From micoots at yahoo.com  Thu May  1 00:39:58 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Thu May  1 00:41:48 2008
Subject: Running a CustomAction on High Scoring Spam
Message-ID: <139010.45286.qm@web33304.mail.mud.yahoo.com>

Hi,

I have a perl script I would like to run on each High
Scoring Spam that is detected by MailScanner.

The current default behaviour for my
high.scoring.spam.actions.rules file is:

FromOrTo:       default                         delete
store-spam header "X-Spam-Status: Yes"

The perl script simply takes stdout piped into it, so
I just need to do:

# cat spam.eml | spam.pl

for the script to work.

What I'm hoping I can do is use the FromOrTo line
above to call a CustomAction (if that is the right way
to do this) which will "cat" the spam email into my
perl script.

I currently run the script nightly on the entire high
scoring "spam" directory and I'd like to make that a
little more real-time.

Thanks for any suggestions.

Michael.


      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail


From vernon at comp-wiz.com  Thu May  1 00:59:12 2008
From: vernon at comp-wiz.com (Vernon Webb)
Date: Thu May  1 00:59:54 2008
Subject: Archive Option
Message-ID: <004701c8ab1e$301aa400$904fec00$@com>

I know that there is an archive option in MailSacnner and I also know that I
can define a locate where they can be archived to, however I am wondering if
that those emails can somehow be sent to an email box that can me popped
using pop3 ? I need to have all mail sent through Sendmail (in and out) sent
through a specific domain have a BCC sent to a certain account. From want I
understand they are looking for something similar to Journaling in Microsoft
Exchange Server. Anyone have any ideas on how and if this can be done with
(or without) MailScanner?

 
Vernon Webb 

(201) 703-1232 

web <http://www.compwiz-designs.com/>  designs & web hosting
<http://www.comp-wiz.com/>  by comp-wiz.com, inc. 

Information in this transmission is privileged & confidential. It is
intended for the use of the individual or entity named above. Any review,
dissemination, disclosure, alteration, printing, circulation or transmission
of this email or it's attachments is prohibited and unlawful.

 
-- 
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/fe2e1e84/attachment.html
From lilvalo at mikiboy.com  Thu May  1 01:54:12 2008
From: lilvalo at mikiboy.com (Valmiki N. Ramsewak)
Date: Thu May  1 01:55:23 2008
Subject: Archive Option
In-Reply-To: <004701c8ab1e$301aa400$904fec00$@com>
References: <004701c8ab1e$301aa400$904fec00$@com>
Message-ID: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>

http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc  -  That  
will do it on Postfix... but you're using sendmail....

Been a while since then....

http://www.snertsoft.com/sendmail/milter-bcc/index.shtml  <- thats one  
option google returned.. I've never used milters in my 1.5 years of  
using sendmail...

Some googling said you can edit the source code to do it (too hard for  
me)

Have fun. let us know how it works out


On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:

> I know that there is an archive option in MailSacnner and I also  
> know that I can define a locate where they can be archived to,  
> however I am wondering if that those emails can somehow be sent to  
> an email box that can me popped using pop3 ? I need to have all mail  
> sent through Sendmail (in and out) sent through a specific domain  
> have a BCC sent to a certain account. From want I understand they  
> are looking for something similar to Journaling in Microsoft  
> Exchange Server. Anyone have any ideas on how and if this can be  
> done with (or without) MailScanner?
>
> Vernon Webb
> (201) 703-1232
> web designs & web hosting by comp-wiz.com, inc.
> Information in this transmission is privileged & confidential. It is  
> intended for the use of the individual or entity named above. Any  
> review, dissemination, disclosure, alteration, printing, circulation  
> or transmission of this email or it's attachments is prohibited and  
> unlawful.
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content at www.comp-wiz.com, and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/32a73b2c/attachment-0001.html
From MailScanner at ecs.soton.ac.uk  Thu May  1 08:48:06 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 08:49:01 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <481975B6.60807@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Michael Mansour wrote:
> Hi,
>
> I have a perl script I would like to run on each High
> Scoring Spam that is detected by MailScanner.
>
> The current default behaviour for my
> high.scoring.spam.actions.rules file is:
>
> FromOrTo:       default                         delete
> store-spam header "X-Spam-Status: Yes"
>
> The perl script simply takes stdout piped into it, so
> I just need to do:
>
> # cat spam.eml | spam.pl
>
> for the script to work.
>
> What I'm hoping I can do is use the FromOrTo line
> above to call a CustomAction (if that is the right way
> to do this)
You can't have a Custom Function as the right-hand side value in a rule 
set. The Custom Function has to provide the result for the setting, so 
you would just have
High-Scoring Spam Actions = &MyCustomFunction
and your subroutine MyCustomFunction would return the value listing the 
actions to take for this message.
>  which will "cat" the spam email into my
> perl script.
>   
It is passed the message as an object. Take a look at the examples that 
are there already.
> I currently run the script nightly on the entire high
> scoring "spam" directory and I'd like to make that a
> little more real-time.
>
> Thanks for any suggestions.
>
> Michael.
>
>
>
>       Get the name you always wanted with the new y7mail email address.
> www.yahoo7.com.au/y7mail
>
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGXW/EfZZRxQVtlQRApl7AKCyzpe8suDZwC8N5TeY5MMJZCavHQCg/SbN
IFeDTGtRWRGpIo/bdk+Fycs=
=XqJR
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  1 08:49:13 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 08:49:41 2008
Subject: Archive Option
In-Reply-To: <004701c8ab1e$301aa400$904fec00$@com>
References: <004701c8ab1e$301aa400$904fec00$@com>
Message-ID: <481975F9.7040408@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You want to use milter-bcc to add extra recipients to the mail at 
sendmail level.

Vernon Webb wrote:
>
> I know that there is an archive option in MailSacnner and I also know 
> that I can define a locate where they can be archived to, however I am 
> wondering if that those emails can somehow be sent to an email box 
> that can me popped using pop3 ? I need to have all mail sent through 
> Sendmail (in and out) sent through a specific domain have a BCC sent 
> to a certain account. From want I understand they are looking for 
> something similar to Journaling in Microsoft Exchange Server. Anyone 
> have any ideas on how and if this can be done with (or without) 
> MailScanner?
>
>  
>
> Vernon Webb
>
> (201) 703-1232
>
> web designs <http://www.compwiz-designs.com/> & web hosting 
> <http://www.comp-wiz.com/> by comp-wiz.com, inc.
>
> Information in this transmission is privileged & confidential. It is 
> intended for the use of the individual or entity named above. Any 
> review, dissemination, disclosure, alteration, printing, circulation 
> or transmission of this email or it's attachments is prohibited and 
> unlawful.
>
>  
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content at *www.comp-wiz.com* <http://www.comp-wiz.com/>, 
> and is
> believed to be clean. 

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGXX+EfZZRxQVtlQRApC9AJ95dtp8Cu8rUlDjmBVWZNl8/vstkACg00eV
DdsmToU21STfprXA+IR8dX4=
=uirH
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From martinh at solidstatelogic.com  Thu May  1 08:50:21 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May  1 08:51:16 2008
Subject: Archive Option
In-Reply-To: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>
Message-ID: <bcb60a850bd1f54eab502e1407ceee5d@solidstatelogic.com>

There's a new option in the latest beta's ...


From the changelog...


