which is usually rather > friendly) which are bordering on nasty saying "you should've known this > was > going to happen". > > Most of you guys mention that if we had have been monitoring our logs > properly we could have prevented this. > > Now, I must first mention I agree - if something is preventable and I > screw > up I'm the first to admit it. > > But I have just flogged the hell out of ALL my mail logs (/etc/mail.*) and > all the archived/rotated ones but I cannot find the warning about the > black > list going down. > > Now, I normally use Logwatch to monitor my logs, that certainly made no > mention, and I cannot seems to find any reference to the ORDB in my other > mail logs. > > Again, I'm not making excuses, let me make that really clear! I really do > want to learn. I feel like a fool when I miss something and want to stop > it > from happening. Really. > > But I cannot seem to find this warning you guys mention. > > What do I need to change in my log setup to catch this kind of stuff? > Where > is it? > > Regards, > Ed. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcastilloramos at yahoo.es Sun Mar 30 00:05:16 2008 From: rcastilloramos at yahoo.es (roberto martin castillo ramos) Date: Sun Mar 30 00:05:50 2008 Subject: i can not install mailscanner on whitebox Message-ID: <107701.26532.qm@web36415.mail.mud.yahoo.com> Hello i can not install mailscanner on whitebox, i used the recently package at mailscanner.info. please i need your help, is there some package for whitebox??? thanks --------------------------------- Enviado desde Correo Yahoo! Disfruta de una bandeja de entrada m?s inteligente.. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/dfc90cfe/attachment.html From ugob at lubik.ca Sun Mar 30 02:11:57 2008 From: ugob at lubik.ca (Ugo Bellavance) Date: Sun Mar 30 02:13:26 2008 Subject: i can not install mailscanner on whitebox In-Reply-To: <107701.26532.qm@web36415.mail.mud.yahoo.com> References: <107701.26532.qm@web36415.mail.mud.yahoo.com> Message-ID: roberto martin castillo ramos wrote: > Hello i can not install mailscanner on whitebox, i used the recently > package at mailscanner.info. > please i need your help, is there some package for whitebox??? > thanks It should work with the rpm package for RPM. What have you done to install it? By the way, I suggest you convert your system to centos to get security updates... WB is really slow on updates. Ugo From edward at tdcs.com.au Sun Mar 30 06:19:04 2008 From: edward at tdcs.com.au (Edward Dekkers) Date: Sun Mar 30 06:20:13 2008 Subject: getting all mails blacklisted by relays.ordb.org In-Reply-To: <78F3693970F4451DB408D0123D755B9C@osubucks.org> References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw><625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> <78F3693970F4451DB408D0123D755B9C@osubucks.org> Message-ID: > Here is a simple and nice answer. If your using someone's service then > you > have a responsibility to subscribe to their mailing list so you can be > kept > up to date on what is going on with the service. If you had, you would > have > known over a year ago that the service was shutting down. Even if you > had > been subscribed to this list and reading emails you would have seen it > posted back when they shut down and again this last week as a reminder. > So > short answer, if you don't stay educated and keep on top this happens. Thanks Chris. That was simple. Ed. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From simon at kmun.gov.kw Sun Mar 30 07:51:05 2008 From: simon at kmun.gov.kw (Benedict simon) Date: Sun Mar 30 07:36:49 2008 Subject: How to check for existing mail accounts? In-Reply-To: <47EEAD4D.2040200@rma.edu> References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> <47EEAD4D.2040200@rma.edu> Message-ID: <2211.91.198.134.42.1206859865.squirrel@webmail.baladia.gov.kw> > Kevin Miller wrote: >> Johnny Stork wrote: >>> its sendmail >>> >>> Kevin Miller wrote: >>>> Johnny Stork wrote: >>>> >>>>> I have noticed a large increase in the amount of spam coming in to >>>>> MS (latest) running on CentOS 5 and many are coming into >>>>> non-existent email accounts. Is there a check that can be done for >>>>> the existence of an account first, and then if non-existent, block >>>>> even before any scanning is done, let alone processing through MS. >>>>> >>>>> Thanks for any suggestions that anyone can give >>>>> >>>> What MTA are you using? You can run recipeint verification on >>>> sendmail via milters, and I'm sure Postfix has similar >>>> functionality... >>>> >>>> ...Kevin >> >> Then see http://smfs.sourceforge.net/smf-sav.html >> >> Note that this does both sender and recipient address verification. I >> presume your gateway is forwarding on to another host where the >> recipients actually reside. The milter uses ldap calls to get the >> recipient data, so your internal email server will need to be able to do >> that. Ours is Exchange, which does. >> >> HTH... >> >> ...Kevin > > Correction - smf-sav milter does not use ldap. It uses the call-ahead > method, so ldap is not required (one of the reasons I chose it). > > Clarification - smf-sav milter is capable of doing both sender and > recipient address verification. Sender verification can (and in many > cases should) be disabled. > > Brendan Thanks Brenden, I jus read ur reply to the above post and did get a some qucik ideas. I am using sendmail 8.13 and mailscanner + spamassassain + clamav and also squirrelmail can the above milters work with sendmail n mailscanner and will it be useful in addtion to my confguration apprecite your help and suggestion Thanks and regards simon > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Sun Mar 30 08:26:33 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sun Mar 30 08:27:21 2008 Subject: Work dir permissions error on --lint In-Reply-To: <47EE9065.3060706@ecs.soton.ac.uk> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> <47EE9065.3060706@ecs.soton.ac.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53989@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 29 March 2008 18:54 > To: MailScanner discussion > Subject: Re: Work dir permissions error on --lint > > > > Jason Ede wrote: > > > > I've an odd error, and so far can't seem to track down cause... > > > > MailScanner 4.67.6 on postfix with clamd as virus scanner on a Centos > > 5.1 machine > > > > I'm working on a script to update the postfix and MailScanner config > > on a couple of remote servers once I've configured it correctly on > the > > first server. When I run a MailScanner -lint from the script file I > > get the following in the output. > > > > ------------------------------------- > > > > SpamAssassin temp dir = /tmp/SpamAssassin-Temp > > > > SpamAssassin reported no errors. > > > > Cannot create temporary Work Dir /6203. Are the permissions and > > ownership of correct? at > > > That /6203 is definitely wrong. You're missing a directory setting > somewhere. It should be trying to create it under > /var/spool/MailScanner/incoming. > > > > /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 > > > > -------------------------------------- > > > > It works fine when run from command line. I've the incoming work dir > > settings as below. I run clamd under the postfix user as it seemed to > > work that way and has been working properly for a while.. > > > > Incoming Work Dir = /tmp > > > Put that setting back the way you found it, i.e. > /var/spool/MailScanner/incoming. Follow the instructions on the website > or in the wiki to the letter to start with. Once you've got it all > going > fine, then and only then can you start tweaking stuff :-) > > > > Incoming Work User = postfix > > > > Incoming Work Group = postfix > > > > Incoming Work Permissions = 0640 > > > I would try 0644 as otherwise you might hit trouble with clamd not > being > able to access the extracted attachment. Again, start tweaking later. > > > > Any ideas? > > > > Jules I've gone back through it and followed instructions in the Wiki. The weird thing is it seems that MailScanner --lint barfs if I run it from root's home dir, but works fine if I run it from somewhere else such as /etc/MailScanner... Must be something there causing it problems. Jason From mogens at fumlersoft.dk Sun Mar 30 09:26:29 2008 From: mogens at fumlersoft.dk (Mogens Melander) Date: Sun Mar 30 09:27:17 2008 Subject: Delete email starting with mail@, uucp@ In-Reply-To: <47EC0322.70600@bytesinteractive.com> References: <47EBE882.6000509@bytesinteractive.com> <47EBF948.9050106@evi-inc.com> <47EC0322.70600@bytesinteractive.com> Message-ID: <3136.90.184.19.31.1206865589.squirrel@mail.fumlersoft.dk> On Thu, March 27, 2008 22:27, David Jourard wrote: > Matt Kettler wrote: >> >> Then run make in /etc/mail/ directory to rebuild access.db from the >> access text file. > What command do I use. Is it makemap hash (like I've been doing for > virtualusertable). > > Do I need to restart MailScanner (which also restarts sendmail). > Put a Makefile like tist in your /etc/mail directory, issue the make command in that dir. This will update all .db's, and make sendmail reload it's config. No need for restarting MS as this is SM only config. /etc/mail/Makefile # To rebuild your sendmail configuration databases, run "make" # in this directory after making any changes. all: touchall access.db domaintable.db mailertable.db virtusertable.db aliases.db touchall: @touch access domaintable mailertable virtusertable aliases access.db: access @makemap hash access < access domaintable.db: domaintable @makemap hash domaintable < domaintable mailertable.db: mailertable @makemap hash mailertable < mailertable virtusertable.db: virtusertable @makemap hash virtusertable < virtusertable aliases.db: aliases @newaliases >> >> Poof, no more mail to or from that address will ever be accepted by >> your MTA. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandro at e-den.it Sun Mar 30 14:28:40 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Sun Mar 30 14:29:15 2008 Subject: wiki still suggesting ordb Message-ID: <20080330132840.GA8303@ubuntu> Hi, I noticed that wiki still suggests to set ORDB-RBL as the only spam-list. I guess it should be updated... but I don't know which one the wiki should suggest. http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow *:-) From sandro at e-den.it Sun Mar 30 14:52:02 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Sun Mar 30 14:52:36 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: References: Message-ID: <20080330135202.GA8057@ubuntu> On Fri, Mar 28, 2008 at 04:00:38PM +0100, Marcel Blenkers wrote: > Hi there, > > this question is really easy..i guess.. .) > > As i am now using SMTP Auth and got almost every user on the system to do > so, i would love to skip those mails, sended by those users who used smtp > auth, for scanning. > > Means, > > a user sends a mail with smtp auth and the mail will go through unscanned. > Or do you think this is a bad idea? I'm also interested in this. But... can we talk to the MTA if we put rbl at the MTA level as I do now? Does the MTA (postfix in my case) accept smtp auth from an rbld-ed IP? I have: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client sbl-xbl.spamhaus.org ... Does any 'permit' come *before* a 'reject'? How can I test (I gues I should setup a test zone in my dns configuration...)? After the MTA puts the message in the queue, I think there is no more evidence that it received the message via smtp-auth. So I guess it's the MTA that should take care not to handle it to mailscanner. If that's true I should turn /^Received:/ HOLD into a more sofisticated one that puts the flag only in case it has been received from an smtp authenticated connection. Does that make sense? sandro *:-) From hvdkooij at vanderkooij.org Sun Mar 30 14:58:49 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 30 14:59:55 2008 Subject: wiki still suggesting ordb In-Reply-To: <20080330132840.GA8303@ubuntu> References: <20080330132840.GA8303@ubuntu> Message-ID: <47EF9C99.5040308@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alessandro Dentella wrote: | Hi, | | I noticed that wiki still suggests to set ORDB-RBL as the only spam-list. | I guess it should be updated... but I don't know which one the wiki should | suggest. It should suggest none. It should explain how one must configure entries and perhaps show some examples with a clear warning that blacklists may come and go and you always need to verify things yourself. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH75yYBvzDRVjxmYERAkEzAJ9QZGCjlzGMJmYRYCQH1weYBdGGNQCgq/fZ cmRtk2rZzQFVSzdHPo5N2S0= =wUYq -----END PGP SIGNATURE----- From MailScanner at ecs.soton.ac.uk Sun Mar 30 16:03:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 30 16:04:12 2008 Subject: Work dir permissions error on --lint In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53989@server02.bhl.local> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> <47EE9065.3060706@ecs.soton.ac.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53989@server02.bhl.local> Message-ID: <47EFABBF.3040703@ecs.soton.ac.uk> Jason Ede wrote: >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >> bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: 29 March 2008 18:54 >> To: MailScanner discussion >> Subject: Re: Work dir permissions error on --lint >> >> >> >> Jason Ede wrote: >> >>> I've an odd error, and so far can't seem to track down cause... >>> >>> MailScanner 4.67.6 on postfix with clamd as virus scanner on a Centos >>> 5.1 machine >>> >>> I'm working on a script to update the postfix and MailScanner config >>> on a couple of remote servers once I've configured it correctly on >>> >> the >> >>> first server. When I run a MailScanner -lint from the script file I >>> get the following in the output. >>> >>> ------------------------------------- >>> >>> SpamAssassin temp dir = /tmp/SpamAssassin-Temp >>> >>> SpamAssassin reported no errors. >>> >>> Cannot create temporary Work Dir /6203. Are the permissions and >>> ownership of correct? at >>> >>> >> That /6203 is definitely wrong. You're missing a directory setting >> somewhere. It should be trying to create it under >> /var/spool/MailScanner/incoming. >> >>> /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 >>> >>> -------------------------------------- >>> >>> It works fine when run from command line. I've the incoming work dir >>> settings as below. I run clamd under the postfix user as it seemed to >>> work that way and has been working properly for a while.. >>> >>> Incoming Work Dir = /tmp >>> >>> >> Put that setting back the way you found it, i.e. >> /var/spool/MailScanner/incoming. Follow the instructions on the website >> or in the wiki to the letter to start with. Once you've got it all >> going >> fine, then and only then can you start tweaking stuff :-) >> >>> Incoming Work User = postfix >>> >>> Incoming Work Group = postfix >>> >>> Incoming Work Permissions = 0640 >>> >>> >> I would try 0644 as otherwise you might hit trouble with clamd not >> being >> able to access the extracted attachment. Again, start tweaking later. >> >>> Any ideas? >>> >>> >> Jules >> > > I've gone back through it and followed instructions in the Wiki. > > The weird thing is it seems that MailScanner --lint barfs if I run it from root's home dir, but works fine if I run it from somewhere else such as /etc/MailScanner... Must be something there causing it problems. > Do you have "." in your $PATH (do "echo $PATH" to show you)? If it is, remove it. It shouldn't be there. I can only assume there is something else called "MailScanner" in your root's home directory. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Mar 30 16:04:43 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 30 16:05:02 2008 Subject: wiki still suggesting ordb In-Reply-To: <20080330132840.GA8303@ubuntu> References: <20080330132840.GA8303@ubuntu> Message-ID: <47EFAC0B.2000608@ecs.soton.ac.uk> Alessandro Dentella wrote: > Hi, > > I noticed that wiki still suggests to set ORDB-RBL as the only spam-list. > I guess it should be updated... but I don't know which one the wiki should > suggest. > > http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow > > *:-) > In which case, why don't you register yourself on the wiki and fix it? That's the whole point of wikis, if you don't agree with something you can fix it yourself. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Sun Mar 30 16:39:48 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 30 16:40:53 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: References: Message-ID: <47EFB444.2020003@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcel Blenkers wrote: | As i am now using SMTP Auth and got almost every user on the system to do | so, i would love to skip those mails, sended by those users who used smtp | auth, for scanning. | | Means, | | a user sends a mail with smtp auth and the mail will go through unscanned. | Or do you think this is a bad idea? First off. Start by adding the details to your headers. Or to quote http://www.postfix.org/SASL_README.html: To report SASL login names in Received: message headers (Postfix version 2.3 and later): ~ /etc/postfix/main.cf: ~ smtpd_sasl_authenticated_header = yes Then you get a Receive: header like this: Received: from frodo.hugo.vanderkooij.org (hugovdkooij.xs4all.nl [82.95.223.25]) (Authenticated sender: hvdkooij@vanderkooij.org) by balin.waakhond.net (Postfix) with ESMTP id 7CA7E17E8F92 for ; Sun, 30 Mar 2008 16:38:56 +0200 (CEST) The order is important so SASL authenticated user can still originate from networks that are listed in RBL's in your postfix config. How to write something to exclude it from MailScanner alltogether is something I have not yet figured out. If I am not mistaken the following criteria must be met: ~ 1. It must be the only Received: header line. ~ 2. It must show it has done authentication on your own host. ~ 3. It must show an authenticated user. Given that postfix adds this line when it puts the file in the queue for ~ MS the decision must be made in MS. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH77RCBvzDRVjxmYERAlj0AJ9tqCdTn3kJLJIv+dd8dProIAE3CQCcC/Ji 9wKZkB4Kp5hZh86NFdYWuFE= =4ul6 -----END PGP SIGNATURE----- From alex at nkpanama.com Sun Mar 30 16:43:49 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Mar 30 16:44:22 2008 Subject: preventing backscatter at the source In-Reply-To: <47EE6326.1090504@vanderkooij.org> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> <47EDFEC4.10306@vanderkooij.org> <528C2D05-8962-4DCE-BC29-E6C753889604@nkpanama.com> <47EE6326.1090504@vanderkooij.org> Message-ID: <636D0247-D29A-4FA3-9E82-764883889C59@nkpanama.com> It's not a reply. It's protecting the list as a recipient of the possible spam. It's not backscatter. On Mar 29, 2008, at 10:41 AM, Hugo van der Kooij wrote: > > If you use the sender info in ANY spam message after you did content > scanning and send a reply then you have a major problem in your > config. From alex at nkpanama.com Sun Mar 30 16:44:38 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Mar 30 16:45:05 2008 Subject: preventing backscatter at the source In-Reply-To: <47EE63BD.10908@ecs.soton.ac.uk> References: <7B40A4A3-DA14-42BC-9A76-241862F182CE@nkpanama.com> <47EDFEC4.10306@vanderkooij.org> <47EE63BD.10908@ecs.soton.ac.uk> Message-ID: Am I talking about my own reply or something piggybacking on it? On Mar 29, 2008, at 10:43 AM, Julian Field wrote: > > > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Alex Neuman wrote: >> | Our MailScanner believes that the attachment to this message sent >> to you >> | >> | From: alex@nkpanama.com >> | Subject: Re: preventing backscatter at the source >> | >> | is Unsolicited Commercial Email (spam). Unless you are sure that >> this >> message >> | is incorrectly thought to be spam, please delete this message >> without >> opening >> | it. Opening spam messages might allow the spammer to verify your >> email >> | address. > The "web bug" trap in MailScanner catches most of those and disables > them. And since I got the anycast stuff up and running (thanks > again, Matt!) it doesn't even hammer my web server any more. > > It's pretty effective. >> >> Well, This proves that some people are able to commit a capital SMTP >> offence by using MS and configure it incorrectly. >> >> Jules: You have my vote in favor of permanent removal of the list >> of the >> offender. > Need to catch him at it again, just to be sure I've got the right > address. >> >> Hugo. >> >> - -- >> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ >> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc >> >> A: Yes. >> >Q: Are you sure? >> >>A: Because it reverses the logical flow of conversation. >> >>>Q: Why is top posting frowned upon? >> >> Bored? Click on http://spamornot.org/ and rate those images. >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.7 (GNU/Linux) >> >> iD8DBQFH7f7CBvzDRVjxmYERAn2LAKC3CGTuqQpRIjuYDu72Kj3jpdochQCeOEof >> NtPv7NsaGdJcdRwowQW7xp8= >> =lAfT >> -----END PGP SIGNATURE----- > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Sun Mar 30 16:44:28 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 30 16:45:22 2008 Subject: wiki still suggesting ordb In-Reply-To: <47EFAC0B.2000608@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> Message-ID: <47EFB55C.8000909@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: | Alessandro Dentella wrote: |> |> I noticed that wiki still suggests to set ORDB-RBL as the only |> spam-list. |> I guess it should be updated... but I don't know which one the wiki |> should |> suggest. |> |> http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow |> |> *:-) |> | In which case, why don't you register yourself on the wiki and fix it? | That's the whole point of wikis, if you don't agree with something you | can fix it yourself. Hmm. I can login but I can not edit the page. Given that I am not entirely wiki proof myself this could be my problem. But at least I am unable to correct anything there. And I must say the ORB stuff is definitly not the only thing that needs a revision. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH77VbBvzDRVjxmYERAuWmAJkBqKcMq2fsihHwnflIqv+sG3njbACgrw8O 0j+aONFfKqTIHwbAYzEG9A4= =/Zrc -----END PGP SIGNATURE----- From gwong at linktechit.com Sun Mar 30 16:46:04 2008 From: gwong at linktechit.com (Gregory Wong) Date: Sun Mar 30 16:46:49 2008 Subject: Sa-update problem Message-ID: Hi everyone. I was trying to run sa-update on both of my mail scanning servers but get the following error message: root@smtp1:~# sa-update Can't locate Archive/Tar.