3 Added new configuration setting "Missing Mail Archive Is =" which can take
  the values "file" or "directory". This allows you archive to mbox files whose
  name is based on the addresses of the original recipients.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Valmiki N. Ramsewak
> Sent: 01 May 2008 01:54
> To: MailScanner discussion
> Subject: Re: Archive Option
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc  -  That
> will do it on Postfix... but you're using sendmail....
>
> Been a while since then....
>
> http://www.snertsoft.com/sendmail/milter-bcc/index.shtml  <- thats one
> option google returned.. I've never used milters in my 1.5 years of using
> sendmail...
>
> Some googling said you can edit the source code to do it (too hard for me)
>
> Have fun. let us know how it works out
>
>
>
>
> On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:
>
>
>
> 	I know that there is an archive option in MailSacnner and I also
> know that I can define a locate where they can be archived to, however I
> am wondering if that those emails can somehow be sent to an email box that
> can me popped using pop3 ? I need to have all mail sent through Sendmail
> (in and out) sent through a specific domain have a BCC sent to a certain
> account. From want I understand they are looking for something similar to
> Journaling in Microsoft Exchange Server. Anyone have any ideas on how and
> if this can be done with (or without) MailScanner?
>
> 	Vernon Webb
> 	(201) 703-1232
> 	web designs <http://www.compwiz-designs.com/>  & web hosting
> <http://www.comp-wiz.com/>  by comp-wiz.com, inc.
> 	Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any review,
> dissemination, disclosure, alteration, printing, circulation or
> transmission of this email or it's attachments is prohibited and unlawful.
>
>
> 	--
> 	This message has been scanned for viruses and
> 	dangerous content at www.comp-wiz.com <http://www.comp-wiz.com/> ,
> and is
> 	believed to be clean. --
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Thu May  1 09:42:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 09:43:14 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
Message-ID: <4819826C.9080508@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Morning all!

I have just released the latest stable release of MailScanner, 4.69.

There's quite a lot this month, but the main new features this month are:

- - Can now extract embedded files from within Microsoft Office documents 
and subject them to all the file tests like any other attachments.
- - Added new keywords available in Spam Actions, the SpamAssassin Rule 
Actions and Archive Mail locations. You can now specify _DATE_, 
_FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords in any of 
those and they will be replaced with the user and domain halves of the 
relevant addresses of the original message.
- - Using the "store" Spam Action, you can now specify an arbitrary 
directory path after the '-', so 
"store-/var/spool/MailScanner/quarantine/spam/_TOUSER_._TODOMAIN_" will 
store the message in a location determined by the recipient addresses. 
Any of the _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ 
keywords can be used.
- - Added new command-line options "--id=<queue-id>" and 
"--inqueuedir=<dir-name|glob>" to assist with debugging and testing.


There are many other new features, and some important fixes, which are 
described below in the Change Log.

Download as usual from www.mailscanner.info.

The full Change Log is this:
* New Features and Improvements *
1 Added command-line option "--id=<message-id>" which will force it to scan
  just the message described by <message-id>. Only works when used with
  "--debug".
1 Commented out definition of ORDB-RBL to force a syntax error in setups 
which
  are still mistakenly using it (and not getting any mail as a result!).
1 Added comand-line option "--inqueuedir=<dir-name|glob>" which can take
  a) a directory name, or
  b) a directory name glob (or wildcard), or
  c) a text file listing any combination of (a) and (b) above.
  This specifies where to look for incoming messages. This is very 
useful when
  debugging, as test messages can be put in their own queue directory, 
and the
  main MailScanner running will not touch them, only a MailScanner run with
  this command-line option will see them.
1 Can now extract embedded files from within Microsoft Office documents and
  subject them to all the file tests like any other attachments.
1 To allow for executables embedded in zipped Office documents, default 
value
  for "Maximum Archive Depth" has been increased to 3. Remember that using
  upgrade_MailScanner_conf will *not* over-ride your current settings, 
so you
  will have to change this manually to use the new value.
3 Added new keywords available in Spam Actions, the SpamAssassin Rule 
Actions
  and Archive Mail locations. You can now specify _DATE_, _FROMUSER_,
  _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords in any of those and they
  will be replaced with the user and domain halves of the relevant addresses
  of the original message.
  If, for example, you specify a "forward" address
  "spam.archive-_TOUSER_-at-_TODOMAIN_@mydomain.com", then a new recipient
  will be added to the message for *each* of the original recipients. So
  a message with 5 original recipients will have 5 new ones added to it.
3 Added new configuration setting "Missing Mail Archive Is =" which can take
  the values "file" or "directory". This allows you archive to mbox 
files whose
  name is based on the addresses of the original recipients.
4 Using the "store" Spam Action, you can now specify an arbitrary directory
  path after the '-', so
  "store-/var/spool/MailScanner/quarantine/spam/_TOUSER_._TODOMAIN_"
  will store the message in a location determined by the recipient 
addresses.
  Any of the _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_
  keywords can be used.
4 Changed "Monitors for ClamAV Updates" for ClamAV version 0.93.
5 If the image signature <img> tag includes alt="MailScanner Signature" then
  it notices the sig file is present and so doesn't add it again.
  The "alt" attribute is matched by the word "MailScanner" followed by 
anything
  followed by the word "Signature" in any combination of upper- and 
lower-case
  so you can adapt this text quite a lot. See note for "6" below.
6 Added new configuration setting "IP Protocol Version Header" which 
will tell
  you the IP version number used in the last hop to this server. It produces
  either "IPv4" or "IPv6" in the header. To stop the header appearing, just
  set it to be blank. Added at special request by my boss :-)
6 Added new configuration setting "Allow Multiple HTML Signatures". If the
  message has been signed with an HTML signature containing an <img> tag,
  whose "alt" attribute contains "MailScanner" and "Signature" and
  "%org-name%", then it will not be signed again if this option is set 
to "no".
  Once a message (with an image in the signature) has been replied to a few
  times, it starts getting very large and ugly. This option keeps the 
message
  size down and makes it look better. This is set to "no" by default as
  messages look better this way.
7 Debian/Ubuntu have changed the default %org-name% value to "unconfigured-
  debian-site" so I have to check for that as well in the 'Have I Been
  Configured" code at startup :-(

* Fixes *
1 "IPBlock" Custom Function will start up properly without MailScanner.conf
  location on the command-line.
2 Fixed problem with file MIME type checks were being incorrectly applied.
2 Added OLE::Storage_Lite to the list output by "MailScanner -v".
4 Forced "Debug SpamAssassin" to no unless "Debug" is set to yes.
7 Fixed problem with "--debug-sa" and MailScanner freezing using 100% CPU.
8 Fixed problem with modules not reporting properly with "MailScanner -v".
8 Fixed problem where "MailScanner --lint" would sometimes report false 
errors.

That's all folks!

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGYJyEfZZRxQVtlQRAnZ+AKCpOBmqKfT5nr8x7QuVl48/1790jgCg+4rr
PsLVXIxmarfdHIwUwbUJQZw=
=+YLV
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hb.maillists at dfs.dk  Thu May  1 11:41:15 2008
From: hb.maillists at dfs.dk (Henriks Maillists)
Date: Thu May  1 11:42:30 2008
Subject: Problem with F-Secure Server version 7?
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <WorldClient-F200805011241.AA41150294@dfs.dk>

Does anyone have F-Secure Linux Server Security version 7.0 running with 
MailScanner.

MailScanner --lint detects the eicar virus with both F-Secure and ClamAV. 
When I relay a message with virus it is not detected by F-Secure.

MailScanner does not stop it. (ClamAV does not know the virus - have 
submitted it)

-------------------------------------------------------------------------------------------------------
Testing from the commandline:
F-Secure Security Platform version 2.00  build 7161
Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
Scan started at Thu May  1 12:36:56 2008
Database version: 2008-05-01_01
[/root/certificado-2.25.rar] certificado-2.25.exe: Infected: 
Trojan-Downloader.Win32.Banload.lpy [AVP]
Scan ended at Thu May  1 12:36:56 2008
1 file scanned
1 file infected

-------------------------------------------------------------------------------------------------------
MailScanner --lint output this: (eset is not active!)
MailScanner.conf says "Virus Scanners = f-secure clamavmodule"
Found these virus scanners installed: clamavmodule, f-secure, esets
===========================================================================
Virus and Content Scanning: Starting
Found F-Secure version 2.00=2
Scan ended at Thu May  1 12:35:52 2008
2 files scanned
1 file infected
ProcessClamAVModOutput ClamAVModule
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/
ProcessClamAVModOutput ClamAVModule
ProcessClamAVModOutput ClamAVModule
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
Virus Scanning: ClamAVModule found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
Filename Checks:  (1 eicar.com)
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"
If any of your virus scanners (clamavmodule,f-secure,esets)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080501/3f07472d/attachment.html
From hvdkooij at vanderkooij.org  Thu May  1 12:19:27 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  1 12:20:22 2008
Subject: VBA32 as new scanner
Message-ID: <4819A73F.80104@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jules,

Could you add VBA32 as a virus scanner?

You can download the latest commandline version from
ftp://anti-virus.by/pub/

At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz

I must admit I have not yet tried to decode the output from the
commandline. But I use the following bit of perl to read the log file:

while ($line = <FILE>) {
~   if ($line =~ / : (infected|is suspected of) /) {
~      chomp($line);
~      $line =~ s/^\/var\/virus\/2do\///;
~      @fields = split(/ : /,$line);
~      @fields[0] =~ s/:.*//;
~   }
}

The commandline scanner is free to use. That is free as in free wine.
(No point in telling Jules it's free beer ;-)

Regards,
Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIGac9BvzDRVjxmYERAhmHAJ9rF9z+R/wrNEQcOjSTiTNujt8xggCfc2DY
GU4irMBJBHuson+rGxUv/aQ=
=4z0S
-----END PGP SIGNATURE-----
From stef at aoc-uk.com  Thu May  1 12:40:00 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May  1 12:40:44 2008
Subject: Clamd throwing ClamAVModule log entries
Message-ID: <200805011140.m41BeBxG021949@safir.blacknight.ie>

Hello,

I've just switched over from Clam 0.92.1 + ClamAVModule to 0.93 and
Clamd and am seeing entries in the log such as

May  1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
Email.Hdr.Sanesecurity.08022900 FOUND :: ./8DEBD3741C2.4D00E/ 
May  1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
Email.Hdr.Sanesecurity.08022900 FOUND :: ./D02EC37419C.E60B6/ 
May  1 12:36:45 fedecks MailScanner[24892]: Virus Scanning: Clamd found
2 infections 

I'm not massively worried as the system appears to be working correctly,
but I am slightly confused. I presume this is a 'feature' rather than a
'bug' ?

Regards

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From vernon at comp-wiz.com  Thu May  1 13:39:53 2008
From: vernon at comp-wiz.com (Vernon Webb)
Date: Thu May  1 13:40:32 2008
Subject: Archive Option
In-Reply-To: <bcb60a850bd1f54eab502e1407ceee5d@solidstatelogic.com>
References: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>
	<bcb60a850bd1f54eab502e1407ceee5d@solidstatelogic.com>
Message-ID: <000601c8ab88$746c84b0$5d458e10$@com>

Which means what exactly? Can I have everything @somedomain.com sent to
bigbrother@somedomain.com? 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: Thursday, May 01, 2008 3:50 AM
To: MailScanner discussion
Subject: RE: Archive Option

There's a new option in the latest beta's ...


>From the changelog...


3 Added new configuration setting "Missing Mail Archive Is =" which can take
  the values "file" or "directory". This allows you archive to mbox files
whose
  name is based on the addresses of the original recipients.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Valmiki N. Ramsewak
> Sent: 01 May 2008 01:54
> To: MailScanner discussion
> Subject: Re: Archive Option
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc  -  That
> will do it on Postfix... but you're using sendmail....
>
> Been a while since then....
>
> http://www.snertsoft.com/sendmail/milter-bcc/index.shtml  <- thats one
> option google returned.. I've never used milters in my 1.5 years of using
> sendmail...
>
> Some googling said you can edit the source code to do it (too hard for me)
>
> Have fun. let us know how it works out
>
>
>
>
> On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:
>
>
>
> 	I know that there is an archive option in MailSacnner and I also
> know that I can define a locate where they can be archived to, however I
> am wondering if that those emails can somehow be sent to an email box that
> can me popped using pop3 ? I need to have all mail sent through Sendmail
> (in and out) sent through a specific domain have a BCC sent to a certain
> account. From want I understand they are looking for something similar to
> Journaling in Microsoft Exchange Server. Anyone have any ideas on how and
> if this can be done with (or without) MailScanner?
>
> 	Vernon Webb
> 	(201) 703-1232
> 	web designs <http://www.compwiz-designs.com/>  & web hosting
> <http://www.comp-wiz.com/>  by comp-wiz.com, inc.
> 	Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any review,
> dissemination, disclosure, alteration, printing, circulation or
> transmission of this email or it's attachments is prohibited and unlawful.
>
>
> 	--
> 	This message has been scanned for viruses and
> 	dangerous content at www.comp-wiz.com <http://www.comp-wiz.com/> ,
> and is
> 	believed to be clean. --
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.

From martinh at solidstatelogic.com  Thu May  1 14:10:47 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May  1 14:11:24 2008
Subject: test email for latency
Message-ID: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>

Lets see how long this takes to arrive - sent 13.10 GMT

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From adc at dc-uoit.net  Thu May  1 15:00:02 2008
From: adc at dc-uoit.net (Andrei Caraman)
Date: Thu May  1 15:00:45 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <20080501140002.GA28676@logger.dc-uoit.net>

On Thu, May 01, 2008 at 09:39:58AM +1000, Michael Mansour wrote:
> Hi,
> 
> I have a perl script I would like to run on each High
> Scoring Spam that is detected by MailScanner.

you could forward high scoring spam to a local account and use a .forward or
.procmailrc type of thing to pipe the messages through your script.  all the
tools are there, documented, and you don't need to get deep into custom
mailscanner functions.


From Timo.Jacobs at partners.de  Thu May  1 15:05:12 2008
From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de)
Date: Thu May  1 15:05:59 2008
Subject: Timo Jacobs is out of the office.
Message-ID: <OF7E01C252.B5FA6510-ONC125743C.004D61B5-C125743C.004D61B5@partners.de>


I will be out of the office starting  30.04.2008 and will not return until
02.05.2008.