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.7 /usr/local/share/perl/5.8.7 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/bin/sa-update line 78. BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. Any ideas on how to fix this? I'm pretty sure I already have perl installed... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/2ab02775/attachment.html From alex at nkpanama.com Sun Mar 30 16:48:02 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Mar 30 16:49:00 2008 Subject: preventing backscatter at the source In-Reply-To: References: Message-ID: Exactly! I'm not bad, I'm misunderstood! "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deseve!" - Bilbo Baggins On Mar 29, 2008, at 12:13 PM, Mark Sapiro wrote: > Hugo van der Kooij wrote: >> >> Alex Neuman wrote: >> | Come on... like you've never forgotten to put someone important >> or your >> | whitelist... Or sent a message from a less-than-reputable-IP... :D >> | >> | It's not configured incorrectly, it's not configured correctly >> enough! :D >> >> If you use the sender info in ANY spam message after you did content >> scanning and send a reply then you have a major problem in your >> config. >> >> There is no valid reason what so ever to bugger a sender about spam. > > > I think you are misinterpreting what happened. If you look carefully > at > the message (archived at > >), > I think you'll see that he did not bounce a list message. He replied > to a list message and his reply was flagged by MailScanner on the way > out so the notice we received (with his reply attached) was a notice > to the recipient, not a bounce to the sender. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at nkpanama.com Sun Mar 30 16:51:31 2008 From: alex at nkpanama.com (Alex Neuman) Date: Sun Mar 30 16:52:03 2008 Subject: How to check for existing mail accounts? In-Reply-To: <47EEAD4D.2040200@rma.edu> References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> <47EEAD4D.2040200@rma.edu> Message-ID: <784B412D-31F3-436E-B4D5-A6E351E27329@nkpanama.com> Like more and more things these days I'm more in favor of "it depends" - in some cases it can be quite valuable (Sender verification, that is). On Mar 29, 2008, at 3:57 PM, Brendan Pirie wrote: > Clarification - smf-sav milter is capable of doing both sender and > recipient address verification. Sender verification can (and in > many cases should) be disabled. From J.Ede at birchenallhowden.co.uk Sun Mar 30 17:02:24 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Sun Mar 30 17:03:38 2008 Subject: Work dir permissions error on --lint In-Reply-To: <47EFABBF.3040703@ecs.soton.ac.uk> References: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53988@server02.bhl.local> <47EE9065.3060706@ecs.soton.ac.uk> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A53989@server02.bhl.local> <47EFABBF.3040703@ecs.soton.ac.uk> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A5398D@server02.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 30 March 2008 16:03 > To: MailScanner discussion > Subject: Re: Work dir permissions error on --lint > > > > Jason Ede wrote: > >> -----Original Message----- > >> From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner- > >> bounces@lists.mailscanner.info] On Behalf Of Julian Field > >> Sent: 29 March 2008 18:54 > >> To: MailScanner discussion > >> Subject: Re: Work dir permissions error on --lint > >> > >> > >> > >> Jason Ede wrote: > >> > >>> I've an odd error, and so far can't seem to track down cause... > >>> > >>> MailScanner 4.67.6 on postfix with clamd as virus scanner on a > Centos > >>> 5.1 machine > >>> > >>> I'm working on a script to update the postfix and MailScanner > config > >>> on a couple of remote servers once I've configured it correctly on > >>> > >> the > >> > >>> first server. When I run a MailScanner -lint from the script file I > >>> get the following in the output. > >>> > >>> ------------------------------------- > >>> > >>> SpamAssassin temp dir = /tmp/SpamAssassin-Temp > >>> > >>> SpamAssassin reported no errors. > >>> > >>> Cannot create temporary Work Dir /6203. Are the permissions and > >>> ownership of correct? at > >>> > >>> > >> That /6203 is definitely wrong. You're missing a directory setting > >> somewhere. It should be trying to create it under > >> /var/spool/MailScanner/incoming. > >> > >>> /usr/lib/MailScanner/MailScanner/WorkArea.pm line 152 > >>> > >>> -------------------------------------- > >>> > >>> It works fine when run from command line. I've the incoming work > dir > >>> settings as below. I run clamd under the postfix user as it seemed > to > >>> work that way and has been working properly for a while.. > >>> > >>> Incoming Work Dir = /tmp > >>> > >>> > >> Put that setting back the way you found it, i.e. > >> /var/spool/MailScanner/incoming. Follow the instructions on the > website > >> or in the wiki to the letter to start with. Once you've got it all > >> going > >> fine, then and only then can you start tweaking stuff :-) > >> > >>> Incoming Work User = postfix > >>> > >>> Incoming Work Group = postfix > >>> > >>> Incoming Work Permissions = 0640 > >>> > >>> > >> I would try 0644 as otherwise you might hit trouble with clamd not > >> being > >> able to access the extracted attachment. Again, start tweaking > later. > >> > >>> Any ideas? > >>> > >>> > >> Jules > >> > > > > I've gone back through it and followed instructions in the Wiki. > > > > The weird thing is it seems that MailScanner --lint barfs if I run it > from root's home dir, but works fine if I run it from somewhere else > such as /etc/MailScanner... Must be something there causing it > problems. > > > Do you have "." in your $PATH (do "echo $PATH" to show you)? If it is, > remove it. It shouldn't be there. I can only assume there is something > else called "MailScanner" in your root's home directory. Path is fine... No . in it. Nothing called MailScanner in root's home on any of my servers. Running MailScanner --lint doesn't need access to the current dir as an su'd user does it? Just thinking that root's home is inaccessible to everyone else? Jason From MailScanner at ecs.soton.ac.uk Sun Mar 30 17:15:25 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Mar 30 17:16:12 2008 Subject: wiki still suggesting ordb In-Reply-To: <47EFB55C.8000909@vanderkooij.org> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> Message-ID: <47EFBC9D.5090606@ecs.soton.ac.uk> Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Julian Field wrote: > | Alessandro Dentella wrote: > |> > |> I noticed that wiki still suggests to set ORDB-RBL as the only > |> spam-list. > |> I guess it should be updated... but I don't know which one the wiki > |> should > |> suggest. > |> > |> > http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow > > > |> > |> *:-) > |> > | In which case, why don't you register yourself on the wiki and fix it? > | That's the whole point of wikis, if you don't agree with something you > | can fix it yourself. > > Hmm. I can login but I can not edit the page. Given that I am not > entirely wiki proof myself this could be my problem. But at least I am > unable to correct anything there. And I must say the ORB stuff is > definitly not the only thing that needs a revision. Is anyone else suffering this problem? I hate wikis :-( Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Sun Mar 30 17:24:03 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Mar 30 17:24:39 2008 Subject: Sa-update problem In-Reply-To: References: Message-ID: <625385e30803300924jda68c09hf6df5da60aab2757@mail.gmail.com> On Sun, Mar 30, 2008 at 5:46 PM, Gregory Wong wrote: > > Hi everyone. I was trying to run sa-update on both of my mail scanning > servers but get the following error message: > > root@smtp1:~# sa-update > Can't locate Archive/Tar.pm in @INC (@INC contains: /usr/share/perl5 > /etc/perl /usr/local/lib/perl/5.8.7 /usr/local/share/perl/5.8.7 > /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 > /usr/local/lib/site_perl) at /usr/bin/sa-update line 78. > BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. > > Any ideas on how to fix this? I'm pretty sure I already have perl > installed... But you don't have the perl module Archive::Tar installed or at least not in a place perl can find. -- /peter From ricky.boone at gmail.com Sun Mar 30 17:45:06 2008 From: ricky.boone at gmail.com (Ricky Boone) Date: Sun Mar 30 17:45:50 2008 Subject: Sa-update problem In-Reply-To: References: Message-ID: <47EFC392.1010702@gmail.com> Gregory Wong wrote: > Hi everyone. I was trying to run sa-update on both of my mail scanning > servers but get the following error message: > > root@smtp1:~# sa-update > Can't locate Archive/Tar.pm in @INC (@INC contains: /usr/share/perl5 > /etc/perl /usr/local/lib/perl/5.8.7 /usr/local/share/perl/5.8.7 > /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 > /usr/local/lib/site_perl) at /usr/bin/sa-update line 78. > BEGIN failed--compilation aborted at /usr/bin/sa-update line 78. > > Any ideas on how to fix this? I?m pretty sure I already have perl > installed... Looks like you're missing the Archive::Tar perl module. Preferred installation of perl modules depends on your operating system. For example, I use CentOS and get this particular perl module from RPMforge. However a common way is to use CPAN: For example: # perl -MCPAN -e 'install Archive::Tar' From shuttlebox at gmail.com Sun Mar 30 18:15:25 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Sun Mar 30 18:15:58 2008 Subject: wiki still suggesting ordb In-Reply-To: <47EFBC9D.5090606@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> Message-ID: <625385e30803301015s320fa56at6f708bcfb8e2d5a6@mail.gmail.com> On Sun, Mar 30, 2008 at 6:15 PM, Julian Field wrote: > > Hmm. I can login but I can not edit the page. Given that I am not > > entirely wiki proof myself this could be my problem. But at least I am > > unable to correct anything there. And I must say the ORB stuff is > > definitly not the only thing that needs a revision. > Is anyone else suffering this problem? I hate wikis :-( I tried to fix it as soon as I saw the first post but I couldn't find a way to do it, got me a little confused because a few days ago I added a page in the wiki. Then a little later I see Hugo's having similar problems so it can't be just me then. -- /peter From glenn.steen at gmail.com Sun Mar 30 20:11:46 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 30 20:12:22 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <20080330135202.GA8057@ubuntu> References: <20080330135202.GA8057@ubuntu> Message-ID: <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> On 30/03/2008, Alessandro Dentella wrote: > On Fri, Mar 28, 2008 at 04:00:38PM +0100, Marcel Blenkers wrote: > > Hi there, > > > > this question is really easy..i guess.. .) > > > > As i am now using SMTP Auth and got almost every user on the system to do > > so, i would love to skip those mails, sended by those users who used smtp > > auth, for scanning. > > > > Means, > > > > a user sends a mail with smtp auth and the mail will go through unscanned. > > Or do you think this is a bad idea? > > > I'm also interested in this. But... can we talk to the MTA if we put rbl at > the MTA level as I do now? Does the MTA (postfix in my case) accept smtp > auth from an rbld-ed IP? I have: > > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_rbl_client sbl-xbl.spamhaus.org > ... In your case, since the permit is before the reject, the rbl action will not happen. > Does any 'permit' come *before* a 'reject'? How can I test (I gues I should > setup a test zone in my dns configuration...)? Not "any permit wins over rejects", no... The order is _very_ important here. To test things out, try setting up your own BL... With a test client (outside your networks, or the permit_mynetworks will override it) in it... Then vary the order...:-). Or find an IP on the sbl-xbl and spoof that IP (locally, of course...:-)... Rather too much work to determine if this works, but ... you can if you want to:-):-). > > After the MTA puts the message in the queue, I think there is no more > evidence that it received the message via smtp-auth. So I guess it's the MTA > that should take care not to handle it to mailscanner. If that's true I > should turn There is some traces, but not usable for the below, no. > > /^Received:/ HOLD > > into a more sofisticated one that puts the flag only in case it has been > received from an smtp authenticated connection. Does that make sense? > Unfortunately this likely will not work that well... Rather better to do something completely different. Like demanding taht the ones doing authenticated SMTP use an alternate port ... and have an instance of PF listening there that don't include the HOLD thing. ... That's how I'd do it if I needed it:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Mar 30 20:18:05 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 30 20:18:44 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <47EFB444.2020003@vanderkooij.org> References: <47EFB444.2020003@vanderkooij.org> Message-ID: <223f97700803301218p7f9ad3dam88e0f1cdc3f09420@mail.gmail.com> On 30/03/2008, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Marcel Blenkers wrote: > > > | As i am now using SMTP Auth and got almost every user on the system to do > | so, i would love to skip those mails, sended by those users who used smtp > | auth, for scanning. > | > | Means, > | > | a user sends a mail with smtp auth and the mail will go through unscanned. > | Or do you think this is a bad idea? > > > First off. Start by adding the details to your headers. Or to quote > http://www.postfix.org/SASL_README.html: > > To report SASL login names in Received: message headers (Postfix version > 2.3 and later): > > ~ /etc/postfix/main.cf: > ~ smtpd_sasl_authenticated_header = yes > > > Then you get a Receive: header like this: > > Received: from frodo.hugo.vanderkooij.org (hugovdkooij.xs4all.nl > [82.95.223.25]) > (Authenticated sender: hvdkooij@vanderkooij.org) > by balin.waakhond.net (Postfix) with ESMTP id 7CA7E17E8F92 > for ; Sun, 30 Mar 2008 16:38:56 +0200 (CEST) > > The order is important so SASL authenticated user can still originate > from networks that are listed in RBL's in your postfix config. > > How to write something to exclude it from MailScanner alltogether is > something I have not yet figured out. If I am not mistaken the following > criteria must be met: > > ~ 1. It must be the only Received: header line. > ~ 2. It must show it has done authentication on your own host. > ~ 3. It must show an authenticated user. Yep. > Given that postfix adds this line when it puts the file in the queue for > ~ MS the decision must be made in MS. ... Since this would help "jump past" the hold thing (in my limited frobbing experience... I did look at this a while back... never got it right:-). So did we gain much then? AFAIK you'd still need use a CustomFunction to be able to skip things in MS... Or perhaps I'm not thinking straight here... Hmmm. Still think you'd need a CF.... > Hugo. > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Sun Mar 30 22:10:53 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Sun Mar 30 22:11:27 2008 Subject: wiki still suggesting ordb In-Reply-To: <625385e30803301015s320fa56at6f708bcfb8e2d5a6@mail.gmail.com> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <625385e30803301015s320fa56at6f708bcfb8e2d5a6@mail.gmail.com> Message-ID: <223f97700803301410n4c13fd44q78adf325abc5bc20@mail.gmail.com> On 30/03/2008, shuttlebox wrote: > On Sun, Mar 30, 2008 at 6:15 PM, Julian Field > wrote: > > > Hmm. I can login but I can not edit the page. Given that I am not > > > entirely wiki proof myself this could be my problem. But at least I am > > > unable to correct anything there. And I must say the ORB stuff is > > > definitly not the only thing that needs a revision. > > Is anyone else suffering this problem? I hate wikis :-( > > > I tried to fix it as soon as I saw the first post but I couldn't find > a way to do it, got me a little confused because a few days ago I > added a page in the wiki. Then a little later I see Hugo's having > similar problems so it can't be just me then. > > Might be a DW bug ... We're not exactly current, are we? ISTR seeing this before (on other DWs)... If nothing else works Jules, fix it by hand on the webserver.... You did a "?do_check" on the page? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From hvdkooij at vanderkooij.org Sun Mar 30 23:05:33 2008 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Sun Mar 30 23:06:41 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> Message-ID: <47F00EAD.2060309@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Steen wrote: | Unfortunately this likely will not work that well... Rather better to | do something completely different. Like demanding taht the ones doing | authenticated SMTP use an alternate port ... and have an instance of | PF listening there that don't include the HOLD thing. ... That's how | I'd do it if I needed it:-). In fact port 587 is intended for this purpose. The trick is to make it listen for authenticated traffic only and then go out straight away and not hit MailScanner on the way out. So the first bit is to make it listen by activating this in the $POSTFIX/master.cf file: submission inet n - n - - smtpd ~ -o smtpd_enforce_tls=yes ~ -o smtpd_sasl_auth_enable=yes ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject This was the bit I could find straight away. But how can one make sure the normal hold trick does not apply here? Because that one still is applied at the moment. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH8A6rBvzDRVjxmYERAhZpAJ9u8rvZVJLin9b2yZKSwEBp2RMpYACdE8pF q2cXO/vu3s5jQPRmelXl1jE= =gqSA -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Mar 31 01:03:52 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 01:04:49 2008 Subject: Mailscanner acts crazy since yesterday In-Reply-To: <47EDF56D.5020009@vanderkooij.org> References: <20080327223425.5426bb5e@netstation.linuxnetwork.local> <20080328010525.GA24549@ubuntu> <47EDD01E.4050109@pixelhammer.com> <47EDF56D.5020009@vanderkooij.org> Message-ID: on 3-29-2008 12:53 AM Hugo van der Kooij spake the following: > DAve wrote: > > | Out of state for a night, Hotel suite! Cable! Room service! On my wife's > | employers dime! Can I get a hey yea on that? > > Hmm. Wife + hotel suite. Why do you need anything else at all? > > Hugo. > Maybe a nice bottle of Champagne and some strawberries to make up to her for all the late night cellphone calls and server problems that always just seem to happen!! ;-) -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/6721ca13/signature.bin From ssilva at sgvwater.com Mon Mar 31 01:13:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 01:13:29 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <47EDFB7A.80603@vanderkooij.org> References: <47EDFB7A.80603@vanderkooij.org> Message-ID: on 3-29-2008 1:19 AM Hugo van der Kooij spake the following: > Marcel Blenkers wrote: > | Hi there, > | > | this question is really easy..i guess.. .) > | > | As i am now using SMTP Auth and got almost every user on the system to do > | so, i would love to skip those mails, sended by those users who used smtp > | auth, for scanning. > | > | Means, > | > | a user sends a mail with smtp auth and the mail will go through > unscanned. > | Or do you think this is a bad idea? > | > | Any advice is welcome :) > > I have been thinking about this myself. One of the requirements would be > ~ proper control on your users and another one would be to require TLS so > this information does not go out in the clear. > > I have not yet taken time to investigate enough to see if I can make it > work. > > Hugo. > If you have them send to the submission port, and make the submission port only accept authed mail, can't/won't that be skipped by Mailscanner? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/aaa4cc5c/signature.bin From ssilva at sgvwater.com Mon Mar 31 02:00:31 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 02:01:08 2008 Subject: getting all mails blacklisted by relays.ordb.org In-Reply-To: References: <2127.91.198.134.226.1206806614.squirrel@webmail.baladia.gov.kw> <3013.91.198.134.226.1206811472.squirrel@webmail.baladia.gov.kw> <625385e30803291027j6b71bf62o4464979f0c3e557@mail.gmail.com> Message-ID: on 3-29-2008 3:49 PM Edward Dekkers spake the following: >> On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon >> wrote: >>> but i would like to know why it was workin earlier for almost a year >>> and suddenly relays.ordb.org start to give problem >> Because ORDB has not been working for 15 months and to stop people >> like you from using it forever they finally delivered hits on every >> query. Woke you up, didn't it? :-) >> >> http://it.slashdot.org/article.pl?sid=08/03/25/2124224 >> >> -- >> /peter > > Hey guys, I'm really honestly am not digging up old trash, but can you guys > help me to become a better admin? > > In relation to the various posts here regarding ordb (and myself getting > caught out), I've seen various posts on this list (which is usually rather > friendly) which are bordering on nasty saying "you should've known this was > going to happen". > > Most of you guys mention that if we had have been monitoring our logs > properly we could have prevented this. > > Now, I must first mention I agree - if something is preventable and I screw > up I'm the first to admit it. > > But I have just flogged the hell out of ALL my mail logs (/etc/mail.