I will respond to your message when I return.
In urgent cases please contact Mr. Timo A. Schmidt
(timo.schmidt@partners.de)

Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Gesch�ftsf�hrer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 _________________________________________________________________ Diese Information ist ausschlie�lich f�r die adressierte Person oder Organisation bestimmt und k�nnte vertrauliches und/oder privilegiertes Material enthalten. Personen oder Organisationen, f�r die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, erneut zu �bertragen, zu verbreiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Massnahmen irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrt�mlich erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung zu setzen und das Material von Ihrem Computer zu l�schen. Unbeschadet dessen ist allein die von uns unterzeichnete schriftliche Fassung verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit und ohne Zutun von Dritten verloren gehen, ver�ndert oder verf�lscht werden k�nnen. Herk�mmliche E-Mails sind nicht gegen den Zugriff von Dritten gesch�tzt und deshalb ist auch die Vertraulichkeit unter Umst�nden nicht gewahrt. Wir haften deshalb nicht f�r die Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich verlassen haben und k�nnen Ihnen hieraus entstehende Schaeden nicht ersetzen. Bitte beachten Sie, dass eine AntiViren- und AntiSPAM-L�sung installiert ist und alle eingehenden EMails untersucht werden, um die Sicherheit unserer Informationssysteme zu gew�hrleisten. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. You have asked us to correspond with you via the Internet per e-mail. However, the written version signed by us is the only authoritative version. We draw your attention to the fact that such messages can be lost, changed or falsified, with or without any interference by third persons. Normal e-mails are not protected against access by third persons and, therefore, their confidentiality may not be assured in certain circumstances. We cannot be responsible for the integrity of emails after they have left our sphere of control. Please note that in order to protect the security of our information systems an AntiVirus- and AntiSPAM solution is in use and will browse through incoming emails. _________________________________________________________________  
From MailScanner at ecs.soton.ac.uk  Thu May  1 15:42:31 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 15:43:23 2008
Subject: Problem with F-Secure Server version 7?
In-Reply-To: <WorldClient-F200805011241.AA41150294@dfs.dk>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
	<WorldClient-F200805011241.AA41150294@dfs.dk>
Message-ID: <4819D6D7.8070100@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, no-one has ever given me anything newer than 5.54, so I have 
never had a chance to incorporate support for 7.0.
If you send me a fully-licenced copy of 7.0 (off-list, it will only be 
used for MailScanner development and won't leak out) I will try to write 
support for it for you.

Jules.

Henriks Maillists wrote:
> Does anyone have F-Secure Linux Server Security version 7.0 running 
> with MailScanner.
>
> MailScanner --lint detects the eicar virus with both F-Secure and 
> ClamAV. When I relay a message with virus it is not detected by F-Secure.
>
> MailScanner does not stop it. (ClamAV does not know the virus - have 
> submitted it)
>
> -------------------------------------------------------------------------------------------------------
> Testing from the commandline:
> F-Secure Security Platform version 2.00  build 7161
> Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
> Scan started at Thu May  1 12:36:56 2008
> Database version: 2008-05-01_01
> [/root/certificado-2.25.rar] certificado-2.25.exe: Infected: 
> Trojan-Downloader.Win32.Banload.lpy [AVP]
> Scan ended at Thu May  1 12:36:56 2008
> 1 file scanned
> 1 file infected
>
> -------------------------------------------------------------------------------------------------------
> MailScanner --lint output this: (eset is not active!)
> MailScanner.conf says "Virus Scanners = f-secure clamavmodule"
> Found these virus scanners installed: clamavmodule, f-secure, esets
> ===========================================================================
> Virus and Content Scanning: Starting
> Found F-Secure version 2.00=2
> Scan ended at Thu May  1 12:35:52 2008
> 2 files scanned
> 1 file infected
> ProcessClamAVModOutput ClamAVModule
> ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/
> ProcessClamAVModOutput ClamAVModule
> ProcessClamAVModOutput ClamAVModule
> ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
> Virus Scanning: ClamAVModule found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> Filename Checks:  (1 eicar.com)
> Other Checks: Found 1 problems
> ===========================================================================
> Virus Scanner test reports:
> ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"
> If any of your virus scanners (clamavmodule,f-secure,esets)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its 
> virus.scanners.conf.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGdbcEfZZRxQVtlQRAvEIAJ43zfmGMXGI1K0PaNq8mmo/U4Pv7ACePZy3
gmaIUmizpN208mgvy8FtRas=
=nQRh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  1 16:41:42 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 16:42:30 2008
Subject: Clamd throwing ClamAVModule log entries
In-Reply-To: <200805011140.m41BeBxG021949@safir.blacknight.ie>
References: <200805011140.m41BeBxG021949@safir.blacknight.ie>
Message-ID: <4819E4B6.8010303@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Stef Morrell wrote:
> Hello,
>
> I've just switched over from Clam 0.92.1 + ClamAVModule to 0.93 and
> Clamd and am seeing entries in the log such as
>
> May  1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
> Email.Hdr.Sanesecurity.08022900 FOUND :: ./8DEBD3741C2.4D00E/ 
> May  1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
> Email.Hdr.Sanesecurity.08022900 FOUND :: ./D02EC37419C.E60B6/ 
> May  1 12:36:45 fedecks MailScanner[24892]: Virus Scanning: Clamd found
> 2 infections 
>
> I'm not massively worried as the system appears to be working correctly,
> but I am slightly confused. I presume this is a 'feature' rather than a
> 'bug' ?
>   
Yes, sorry, it's down to the way the parsers interact with each other. I 
use the same parser for clamavmodule, clamd and sophossavi, and 
sometimes it gets the name wrong :-(
> Regards
>
> Stef
> Stefan Morrell          | Operations Director
> Tel: 0845 3452820       | Alpha Omega Computers Ltd
> Fax: 0845 3452830       | Incorporating Level 5 Internet
> stef@aoc-uk.com         | stef@l5net.net
>
> Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
> Registered in England No. 3867142.  VAT No. GB734421454
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGeS3EfZZRxQVtlQRAsU9AJ9lA+oiI3HxGZzGR/Onbaf9PfUQEwCfWdF3
25zLpBPAQpbj3ObHaSasNJM=
=FmF7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  1 16:41:55 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 16:42:47 2008
Subject: VBA32 as new scanner
In-Reply-To: <4819A73F.80104@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
Message-ID: <4819E4C3.8030205@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'll take a look tonight.

Hugo van der Kooij wrote:
> * PGP Signed by an unverified key: 05/01/08 at 12:19:25
>
> Hi Jules,
>
> Could you add VBA32 as a virus scanner?
>
> You can download the latest commandline version from
> ftp://anti-virus.by/pub/
>
> At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz
>
> I must admit I have not yet tried to decode the output from the
> commandline. But I use the following bit of perl to read the log file:
>
> while ($line = <FILE>) {
> ~   if ($line =~ / : (infected|is suspected of) /) {
> ~      chomp($line);
> ~      $line =~ s/^\/var\/virus\/2do\///;
> ~      @fields = split(/ : /,$line);
> ~      @fields[0] =~ s/:.*//;
> ~   }
> }
>
> The commandline scanner is free to use. That is free as in free wine.
> (No point in telling Jules it's free beer ;-)
>
> Regards,
> Hugo.
>
> -- 
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>     A: Yes.
>     >Q: Are you sure?
>     >>A: Because it reverses the logical flow of conversation.
>     >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> * Hugo van der Kooij <hvdkooij@vanderkooij.org>
> * 0x58F19981 - Unverified(L)
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-15

wj8DBQFIGeTGEfZZRxQVtlQRAhgDAJ9LarCacH+myi7EzvnCxvv6wgubMACg1SqH
qHgMw6SxovcbBqUVzAZ5T6U=
=FALZ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  1 18:38:49 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 18:39:43 2008
Subject: VBA32 as new scanner
In-Reply-To: <4819A73F.80104@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
Message-ID: <481A0029.5050003@ecs.soton.ac.uk>

I have written support for it, and this will be in the next release.
Fortunately it was fairly straightforward to analyse.

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Jules,
>
> Could you add VBA32 as a virus scanner?
>
> You can download the latest commandline version from
> ftp://anti-virus.by/pub/
>
> At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz
>
> I must admit I have not yet tried to decode the output from the
> commandline. But I use the following bit of perl to read the log file:
>
> while ($line = <FILE>) {
> ~   if ($line =~ / : (infected|is suspected of) /) {
> ~      chomp($line);
> ~      $line =~ s/^\/var\/virus\/2do\///;
> ~      @fields = split(/ : /,$line);
> ~      @fields[0] =~ s/:.*//;
> ~   }
> }
>
> The commandline scanner is free to use. That is free as in free wine.
> (No point in telling Jules it's free beer ;-)
>
> Regards,
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>     A: Yes.
>     >Q: Are you sure?
>     >>A: Because it reverses the logical flow of conversation.
>     >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIGac9BvzDRVjxmYERAhmHAJ9rF9z+R/wrNEQcOjSTiTNujt8xggCfc2DY
> GU4irMBJBHuson+rGxUv/aQ=
> =4z0S
> -----END PGP SIGNATURE-----

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From malli at mcrirents.com  Thu May  1 19:56:04 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Thu May  1 18:55:55 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>

Guys,

I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04.  I thought some
of you guys might find it interesting and can possibly make it better.

It serves as a gateway to my Exchange 2003 handling multiple domains.
It's a step-by-step tutorial detailing the installation with the
following title:

The Perfect SpamSnake - Postfix w/Bayesian Filtering and
Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner
(Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks,
FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-gld
(Greylisting Optional), Logwatch Statistical Reporting (Optional),
Outgoing Disclaimer with alterMIME (Optional) 

Any suggestions as to how to make it better, would be greatly
appreciated.  Have a look and let me know what you think.

Regards,

Mohammed Alli
From peter at farrows.org  Thu May  1 20:38:13 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu May  1 20:39:12 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
Message-ID: <481A1C25.7010800@farrows.org>

Mohammed Alli wrote:
> Guys,
>
> I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
> http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04.  I thought some
> of you guys might find it interesting and can possibly make it better.
>
> It serves as a gateway to my Exchange 2003 handling multiple domains.
> It's a step-by-step tutorial detailing the installation with the
> following title:
>
> The Perfect SpamSnake - Postfix w/Bayesian Filtering and
> Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner
> (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks,
> FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-gld
> (Greylisting Optional), Logwatch Statistical Reporting (Optional),
> Outgoing Disclaimer with alterMIME (Optional) 
>
> Any suggestions as to how to make it better, would be greatly
> appreciated.  Have a look and let me know what you think.
>
> Regards,
>
> Mohammed Alli
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   
thanks!

Pete


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From sandrews at andrewscompanies.com  Thu May  1 20:52:48 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Thu May  1 20:53:24 2008
Subject: Undelivered Messages Solution?
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com>
References: <480E1285.1050902@tippingmar.com><48124A74.40603@tippingmar.com>	<6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com>	<48127C4A.2090303@tippingmar.com><6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com><481326CB.20004@vanderkooij.org>
	<3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com>
Message-ID: <1964AAFBC212F742958F9275BF63DBB0760D23@winchester.andrewscompanies.com>

I just use a spamassassin rule that checks for certain subject words.
Am I really bastardizing the use of non-delivery reports?  Sure I am.
Is it likely that real non-delivery reports may get caught up in the
rule, probably.  The volume of these things is so out of hand that I
just don't care anymore.

Feel free to flame me on this if you think I'm being too heavy-handed or
violating this, that or another RFC; I'll be glad to do it another way
if a better one exists.

Steve

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Mohammed Alli
Sent: Sunday, April 27, 2008 1:06 AM
To: MailScanner discussion
Subject: Undelivered Messages Solution?

For everyone that's having the 'Undelivered Mail Returned to Sender'
messages.  I think postgrey would be the solution.  Let me know what you
guys think.
From hvdkooij at vanderkooij.org  Thu May  1 20:54:53 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  1 20:55:38 2008
Subject: test email for latency
In-Reply-To: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>
References: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>
Message-ID: <481A200D.2080205@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin.Hepworth wrote:
| Lets see how long this takes to arrive - sent 13.10 GMT

Go figure:

Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7])
	by balin.waakhond.net (Postfix) with ESMTP id D323817E802F
	for <hvdkooij@vanderkooij.org>; Thu,  1 May 2008 18:11:41 +0200 (CEST)
Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1])
	by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m41G7QxK012304;
	Thu, 1 May 2008 17:08:07 +0100
X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $
Received: from mail.solidstatelogic.com (mail.solidstatelogic.com
	[80.241.69.19])
	by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m41DAoiY031948
	for <mailscanner@lists.mailscanner.info>; Thu, 1 May 2008 14:11:22 +0100
Received: from volt.solid-state-logic.com ([10.1.1.11]
	helo=solidstatelogic.com)
	by towers.solid-state-logic.com with esmtp (Exim 4.43 (FreeBSD))
	id 1JrYYh-000Dmh-TX
	for mailscanner@lists.mailscanner.info; Thu, 01 May 2008 14:10:47 +0100
Received: from [10.1.4.48] (account martinh@solidstatelogic.com)
	by solidstatelogic.com (CommuniGate Pro IMAP 5.2.1)
	with XMIT id 1268711 for mailscanner@lists.mailscanner.info;
	Thu, 01 May 2008 14:10:47 +0100
Date: Thu, 01 May 2008 14:10:47 +0100

But I think the mailinglist holds it 15 minutes for each line of a
disclaimer. So it is rather fast ;-)

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIGiALBvzDRVjxmYERAlYnAKCZFMDYzVTr8LIqcWFEyw9iUb2hvgCfRSTe
GZIjlhxi5IqtjWJi5tS3sVs=
=vyXz
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Thu May  1 20:58:58 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  1 20:59:07 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
Message-ID: <481A2102.2020108@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohammed Alli wrote:
| Guys,
|
| I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,

For a publisher it would have been nice if you had not hijacked a thread
to announce it:

In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org>
<481A0029.5050003@ecs.soton.ac.uk>

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIGiEBBvzDRVjxmYERAkVIAJ9LwAWGQFUMeg5d+qrVWI7lRbFzsACeI1ZL
6Dx9HYS5A5kjdC8RmW9bHgw=
=vq2W
-----END PGP SIGNATURE-----
From malli at mcrirents.com  Thu May  1 22:06:03 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Thu May  1 22:06:26 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
Message-ID: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>

Well,
I'm sorry and did not intend to  nor did I realize it.  I'm just trying to share my experience with people who appreciates it!

-----Original Message-----
From: "Hugo van der Kooij" <hvdkooij@vanderkooij.org>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: 5/1/08    5:34 PM
Subject: Re: The Perfect SpamSnake - Ubuntu 8.04 TLS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohammed Alli wrote:
| Guys,
|
| I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,

For a publisher it would have been nice if you had not hijacked a thread
to announce it:

In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org>
<481A0029.5050003@ecs.soton.ac.uk>

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIGiEBBvzDRVjxmYERAkVIAJ9LwAWGQFUMeg5d+qrVWI7lRbFzsACeI1ZL
6Dx9HYS5A5kjdC8RmW9bHgw=
=vq2W
-----END PGP SIGNATURE-----
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From Kevin_Miller at ci.juneau.ak.us  Thu May  1 22:26:09 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu May  1 22:25:32 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>
References: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D3A9@city-exch-w3e.cbj.local>

Mohammed Alli wrote:
> Well,
> I'm sorry and did not intend to  nor did I realize it.  I'm just
> trying to share my experience with people who appreciates it! 