*) and > all the archived/rotated ones but I cannot find the warning about the black > list going down. > > Now, I normally use Logwatch to monitor my logs, that certainly made no > mention, and I cannot seems to find any reference to the ORDB in my other > mail logs. > > Again, I'm not making excuses, let me make that really clear! I really do > want to learn. I feel like a fool when I miss something and want to stop it > from happening. Really. > > But I cannot seem to find this warning you guys mention. > > What do I need to change in my log setup to catch this kind of stuff? Where > is it? > > Regards, > Ed. > > > I think one of the biggest problems for new sysadmin's is looking at the howto's floating around on the internet and using them without doing some research. I just did a quick google of "ordb + howto" and there are a lot of them that give high praises of ordb. But they are all older docs, and a good sysadmin will look up all relevant info of such docs, even if it is to just check on their validity. I am not pointing fingers at anybody, and I was there several years ago. But now I am one of the "elders" of the tribe, and I just want to help pass on the skills that I had to learn the hard way. In 20 years when I can finally retire, I want there to be capable and well trained people looking out for my e-mails to and from my great-grandchilden. So here is the best advice I can give; Read. Read as much as you can, turn off the TV and spend some time reading any relevant docs you can. Especially some of the O' Reilly books. They are worth the cost. Keep up with a few mailing lists. One for your chosen OS, one for your MTA, and a few that look relevant to your systems. You can browse their list archives first to see how relevant the info is for you. Also, as said before, if you use other critical services or utilities, get on their announce lists, and make sure it is whitelisted if you have spam filters. Then events like the ORDB shutdown wouldn't affect you, because you would have got a notice in 2006 of their shutdown. If you tried to join later, you would probably get notice then, or at least saw something on their web pages. And last, monitor your systems. Upgrade any software that needs it, especially for security fixes. Monitor for suspicious activity. And if you find something strange that you didn't monitor for, start. Unfortunately, IT just isn't an 8 to 5 job anymore. Even if it only gets 8 to 5 pay. And if you don't do it properly, your bosses will find someone else to do it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/efc51b81/signature.bin From ssilva at sgvwater.com Mon Mar 31 02:11:18 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 02:11:24 2008 Subject: wiki still suggesting ordb In-Reply-To: <47EFBC9D.5090606@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> Message-ID: on 3-30-2008 9:15 AM Julian Field spake the following: > > > Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Julian Field wrote: >> | Alessandro Dentella wrote: >> |> >> |> I noticed that wiki still suggests to set ORDB-RBL as the only >> |> spam-list. >> |> I guess it should be updated... but I don't know which one the wiki >> |> should >> |> suggest. >> |> >> |> >> http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow >> >> >> |> >> |> *:-) >> |> >> | In which case, why don't you register yourself on the wiki and fix it? >> | That's the whole point of wikis, if you don't agree with something you >> | can fix it yourself. >> >> Hmm. I can login but I can not edit the page. Given that I am not >> entirely wiki proof myself this could be my problem. But at least I am >> unable to correct anything there. And I must say the ORB stuff is >> definitly not the only thing that needs a revision. > Is anyone else suffering this problem? I hate wikis :-( > > Jules > I get a read only also. It must just be that page as I can edit others. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/b998f4d8/signature-0001.bin From tech1 at computer-care.com.au Mon Mar 31 02:54:01 2008 From: tech1 at computer-care.com.au (Glen Prestidge) Date: Mon Mar 31 02:53:14 2008 Subject: Every email is tagged as spam Message-ID: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> HI all I am having a problem with a customer's server running freebsd 6.2 with Mailscanner + clamav + Spamassin These are the version of what is currently installed p5-Mail-SpamAssassin-3.1.7_1 clamav-0.88.6 MailScanner-4.55.10 Every email that we get send to that server is classified as spam even though no text in the email or it's from a legitimate source I am reluctant to upgrade the software, using the portmanager program on freebsd - it installs a new version of mail tools which knocks out mailscanner. This only started since Thursday of last week and nothing on the server has been updated from what I can see, and staff at the office don't have access to any of the servers there. Regards Glen Prestidge CONFIDENTIAL NOTE : The information contained in this email is intended only for the use of the individual or entity named above and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete the mail. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/e5c9c9db/attachment.html From kc5goi at gmail.com Mon Mar 31 03:04:25 2008 From: kc5goi at gmail.com (Guy Story) Date: Mon Mar 31 03:04:57 2008 Subject: Every email is tagged as spam In-Reply-To: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> References: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> Message-ID: <47F046A9.1060306@gmail.com> Glen Prestidge wrote: > HI all > > > > I am having a problem with a customer's server running freebsd 6.2 with > Mailscanner + clamav + Spamassin > > > > These are the version of what is currently installed > > p5-Mail-SpamAssassin-3.1.7_1 > > clamav-0.88.6 > > MailScanner-4.55.10 > > > > Every email that we get send to that server is classified as spam even > though no text in the email or it's from a legitimate source > > > > I am reluctant to upgrade the software, using the portmanager program on > freebsd - it installs a new version of mail tools which knocks out > mailscanner. > > > > This only started since Thursday of last week and nothing on the server has > been updated from what I can see, and staff at the office don't have access > to any of the servers there. Glen check to see if you are using ordb.org as one of the lists for rbl. There has been allot of talk about it the last 2 weeks. Since it is not in service any more, everything is being tagged as spam. Guy From jlcostinha at halla.pt Mon Mar 31 08:58:28 2008 From: jlcostinha at halla.pt (Jorge Costinha) Date: Mon Mar 31 08:59:16 2008 Subject: Every email is tagged as spam In-Reply-To: <47F046A9.1060306@gmail.com> References: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> <47F046A9.1060306@gmail.com> Message-ID: <47F099A4.2060809@halla.pt> i had the exactly same problem. fixed once i remove ORDB-RBL from "Spam Lists = ...." i found out the hardest way they shutdown... Guy Story wrote: > Glen Prestidge wrote: >> HI all >> >> >> >> I am having a problem with a customer's server running freebsd 6.2 with >> Mailscanner + clamav + Spamassin >> >> >> >> These are the version of what is currently installed >> p5-Mail-SpamAssassin-3.1.7_1 >> clamav-0.88.6 >> >> MailScanner-4.55.10 >> >> >> >> Every email that we get send to that server is classified as spam even >> though no text in the email or it's from a legitimate source >> >> >> I am reluctant to upgrade the software, using the portmanager program on >> freebsd - it installs a new version of mail tools which knocks out >> mailscanner. >> >> >> >> This only started since Thursday of last week and nothing on the >> server has >> been updated from what I can see, and staff at the office don't have >> access >> to any of the servers there. > > Glen check to see if you are using ordb.org as one of the lists for rbl. > There has been allot of talk about it the last 2 weeks. Since it is > not in service any more, everything is being tagged as spam. > > Guy From MailScanner at ecs.soton.ac.uk Mon Mar 31 09:44:27 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 09:45:23 2008 Subject: 4.68.7 beta released Message-ID: <47F0A46B.2060500@ecs.soton.ac.uk> In preparation for a stable release tomorrow, I have just put out a last beta, 4.68.7. Please can you give this a try and let me know if there are any major problems. I've done some work on the images-in-signatures facility since the last beta, among other things, so would be grateful if you could try that out specifically. Download as usual from www.mailscanner.info. Many thanks! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From sandro at e-den.it Mon Mar 31 10:00:15 2008 From: sandro at e-den.it (Alessandro Dentella) Date: Mon Mar 31 10:00:49 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <47F00EAD.2060309@vanderkooij.org> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> <47F00EAD.2060309@vanderkooij.org> Message-ID: <20080331090015.GA17061@ubuntu> On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > | Unfortunately this likely will not work that well... Rather better to > | do something completely different. Like demanding taht the ones doing > | authenticated SMTP use an alternate port ... and have an instance of > | PF listening there that don't include the HOLD thing. ... That's how > | I'd do it if I needed it:-). > > In fact port 587 is intended for this purpose. The trick is to make it > listen for authenticated traffic only and then go out straight away and > not hit MailScanner on the way out. > > So the first bit is to make it listen by activating this in the > $POSTFIX/master.cf file: > > submission inet n - n - - smtpd > ~ -o smtpd_enforce_tls=yes > ~ -o smtpd_sasl_auth_enable=yes > ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > This was the bit I could find straight away. But how can one make sure > the normal hold trick does not apply here? Because that one still is > applied at the moment. wouldn't a simple: -o header_checks = added to the lines before do the trick? My concern now is different. Are we generally sure we don't want MailScanner on all authenticated traffic? That means no controlon possible viruses that a custemer has not checked, no control on worms and the like. Probably what I really want is to let MS but avoid that it drops e-mail due to the sending IP being in an RBL. As Glenn pointed out Postfix already does the right think in this reguard, if we correctly set order in rules. We simply don't want MS (and spamassassin?) drops it afterwords. sandro *:-) From J.Ede at birchenallhowden.co.uk Mon Mar 31 10:13:36 2008 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon Mar 31 10:17:17 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <20080331090015.GA17061@ubuntu> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> <47F00EAD.2060309@vanderkooij.org>,<20080331090015.GA17061@ubuntu> Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89EA2@server02.bhl.local> Surely a customfunction applied to the Spam Check option should do this? It can check for authenticated headers to that box and providing it meets all the requirements don't check it for spam? Would need to be able to use a ruleset as well at a guess for quite a few systems... Jason ________________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Alessandro Dentella [sandro@e-den.it] Sent: 31 March 2008 10:00 To: MailScanner discussion Subject: Re: SMTP AUTH and no Scanning On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Glenn Steen wrote: > > | Unfortunately this likely will not work that well... Rather better to > | do something completely different. Like demanding taht the ones doing > | authenticated SMTP use an alternate port ... and have an instance of > | PF listening there that don't include the HOLD thing. ... That's how > | I'd do it if I needed it:-). > > In fact port 587 is intended for this purpose. The trick is to make it > listen for authenticated traffic only and then go out straight away and > not hit MailScanner on the way out. > > So the first bit is to make it listen by activating this in the > $POSTFIX/master.cf file: > > submission inet n - n - - smtpd > ~ -o smtpd_enforce_tls=yes > ~ -o smtpd_sasl_auth_enable=yes > ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > This was the bit I could find straight away. But how can one make sure > the normal hold trick does not apply here? Because that one still is > applied at the moment. wouldn't a simple: -o header_checks = added to the lines before do the trick? My concern now is different. Are we generally sure we don't want MailScanner on all authenticated traffic? That means no controlon possible viruses that a custemer has not checked, no control on worms and the like. Probably what I really want is to let MS but avoid that it drops e-mail due to the sending IP being in an RBL. As Glenn pointed out Postfix already does the right think in this reguard, if we correctly set order in rules. We simply don't want MS (and spamassassin?) drops it afterwords. sandro *:-) -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From pascal.maes at elec.ucl.ac.be Mon Mar 31 10:52:23 2008 From: pascal.maes at elec.ucl.ac.be (Pascal Maes) Date: Mon Mar 31 10:53:01 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89EA2@server02.bhl.local> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> <47F00EAD.2060309@vanderkooij.org> <20080331090015.GA17061@ubuntu> <4CAB0118AEC63A4FAAE77E6BCBDF760C4065A89EA2@server02.bhl.local> Message-ID: <4538FBE4-7458-4511-BC5E-4902AB111ECF@elec.ucl.ac.be> Le 31-mars-08 ? 11:13, Jason Ede a ?crit : > Surely a customfunction applied to the Spam Check option should do > this? It can check for authenticated headers to that box and > providing it meets all the requirements don't check it for spam? > Would need to be able to use a ruleset as well at a guess for quite > a few systems... > > Jason > > ________________________________________ > From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info > ] On Behalf Of Alessandro Dentella [sandro@e-den.it] > Sent: 31 March 2008 10:00 > To: MailScanner discussion > Subject: Re: SMTP AUTH and no Scanning > > On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Glenn Steen wrote: >> >> | Unfortunately this likely will not work that well... Rather >> better to >> | do something completely different. Like demanding taht the ones >> doing >> | authenticated SMTP use an alternate port ... and have an instance >> of >> | PF listening there that don't include the HOLD thing. ... That's >> how >> | I'd do it if I needed it:-). >> >> In fact port 587 is intended for this purpose. The trick is to make >> it >> listen for authenticated traffic only and then go out straight away >> and >> not hit MailScanner on the way out. >> >> So the first bit is to make it listen by activating this in the >> $POSTFIX/master.cf file: >> >> submission inet n - n - - smtpd >> ~ -o smtpd_enforce_tls=yes >> ~ -o smtpd_sasl_auth_enable=yes >> ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> >> This was the bit I could find straight away. But how can one make >> sure >> the normal hold trick does not apply here? Because that one still is >> applied at the moment. > > wouldn't a simple: > > -o header_checks = > > added to the lines before do the trick? > > My concern now is different. Are we generally sure we don't want > MailScanner > on all authenticated traffic? That means no controlon possible > viruses that > a custemer has not checked, no control on worms and the like. > > Probably what I really want is to let MS but avoid that it drops e- > mail due > to the sending IP being in an RBL. As Glenn pointed out Postfix > already does > the right think in this reguard, if we correctly set order in rules. > We > simply don't want MS (and spamassassin?) drops it afterwords. > > sandro > *:-) > -- hello, We are using such a CustonFunction here. For Postfix, you have to use smtpd_sasl_authenticated_header = yes Your authenticated users must use the submission port : submission inet n - n - - smtpd -o smtpd_use_tls=yes -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_security_options=noanonymous -o smtpd_helo_restrictions =permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions =permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_sender_restrictions =permit_mynetworks,permit_sasl_authenticated,reject and then, depending on the informations of the authenticated header, you should create a CustomFunction to avoid that authenticated users are considered as spammers. In that case, the messages are still processed by the anti-virus check -- Pascal From gerard at seibercom.net Mon Mar 31 11:19:59 2008 From: gerard at seibercom.net (Gerard) Date: Mon Mar 31 11:20:56 2008 Subject: Every email is tagged as spam In-Reply-To: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> References: <002201c892d2$1807a200$3c80a8c0@CWDOMAIN.local> Message-ID: <20080331061959.0affeae7@scorpio> On Mon, 31 Mar 2008 09:54:01 +0800 "Glen Prestidge" wrote: > I am having a problem with a customer's server running freebsd 6.2 > with Mailscanner + clamav + Spamassin > These are the version of what is currently installed > p5-Mail-SpamAssassin-3.1.7_1 > clamav-0.88. > MailScanner-4.55.10 > Every email that we get send to that server is classified as spam even > though no text in the email or it's from a legitimate source > I am reluctant to upgrade the software, using the portmanager program > on freebsd - it installs a new version of mail tools which knocks out > mailscanner. > This only started since Thursday of last week and nothing on the > server has been updated from what I can see, and staff at the office > don't have access to any of the servers there. First, check to see if you are using ordb.org. If you are, remove it. There are several postings on this list, and others, regarding it. Second, the program versions you listed above are seriously out-of-date. Especially, 'clamav', which I believe had a security problem that was corrected in the newest version. In any case, its scanning speed was improved vastly. I use FreeBSD myself, so I know something about it. I would recommend that you first update your ports tree. Then, assuming you are using the latest version of 'portmanager', run: 'portmanager -u -p -l -y' sans quotation marks. Reboot the system and check to see if 'Mailscanner' starts and runs correctly. It should. If not, reinstall 'MailScanner'. cd /usr/ports/mail/mailscanner make clean && make && make deinstall && make reinstall Actually, I do not have a problem when updating. I am not sure why you would either. -- Gerard gerard@seibercom.net The great nations have always acted like gangsters and the small nations like prostitutes. Stanley Kubrick -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/96b558b2/signature.bin From glenn.steen at gmail.com Mon Mar 31 11:32:50 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 11:33:25 2008 Subject: wiki still suggesting ordb In-Reply-To: References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> Message-ID: <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> On 31/03/2008, Scott Silva wrote: > on 3-30-2008 9:15 AM Julian Field spake the following: > > > > > > > Hugo van der Kooij wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> Julian Field wrote: > >> | Alessandro Dentella wrote: > >> |> > >> |> I noticed that wiki still suggests to set ORDB-RBL as the only > >> |> spam-list. > >> |> I guess it should be updated... but I don't know which one the wiki > >> |> should > >> |> suggest. > >> |> > >> |> > >> http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow > >> > >> > >> |> > >> |> *:-) > >> |> > >> | In which case, why don't you register yourself on the wiki and fix it? > >> | That's the whole point of wikis, if you don't agree with something you > >> | can fix it yourself. > >> > >> Hmm. I can login but I can not edit the page. Given that I am not > >> entirely wiki proof myself this could be my problem. But at least I am > >> unable to correct anything there. And I must say the ORB stuff is > >> definitly not the only thing that needs a revision. > > Is anyone else suffering this problem? I hate wikis :-( > > > > Jules > > > > I get a read only also. It must just be that page as I can edit others. > Yep, it is that page only... You can do a check on it by tagging on the "&do=check" option... like this: http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow&do=check ... And this shows the problem pretty easy. Might be just that file, or its cache entry. Clearing the cache would fix the latter, checking/amending perms the former. Both can only be done by Jules (or another designated admin... Don't think there are any:-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 31 11:44:10 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 11:44:46 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <20080331090015.GA17061@ubuntu> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> <47F00EAD.2060309@vanderkooij.org> <20080331090015.GA17061@ubuntu> Message-ID: <223f97700803310344u4b317d06y96ff4a66594b9ec6@mail.gmail.com> On 31/03/2008, Alessandro Dentella wrote: > On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Glenn Steen wrote: > > > > | Unfortunately this likely will not work that well... Rather better to > > | do something completely different. Like demanding taht the ones doing > > | authenticated SMTP use an alternate port ... and have an instance of > > | PF listening there that don't include the HOLD thing. ... That's how > > | I'd do it if I needed it:-). > > > > In fact port 587 is intended for this purpose. The trick is to make it > > listen for authenticated traffic only and then go out straight away and > > not hit MailScanner on the way out. > > > > So the first bit is to make it listen by activating this in the > > $POSTFIX/master.cf file: > > > > submission inet n - n - - smtpd > > ~ -o smtpd_enforce_tls=yes > > ~ -o smtpd_sasl_auth_enable=yes > > ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > > > This was the bit I could find straight away. But how can one make sure > > the normal hold trick does not apply here? Because that one still is > > applied at the moment. > > > wouldn't a simple: > > -o header_checks = > > added to the lines before do the trick? Yes. It would. > My concern now is different. Are we generally sure we don't want MailScanner > on all authenticated traffic? That means no controlon possible viruses that > a custemer has not checked, no control on worms and the like. Ah... That is the icky non-technical policy bit of the matter...:-). If you don't trust them implicitly, don't do this for them. You could have more than one submission service, set up differently... Where port 25 == deeply untrusted:-). > Probably what I really want is to let MS but avoid that it drops e-mail due > to the sending IP being in an RBL. As Glenn pointed out Postfix already does > the right think in this reguard, if we correctly set order in rules. We > simply don't want MS (and spamassassin?) drops it afterwords. A matter of clever rulesets then... To the point it is possible to use. Unfortunately, the fact that they are sending through an authenticated channel isn't exactly well-preserved (one can try look at Received lines, but ... that could be spoofed. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 31 11:47:29 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 11:48:03 2008 Subject: SMTP AUTH and no Scanning In-Reply-To: <223f97700803310344u4b317d06y96ff4a66594b9ec6@mail.gmail.com> References: <20080330135202.GA8057@ubuntu> <223f97700803301211p1a43a08el8f64ed277ad45b67@mail.gmail.com> <47F00EAD.2060309@vanderkooij.org> <20080331090015.GA17061@ubuntu> <223f97700803310344u4b317d06y96ff4a66594b9ec6@mail.gmail.com> Message-ID: <223f97700803310347l6b1e5d69qf8500a7c31908854@mail.gmail.com> On 31/03/2008, Glenn Steen wrote: > On 31/03/2008, Alessandro Dentella wrote: > > On Mon, Mar 31, 2008 at 12:05:33AM +0200, Hugo van der Kooij wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Glenn Steen wrote: > > > > > > | Unfortunately this likely will not work that well... Rather better to > > > | do something completely different. Like demanding taht the ones doing > > > | authenticated SMTP use an alternate port ... and have an instance of > > > | PF listening there that don't include the HOLD thing. ... That's how > > > | I'd do it if I needed it:-). > > > > > > In fact port 587 is intended for this purpose. The trick is to make it > > > listen for authenticated traffic only and then go out straight away and > > > not hit MailScanner on the way out. > > > > > > So the first bit is to make it listen by activating this in the > > > $POSTFIX/master.cf file: > > > > > > submission inet n - n - - smtpd > > > ~ -o smtpd_enforce_tls=yes > > > ~ -o smtpd_sasl_auth_enable=yes > > > ~ -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > > > > > This was the bit I could find straight away. But how can one make sure > > > the normal hold trick does not apply here? Because that one still is > > > applied at the moment. > > > > > > wouldn't a simple: > > > > -o header_checks = > > > > added to the lines before do the trick? > > Yes. It would. > > > > My concern now is different. Are we generally sure we don't want MailScanner > > on all authenticated traffic? That means no controlon possible viruses that > > a custemer has not checked, no control on worms and the like. > > > Ah... That is the icky non-technical policy bit of the matter...:-). > If you don't trust them implicitly, don't do this for them. You could > have more than one submission service, set up differently... Where > port 25 == deeply untrusted:-). > > > > Probably what I really want is to let MS but avoid that it drops e-mail due > > to the sending IP being in an RBL. As Glenn pointed out Postfix already does > > the right think in this reguard, if we correctly set order in rules. We > > simply don't want MS (and spamassassin?) drops it afterwords. > > > A matter of clever rulesets then... To the point it is possible to > use. Unfortunately, the fact that they are sending through an > authenticated channel isn't exactly well-preserved (one can try look > at Received lines, but ... that could be spoofed. > ... Or not, if you're moderately clever in a CustomFunction (only inspecting the very last... only if from your host .. etc). Cheers -- -- Glenn (thinking while typing... not the best modus operandi:-) email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Mon Mar 31 12:22:54 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 12:23:36 2008 Subject: wiki still suggesting ordb In-Reply-To: <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> Message-ID: <47F0C98E.3050401@ecs.soton.ac.uk> Glenn Steen wrote: > On 31/03/2008, Scott Silva wrote: > >> on 3-30-2008 9:15 AM Julian Field spake the following: >> >> >> > >> > Hugo van der Kooij wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Julian Field wrote: >> >> | Alessandro Dentella wrote: >> >> |> >> >> |> I noticed that wiki still suggests to set ORDB-RBL as the only >> >> |> spam-list. >> >> |> I guess it should be updated... but I don't know which one the wiki >> >> |> should >> >> |> suggest. >> >> |> >> >> |> >> >> http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow >> >> >> >> >> >> |> >> >> |> *:-) >> >> |> >> >> | In which case, why don't you register yourself on the wiki and fix it? >> >> | That's the whole point of wikis, if you don't agree with something you >> >> | can fix it yourself. >> >> >> >> Hmm. I can login but I can not edit the page. Given that I am not >> >> entirely wiki proof myself this could be my problem. But at least I am >> >> unable to correct anything there. And I must say the ORB stuff is >> >> definitly not the only thing that needs a revision. >> > Is anyone else suffering this problem? I hate wikis :-( >> > >> > Jules >> > >> >> I get a read only also. It must just be that page as I can edit others. >> >> > Yep, it is that page only... > You can do a check on it by tagging on the "&do=check" option... like this: > http://wiki.mailscanner.info/doku.php?id=documentation:tweaking:some_things_to_try_if_your_incoming_queue_is_running_slow&do=check > ... And this shows the problem pretty easy. Might be just that file, > or its cache entry. Clearing the cache would fix the latter, > checking/amending perms the former. Both can only be done by Jules (or > another designated admin... Don't think there are any:-). > I've fixed the perms as much as I can (currently everything is world writable) and it still complains. Damn wikis :-( Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmatt at nerc.ac.uk Mon Mar 31 13:21:01 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Mar 31 13:21:55 2008 Subject: preventing backscatter at the source In-Reply-To: <47EE606B.7050609@ecs.soton.ac.uk> References: <47ED5120.1030408@fsl.com> <20080329002942.GA1232@msapiro> <47ED97CF.2040003@fsl.com> <47EE606B.7050609@ecs.soton.ac.uk> Message-ID: <47F0D72D.9080202@nerc.ac.uk> Julian Field wrote: > I have 1 use for a backup MX (or 2 MXs in my case). Unless your primary I have another use for a secondary (lower priority) MX, very useful for providing a real, live mail feed for testing and change control. Perform upgrade, listen on secondary MX IP address, check all is well with upgrade. The important part is make sure all mail that goes to this secondary/test MX is sent directly to /dev/null. Also, stop listening when not in use - there are a number of corner cases which can result in valid mail going to your invalid MX even if you have triple redundant primary MXs. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From shuttlebox at gmail.com Mon Mar 31 13:35:08 2008 From: shuttlebox at gmail.com (shuttlebox) Date: Mon Mar 31 13:35:42 2008 Subject: wiki still suggesting ordb In-Reply-To: <47F0C98E.3050401@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> Message-ID: <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field wrote: > I've fixed the perms as much as I can (currently everything is world > writable) and it still complains. > Damn wikis :-( I found this: http://wiki.splitbrain.org/wiki:acl Maybe its of some help. -- /peter From bpirie at rma.edu Mon Mar 31 13:53:16 2008 From: bpirie at rma.edu (Brendan Pirie) Date: Mon Mar 31 13:52:22 2008 Subject: How to check for existing mail accounts? In-Reply-To: <2211.91.198.134.42.1206859865.squirrel@webmail.baladia.gov.kw> References: <47ED6353.4060601@openenterprise.ca> <47ED694E.2040807@openenterprise.ca> <47EEAD4D.2040200@rma.edu> <2211.91.198.134.42.1206859865.squirrel@webmail.baladia.gov.kw> Message-ID: <47F0DEBC.8090901@rma.edu> Benedict simon wrote: >> Kevin Miller wrote: >>> Johnny Stork wrote: >>>> its sendmail >>>> >>>> Kevin Miller wrote: >>>>> Johnny Stork wrote: >>>>> >>>>>> I have noticed a large increase in the amount of spam coming in to >>>>>> MS (latest) running on CentOS 5 and many are coming into >>>>>> non-existent email accounts. Is there a check that can be done for >>>>>> the existence of an account first, and then if non-existent, block >>>>>> even before any scanning is done, let alone processing through MS. >>>>>> >>>>>> Thanks for any suggestions that anyone can give >>>>>> >>>>> What MTA are you using? You can run recipeint verification on >>>>> sendmail via milters, and I'm sure Postfix has similar >>>>> functionality... >>>>> >>>>> ...Kevin >>> Then see http://smfs.sourceforge.net/smf-sav.html >>> >>> Note that this does both sender and recipient address verification. I >>> presume your gateway is forwarding on to another host where the >>> recipients actually reside. The milter uses ldap calls to get the >>> recipient data, so your internal email server will need to be able to do >>> that. Ours is Exchange, which does. >>> >>> HTH... >>> >>> ...Kevin >> Correction - smf-sav milter does not use ldap. It uses the call-ahead >> method, so ldap is not required (one of the reasons I chose it). >> >> Clarification - smf-sav milter is capable of doing both sender and >> recipient address verification. Sender verification can (and in many >> cases should) be disabled. >> >> Brendan > > Thanks Brenden, > > I jus read ur reply to the above post and did get a some qucik ideas. > I am using sendmail 8.13 and mailscanner + spamassassain + clamav > and also squirrelmail > > can the above milters work with sendmail n mailscanner and will it be > useful in addtion to my confguration > > apprecite your help and suggestion > > Thanks and regards > > simon > Simon, milters work with sendmail (or postfix) at the MTA level. Use of spamassassin, mailscanner, squirrelmail, clamav, or any other software is not really relevant. As to whether it will be useful to your configuration, that is a decision for you to make. I implemented it largely because I run a sendmail mail server and a sendmail mail gateway, and didn't want to go the ldap route to drop unknown users at the gateway. Brendan From MailScanner at ecs.soton.ac.uk Mon Mar 31 14:10:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 14:11:15 2008 Subject: wiki still suggesting ordb In-Reply-To: <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> Message-ID: <47F0E2C8.3070807@ecs.soton.ac.uk> Thanks for that. Fixed the problem now. Hopefully other people can edit the page too. shuttlebox wrote: > On Mon, Mar 31, 2008 at 1:22 PM, Julian Field > wrote: > >> I've fixed the perms as much as I can (currently everything is world >> writable) and it still complains. >> Damn wikis :-( >> > > I found this: > > http://wiki.splitbrain.org/wiki:acl > > Maybe its of some help. > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mkettler at evi-inc.com Mon Mar 31 15:19:27 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 31 15:20:22 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47ED2C26.1070006@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> Message-ID: <47F0F2EF.80307@evi-inc.com> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >> >>>> Steve. >>> If you reject, and its spoofed you'll get it back anyway, so you end >>> up receiving and then storing it in the postmaster address, it is >>> always best to discard in this scenario...or even worse bouncing it >>> again >>> >> >> Stop confusing REJECT with post delivery bouncing :) See my other post >> in this thread. > I am talking about sendmail access file entries at the MTA level.... > nothing else...my point is the general notice supplied in the REJECT > directive often ends up coming back round...I've seen it many times.. That's exactly what I'm talking about. I've got several such entries, and I've never seen any of them come back. ever. There's something seriously wrong with your mailserver if this is happening. From peter at farrows.org Mon Mar 31 15:56:51 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 15:57:45 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F0F2EF.80307@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> Message-ID: <47F0FBB3.90701@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: >> Matt Kettler wrote: >>> Peter Farrow wrote: >>> >>>>> Steve. >>>> If you reject, and its spoofed you'll get it back anyway, so you >>>> end up receiving and then storing it in the postmaster address, it >>>> is always best to discard in this scenario...or even worse bouncing >>>> it again >>>> >>> >>> Stop confusing REJECT with post delivery bouncing :) See my other >>> post in this thread. >> I am talking about sendmail access file entries at the MTA level.... >> nothing else...my point is the general notice supplied in the REJECT >> directive often ends up coming back round...I've seen it many times.. > > That's exactly what I'm talking about. I've got several such entries, > and I've never seen any of them come back. ever. > > There's something seriously wrong with your mailserver if this is > happening. Nope From peter at farrows.org Mon Mar 31 16:07:31 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 16:07:46 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F0F2EF.80307@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> Message-ID: <47F0FE33.2000509@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: >> Matt Kettler wrote: >>> Peter Farrow wrote: >>> >>>>> Steve. >>>> If you reject, and its spoofed you'll get it back anyway, so you >>>> end up receiving and then storing it in the postmaster address, it >>>> is always best to discard in this scenario...or even worse bouncing >>>> it again >>>> >>> >>> Stop confusing REJECT with post delivery bouncing :) See my other >>> post in this thread. >> I am talking about sendmail access file entries at the MTA level.... >> nothing else...my point is the general notice supplied in the REJECT >> directive often ends up coming back round...I've seen it many times.. > > That's exactly what I'm talking about. I've got several such entries, > and I've never seen any of them come back. ever. > > There's something seriously wrong with your mailserver if this is > happening. This is how it works: Someone sends a spoofed spam email to one of my clients the other side of my mailscanner, but they get the address wrong. The mailer daemon on the client server rejects the email, (I am the postmaster for my clients Linux server) with user unknown, -- But the address is spoofed so it goes back to the wrong person (back scatter), The mail system rejects the back scatter for various reasons (user known mailbox full etc etc etc) so this bounce comes back to the postmaster of the client machine which goes to my postmaster mailbox. If I simply DISCARD the email at the mailscanner the process is stopped completely. If the mailer daemon REJECTS the message on the mailscanner or the client server, I get it in the postmaster mailbox as per the reason above because I am also the postmaster there as well... So DISCARD is the best way forward. From glenn.steen at gmail.com Mon Mar 31 16:42:38 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 16:43:13 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F0FE33.2000509@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> Message-ID: <223f97700803310842tba4e149k69d61fb1c78ba92@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Matt Kettler wrote: > > Peter Farrow wrote: > >> Matt Kettler wrote: > >>> Peter Farrow wrote: > >>> > >>>>> Steve. > >>>> If you reject, and its spoofed you'll get it back anyway, so you > >>>> end up receiving and then storing it in the postmaster address, it > >>>> is always best to discard in this scenario...or even worse bouncing > >>>> it again > >>>> > >>> > >>> Stop confusing REJECT with post delivery bouncing :) See my other > >>> post in this thread. > >> I am talking about sendmail access file entries at the MTA level.... > >> nothing else...my point is the general notice supplied in the REJECT > >> directive often ends up coming back round...I've seen it many times.. > > > > That's exactly what I'm talking about. I've got several such entries, > > and I've never seen any of them come back. ever. > > > > There's something seriously wrong with your mailserver if this is > > happening. > > This is how it works: > > Someone sends a spoofed spam email to one of my clients the other side > of my mailscanner, but they get the address wrong. Why did you accept this mail for relay in the first place? This is where you go wrong, all the rest is purely your own fault... If one were in the blame-game:-):-). I'm not, I'm more interrested in you getting this right, and beleive me... this will make a marked difference for you. The problem is simple: You are the public MX for these customers, but you don't know their "email address universe". You need setup a method that ensure you do. Since you have a multitude of customers with diverse mailservers, probably a very varying level of competence (theirs, not yours:-) etc, it's probably not feasible to use specific methods like an access or relay recipient map file. You'll have to resort to addre4ss verification by way of a call-ahead. How to do this varies a bit depending on your MTA. Please note that this is _recipient_ verification, not sender verification. Fortunately, free tools like smf-sav can do this for sendmail... others (like postfix) have builtin abilities. Without proper verification, you will indeed be "inundated" with backscatter to backscatter... And rightly so. Using DISCARD is simply wrong. It's the ostrich approach to the problem:-). > The mailer daemon on the client server rejects the email, (I am the > postmaster for my clients Linux server) with user unknown, > > -- But the address is spoofed so it goes back to the wrong person (back > scatter), The mail system rejects the back scatter for various reasons > (user known mailbox full etc etc etc) so this bounce comes back to the > postmaster of the client machine which goes to my postmaster mailbox. > > If I simply DISCARD the email at the mailscanner the process is stopped > completely. Yes. But the process should never have started in the first place. This explains the difference in view Matt Kettler expreses vis-a-vis your view. > If the mailer daemon REJECTS the message on the mailscanner or the > client server, I get it in the postmaster mailbox as per the reason > above because I am also the postmaster there as well... You should REJECT the first unknown recipient. Then there will be no following problems to solve. And that one need be a REJECT if you care anything for the RFCs. If that one is a DISCARD you have taken complete responsibility for that message, and need inform the recipient that you have done so... Which might be OK in some situations (log summary enough? OK!), but not so in others. Your suituation will of course be different from mine, but I caqn (by law, not RFC;-) never do such a thing. > So DISCARD is the best way forward. Nope. You are dead wrong on this account. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From admin at lctn.org Mon Mar 31 16:53:29 2008 From: admin at lctn.org (admin@lctn.org) Date: Mon Mar 31 16:54:46 2008 Subject: what am I dealing with here? In-Reply-To: <7202787.2901206978483309.JavaMail.root@mail.lctn.org> Message-ID: <29632052.2921206978809589.JavaMail.root@mail.lctn.org> I got a call from a school we scan mail for, complaining they are getting some inappropriate email, which is sailing through our scanner with a very low score. I found the message shows it is being delivered by some other server from Venezuela, with our relay server listed second from the bottom. The header is not showing accurate information either on some of the messages, as far as To, and From What can I do to shut this down? I have included info from one of the messages. IP Address Hostname Country RBL Spam Virus All 98.136.44.51 n75.bullet.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 216.252.122.218 t3.bullet.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 69.147.65.156 omp404.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 127.0.0.1 relay-4.lctn.org (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 190.72.118.113 190-72-118-113.dyn.dsl.cantv.net Venezuela [ ] [ ] [ ] [ ] ID: DDD5238001C.94591 Message Headers: Received: from n75.bullet.mail.sp1.yahoo.com (n75.bullet.mail.sp1.yahoo.com [98.136.44.51]) by relay-4.lctn.org (Postfix) with SMTP id DDD5238001C for ; Sun, 30 Mar 2008 15:52:54 -0500 (CDT) Received: from [216.252.122.218] by n75.bullet.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 Received: from [69.147.65.156] by t3.bullet.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 Received: from [127.0.0.1] by omp404.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 493512.39708.bm@omp404.mail.sp1.yahoo.com Received: (qmail 45004 invoked by uid 60001); 30 Mar 2008 20:52:30 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=b+ZjzHg4KHt6d2gKflATIw5TohQzUJ2lVPcqPbCiIzlU0n9Skvc3hKz2zcy7/3ZRkqvljZS5DQ7phzi/Dne1Ck4n86QHnd9NDrHSRSrACynu0T1/3K0SzFioRVRMWFoxXX2g8lOTbU3O49yfsL3f5JkzdTeCQe0YnugSXEdj3Qc=; X-YMail-OSG: yeipdhMVM1lQDWuM.8hWb8yJBWFZbzK4JI34oV3jP0PoM3jGYlMQ8biezzdcUn_FkPMGvxIVHMnS7QiNtCYcm_FKjPDA.J.e1LI- Received: from [190.72.118.113] by web45105.mail.sp1.yahoo.com via HTTP; Sun, 30 Mar 2008 13:52:30 PDT Date: Sun, 30 Mar 2008 13:52:30 -0700 (PDT) From: joie mudra Subject: hey To: kensmith16123940@netscape.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1647990638-1206910350=:30060" Content-Transfer-Encoding: 8bit Message-ID: <258826.30060.qm@web45105.mail.sp1.yahoo.com> -- Raymond Norton LCTN -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/8f333349/attachment.html From jan-peter at koopmann.eu Mon Mar 31 17:04:00 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Mar 31 17:05:33 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> Message-ID: Not sure I understand what you mean. > > There's something seriously wrong with your mailserver if this is > > happening. Agreed. :-) > This is how it works: > > Someone sends a spoofed spam email to one of my clients the other side > of my mailscanner, but they get the address wrong. Happens every day. > The mailer daemon on the client server rejects the email, (I am the > postmaster for my clients Linux server) with user unknown, What does the postmaster have to do with this? > -- But the address is spoofed so it goes back to the wrong person (back > scatter), This is where you go wrong. Your system is not sending any e-mail. It is simply refusing to accept the mail in the first place so you systems do not produce any sort of NDA. Therefore your addresses are not visible in any NDR. It is the delivering MTA that has to deal with your refusal to accept the mail. > The mail system rejects the back scatter for various reasons > (user known mailbox full etc etc etc) In a perfect world there should not be backscatter here in the first place. Why did the mail system (the sender's mail system) accept the spoofed spam message in the first place? But let's just accept that the world is not perfect. > so this bounce comes back to the > postmaster of the client machine What client are we talking about? The client with the spoofed e-mail address? This client is naturally receiving an NDR unless you use something like BarricadeMX or Mailscanner watermarking. But there is nothing you can really do about it. Even if you DISCARD instead of reject the client will receive backscatter from everybody else. And again: You did not send the backscatter. It is the MTA trying to deliver the mail to you. > which goes to my postmaster mailbox. > > If I simply DISCARD the email at the mailscanner the process is stopped > completely. There are two things you stop with this: 1. That the delivering MTA is producing a NDR to the spoofed address in case of spam. Yes that is nice of you to do so but frankly it will not help since most other people will still create NDRs. 2. You stop perfectly valid NDRs from happening in case someone is writing a legit e-mail but gets the recipient wrong. This is something I would not be willing to accept for the domains I am responsible for. > If the mailer daemon REJECTS the message on the mailscanner or the > client server, I get it in the postmaster mailbox as per the reason > above because I am also the postmaster there as well... I obviously do not get it. Can you please provide a real world example telling us where a mail originates, what MTA is doing what etc.? Because "client server", "the mail system" etc. is not really helpful in this scenario. I agree with the others: There is no reason I can currently think of (even after having read your mail) why a REJECT should bounce back to you... > So DISCARD is the best way forward. Whatever you like. I happen to disagree and would prefer REJECT for several reasons already stated in other postings. Kind regards, JP From jan-peter at koopmann.eu Mon Mar 31 17:57:50 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Mar 31 17:59:29 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com><47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com><47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com><47F0FE33.2000509@farrows.org> Message-ID: > > > > Someone sends a spoofed spam email to one of my clients the other > side > > of my mailscanner, but they get the address wrong. > Why did you accept this mail for relay in the first place? > This is where you go wrong, all the rest is purely your own fault... > If one were in the blame-game:-):-). > I'm not, I'm more interrested in you getting this right, and beleive > me... this will make a marked difference for you. > The problem is simple: You are the public MX for these customers, but > you don't know their "email address universe". You need setup a method > that ensure you do. I think finally begin to understand what he is doing... Thanks Glenn. :-) From gmatt at nerc.ac.uk Mon Mar 31 18:02:53 2008 From: gmatt at nerc.ac.uk (Greg Matthews) Date: Mon Mar 31 18:03:42 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F0FE33.2000509@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> Message-ID: <47F1193D.3020205@nerc.ac.uk> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >>> Matt Kettler wrote: >>>> Peter Farrow wrote: >>>> >>>>>> Steve. >>>>> If you reject, and its spoofed you'll get it back anyway, so you >>>>> end up receiving and then storing it in the postmaster address, it >>>>> is always best to discard in this scenario...or even worse bouncing >>>>> it again >>>>> >>>> >>>> Stop confusing REJECT with post delivery bouncing :) See my other >>>> post in this thread. >>> I am talking about sendmail access file entries at the MTA level.... >>> nothing else...my point is the general notice supplied in the REJECT >>> directive often ends up coming back round...I've seen it many times.. >> >> That's exactly what I'm talking about. I've got several such entries, >> and I've never seen any of them come back. ever. >> >> There's something seriously wrong with your mailserver if this is >> happening. > This is how it works: > > Someone sends a spoofed spam email to one of my clients the other side > of my mailscanner, but they get the address wrong. > > The mailer daemon on the client server rejects the email, (I am the > postmaster for my clients Linux server) with user unknown, > > -- But the address is spoofed so it goes back to the wrong person (back > scatter), The mail system rejects the back scatter for various reasons > (user known mailbox full etc etc etc) so this bounce comes back to the > postmaster of the client machine which goes to my postmaster mailbox. is this a troll? The mail is /rejected/ so it doesnt "go back" to anyone. You are talking about /bouncing/ a message and therefore composing a DSN with the wrong recipient address. A /REJECT/ stops the SMTP transaction dead. Any DSN, if required, is generated by the third party MTA. G > > If I simply DISCARD the email at the mailscanner the process is stopped > completely. > > If the mailer daemon REJECTS the message on the mailscanner or the > client server, I get it in the postmaster mailbox as per the reason > above because I am also the postmaster there as well... > > So DISCARD is the best way forward. > -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. From mkettler at evi-inc.com Mon Mar 31 18:53:11 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 31 18:54:00 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F0FE33.2000509@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> Message-ID: <47F12507.4070905@evi-inc.com> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >>> Matt Kettler wrote: >>>> Peter Farrow wrote: >>>> >>>>>> Steve. >>>>> If you reject, and its spoofed you'll get it back anyway, so you >>>>> end up receiving and then storing it in the postmaster address, it >>>>> is always best to discard in this scenario...or even worse bouncing >>>>> it again >>>>> >>>> >>>> Stop confusing REJECT with post delivery bouncing :) See my other >>>> post in this thread. >>> I am talking about sendmail access file entries at the MTA level.... >>> nothing else...my point is the general notice supplied in the REJECT >>> directive often ends up coming back round...I've seen it many times.. >> >> That's exactly what I'm talking about. I've got several such entries, >> and I've never seen any of them come back. ever. >> >> There's something seriously wrong with your mailserver if this is >> happening. > This is how it works: > > Someone sends a spoofed spam email to one of my clients the other side > of my mailscanner, but they get the address wrong. > > The mailer daemon on the client server rejects the email, (I am the > postmaster for my clients Linux server) with user unknown, Well, duh. That's because the REJECT isn't being implemented at the MX, but a downstream server. In order to avoid the postmaster issue you *MUST* implement this at all of the MXes for the domain. Of course it will cause the problem if a downstream server does a REJECT, because it's being REJECTED after your server accepted it. However, this doesn't make REJECT bad, it just means the REJECT needs to be implemented on YOUR server, not your clients. From peter at farrows.org Mon Mar 31 19:13:59 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 19:14:59 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F12507.4070905@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> Message-ID: <47F129E7.6050803@farrows.org> Matt Kettler wrote: > Peter Farrow wrote: >> Matt Kettler wrote: >>> Peter Farrow wrote: >>>> Matt Kettler wrote: >>>>> Peter Farrow wrote: >>>>> >>>>>>> Steve. >>>>>> If you reject, and its spoofed you'll get it back anyway, so you >>>>>> end up receiving and then storing it in the postmaster address, >>>>>> it is always best to discard in this scenario...or even worse >>>>>> bouncing it again >>>>>> >>>>> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other >>>>> post in this thread. >>>> I am talking about sendmail access file entries at the MTA >>>> level.... nothing else...my point is the general notice supplied in >>>> the REJECT directive often ends up coming back round...I've seen it >>>> many times.. >>> >>> That's exactly what I'm talking about. I've got several such >>> entries, and I've never seen any of them come back. ever. >>> >>> There's something seriously wrong with your mailserver if this is >>> happening. >> This is how it works: >> >> Someone sends a spoofed spam email to one of my clients the other >> side of my mailscanner, but they get the address wrong. >> >> The mailer daemon on the client server rejects the email, (I am the >> postmaster for my clients Linux server) with user unknown, > > > Well, duh. That's because the REJECT isn't being implemented at the > MX, but a downstream server. > > In order to avoid the postmaster issue you *MUST* implement this at > all of the MXes for the domain. > > Of course it will cause the problem if a downstream server does a > REJECT, because it's being REJECTED after your server accepted it. > > However, this doesn't make REJECT bad, it just means the REJECT needs > to be implemented on YOUR server, not your clients. > > > > > So *duh* no config error then..... And thus having a valid postmaster address makes the final machine RFC compliant, which means that you won't end up on blacklists like RFC-ignorant... As I was saying in this scenario a discard is far superior, because, as I am paid to do I keep the rubbish from even reaching the client as I said in the first place, and, as I have 100's of client servers after my cluster of mailscanners its not feasible nor what the clients what to be configured the same as everyone else. So, in short DISCARD it is then. Glad you got there in the end... :-P P. From ssilva at sgvwater.com Mon Mar 31 19:13:55 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 19:15:02 2008 Subject: wiki still suggesting ordb In-Reply-To: <47F0E2C8.3070807@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> Message-ID: on 3-31-2008 6:10 AM Julian Field spake the following: > Thanks for that. Fixed the problem now. Hopefully other people can edit > the page too. > > shuttlebox wrote: >> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >> wrote: >> >>> I've fixed the perms as much as I can (currently everything is world >>> writable) and it still complains. >>> Damn wikis :-( >>> >> >> I found this: >> >> http://wiki.splitbrain.org/wiki:acl >> >> Maybe its of some help. >> >> > > Jules > Looks to be working now, but the edit now points to a soon to be obsolete since spamhaus recommends to use zen instead of sbl+xbl. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/e9b44fb3/signature.bin From peter at farrows.org Mon Mar 31 19:24:06 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 19:24:23 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com><47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com><47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com><47F0FE33.2000509@farrows.org> Message-ID: <47F12C46.1070501@farrows.org> Koopmann, Jan-Peter wrote: >>> Someone sends a spoofed spam email to one of my clients the other >>> >> side >> >>> of my mailscanner, but they get the address wrong. >>> >> Why did you accept this mail for relay in the first place? >> This is where you go wrong, all the rest is purely your own fault... >> If one were in the blame-game:-):-). >> I'm not, I'm more interrested in you getting this right, and beleive >> me... this will make a marked difference for you. >> The problem is simple: You are the public MX for these customers, but >> you don't know their "email address universe". You need setup a method >> that ensure you do. >> > > I think finally begin to understand what he is doing... Thanks Glenn. > :-) > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Well, actually no I don't need to know their users list, thats the beauty of this configuration. To add anti spam to a clients setup I simply insert my servers, I don't need to ask them any questions other than where to send it on. So this is a top solution, very easy for the client, and my clients love it, I can anti spam their email without even knowing or wanting know anything about their enterprise I just tell them to adjust their DNS. Hence, I do have it very very right indeed. Could you imagine trying to know about all the users on each mail domain for each client, with 1000s of clients and therefore 100,000s of users.... its all about scale and ease of implementation and thats why on this type of scale and even small ones a discard is a supremely useful solution... If I wanted to implement a client user list I could always add a look/check ahead milter, but why bother this works better, and a look ahead would mean I would need to know if their mailbox holder server was behind an internet facing smarthost or not to make the check valid or not... P. From peter at farrows.org Mon Mar 31 19:26:41 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 19:26:57 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> Message-ID: <47F12CE1.7050805@farrows.org> Koopmann, Jan-Peter wrote: > Not sure I understand what you mean. > > >>> There's something seriously wrong with your mailserver if this is >>> happening. >>> > > Agreed. :-) > > >> This is how it works: >> >> Someone sends a spoofed spam email to one of my clients the other side >> of my mailscanner, but they get the address wrong. >> > > Happens every day. > > >> The mailer daemon on the client server rejects the email, (I am the >> postmaster for my clients Linux server) with user unknown, >> > > What does the postmaster have to do with this? > > >> -- But the address is spoofed so it goes back to the wrong person >> > (back > >> scatter), >> > > This is where you go wrong. Your system is not sending any e-mail. It is > simply refusing to accept the mail in the first place so you systems do > not produce any sort of NDA. Therefore your addresses are not visible in > any NDR. It is the delivering MTA that has to deal with your refusal to > accept the mail. > > >> The mail system rejects the back scatter for various reasons >> (user known mailbox full etc etc etc) >> > > In a perfect world there should not be backscatter here in the first > place. Why did the mail system (the sender's mail system) accept the > spoofed spam message in the first place? But let's just accept that the > world is not perfect. > > >> so this bounce comes back to the >> postmaster of the client machine >> > > What client are we talking about? The client with the spoofed e-mail > address? This client is naturally receiving an NDR unless you use > something like BarricadeMX or Mailscanner watermarking. But there is > nothing you can really do about it. Even if you DISCARD instead of > reject the client will receive backscatter from everybody else. And > again: You did not send the backscatter. It is the MTA trying to deliver > the mail to you. > > >> which goes to my postmaster mailbox. >> >> If I simply DISCARD the email at the mailscanner the process is >> > stopped > >> completely. >> > > There are two things you stop with this: > 1. That the delivering MTA is producing a NDR to the spoofed address in > case of spam. Yes that is nice of you to do so but frankly it will not > help since most other people will still create NDRs. > 2. You stop perfectly valid NDRs from happening in case someone is > writing a legit e-mail but gets the recipient wrong. This is something I > would not be willing to accept for the domains I am responsible for. > > >> If the mailer daemon REJECTS the message on the mailscanner or the >> client server, I get it in the postmaster mailbox as per the reason >> above because I am also the postmaster there as well... >> > > I obviously do not get it. Can you please provide a real world example > telling us where a mail originates, what MTA is doing what etc.? Because > "client server", "the mail system" etc. is not really helpful in this > scenario. > > I agree with the others: There is no reason I can currently think of > (even after having read your mail) why a REJECT should bounce back to > you... > > >> So DISCARD is the best way forward. >> > > Whatever you like. I happen to disagree and would prefer REJECT for > several reasons already stated in other postings. > > > Kind regards, > JP > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > >> client is the company I am sending mail onto who use my services... So there is *nothing* wrong with this configuration at all.... So I'll carry on doing a discard thanks, P. From glenn.steen at gmail.com Mon Mar 31 19:44:48 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 19:45:24 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F129E7.6050803@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> Message-ID: <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Matt Kettler wrote: > > Peter Farrow wrote: > >> Matt Kettler wrote: > >>> Peter Farrow wrote: > >>>> Matt Kettler wrote: > >>>>> Peter Farrow wrote: > >>>>> > >>>>>>> Steve. > >>>>>> If you reject, and its spoofed you'll get it back anyway, so you > >>>>>> end up receiving and then storing it in the postmaster address, > >>>>>> it is always best to discard in this scenario...or even worse > >>>>>> bouncing it again > >>>>>> > >>>>> > >>>>> Stop confusing REJECT with post delivery bouncing :) See my other > >>>>> post in this thread. > >>>> I am talking about sendmail access file entries at the MTA > >>>> level.... nothing else...my point is the general notice supplied in > >>>> the REJECT directive often ends up coming back round...I've seen it > >>>> many times.. > >>> > >>> That's exactly what I'm talking about. I've got several such > >>> entries, and I've never seen any of them come back. ever. > >>> > >>> There's something seriously wrong with your mailserver if this is > >>> happening. > >> This is how it works: > >> > >> Someone sends a spoofed spam email to one of my clients the other > >> side of my mailscanner, but they get the address wrong. > >> > >> The mailer daemon on the client server rejects the email, (I am the > >> postmaster for my clients Linux server) with user unknown, > > > > > > Well, duh. That's because the REJECT isn't being implemented at the > > MX, but a downstream server. > > > > In order to avoid the postmaster issue you *MUST* implement this at > > all of the MXes for the domain. > > > > Of course it will cause the problem if a downstream server does a > > REJECT, because it's being REJECTED after your server accepted it. > > > > However, this doesn't make REJECT bad, it just means the REJECT needs > > to be implemented on YOUR server, not your clients. > > > > > > > > > > > > So *duh* no config error then..... Please keep this civil, Matt&Peter. > And thus having a valid postmaster address makes the final machine RFC > compliant, which means that you won't end up on blacklists like > RFC-ignorant... ? Sorry, but I fail to see what this has to do with your issues. Please read my previous post. It is meant in as a very friendly nudge to do the right thing. > As I was saying in this scenario a discard is far superior, because, as > I am paid to do I keep the rubbish from even reaching the client as I > said in the first place, and, as I have 100's of client servers after my > cluster of mailscanners its not feasible nor what the clients what to be > configured the same as everyone else. No, the only correct solution for you does not contain any such "streamlining" of configuration. All that is needed is for your cluster to call ahead to each individual receiving server (the ones at your customers;-) to ascertain that they will in fact accept these messagees for these recipients... It might not core terminally misconfigured (client) mailstore systems, but ... it will cut it down enormously. And your MailScanner systems will have less messages to wade through. All in all, correctly done, recipient address verification will earn you money. And your clients will not even know that you do it, unless they are log jockeys/junkies (like us:-). At least consider the possibility that we might have a clue here;-). > So, in short DISCARD it is then. Nope. > Glad you got there in the end... :-P Still not there :-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 31 19:52:52 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 19:53:27 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F12C46.1070501@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12C46.1070501@farrows.org> Message-ID: <223f97700803311152r39857bcen2ea951d021e1b82f@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Koopmann, Jan-Peter wrote: > >>> Someone sends a spoofed spam email to one of my clients the other > >>> > >> side > >> > >>> of my mailscanner, but they get the address wrong. > >>> > >> Why did you accept this mail for relay in the first place? > >> This is where you go wrong, all the rest is purely your own fault... > >> If one were in the blame-game:-):-). > >> I'm not, I'm more interrested in you getting this right, and beleive > >> me... this will make a marked difference for you. > >> The problem is simple: You are the public MX for these customers, but > >> you don't know their "email address universe". You need setup a method > >> that ensure you do. > >> > > > > I think finally begin to understand what he is doing... Thanks Glenn. > > :-) > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > Well, actually no I don't need to know their users list, thats the > beauty of this configuration. To add anti spam to a clients setup I > simply insert my servers, I don't need to ask them any questions other > than where to send it on. So this is a top solution, very easy for the > client, and my clients love it, I can anti spam their email without even > knowing or wanting know anything about their enterprise I just tell them > to adjust their DNS. Hence, I do have it very very right indeed. Well... There is no difference if you do this setup "correctly" (call-ahead), or "in-correctly" (NDR/NDN/DSN-hell with DISCARD of all such (more or less) as a band-aid). You wouldn't ask them anything different for that address verification either;-). > Could you imagine trying to know about all the users on each mail > domain for each client, with 1000s of clients and therefore 100,000s of > users.... its all about scale and ease of implementation and thats why > on this type of scale and even small ones a discard is a supremely > useful solution... "know" and "you" are relative terms here. "Your server" need only know at the point where it ponders accepting a new message or not... No database needed (although that has it's perks too... Not workable for larger installs, but usable for medium->small setups). > If I wanted to implement a client user list I could always add a > look/check ahead milter, but why bother this works better, and a look > ahead would mean I would need to know if their mailbox holder server was > behind an internet facing smarthost