LOL.  As they say, "No good deed goes unpunished!"

Best...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From davejones70 at gmail.com  Thu May  1 22:56:07 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Thu May  1 22:56:41 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
In-Reply-To: <4819826C.9080508@ecs.soton.ac.uk>
References: <4819826C.9080508@ecs.soton.ac.uk>
Message-ID: <67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>

>I have just released the latest stable release of MailScanner, 4.69.

>There's quite a lot this month, but the main new features this month are:

>- - Can now extract embedded files from within Microsoft Office documents
>and subject them to all the file tests like any other attachments.
FYI, I hope our problem with defunct processes doesn't start popping up all
over the place with this new feature.  We had to disable this feature to get
our MailScanner stable again but use another new feature Julian added for us
in this release.

----SNIP of "Re: MailScanner defunct processes" -----
>The only way to disable the Storage_Lite code is to comment out the
>calls to sub "ExtractOle" in Message.pm (in
>/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
>whenever it sees an attachment which starts with the "magic" strings
>that define a Microsoft Office document.
I ended up commenting out 2 lines that were a single call to UnpackOle
and mail is flowing again with no defunct processes.
----SNIP of "Re: MailScanner defunct processes" -----

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080501/1829e120/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu May  1 23:34:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  1 23:35:19 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
In-Reply-To: <67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>
References: <4819826C.9080508@ecs.soton.ac.uk>
	<67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>
Message-ID: <481A456C.3030107@ecs.soton.ac.uk>


Dave Jones wrote:
> >I have just released the latest stable release of MailScanner, 4.69.
>
> >There's quite a lot this month, but the main new features this month are:
>
> >- - Can now extract embedded files from within Microsoft Office documents
> >and subject them to all the file tests like any other attachments.
> FYI, I hope our problem with defunct processes doesn't start popping 
> up all over the place with this new feature.  We had to disable this 
> feature to get our MailScanner stable again but use another new 
> feature Julian added for us in this release.
If you can actually send me an email message which you know causes the 
problem to appear, I can code round it. Last time I asked for this I 
didn't receive anything useful to me.
>
> ----SNIP of "Re: MailScanner defunct processes" -----
> >The only way to disable the Storage_Lite code is to comment out the
> >calls to sub "ExtractOle" in Message.pm (in
> >/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
> >whenever it sees an attachment which starts with the "magic" strings
> >that define a Microsoft Office document.
> I ended up commenting out 2 lines that were a single call to UnpackOle
> and mail is flowing again with no defunct processes.
> ----SNIP of "Re: MailScanner defunct processes" -----
Send me problem-causing messages please. Preferably zipped up and put on 
an http site for me to download, so my MailScanner doesn't also hit 
problems with it.

Coding round any problems with the OLE unpacker should be pretty easy, 
but I can't do it without any messages that exhibit problems.

Thanks.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From peter at farrows.org  Fri May  2 00:21:46 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May  2 00:22:52 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A2102.2020108@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
	<481A2102.2020108@vanderkooij.org>
Message-ID: <481A508A.20405@farrows.org>

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mohammed Alli wrote:
> | Guys,
> |
> | I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
>
> For a publisher it would have been nice if you had not hijacked a thread
> to announce it:
>
Get a life mate, can't you just say thanks for once.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From micoots at yahoo.com  Fri May  2 03:00:05 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Fri May  2 03:00:39 2008
Subject: High Scoring Spam quarantine directory
Message-ID: <319379.60969.qm@web33308.mail.mud.yahoo.com>

Hi,

I'd like to separate the quarantined spam directory
for "normal" spam and high scoring spam ie. the
directory:

/var/spool/MailScanner/quarantine/<date>/spam

which contains both normal spam and high scoring spam.
I'd like to put the high scoring spam in an area of
it's own.

Which is the best way to do this? or should I just use
a default rule to forward all high scoring spam an
another email address or "archive" for processing.

Thanks.

Michael.


      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail


From micoots at yahoo.com  Fri May  2 03:17:13 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Fri May  2 03:17:48 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <20080501140002.GA28676@logger.dc-uoit.net>
Message-ID: <745953.85920.qm@web33306.mail.mud.yahoo.com>

Hi,

--- Andrei Caraman <adc@dc-uoit.net> wrote:

> On Thu, May 01, 2008 at 09:39:58AM +1000, Michael
> Mansour wrote:
> > Hi,
> > 
> > I have a perl script I would like to run on each
> High
> > Scoring Spam that is detected by MailScanner.
> 
> you could forward high scoring spam to a local
> account and use a .forward or
> .procmailrc type of thing to pipe the messages
> through your script.  all the
> tools are there, documented, and you don't need to
> get deep into custom
> mailscanner functions.

This is actually an excellent idea. I read Jules'
response and checked out some of the function stuff,
but I have little chance of figuring it out without
investing weeks on it.

Your idea is actually quite easy to do, so I think I
will go that route.

Thankyou.

Michael.


      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail


From hvdkooij at vanderkooij.org  Fri May  2 06:21:23 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri May  2 06:22:08 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A508A.20405@farrows.org>
References: <4819A73F.80104@vanderkooij.org>	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>	<481A2102.2020108@vanderkooij.org>
	<481A508A.20405@farrows.org>
Message-ID: <481AA4D3.7000802@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Farrow wrote:
| Hugo van der Kooij wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Mohammed Alli wrote:
|> | Guys,
|> |
|> | I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
|>
|> For a publisher it would have been nice if you had not hijacked a thread
|> to announce it:
|>
| Get a life mate, can't you just say thanks for once.

I'm not your mate. Let's get that clear.

But if you prefer to hide announcements away then why bother to announce
at all? If you think your document is important then you wrong yourself
by adding it to another thread beause it will be hidden for those who
use a threaded email client and do not care about the VBA32 thread.

But feel free to ignore a good hint on getting an anouncement more
visible on a mailinglist. It feels like a waste to publish a document
and then hide the announcement.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIGqTRBvzDRVjxmYERAkKaAJ0YaUDSXd667nhWDeRrH+O1eAwH8QCeM2YT
v3VuYmrluVS/Awi/PQ5Qk48=
=e/+z
-----END PGP SIGNATURE-----
From peter at farrows.org  Fri May  2 09:14:52 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May  2 09:15:53 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481AA4D3.7000802@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>	<481A2102.2020108@vanderkooij.org>	<481A508A.20405@farrows.org>
	<481AA4D3.7000802@vanderkooij.org>
Message-ID: <481ACD7C.3090805@farrows.org>

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Farrow wrote:
> | Hugo van der Kooij wrote:
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Mohammed Alli wrote:
> |> | Guys,
> |> |
> |> | I've published my tutorial, The Perfect SpamSnake, on 
> HowToForge.org,
> |>
> |> For a publisher it would have been nice if you had not hijacked a 
> thread
> |> to announce it:
> |>
> | Get a life mate, can't you just say thanks for once.
>
> I'm not your mate. Let's get that clear.
>
> But if you prefer to hide announcements away then why bother to announce
> at all? If you think your document is important then you wrong yourself
> by adding it to another thread beause it will be hidden for those who
> use a threaded email client and do not care about the VBA32 thread.
>
> But feel free to ignore a good hint on getting an anouncement more
> visible on a mailinglist. It feels like a waste to publish a document
> and then hide the announcement.
>
> Hugo.
>
Nope, your not my mate,  you are too busy pulling diamonds out of your arse.