or not to make the check valid or not... It actually doesn't. Work better, that is:-). But I'm pretty certain I'll bnever convince you of that...;-). And the beuty of the call-ahead... is that you needn't care onewhit about smarthosts or anything. Because when that host accept the mail, you are out of the DSN-loop... it is their problem;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From richard.siddall at elirion.net Mon Mar 31 19:54:28 2008 From: richard.siddall at elirion.net (Richard Siddall) Date: Mon Mar 31 19:55:10 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F12C46.1070501@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com><47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com><47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com><47F0FE33.2000509@farrows.org> <47F12C46.1070501@farrows.org> Message-ID: <47F13364.5080404@elirion.net> Peter Farrow wrote: > If I wanted to implement a client user list I could always add a > look/check ahead milter, but why bother this works better, and a look > ahead would mean I would need to know if their mailbox holder server was > behind an internet facing smarthost or not to make the check valid or > not... > Yeah. I always preferred compilers that didn't tell you whether the program was correct. ;> Regards, Richard. From mkettler at evi-inc.com Mon Mar 31 19:59:47 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 31 20:01:10 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F129E7.6050803@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> Message-ID: <47F134A3.70404@evi-inc.com> Peter Farrow wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >>> Matt Kettler wrote: >>>> Peter Farrow wrote: >>>>> Matt Kettler wrote: >>>>>> Peter Farrow wrote: >>>>>> >>>>>>>> Steve. >>>>>>> If you reject, and its spoofed you'll get it back anyway, so you >>>>>>> end up receiving and then storing it in the postmaster address, >>>>>>> it is always best to discard in this scenario...or even worse >>>>>>> bouncing it again >>>>>>> >>>>>> >>>>>> Stop confusing REJECT with post delivery bouncing :) See my other >>>>>> post in this thread. >>>>> I am talking about sendmail access file entries at the MTA >>>>> level.... nothing else...my point is the general notice supplied in >>>>> the REJECT directive often ends up coming back round...I've seen it >>>>> many times.. >>>> >>>> That's exactly what I'm talking about. I've got several such >>>> entries, and I've never seen any of them come back. ever. >>>> >>>> There's something seriously wrong with your mailserver if this is >>>> happening. >>> This is how it works: >>> >>> Someone sends a spoofed spam email to one of my clients the other >>> side of my mailscanner, but they get the address wrong. >>> >>> The mailer daemon on the client server rejects the email, (I am the >>> postmaster for my clients Linux server) with user unknown, >> >> >> Well, duh. That's because the REJECT isn't being implemented at the >> MX, but a downstream server. >> >> In order to avoid the postmaster issue you *MUST* implement this at >> all of the MXes for the domain. >> >> Of course it will cause the problem if a downstream server does a >> REJECT, because it's being REJECTED after your server accepted it. >> >> However, this doesn't make REJECT bad, it just means the REJECT needs >> to be implemented on YOUR server, not your clients. >> >> >> >> >> > So *duh* no config error then..... Well, erm.. yes.. it is a configuration error, or at the very least a poor configuration. The front-end MX for a domain should be able to verify if a message will be acceptable to the network. That means you shouldn't have REJECT clauses down at servers being forwarded to, they need to be at the front end MX. If you had mentioned you were trying to implement REJECTs on servers being forwarded to, this conversation would have been very short. However, to try to claim that REJECT always generates backscatter and floods your postmaster box is a blatant misrepresentation of facts. You clearly understand email servers well enough to know that is not true as an unqualified statement. Also, you were at the very least telling a half-truth when I questioned if you'd failed to implement the reject on all your MXes.. ------- > Clearly there's something wrong with your MTA if REJECT is causing stuff to end up in your postmaster box. > > Unless of course you've got a secondary MX which lacks the same REJECT clause... However, that's just a mistake on the part of configuring your secondaries. > > > Not at all... ------- Clearly you didn't implement it on any of the MXes for the domain, so that exchange was misleading. From mkettler at evi-inc.com Mon Mar 31 20:09:37 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 31 20:11:38 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F12CE1.7050805@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> <47F12CE1.7050805@farrows.org> Message-ID: <47F136F1.6060400@evi-inc.com> Peter Farrow wrote: >> > >> client is the company I am sending mail onto who use my services... > > So there is *nothing* wrong with this configuration at all.... > > So I'll carry on doing a discard thanks, > For your case, you probably should. However, please stop misrepresenting the facts. REJECT works very well if properly implemented, and doesn't flood your postmaster box. However, properly implemented means having it on all of your MX servers, not a back-end server. If you're filtering on a back-end server, or any other point after the DATA phase of the SMTP session has been OKed by a server in your network, then REJECT is a bad idea. At that point, a REJECT fundamentally has to result in a post-delivery bounce, because the message has already been delivered. REJECT only works well if it is implemented on the server that first accepts mail in your network, so it can be REJECTed before original delivery is completed. This results in considerably better behavior by your network, and reduced resource utilization. REJECT should be preferred over DISCARD at your network borders for this reason. DISCARD is preferable over REJECT within your network, however neither results in good network behavior. At this point, tag-only is probably the best behavior. However, the implications are really yours to suffer, so do as you will within your own network. This is really all very, very basic mail administrator knowledge. From peter at farrows.org Mon Mar 31 20:19:37 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 20:20:30 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> Message-ID: <47F13949.4070401@farrows.org> Glenn Steen wrote: > On 31/03/2008, Peter Farrow wrote: > >> Matt Kettler wrote: >> > Peter Farrow wrote: >> >> Matt Kettler wrote: >> >>> Peter Farrow wrote: >> >>>> Matt Kettler wrote: >> >>>>> Peter Farrow wrote: >> >>>>> >> >>>>>>> Steve. >> >>>>>> If you reject, and its spoofed you'll get it back anyway, so you >> >>>>>> end up receiving and then storing it in the postmaster address, >> >>>>>> it is always best to discard in this scenario...or even worse >> >>>>>> bouncing it again >> >>>>>> >> >>>>> >> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other >> >>>>> post in this thread. >> >>>> I am talking about sendmail access file entries at the MTA >> >>>> level.... nothing else...my point is the general notice supplied in >> >>>> the REJECT directive often ends up coming back round...I've seen it >> >>>> many times.. >> >>> >> >>> That's exactly what I'm talking about. I've got several such >> >>> entries, and I've never seen any of them come back. ever. >> >>> >> >>> There's something seriously wrong with your mailserver if this is >> >>> happening. >> >> This is how it works: >> >> >> >> Someone sends a spoofed spam email to one of my clients the other >> >> side of my mailscanner, but they get the address wrong. >> >> >> >> The mailer daemon on the client server rejects the email, (I am the >> >> postmaster for my clients Linux server) with user unknown, >> > >> > >> > Well, duh. That's because the REJECT isn't being implemented at the >> > MX, but a downstream server. >> > >> > In order to avoid the postmaster issue you *MUST* implement this at >> > all of the MXes for the domain. >> > >> > Of course it will cause the problem if a downstream server does a >> > REJECT, because it's being REJECTED after your server accepted it. >> > >> > However, this doesn't make REJECT bad, it just means the REJECT needs >> > to be implemented on YOUR server, not your clients. >> > >> > >> > >> > >> > >> >> So *duh* no config error then..... >> > Please keep this civil, Matt&Peter. > > >> And thus having a valid postmaster address makes the final machine RFC >> compliant, which means that you won't end up on blacklists like >> RFC-ignorant... >> > ? > Sorry, but I fail to see what this has to do with your issues. > Please read my previous post. It is meant in as a very friendly nudge > to do the right thing. > > >> As I was saying in this scenario a discard is far superior, because, as >> I am paid to do I keep the rubbish from even reaching the client as I >> said in the first place, and, as I have 100's of client servers after my >> cluster of mailscanners its not feasible nor what the clients what to be >> configured the same as everyone else. >> > No, the only correct solution for you does not contain any such > "streamlining" of configuration. All that is needed is for your > cluster to call ahead to each individual receiving server (the ones at > your customers;-) to ascertain that they will in fact accept these > messagees for these recipients... It might not core terminally > misconfigured (client) mailstore systems, but ... it will cut it down > enormously. And your MailScanner systems will have less messages to > wade through. All in all, correctly done, recipient address > verification will earn you money. And your clients will not even know > that you do it, unless they are log jockeys/junkies (like us:-). > At least consider the possibility that we might have a clue here;-). > > >> So, in short DISCARD it is then. >> > Nope. > > >> Glad you got there in the end... :-P >> > Still not there :-D > > Cheers > Everyone, Well I guess that it all comes down to what works best for you, I like being on this list because we can all share stuff together and some really good stuff comes up quite alot.... ~For me I like very much *not* to know about what my clients do with their email servers which are all not MailScanners of any kind. I like very much to filter their email very effectively, without having to even go to their site or configure any of their servers. For the avoidance of doubt my clients are the ones who pay my mortgage, this way works supremely well for me and those clients. There might be one day where I might want to use a REJECT, but 3 million+ messages a month and I still haven't found a use for it yet over a discard. Things get messy real quick with this type of volume of mail, especially when you don't hold any mailboxes on any of your own machines. I've been using sendmail and email for as long as the internet has been in existance, I've seen lots of people do very clever and very dumb stuff, but my experience proven by practical ,successful implementation in a commercial environment and that experience tells me that the way I have described really is the best way for me and my clients.... This may be radically different to how you might do it on a perimeter machine at company x,y or z , or how you might do it in your school, college or univeristy, You can do what you like on your networks, and I will, very much do what I like and what works for me, on mine... Kind Regards P. :-) From peter at farrows.org Mon Mar 31 20:30:32 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 20:30:48 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <223f97700803311152r39857bcen2ea951d021e1b82f@mail.gmail.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12C46.1070501@farrows.org> <223f97700803311152r39857bcen2ea951d021e1b82f@mail.gmail.com> Message-ID: <47F13BD8.2000005@farrows.org> Glenn Steen wrote: > On 31/03/2008, Peter Farrow wrote: > >> Koopmann, Jan-Peter wrote: >> >>> Someone sends a spoofed spam email to one of my clients the other >> >>> >> >> side >> >> >> >>> of my mailscanner, but they get the address wrong. >> >>> >> >> Why did you accept this mail for relay in the first place? >> >> This is where you go wrong, all the rest is purely your own fault... >> >> If one were in the blame-game:-):-). >> >> I'm not, I'm more interrested in you getting this right, and beleive >> >> me... this will make a marked difference for you. >> >> The problem is simple: You are the public MX for these customers, but >> >> you don't know their "email address universe". You need setup a method >> >> that ensure you do. >> >> >> > >> > I think finally begin to understand what he is doing... Thanks Glenn. >> > :-) >> > -- >> > MailScanner mailing list >> > mailscanner@lists.mailscanner.info >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > >> > Before posting, read http://wiki.mailscanner.info/posting >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> >> Well, actually no I don't need to know their users list, thats the >> beauty of this configuration. To add anti spam to a clients setup I >> simply insert my servers, I don't need to ask them any questions other >> than where to send it on. So this is a top solution, very easy for the >> client, and my clients love it, I can anti spam their email without even >> knowing or wanting know anything about their enterprise I just tell them >> to adjust their DNS. Hence, I do have it very very right indeed. >> > Well... There is no difference if you do this setup "correctly" > (call-ahead), or "in-correctly" (NDR/NDN/DSN-hell with DISCARD of all > such (more or less) as a band-aid). > You wouldn't ask them anything different for that address verification > either;-). > > >> Could you imagine trying to know about all the users on each mail >> domain for each client, with 1000s of clients and therefore 100,000s of >> users.... its all about scale and ease of implementation and thats why >> on this type of scale and even small ones a discard is a supremely >> useful solution... >> > "know" and "you" are relative terms here. "Your server" need only know > at the point where it ponders accepting a new message or not... No > database needed (although that has it's perks too... Not workable for > larger installs, but usable for medium->small setups). > > >> If I wanted to implement a client user list I could always add a >> look/check ahead milter, but why bother this works better, and a look >> ahead would mean I would need to know if their mailbox holder server was >> behind an internet facing smarthost or not to make the check valid or not... >> > It actually doesn't. Work better, that is:-). But I'm pretty certain > I'll bnever convince you of that...;-). > And the beuty of the call-ahead... is that you needn't care onewhit > about smarthosts or anything. Because when that host accept the mail, > you are out of the DSN-loop... it is their problem;-). > > Cheers >>you are out of the DSN-loop... it is their problem;-). --I'm their postmaster--- remember--- my clients don't want it to be "their problem".. so -- yes it does work better... for me and those clients... From MailScanner at ecs.soton.ac.uk Mon Mar 31 20:30:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 20:31:30 2008 Subject: wiki still suggesting ordb In-Reply-To: References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> Message-ID: <47F13BEA.9010709@ecs.soton.ac.uk> Scott Silva wrote: > on 3-31-2008 6:10 AM Julian Field spake the following: >> Thanks for that. Fixed the problem now. Hopefully other people can >> edit the page too. >> >> shuttlebox wrote: >>> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >>> wrote: >>> >>>> I've fixed the perms as much as I can (currently everything is world >>>> writable) and it still complains. >>>> Damn wikis :-( >>>> >>> >>> I found this: >>> >>> http://wiki.splitbrain.org/wiki:acl >>> >>> Maybe its of some help. >>> >>> >> >> Jules >> > Looks to be working now, but the edit now points to a soon to be > obsolete since spamhaus recommends to use zen instead of sbl+xbl. > Didn't know that one. Fixed. I've changed the default shipped MailScanner.conf file so it uses spamhaus-ZEN by default. That should be okay for a new installation shouldn't it? I'll add a note saying that they shouldn't use spamhaus lists unless they are a low-volume site or they have paid for a direct feed. Does that sound okay? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From peter at farrows.org Mon Mar 31 20:32:22 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 20:32:39 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> Message-ID: <47F13C46.5080701@farrows.org> Glenn Steen wrote: > On 31/03/2008, Peter Farrow wrote: > >> Matt Kettler wrote: >> > Peter Farrow wrote: >> >> Matt Kettler wrote: >> >>> Peter Farrow wrote: >> >>>> Matt Kettler wrote: >> >>>>> Peter Farrow wrote: >> >>>>> >> >>>>>>> Steve. >> >>>>>> If you reject, and its spoofed you'll get it back anyway, so you >> >>>>>> end up receiving and then storing it in the postmaster address, >> >>>>>> it is always best to discard in this scenario...or even worse >> >>>>>> bouncing it again >> >>>>>> >> >>>>> >> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other >> >>>>> post in this thread. >> >>>> I am talking about sendmail access file entries at the MTA >> >>>> level.... nothing else...my point is the general notice supplied in >> >>>> the REJECT directive often ends up coming back round...I've seen it >> >>>> many times.. >> >>> >> >>> That's exactly what I'm talking about. I've got several such >> >>> entries, and I've never seen any of them come back. ever. >> >>> >> >>> There's something seriously wrong with your mailserver if this is >> >>> happening. >> >> This is how it works: >> >> >> >> Someone sends a spoofed spam email to one of my clients the other >> >> side of my mailscanner, but they get the address wrong. >> >> >> >> The mailer daemon on the client server rejects the email, (I am the >> >> postmaster for my clients Linux server) with user unknown, >> > >> > >> > Well, duh. That's because the REJECT isn't being implemented at the >> > MX, but a downstream server. >> > >> > In order to avoid the postmaster issue you *MUST* implement this at >> > all of the MXes for the domain. >> > >> > Of course it will cause the problem if a downstream server does a >> > REJECT, because it's being REJECTED after your server accepted it. >> > >> > However, this doesn't make REJECT bad, it just means the REJECT needs >> > to be implemented on YOUR server, not your clients. >> > >> > >> > >> > >> > >> >> So *duh* no config error then..... >> > Please keep this civil, Matt&Peter. > > >> And thus having a valid postmaster address makes the final machine RFC >> compliant, which means that you won't end up on blacklists like >> RFC-ignorant... >> > ? > Sorry, but I fail to see what this has to do with your issues. > Please read my previous post. It is meant in as a very friendly nudge > to do the right thing. > > >> As I was saying in this scenario a discard is far superior, because, as >> I am paid to do I keep the rubbish from even reaching the client as I >> said in the first place, and, as I have 100's of client servers after my >> cluster of mailscanners its not feasible nor what the clients what to be >> configured the same as everyone else. >> > No, the only correct solution for you does not contain any such > "streamlining" of configuration. All that is needed is for your > cluster to call ahead to each individual receiving server (the ones at > your customers;-) to ascertain that they will in fact accept these > messagees for these recipients... It might not core terminally > misconfigured (client) mailstore systems, but ... it will cut it down > enormously. And your MailScanner systems will have less messages to > wade through. All in all, correctly done, recipient address > verification will earn you money. And your clients will not even know > that you do it, unless they are log jockeys/junkies (like us:-). > At least consider the possibility that we might have a clue here;-). > > >> So, in short DISCARD it is then. >> > Nope. > > >> Glad you got there in the end... :-P >> > Still not there :-D > > Cheers > >>>And your MailScanner systems will have less messages to >>>wade through When I discard it never reaches the MailScanner its done at MTA level...so there is no wading here... P. From MailScanner at ecs.soton.ac.uk Mon Mar 31 20:34:50 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 20:34:57 2008 Subject: wiki still suggesting ordb In-Reply-To: References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> Message-ID: <47F13CDA.5030506@ecs.soton.ac.uk> Ignore my previous posting. This would create a "broken by default" setup, which is something I always complain bitterly against in anyone else's setup. It will also cause trouble if for some reason spamhaus-ZEN will create false alarms in your particular customer profile. me Scott Silva wrote: > on 3-31-2008 6:10 AM Julian Field spake the following: >> Thanks for that. Fixed the problem now. Hopefully other people can >> edit the page too. >> >> shuttlebox wrote: >>> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >>> wrote: >>> >>>> I've fixed the perms as much as I can (currently everything is world >>>> writable) and it still complains. >>>> Damn wikis :-( >>>> >>> >>> I found this: >>> >>> http://wiki.splitbrain.org/wiki:acl >>> >>> Maybe its of some help. >>> >>> >> >> Jules >> > Looks to be working now, but the edit now points to a soon to be > obsolete since spamhaus recommends to use zen instead of sbl+xbl. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Mar 31 20:45:32 2008 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Mar 31 20:45:55 2008 Subject: what am I dealing with here? Message-ID: <47F13F5C.7020008@ecs.soton.ac.uk> From the looks of the headers you have given us, it looks to me to be hard to do much with them, except DNSBL and SURBL in SpamAssassin might hit something, as it looks at all the Received: headers. Can you not do anything based on the content of the message? You haven't given us that and it may well be your best bet. Are there any rules that look at the "To:" header and score based on a long sequence of numbers in it? If not, then that may be worth a try in this case. Not sure what else to say, sorry. ------- SNIP --------- I got a call from a school we scan mail for, complaining they are getting some inappropriate email, which is sailing through our scanner with a very low score. I found the message shows it is being delivered by some other server from Venezuela, with our relay server listed second from the bottom. The header is not showing accurate information either on some of the messages, as far as To, and From What can I do to shut this down? I have included info from one of the messages. IP Address Hostname Country RBL Spam Virus All 98.136.44.51 n75.bullet.