Everyone saw the comment, it got exposure, but you had chip in with a 
comment like that, then to compound the issue you won't let it drop, 
with a further wasted comment like this above.  I am surpised you 
managed to hold your tongue at Res's top posting, can't believe you let 
that one slip by...

I think Res' comment says it all..

 >>I cant stand these self appointed net-cops! moronic tossers, the lot 
of em.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From peter at farrows.org  Fri May  2 09:19:31 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May  2 09:19:54 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481AA4D3.7000802@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>	<481A2102.2020108@vanderkooij.org>	<481A508A.20405@farrows.org>
	<481AA4D3.7000802@vanderkooij.org>
Message-ID: <481ACE93.2020601@farrows.org>

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Farrow wrote:
> | Hugo van der Kooij wrote:
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Mohammed Alli wrote:
> |> | Guys,
> |> |
> |> | I've published my tutorial, The Perfect SpamSnake, on 
> HowToForge.org,
> |>
> |> For a publisher it would have been nice if you had not hijacked a 
> thread
> |> to announce it:
> |>
> | Get a life mate, can't you just say thanks for once.
>
> I'm not your mate. Let's get that clear.
>
> But if you prefer to hide announcements away then why bother to announce
> at all? If you think your document is important then you wrong yourself
> by adding it to another thread beause it will be hidden for those who
> use a threaded email client and do not care about the VBA32 thread.
>
> But feel free to ignore a good hint on getting an anouncement more
> visible on a mailinglist. It feels like a waste to publish a document
> and then hide the announcement.
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>     A: Yes.
>     >Q: Are you sure?
>     >>A: Because it reverses the logical flow of conversation.
>     >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIGqTRBvzDRVjxmYERAkKaAJ0YaUDSXd667nhWDeRrH+O1eAwH8QCeM2YT
> v3VuYmrluVS/Awi/PQ5Qk48=
> =e/+z
> -----END PGP SIGNATURE-----
BTW, you didn't see that comment from Res' because it was sent to me,  
just thought I would share it with you so you understand how you come 
across sometimes, take it on board, and make yourself a better person 
for it...


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From shuttlebox at gmail.com  Fri May  2 10:02:42 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May  2 10:03:17 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
Message-ID: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>

On Fri, May 2, 2008 at 10:19 AM, Peter Farrow <peter@farrows.org> wrote:
>  BTW, you didn't see that comment from Res' because it was sent to me,  just
> thought I would share it with you so you understand how you come across
> sometimes, take it on board, and make yourself a better person for it...

Maybe you shouldn't use Res as an example. :-) A guy who got in so
much trouble on this list he asked to be removed from it himself and
the wish was granted, then he subscribed again to lurk and posts
privately to people which all in all is kind of silly if you ask me.
In my mind Hugo is very reasonable compared to what I have read from
Res. After all, this list is populated by e-mail admins, if they are
"educated" about top-posting, how threading works and my favorite -
trimming replies, they might influence their users and we will have a
better world. :-)

-- 
/peter
From peter at farrows.org  Fri May  2 10:12:38 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May  2 10:13:31 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
Message-ID: <481ADB06.2050206@farrows.org>

shuttlebox wrote:
> On Fri, May 2, 2008 at 10:19 AM, Peter Farrow <peter@farrows.org> wrote:
>   
>>  BTW, you didn't see that comment from Res' because it was sent to me,  just
>> thought I would share it with you so you understand how you come across
>> sometimes, take it on board, and make yourself a better person for it...
>>     
>
> Maybe you shouldn't use Res as an example. :-) A guy who got in so
> much trouble on this list he asked to be removed from it himself and
> the wish was granted, then he subscribed again to lurk and posts
> privately to people which all in all is kind of silly if you ask me.
> In my mind Hugo is very reasonable compared to what I have read from
> Res. After all, this list is populated by e-mail admins, if they are
> "educated" about top-posting, how threading works and my favorite -
> trimming replies, they might influence their users and we will have a
> better world. :-)
>
>   
I agree, but Hugo's reply just pressed my button, far too much tied up 
with protocol, rather than just saying thanks.

If you constantly nit-pick over what really are irrellevances you end 
with a mailing list tied up with discussions about posting, how to post, 
how not to post etc etc, and it becomes worthless, rather like a 
playground argument over who said what.

This list is already diluted far too much with self appointed net-cops, 
and that really had to be said.  Given the same set of circumstances and 
looking back, my only regret is that I wasn't harder on Hugo first time 
round.   Res' comment seems right on the money in the case...

-- 
horizontal ruler

Peter Farrow
Inexcom Logo 	
Inexcom Ltd
Office: 	08450 949 747
Fax: 	01249 461 548
Mobile: 	07799605617
Skype: 	peter_farrow
Web: 	www.inexcom.co.uk <http://www.inexcom.co.uk>
Registered in England and Wales, number:05598456


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
Skipped content of type multipart/related
From jan-peter at koopmann.eu  Fri May  2 10:23:58 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Fri May  2 10:25:15 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <EMEW-k41Ae3c98afca11a3711b87d1e5a2b0d10d0a1-481ACD7C.3090805@farrows.org>
References: <4819A73F.80104@vanderkooij.org>	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>	<481A2102.2020108@vanderkooij.org>	<481A508A.20405@farrows.org><481AA4D3.7000802@vanderkooij.org>
	<EMEW-k41Ae3c98afca11a3711b87d1e5a2b0d10d0a1-481ACD7C.3090805@farrows.org>
Message-ID: <EMEW-k41BOKcba6f6081e45fa5bcc809fcdc94d5ffd-5F9EB2B0731E5B4D88FC20780DFD16101E9D52@DE-SEXB01RZ.intern.seceidos.de>

Hi guys,

> Nope, your not my mate,  you are too busy pulling diamonds out of your
arse.

Oh come on. There are things you should not do on a mailing list:

- Steal threats
- Be rude
- top post
- tons of other stuff
- use 20 line long disclaimers esp. with completely useless contents
like (if you read this in error, wipe your memory)

Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
out the error Mohammed did (I agree a more polite way could have done
the trick even better). Thanks to Peter for trying to tell Hugo how he
comes across in times. Now let's all be friends again. :-)


>I think Res' comment says it all..

> >>I cant stand these self appointed net-cops! moronic tossers, the lot
of em.