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 216.252.122.218 t3.bullet.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 69.147.65.156 omp404.mail.sp1.yahoo.com United States [ ] [ ] [ ] [ ] 127.0.0.1 relay-4.lctn.org (GeoIP Lookup Failed) [ ] [ ] [ ] [ ] 190.72.118.113 190-72-118-113.dyn.dsl.cantv.net Venezuela [ ] [ ] [ ] [ ] ID: DDD5238001C.94591 Message Headers: Received: from n75.bullet.mail.sp1.yahoo.com (n75.bullet.mail.sp1.yahoo.com [98.136.44.51]) by relay-4.lctn.org (Postfix) with SMTP id DDD5238001C for ; Sun, 30 Mar 2008 15:52:54 -0500 (CDT) Received: from [216.252.122.218] by n75.bullet.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 Received: from [69.147.65.156] by t3.bullet.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 Received: from [127.0.0.1] by omp404.mail.sp1.yahoo.com with NNFMP; 30 Mar 2008 20:52:30 -0000 X-Yahoo-Newman-Property: ymail-5 X-Yahoo-Newman-Id: 493512.39708.bm@omp404.mail.sp1.yahoo.com Received: (qmail 45004 invoked by uid 60001); 30 Mar 2008 20:52:30 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=b+ZjzHg4KHt6d2gKflATIw5TohQzUJ2lVPcqPbCiIzlU0n9Skvc3hKz2zcy7/3ZRkqvljZS5DQ7phzi/Dne1Ck4n86QHnd9NDrHSRSrACynu0T1/3K0SzFioRVRMWFoxXX2g8lOTbU3O49yfsL3f5JkzdTeCQe0YnugSXEdj3Qc=; X-YMail-OSG: yeipdhMVM1lQDWuM.8hWb8yJBWFZbzK4JI34oV3jP0PoM3jGYlMQ8biezzdcUn_FkPMGvxIVHMnS7QiNtCYcm_FKjPDA.J.e1LI- Received: from [190.72.118.113] by web45105.mail.sp1.yahoo.com via HTTP; Sun, 30 Mar 2008 13:52:30 PDT Date: Sun, 30 Mar 2008 13:52:30 -0700 (PDT) From: joie mudra Subject: hey To: kensmith16123940@netscape.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1647990638-1206910350=:30060" Content-Transfer-Encoding: 8bit Message-ID: <258826.30060.qm@web45105.mail.sp1.yahoo.com> -- Raymond Norton LCTN Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martyn at invictawiz.com Mon Mar 31 21:05:34 2008 From: martyn at invictawiz.com (Martyn Routley) Date: Mon Mar 31 21:06:34 2008 Subject: wiki still suggesting ordb In-Reply-To: References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> Message-ID: <47F1440E.9020905@invictawiz.com> Scott Silva wrote: > on 3-31-2008 6:10 AM Julian Field spake the following: >> Thanks for that. Fixed the problem now. Hopefully other people can >> edit the page too. >> >> shuttlebox wrote: >>> >> >> Jules >> > Looks to be working now, but the edit now points to a soon to be > obsolete since spamhaus recommends to use zen instead of sbl+xbl. > Danger Will Robinson, Danger! Zen includes PBL as well as SBL and XBL. It's worth reading up on the purposes of each list before using. -- Martyn Routley -------------------------------------------------------- Invictawiz - The Internet in Plain English, Guaranteed web: http://www.invictawiz.com voip: 6000@sip.invictawiz.com phone: 0845 003 9020 Reg Addr: 9 Eastmead Ave, Ashford, Kent, TN23 7SB Co. No: 04253262 -------------------------------------------------------- ----------------------------------------------------------------------------- This message has been scanned for viruses and dangerous content by the http://www.invictawiz.com MailScanner, and is believed to be clean. ----------------------------------------------------------------------------- From glenn.steen at gmail.com Mon Mar 31 21:40:48 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 21:41:23 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F13BD8.2000005@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12C46.1070501@farrows.org> <223f97700803311152r39857bcen2ea951d021e1b82f@mail.gmail.com> <47F13BD8.2000005@farrows.org> Message-ID: <223f97700803311340m13151f03h46b044f63998772b@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Glenn Steen wrote: > > On 31/03/2008, Peter Farrow wrote: > > > >> Koopmann, Jan-Peter wrote: > >> >>> Someone sends a spoofed spam email to one of my clients the other > >> >>> > >> >> side > >> >> > >> >>> of my mailscanner, but they get the address wrong. > >> >>> > >> >> Why did you accept this mail for relay in the first place? > >> >> This is where you go wrong, all the rest is purely your own fault... > >> >> If one were in the blame-game:-):-). > >> >> I'm not, I'm more interrested in you getting this right, and beleive > >> >> me... this will make a marked difference for you. > >> >> The problem is simple: You are the public MX for these customers, but > >> >> you don't know their "email address universe". You need setup a method > >> >> that ensure you do. > >> >> > >> > > >> > I think finally begin to understand what he is doing... Thanks Glenn. > >> > :-) > >> > -- > >> > MailScanner mailing list > >> > mailscanner@lists.mailscanner.info > >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > > >> > Before posting, read http://wiki.mailscanner.info/posting > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> > > >> > >> Well, actually no I don't need to know their users list, thats the > >> beauty of this configuration. To add anti spam to a clients setup I > >> simply insert my servers, I don't need to ask them any questions other > >> than where to send it on. So this is a top solution, very easy for the > >> client, and my clients love it, I can anti spam their email without even > >> knowing or wanting know anything about their enterprise I just tell them > >> to adjust their DNS. Hence, I do have it very very right indeed. > >> > > Well... There is no difference if you do this setup "correctly" > > (call-ahead), or "in-correctly" (NDR/NDN/DSN-hell with DISCARD of all > > such (more or less) as a band-aid). > > You wouldn't ask them anything different for that address verification > > either;-). > > > > > >> Could you imagine trying to know about all the users on each mail > >> domain for each client, with 1000s of clients and therefore 100,000s of > >> users.... its all about scale and ease of implementation and thats why > >> on this type of scale and even small ones a discard is a supremely > >> useful solution... > >> > > "know" and "you" are relative terms here. "Your server" need only know > > at the point where it ponders accepting a new message or not... No > > database needed (although that has it's perks too... Not workable for > > larger installs, but usable for medium->small setups). > > > > > >> If I wanted to implement a client user list I could always add a > >> look/check ahead milter, but why bother this works better, and a look > >> ahead would mean I would need to know if their mailbox holder server was > >> behind an internet facing smarthost or not to make the check valid or not... > >> > > It actually doesn't. Work better, that is:-). But I'm pretty certain > > I'll bnever convince you of that...;-). > > And the beuty of the call-ahead... is that you needn't care onewhit > > about smarthosts or anything. Because when that host accept the mail, > > you are out of the DSN-loop... it is their problem;-). > > > > Cheers > > >>you are out of the DSN-loop... it is their problem;-). > > > --I'm their postmaster--- remember--- my clients don't want it to be "their problem".. I'm not going to try convince you of anything Peter... But if you are their postmaster, as you say... _You_ should care. And I'm sure you do. Please don't confuse me with someone else... I've yet to suggest that you should do anything at your clients location. It is only "their problem" as in the MTA sense of it;-). This whole discussion for some reason remind me of some ... interractions... I've had with Noel... in the past. Never could convince him of much either...:-). Your network, you do as you please. I still think you're doing things backwards, but that is entirely yours to choose. > so -- yes it does work better... for me and those clients... :-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Mon Mar 31 21:45:59 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 21:46:33 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F13C46.5080701@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> Message-ID: <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Glenn Steen wrote: > > On 31/03/2008, Peter Farrow wrote: > > > >> Matt Kettler wrote: > >> > Peter Farrow wrote: > >> >> Matt Kettler wrote: > >> >>> Peter Farrow wrote: > >> >>>> Matt Kettler wrote: > >> >>>>> Peter Farrow wrote: > >> >>>>> > >> >>>>>>> Steve. > >> >>>>>> If you reject, and its spoofed you'll get it back anyway, so you > >> >>>>>> end up receiving and then storing it in the postmaster address, > >> >>>>>> it is always best to discard in this scenario...or even worse > >> >>>>>> bouncing it again > >> >>>>>> > >> >>>>> > >> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other > >> >>>>> post in this thread. > >> >>>> I am talking about sendmail access file entries at the MTA > >> >>>> level.... nothing else...my point is the general notice supplied in > >> >>>> the REJECT directive often ends up coming back round...I've seen it > >> >>>> many times.. > >> >>> > >> >>> That's exactly what I'm talking about. I've got several such > >> >>> entries, and I've never seen any of them come back. ever. > >> >>> > >> >>> There's something seriously wrong with your mailserver if this is > >> >>> happening. > >> >> This is how it works: > >> >> > >> >> Someone sends a spoofed spam email to one of my clients the other > >> >> side of my mailscanner, but they get the address wrong. > >> >> > >> >> The mailer daemon on the client server rejects the email, (I am the > >> >> postmaster for my clients Linux server) with user unknown, > >> > > >> > > >> > Well, duh. That's because the REJECT isn't being implemented at the > >> > MX, but a downstream server. > >> > > >> > In order to avoid the postmaster issue you *MUST* implement this at > >> > all of the MXes for the domain. > >> > > >> > Of course it will cause the problem if a downstream server does a > >> > REJECT, because it's being REJECTED after your server accepted it. > >> > > >> > However, this doesn't make REJECT bad, it just means the REJECT needs > >> > to be implemented on YOUR server, not your clients. > >> > > >> > > >> > > >> > > >> > > >> > >> So *duh* no config error then..... > >> > > Please keep this civil, Matt&Peter. > > > > > >> And thus having a valid postmaster address makes the final machine RFC > >> compliant, which means that you won't end up on blacklists like > >> RFC-ignorant... > >> > > ? > > Sorry, but I fail to see what this has to do with your issues. > > Please read my previous post. It is meant in as a very friendly nudge > > to do the right thing. > > > > > >> As I was saying in this scenario a discard is far superior, because, as > >> I am paid to do I keep the rubbish from even reaching the client as I > >> said in the first place, and, as I have 100's of client servers after my > >> cluster of mailscanners its not feasible nor what the clients what to be > >> configured the same as everyone else. > >> > > No, the only correct solution for you does not contain any such > > "streamlining" of configuration. All that is needed is for your > > cluster to call ahead to each individual receiving server (the ones at > > your customers;-) to ascertain that they will in fact accept these > > messagees for these recipients... It might not core terminally > > misconfigured (client) mailstore systems, but ... it will cut it down > > enormously. And your MailScanner systems will have less messages to > > wade through. All in all, correctly done, recipient address > > verification will earn you money. And your clients will not even know > > that you do it, unless they are log jockeys/junkies (like us:-). > > At least consider the possibility that we might have a clue here;-). > > > > > >> So, in short DISCARD it is then. > >> > > Nope. > > > > > >> Glad you got there in the end... :-P > >> > > Still not there :-D > > > > Cheers > > > > >>>And your MailScanner systems will have less messages to > >>>wade through > > > When I discard it never reaches the MailScanner its done at MTA level...so there is no wading here... > Yes there is. You accepted the first message, the one later rejected. You passed that through MailScanner. You passed it on to your "unsuspecting client", who _then_ rejected it. If you had called ahead _prior_ to passing the first message intoMailScanner you would've avoided ever handling the message.... Past the initial reject. So you spend a few resources, you gain a lot of resources (never used.... Remember that MailScanner is pretty hungry, compared to an address verification call). When you get hammered with a so-called dictionary attack, joe-job or whatever... this will count. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ssilva at sgvwater.com Mon Mar 31 21:49:35 2008 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Mar 31 21:50:25 2008 Subject: wiki still suggesting ordb In-Reply-To: <47F13BEA.9010709@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> <47F13BEA.9010709@ecs.soton.ac.uk> Message-ID: on 3-31-2008 12:30 PM Julian Field spake the following: > > > Scott Silva wrote: >> on 3-31-2008 6:10 AM Julian Field spake the following: >>> Thanks for that. Fixed the problem now. Hopefully other people can >>> edit the page too. >>> >>> shuttlebox wrote: >>>> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >>>> wrote: >>>> >>>>> I've fixed the perms as much as I can (currently everything is world >>>>> writable) and it still complains. >>>>> Damn wikis :-( >>>>> >>>> >>>> I found this: >>>> >>>> http://wiki.splitbrain.org/wiki:acl >>>> >>>> Maybe its of some help. >>>> >>>> >>> >>> Jules >>> >> Looks to be working now, but the edit now points to a soon to be >> obsolete since spamhaus recommends to use zen instead of sbl+xbl. >> > Didn't know that one. Fixed. > I've changed the default shipped MailScanner.conf file so it uses > spamhaus-ZEN by default. > That should be okay for a new installation shouldn't it? > I'll add a note saying that they shouldn't use spamhaus lists unless > they are a low-volume site or they have paid for a direct feed. > > Does that sound okay? > > Jules > I suppose it should be OK because I would hope anybody with a volume of mail will at least read the config file and make sane choices. That is until we get the next flood of "My mailscanner install is timing out and all I have is zen and half a million messages a day" Sorry, I just couldn't resist. At least when zen blackballs you they just firewall your machines address and you time out fairly quickly. There is plenty of docs in the wiki that show the best practices and other sane choices. My systems will always have no lists in mailscanner. If I trust the list I dump it at the MTA, if not I score it in spamassassin and add up the totals. But I realize that what works for me might not only not work for someone else, but might be against local regulations. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/9b098bef/signature.bin From combslm at appstate.edu Mon Mar 31 21:31:58 2008 From: combslm at appstate.edu (Laramie Combs) Date: Mon Mar 31 21:52:44 2008 Subject: wiki still suggesting ordb In-Reply-To: <47F13BEA.9010709@ecs.soton.ac.uk> References: <20080330132840.GA8303@ubuntu> <47EFAC0B.2000608@ecs.soton.ac.uk> <47EFB55C.8000909@vanderkooij.org> <47EFBC9D.5090606@ecs.soton.ac.uk> <223f97700803310332m7d686714o7abfa2d9437ff9ce@mail.gmail.com> <47F0C98E.3050401@ecs.soton.ac.uk> <625385e30803310535j53adc7e6tbac75f25a9fc31d3@mail.gmail.com> <47F0E2C8.3070807@ecs.soton.ac.uk> <47F13BEA.9010709@ecs.soton.ac.uk> Message-ID: <47F14A3E.4000202@appstate.edu> Julian Field wrote: > > > Scott Silva wrote: >> on 3-31-2008 6:10 AM Julian Field spake the following: >>> Thanks for that. Fixed the problem now. Hopefully other people can >>> edit the page too. >>> >>> shuttlebox wrote: >>>> On Mon, Mar 31, 2008 at 1:22 PM, Julian Field >>>> wrote: >>>> >>>>> I've fixed the perms as much as I can (currently everything is world >>>>> writable) and it still complains. >>>>> Damn wikis :-( >>>>> >>>> >>>> I found this: >>>> >>>> http://wiki.splitbrain.org/wiki:acl >>>> >>>> Maybe its of some help. >>>> >>>> >>> >>> Jules >>> >> Looks to be working now, but the edit now points to a soon to be >> obsolete since spamhaus recommends to use zen instead of sbl+xbl. >> > Didn't know that one. Fixed. > I've changed the default shipped MailScanner.conf file so it uses > spamhaus-ZEN by default. > That should be okay for a new installation shouldn't it? > I'll add a note saying that they shouldn't use spamhaus lists unless > they are a low-volume site or they have paid for a direct feed. > > Does that sound okay? > > Jules > My 2 cents worth says that I don't like zen because it includes the PBL, which has gotten us into hot water in the past. There is a discalimer on their site that says "Caution: Because the PBL lists normal customer IP space, do not use PBL on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers if their dynamic IPs are in the PBL). Do not use PBL in filters that do any ?deep parsing? of Received headers, or for other than checking IP addresses that hand off to your mailservers." This was the case for us, as these same boxes do in and outbound traffic, and caused us to start marking our own mail. Dropping back to sbl-xbl fixed it for us. -Laramie From jan-peter at koopmann.eu Mon Mar 31 21:53:15 2008 From: jan-peter at koopmann.eu (Koopmann, Jan-Peter) Date: Mon Mar 31 21:54:38 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com><47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com><47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com><47F0FE33.2000509@farrows.org> Message-ID: > Well, actually no I don't need to know their users list, thats the > beauty of this configuration. There's no beauty I can see. > To add anti spam to a clients setup I > simply insert my servers, I don't need to ask them any questions other > than where to send it on. Due to recipient verification neither do I. Everything works and I can reject and do not have to discard. > So this is a top solution, very easy for > the > client, and my clients love it, I can anti spam their email without > even > knowing or wanting know anything about their enterprise I just tell > them > to adjust their DNS. Same here. Recipient verification and REJECT. Much better than your setup. > Hence, I do have it very very right indeed. Well then. Keep on doing that. > Could you imagine trying to know about all the users on each mail > domain for each client, with 1000s of clients and therefore 100,000s of > users.... Gosh no. That's why my setup is using an efficient recipient cache. > its all about scale and ease of implementation and thats why > on this type of scale and even small ones a discard is a supremely > useful solution... > If I wanted to implement a client user list I could always add a > look/check ahead milter, but why bother this works better, and a look > ahead would mean I would need to know if their mailbox holder server > was > behind an internet facing smarthost or not to make the check valid or > not... Which the milters do automatically. And why? Because then you can reject and do not end up with the mess you are describing. From lists at openenterprise.ca Mon Mar 31 22:08:20 2008 From: lists at openenterprise.ca (Johnny Stork) Date: Mon Mar 31 22:09:03 2008 Subject: perms on bayes_journal Message-ID: <47F152C4.3030308@openenterprise.ca> I have found for some reason, on my MS (current) setup running on Centos5, that the files in /etc/Mailcanner/bayes/ keep getting the permissions changed and I am not sure how this is happening. Right now they show root@gateway:/etc/MailScanner# ls -la bayes/ total 14464 drwxrwxrwx 2 777 root 4096 Mar 31 13:31 . drwxr-xr-x 6 root root 4096 Mar 31 13:04 .. -rw------- 1 777 root 48480 Mar 31 14:01 bayes_journal -rwxrwxrwx 1 777 root 1152 Mar 31 13:41 bayes.mutex -rwxrwxrwx 1 777 root 10514432 Mar 31 13:41 bayes_seen -rw------- 1 777 root 5308416 Mar 31 13:41 bayes_toks -rwxrwxrwx 1 777 root 423 Sep 24 2007 razor-agent.log -rwxrwxrwx 1 777 root 0 Sep 24 2007 Starting -rwxrwxrwx 1 777 root 0 Sep 24 2007 Update And so bayes_journal and bayes_toks cant be accessed by MailScanner which runs as root. I have to go in an chmod 777 bayes* in order for MailScanner/SA to access those files, or to show the Bayes stats in the MailWatch interface. Is there some place I should be setting the permissions for those files? I dont want to have to keep going in an manually changing the modes. From mark at msapiro.net Mon Mar 31 22:17:05 2008 From: mark at msapiro.net (Mark Sapiro) Date: Mon Mar 31 22:17:36 2008 Subject: what am I dealing with here? In-Reply-To: <29632052.2921206978809589.JavaMail.root@mail.lctn.org> References: <7202787.2901206978483309.JavaMail.root@mail.lctn.org> <29632052.2921206978809589.JavaMail.root@mail.lctn.org> Message-ID: <20080331211705.GA1260@msapiro> On Mon, Mar 31, 2008 at 10:53:29AM -0500, admin@lctn.org wrote: > I got a call from a school we scan mail for, complaining they are getting some inappropriate email, which is sailing through our scanner with a very low score. > > I found the message shows it is being delivered by some other server from Venezuela, with our relay server listed second from the bottom. The header is not showing accurate information either on some of the messages, as far as To, and From That's probably all forged. The MXs listed for kms.k12.mn.us are 10 kms.k12.mn.us 5 relay-2.lctn.org Any spammer can concoct a message with whatever bogus Received: headers they like and send it directly to kms.k12.mn.us and bypass you entirely. If I could tell you how to stop that, I'd be famous as the person who saved email from the spammers. As long as kms.k12.mn.us has even just an A record in DNS, it will get spam directed to that address. Removing the 10 kms.k12.mn.us MX might help, but probably not completely. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From peter at farrows.org Mon Mar 31 22:54:27 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 22:55:20 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> Message-ID: <47F15D93.7030005@farrows.org> Glenn Steen wrote: > On 31/03/2008, Peter Farrow wrote: > >> Glenn Steen wrote: >> > On 31/03/2008, Peter Farrow wrote: >> > >> >> Matt Kettler wrote: >> >> > Peter Farrow wrote: >> >> >> Matt Kettler wrote: >> >> >>> Peter Farrow wrote: >> >> >>>> Matt Kettler wrote: >> >> >>>>> Peter Farrow wrote: >> >> >>>>> >> >> >>>>>>> Steve. >> >> >>>>>> If you reject, and its spoofed you'll get it back anyway, so you >> >> >>>>>> end up receiving and then storing it in the postmaster address, >> >> >>>>>> it is always best to discard in this scenario...or even worse >> >> >>>>>> bouncing it again >> >> >>>>>> >> >> >>>>> >> >> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other >> >> >>>>> post in this thread. >> >> >>>> I am talking about sendmail access file entries at the MTA >> >> >>>> level.... nothing else...my point is the general notice supplied in >> >> >>>> the REJECT directive often ends up coming back round...I've seen it >> >> >>>> many times.. >> >> >>> >> >> >>> That's exactly what I'm talking about. I've got several such >> >> >>> entries, and I've never seen any of them come back. ever. >> >> >>> >> >> >>> There's something seriously wrong with your mailserver if this is >> >> >>> happening. >> >> >> This is how it works: >> >> >> >> >> >> Someone sends a spoofed spam email to one of my clients the other >> >> >> side of my mailscanner, but they get the address wrong. >> >> >> >> >> >> The mailer daemon on the client server rejects the email, (I am the >> >> >> postmaster for my clients Linux server) with user unknown, >> >> > >> >> > >> >> > Well, duh. That's because the REJECT isn't being implemented at the >> >> > MX, but a downstream server. >> >> > >> >> > In order to avoid the postmaster issue you *MUST* implement this at >> >> > all of the MXes for the domain. >> >> > >> >> > Of course it will cause the problem if a downstream server does a >> >> > REJECT, because it's being REJECTED after your server accepted it. >> >> > >> >> > However, this doesn't make REJECT bad, it just means the REJECT needs >> >> > to be implemented on YOUR server, not your clients. >> >> > >> >> > >> >> > >> >> > >> >> > >> >> >> >> So *duh* no config error then..... >> >> >> > Please keep this civil, Matt&Peter. >> > >> > >> >> And thus having a valid postmaster address makes the final machine RFC >> >> compliant, which means that you won't end up on blacklists like >> >> RFC-ignorant... >> >> >> > ? >> > Sorry, but I fail to see what this has to do with your issues. >> > Please read my previous post. It is meant in as a very friendly nudge >> > to do the right thing. >> > >> > >> >> As I was saying in this scenario a discard is far superior, because, as >> >> I am paid to do I keep the rubbish from even reaching the client as I >> >> said in the first place, and, as I have 100's of client servers after my >> >> cluster of mailscanners its not feasible nor what the clients what to be >> >> configured the same as everyone else. >> >> >> > No, the only correct solution for you does not contain any such >> > "streamlining" of configuration. All that is needed is for your >> > cluster to call ahead to each individual receiving server (the ones at >> > your customers;-) to ascertain that they will in fact accept these >> > messagees for these recipients... It might not core terminally >> > misconfigured (client) mailstore systems, but ... it will cut it down >> > enormously. And your MailScanner systems will have less messages to >> > wade through. All in all, correctly done, recipient address >> > verification will earn you money. And your clients will not even know >> > that you do it, unless they are log jockeys/junkies (like us:-). >> > At least consider the possibility that we might have a clue here;-). >> > >> > >> >> So, in short DISCARD it is then. >> >> >> > Nope. >> > >> > >> >> Glad you got there in the end... :-P >> >> >> > Still not there :-D >> > >> > Cheers >> > >> >> >>>And your MailScanner systems will have less messages to >> >>>wade through >> >> >> When I discard it never reaches the MailScanner its done at MTA level...so there is no wading here... >> >> > Yes there is. > You accepted the first message, the one later rejected. You passed > that through MailScanner. You passed it on to your "unsuspecting > client", who _then_ rejected it. > If you had called ahead _prior_ to passing the first message > intoMailScanner you would've avoided ever handling the message.... > Past the initial reject. > So you spend a few resources, you gain a lot of resources (never > used.... Remember that MailScanner is pretty hungry, compared to an > address verification call). > When you get hammered with a so-called dictionary attack, joe-job or > whatever... this will count. > > Cheers > Nope, I discarded before it got to the mailscanner, before mailscanner even touched it to forward it to the client server, becuase I implement a discard list for known spammers I don't discard stuff I've previously accepted... P. From peter at farrows.org Mon Mar 31 22:59:21 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 22:59:37 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com><47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com><47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com><47F0FE33.2000509@farrows.org> Message-ID: <47F15EB9.9070501@farrows.org> Koopmann, Jan-Peter wrote: >> Well, actually no I don't need to know their users list, thats the >> beauty of this configuration. >> > > There's no beauty I can see. > > >> To add anti spam to a clients setup I >> simply insert my servers, I don't need to ask them any questions >> > other > >> than where to send it on. >> > > Due to recipient verification neither do I. Everything works and I can > reject and do not have to discard. > > > >> So this is a top solution, very easy for >> the >> client, and my clients love it, I can anti spam their email without >> even >> knowing or wanting know anything about their enterprise I just tell >> them >> to adjust their DNS. >> > > Same here. Recipient verification and REJECT. Much better than your > setup. > > >> Hence, I do have it very very right indeed. >> > > Well then. Keep on doing that. > > >> Could you imagine trying to know about all the users on each mail >> domain for each client, with 1000s of clients and therefore 100,000s >> > of > >> users.... >> > > Gosh no. That's why my setup is using an efficient recipient cache. > > >> its all about scale and ease of implementation and thats why >> on this type of scale and even small ones a discard is a supremely >> useful solution... >> > > > >> If I wanted to implement a client user list I could always add a >> look/check ahead milter, but why bother this works better, and a look >> ahead would mean I would need to know if their mailbox holder server >> was >> behind an internet facing smarthost or not to make the check valid or >> not... >> > > > Which the milters do automatically. And why? Because then you can reject > and do not end up with the mess you are describing. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Well, no actually, there is no mess here, because I discard, I don't need to know anything about the clients valid email addresses or not, I don't need to call ahead to a would be smarthost that will almost certainlu say ok to every email - because nobody of any configuration worth has the server facing the internet that holds the mailboxes as well....the discard list at MTA level works very effectively, in the same way that an RBL blacklist works but without the mess created by blowing the email back with a notice... So in comparison this is very very tidy.. From mkettler at evi-inc.com Mon Mar 31 22:58:40 2008 From: mkettler at evi-inc.com (Matt Kettler) Date: Mon Mar 31 22:59:44 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F136F1.6060400@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> <47F12CE1.7050805@farrows.org> <47F136F1.6060400@evi-inc.com> Message-ID: <47F15E90.8080901@evi-inc.com> Matt Kettler wrote: > Peter Farrow wrote: >> So I'll carry on doing a discard thanks, >> > > For your case, you probably should. > > However, please stop misrepresenting the facts. REJECT works very well > if properly implemented, and doesn't flood your postmaster box. However, > properly implemented means having it on all of your MX servers, not a > back-end server. > > If you're filtering on a back-end server, or any other point after the > DATA phase of the SMTP session has been OKed by a server in your > network, then REJECT is a bad idea. At that point, a REJECT > fundamentally has to result in a post-delivery bounce, because the > message has already been delivered. > > This is really all very, very basic mail administrator knowledge. Note: At this point, I'm withdrawing from the thread. I encourage others to read the statements made in the above post, and I stand by them as basic truths of mailserver administration. I also accept that many of my earlier statements in this thread aren't applicable to Peter's situation, as he is implementing his filtering in a downstream server, not at the MX where most of the rest of us do it. However this is all really OT and there's no need to flood the list with basic mailserver administration topics that aren't directly related to MailScanner. From admin at lctn.org Mon Mar 31 23:14:39 2008 From: admin at lctn.org (admin@lctn.org) Date: Mon Mar 31 23:15:18 2008 Subject: what am I dealing with here? In-Reply-To: <20080331211705.GA1260@msapiro> Message-ID: <10964996.201207001679729.JavaMail.root@mail.lctn.org> As long as kms.k12.mn.us has even just an A record in DNS, it will get spam directed to that address. Removing the 10 kms.k12.mn.us MX might help, but probably not completely. All our schools configure their firewall, so they only receive mail from our mailscanner. We leave the MX record in place, incase our server goes down, so they will still get their mail by removing the rule. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080331/3f26dd9a/attachment.html From glenn.steen at gmail.com Mon Mar 31 23:37:22 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 23:37:58 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F15D93.7030005@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> Message-ID: <223f97700803311537h4ff10b8ch9357155b1f2f0d93@mail.gmail.com> On 31/03/2008, Peter Farrow wrote: > Glenn Steen wrote: > > On 31/03/2008, Peter Farrow wrote: > > > >> Glenn Steen wrote: > >> > On 31/03/2008, Peter Farrow wrote: > >> > > >> >> Matt Kettler wrote: > >> >> > Peter Farrow wrote: > >> >> >> Matt Kettler wrote: > >> >> >>> Peter Farrow wrote: > >> >> >>>> Matt Kettler wrote: > >> >> >>>>> Peter Farrow wrote: > >> >> >>>>> > >> >> >>>>>>> Steve. > >> >> >>>>>> If you reject, and its spoofed you'll get it back anyway, so you > >> >> >>>>>> end up receiving and then storing it in the postmaster address, > >> >> >>>>>> it is always best to discard in this scenario...or even worse > >> >> >>>>>> bouncing it again > >> >> >>>>>> > >> >> >>>>> > >> >> >>>>> Stop confusing REJECT with post delivery bouncing :) See my other > >> >> >>>>> post in this thread. > >> >> >>>> I am talking about sendmail access file entries at the MTA > >> >> >>>> level.... nothing else...my point is the general notice supplied in > >> >> >>>> the REJECT directive often ends up coming back round...I've seen it > >> >> >>>> many times.. > >> >> >>> > >> >> >>> That's exactly what I'm talking about. I've got several such > >> >> >>> entries, and I've never seen any of them come back. ever. > >> >> >>> > >> >> >>> There's something seriously wrong with your mailserver if this is > >> >> >>> happening. > >> >> >> This is how it works: > >> >> >> > >> >> >> Someone sends a spoofed spam email to one of my clients the other > >> >> >> side of my mailscanner, but they get the address wrong. > >> >> >> > >> >> >> The mailer daemon on the client server rejects the email, (I am the > >> >> >> postmaster for my clients Linux server) with user unknown, > >> >> > > >> >> > > >> >> > Well, duh. That's because the REJECT isn't being implemented at the > >> >> > MX, but a downstream server. > >> >> > > >> >> > In order to avoid the postmaster issue you *MUST* implement this at > >> >> > all of the MXes for the domain. > >> >> > > >> >> > Of course it will cause the problem if a downstream server does a > >> >> > REJECT, because it's being REJECTED after your server accepted it. > >> >> > > >> >> > However, this doesn't make REJECT bad, it just means the REJECT needs > >> >> > to be implemented on YOUR server, not your clients. > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > >> >> So *duh* no config error then..... > >> >> > >> > Please keep this civil, Matt&Peter. > >> > > >> > > >> >> And thus having a valid postmaster address makes the final machine RFC > >> >> compliant, which means that you won't end up on blacklists like > >> >> RFC-ignorant... > >> >> > >> > ? > >> > Sorry, but I fail to see what this has to do with your issues. > >> > Please read my previous post. It is meant in as a very friendly nudge > >> > to do the right thing. > >> > > >> > > >> >> As I was saying in this scenario a discard is far superior, because, as > >> >> I am paid to do I keep the rubbish from even reaching the client as I > >> >> said in the first place, and, as I have 100's of client servers after my > >> >> cluster of mailscanners its not feasible nor what the clients what to be > >> >> configured the same as everyone else. > >> >> > >> > No, the only correct solution for you does not contain any such > >> > "streamlining" of configuration. All that is needed is for your > >> > cluster to call ahead to each individual receiving server (the ones at > >> > your customers;-) to ascertain that they will in fact accept these > >> > messagees for these recipients... It might not core terminally > >> > misconfigured (client) mailstore systems, but ... it will cut it down > >> > enormously. And your MailScanner systems will have less messages to > >> > wade through. All in all, correctly done, recipient address > >> > verification will earn you money. And your clients will not even know > >> > that you do it, unless they are log jockeys/junkies (like us:-). > >> > At least consider the possibility that we might have a clue here;-). > >> > > >> > > >> >> So, in short DISCARD it is then. > >> >> > >> > Nope. > >> > > >> > > >> >> Glad you got there in the end... :-P > >> >> > >> > Still not there :-D > >> > > >> > Cheers > >> > > >> > >> >>>And your MailScanner systems will have less messages to > >> >>>wade through > >> > >> > >> When I discard it never reaches the MailScanner its done at MTA level...so there is no wading here... > >> > >> > > Yes there is. > > You accepted the first message, the one later rejected. You passed > > that through MailScanner. You passed it on to your "unsuspecting > > client", who _then_ rejected it. > > If you had called ahead _prior_ to passing the first message > > intoMailScanner you would've avoided ever handling the message.... > > Past the initial reject. > > So you spend a few resources, you gain a lot of resources (never > > used.... Remember that MailScanner is pretty hungry, compared to an > > address verification call). > > When you get hammered with a so-called dictionary attack, joe-job or > > whatever... this will count. > > > > Cheers > > > > Nope, I discarded before it got to the mailscanner, before mailscanner > even touched it to forward it to the client server, becuase I implement > a discard list for known spammers I don't discard stuff I've previously > accepted... > This simply isn't what you've attested to using in this thread. What you described was that your clients hosts rejected messages previously let through by you, messages passed through your MailScanner cluster, and that you discarded the resulting DSNs. Now you say you don't do this? And that you (through some PSI-like method:-) have created a list of "known spammers" that you discard out of hand, and by that virtue cannot be affected by distributed attacks/phenomena like the ones I mention? Either you are changing the subject very deftly, in a manner I'm not quite picking up, or you are trying very hard to avoid seeing a valid technical point ... just because it doesn't suit your view of the world. Or perhaps I'm missing something vital here, it's been known to happen that I've been a sloppy reader...:-). Anyway, I've said it already... Your systems, you do whatever you like. I just don't think it right... for anyone else;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From peter at farrows.org Mon Mar 31 23:39:03 2008 From: peter at farrows.org (Peter Farrow) Date: Mon Mar 31 23:39:44 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F15E90.8080901@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED0F7F.7010502@fsl.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org><47F0F2EF.80307@evi-inc.com> <47F12CE1.7050805@farrows.org> <47F136F1.6060400@evi-inc.com> <47F15E90.8080901@evi-inc.com> Message-ID: <47F16807.1000607@farrows.org> Matt Kettler wrote: > Matt Kettler wrote: >> Peter Farrow wrote: >>> So I'll carry on doing a discard thanks, >>> >> >> For your case, you probably should. >> >> However, please stop misrepresenting the facts. REJECT works very >> well if properly implemented, and doesn't flood your postmaster box. >> However, properly implemented means having it on all of your MX >> servers, not a back-end server. >> >> If you're filtering on a back-end server, or any other point after >> the DATA phase of the SMTP session has been OKed by a server in your >> network, then REJECT is a bad idea. At that point, a REJECT >> fundamentally has to result in a post-delivery bounce, because the >> message has already been delivered. > > > >> >> This is really all very, very basic mail administrator knowledge. > > > Note: At this point, I'm withdrawing from the thread. I encourage > others to read the statements made in the above post, and I stand by > them as basic truths of mailserver administration. > > I also accept that many of my earlier statements in this thread aren't > applicable to Peter's situation, as he is implementing his filtering > in a downstream server, not at the MX where most of the rest of us do it. > > However this is all really OT and there's no need to flood the list > with basic mailserver administration topics that aren't directly > related to MailScanner. > > > > point taken..... make the most of the comments and add them to your repertoire of knowledge to use how you want! From glenn.steen at gmail.com Mon Mar 31 23:40:16 2008 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Mar 31 23:40:50 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F15E90.8080901@evi-inc.com> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F12CE1.7050805@farrows.org> <47F136F1.6060400@evi-inc.com> <47F15E90.8080901@evi-inc.com> Message-ID: <223f97700803311540m7e91d1c4vfce38e3b1fe202f5@mail.gmail.com> On 31/03/2008, Matt Kettler wrote: > Matt Kettler wrote: > > Peter Farrow wrote: > > >> So I'll carry on doing a discard thanks, > >> > > > > For your case, you probably should. > > > > However, please stop misrepresenting the facts. REJECT works very well > > if properly implemented, and doesn't flood your postmaster box. However, > > properly implemented means having it on all of your MX servers, not a > > back-end server. > > > > If you're filtering on a back-end server, or any other point after the > > DATA phase of the SMTP session has been OKed by a server in your > > network, then REJECT is a bad idea. At that point, a REJECT > > fundamentally has to result in a post-delivery bounce, because the > > message has already been delivered. > > > > > > > > > This is really all very, very basic mail administrator knowledge. > > > > Note: At this point, I'm withdrawing from the thread. I encourage others to read > the statements made in the above post, and I stand by them as basic truths of > mailserver administration. > > I also accept that many of my earlier statements in this thread aren't > applicable to Peter's situation, as he is implementing his filtering in a > downstream server, not at the MX where most of the rest of us do it. > > However this is all really OT and there's no need to flood the list with basic > mailserver administration topics that aren't directly related to MailScanner. > CC. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From steve.freegard at fsl.com Mon Mar 31 23:48:53 2008 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Mar 31 23:50:47 2008 Subject: OT: Sendmail REJECT or DISCARD preference In-Reply-To: <47F15D93.7030005@farrows.org> References: <47ED0443.6030502@cnpapers.com> <47ED2099.5040201@farrows.org> <47ED2703.4030802@evi-inc.com> <47ED2C26.1070006@farrows.org> <47F0F2EF.80307@evi-inc.com> <47F0FE33.2000509@farrows.org> <47F12507.4070905@evi-inc.com> <47F129E7.6050803@farrows.org> <223f97700803311144i202d008v7a88138a1566768a@mail.gmail.com> <47F13C46.5080701@farrows.org> <223f97700803311345i1bc413e5pd108190f9ffaf49e@mail.gmail.com> <47F15D93.7030005@farrows.org> Message-ID: <47F16A55.7090508@fsl.com> Peter Farrow wrote: >> Yes there is. >> You accepted the first message, the one later rejected. You passed >> that through MailScanner. You passed it on to your "unsuspecting >> client", who _then_ rejected it. >> If you had called ahead _prior_ to passing the first message >> intoMailScanner you would've avoided ever handling the message.... >> Past the initial reject. >> So you spend a few resources, you gain a lot of resources (never >> used.... Remember that MailScanner is pretty hungry, compared to an >> address verification call). >> When you get hammered with a so-called dictionary attack, joe-job or >> whatever... this will count. >> >> Cheers >> > Nope, I discarded before it got to the mailscanner, before mailscanner > even touched it to forward it to the client server, becuase I implement > a discard list for known spammers I don't discard stuff I've previously > accepted... > What about the spammers you don't yet know about? It's hardly a static thing. Whenever you accept a message for a user that doesn't exist at the remote SMTP server, you've wasted your resources as you've had to virus scan and SpamAssassinate it, then if the remote SMTP server rejects the message with a '550 Unknown User' at RCPT TO time, then *your* SMTP server has responsibility for generating a DSN back to the sender, which is far worse as it makes you generate backscatter to the rest of the internet. If the remote SMTP server doesn't reject, but accepts the message - then it generates the backscatter (as it's accept-then-bounce), either way - that's bad. Regards, Steve.