Add "publish private comments to the mailing list" to the list. .-) I
agree, self appointed net-cops can be a pain in the ass. I know, I
sometimes try to be one myself. But honestly, people top posting, being
rude etc. can be annoying as well to others. So let's all try to
concentrate and behave a bit on mailing lists and this one in
particular. While Hugo might have been a bit harsh in making his valid
point, he is a valuable member of the list so don't kill him for it. .-)

Kind regards and a nice relaxing weekend to all of you,
  JP
From peter at farrows.org  Fri May  2 10:58:26 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May  2 10:59:30 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <EMEW-k41BOKcba6f6081e45fa5bcc809fcdc94d5ffd-5F9EB2B0731E5B4D88FC20780DFD16101E9D52@DE-SEXB01RZ.intern.seceidos.de>
References: <4819A73F.80104@vanderkooij.org>	<481A0029.5050003@ecs.soton.ac.uk>	<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>	<481A2102.2020108@vanderkooij.org>	<481A508A.20405@farrows.org><481AA4D3.7000802@vanderkooij.org>	<EMEW-k41Ae3c98afca11a3711b87d1e5a2b0d10d0a1-481ACD7C.3090805@farrows.org>
	<EMEW-k41BOKcba6f6081e45fa5bcc809fcdc94d5ffd-5F9EB2B0731E5B4D88FC20780DFD16101E9D52@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <481AE5C2.4020408@farrows.org>

Koopmann, Jan-Peter wrote:
> Hi guys,
>
>   
>> Nope, your not my mate,  you are too busy pulling diamonds out of your
>>     
> arse.
>
> Oh come on. There are things you should not do on a mailing list:
>
> - Steal threats
> - Be rude
> - top post
> - tons of other stuff
> - use 20 line long disclaimers esp. with completely useless contents
> like (if you read this in error, wipe your memory)
>
> Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
> out the error Mohammed did (I agree a more polite way could have done
> the trick even better). Thanks to Peter for trying to tell Hugo how he
> comes across in times. Now let's all be friends again. :-)
>
>
>   
>> I think Res' comment says it all..
>>     
>
>   
>>>> I cant stand these self appointed net-cops! moronic tossers, the lot
>>>>         
> of em.
>
> Add "publish private comments to the mailing list" to the list. .-) I
> agree, self appointed net-cops can be a pain in the ass. I know, I
> sometimes try to be one myself. But honestly, people top posting, being
> rude etc. can be annoying as well to others. So let's all try to
> concentrate and behave a bit on mailing lists and this one in
> particular. While Hugo might have been a bit harsh in making his valid
> point, he is a valuable member of the list so don't kill him for it. .-)
>
> Kind regards and a nice relaxing weekend to all of you,
>   JP
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   
Well said,

I agree 150%

Apologies to Hugo,

:-)


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/92f56d49/attachment.html
From gerard at seibercom.net  Fri May  2 11:31:28 2008
From: gerard at seibercom.net (Gerard)
Date: Fri May  2 11:32:20 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <481ADB06.2050206@farrows.org>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
	<481ADB06.2050206@farrows.org>
Message-ID: <20080502063128.5ec8fad7@scorpio>

On Fri, 02 May 2008 10:12:38 +0100
Peter Farrow <peter@farrows.org> wrote:

> shuttlebox wrote:
> > On Fri, May 2, 2008 at 10:19 AM, Peter Farrow <peter@farrows.org>
> > wrote: 
> >>  BTW, you didn't see that comment from Res' because it was sent to
> >> me,  just thought I would share it with you so you understand how
> >> you come across sometimes, take it on board, and make yourself a
> >> better person for it... 
> >
> > Maybe you shouldn't use Res as an example. :-) A guy who got in so
> > much trouble on this list he asked to be removed from it himself and
> > the wish was granted, then he subscribed again to lurk and posts
> > privately to people which all in all is kind of silly if you ask me.
> > In my mind Hugo is very reasonable compared to what I have read from
> > Res. After all, this list is populated by e-mail admins, if they are
> > "educated" about top-posting, how threading works and my favorite -
> > trimming replies, they might influence their users and we will have
> > a better world. :-)
> >
> >   
> I agree, but Hugo's reply just pressed my button, far too much tied
> up with protocol, rather than just saying thanks.
> 
> If you constantly nit-pick over what really are irrellevances you end 
> with a mailing list tied up with discussions about posting, how to
> post, how not to post etc etc, and it becomes worthless, rather like
> a playground argument over who said what.
> 
> This list is already diluted far too much with self appointed
> net-cops, and that really had to be said.  Given the same set of
> circumstances and looking back, my only regret is that I wasn't
> harder on Hugo first time round.   Res' comment seems right on the
> money in the case...

It has always been my opinion that the best place to start is at the
beginning. You cannot write a book successfully until you have mastered
the art of spelling, grammar, etc. Fast forwarding to 'forum postings'
would reveal that in order to post effectively a user should have the
necessary skills to properly format and present his data. The failure to
post in a logical and well understood manner, is in my humble opinion,
not effective. It actually has the effect of turning a potentially
useful post into a m?lange of indecipherable rantings.

Just my 2?.


-- 
Gerard
gerard@seibercom.net

Pollyanna's Educational Constant: The hyperactive child is never absent.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/c4fc3135/signature.bin
From MailScanner at ecs.soton.ac.uk  Fri May  2 11:52:40 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  2 11:53:39 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <319379.60969.qm@web33308.mail.mud.yahoo.com>
References: <319379.60969.qm@web33308.mail.mud.yahoo.com>
Message-ID: <481AF278.6090601@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Michael Mansour wrote:
> Hi,
>
> I'd like to separate the quarantined spam directory
> for "normal" spam and high scoring spam ie. the
> directory:
>
> /var/spool/MailScanner/quarantine/<date>/spam
>
> which contains both normal spam and high scoring spam.
> I'd like to put the high scoring spam in an area of
> it's own.
>
> Which is the best way to do this? or should I just use
> a default rule to forward all high scoring spam an
> another email address or "archive" for processing.
>   
With the latest stable version, you can store different levels of spam 
in any arbitrary directory you like. Check out the new comments just 
about "Spam Actions" in MailScanner.conf.
> Thanks.
>
> Michael.
>
>
>
>       Get the name you always wanted with the new y7mail email address.
> www.yahoo7.com.au/y7mail
>
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIGvJ8EfZZRxQVtlQRAixGAKCA3o6p7i2ersvdjzaJJXqhUOMjFACcC7PI
IedKXWK0wiWrZ3XH3USvTeQ=
=K9En
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From malli at mcrirents.com  Fri May  2 12:58:11 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Fri May  2 12:58:43 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
Message-ID: <001901c8ac54$47ea3ba4$0d00a8c0@computerrents.com>

Guys,

Please excuse my ignorance as this is the first time for me on a mailing list of any kind.  I don't know your procedures but will pick them up quickly.  I'm sorry for the trouble I've caused.

MO

-----Original Message-----
From: "Peter Farrow" <peter@farrows.org>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: 5/2/08    7:03 AM
Subject: Re: The Perfect SpamSnake - Ubuntu 8.04 TLS

Koopmann, Jan-Peter wrote:
> Hi guys,
>
>   
>> Nope, your not my mate,  you are too busy pulling diamonds out of your
>>     
> arse.
>
> Oh come on. There are things you should not do on a mailing list:
>
> - Steal threats
> - Be rude
> - top post
> - tons of other stuff
> - use 20 line long disclaimers esp. with completely useless contents
> like (if you read this in error, wipe your memory)
>
> Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
> out the error Mohammed did (I agree a more polite way could have done
> the trick even better). Thanks to Peter for trying to tell Hugo how he
> comes across in times. Now let's all be friends again. :-)
>
>
>   
>> I think Res' comment says it all..
>>     
>
>   
>>>> I cant stand these self appointed net-cops! moronic tossers, the lot
>>>>         
> of em.
>
> Add "publish private comments to the mailing list" to the list. .-) I
> agree, self appointed net-cops can be a pain in the ass. I know, I
> sometimes try to be one myself. But honestly, people top posting, being
> rude etc. can be annoying as well to others. So let's all try to
> concentrate and behave a bit on mailing lists and this one in
> particular. While Hugo might have been a bit harsh in making his valid
> point, he is a valuable member of the list so don't kill him for it. .-)
>
> Kind regards and a nice relaxing weekend to all of you,
>   JP
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   
Well said,

I agree 150%

Apologies to Hugo,

:-)


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From ssilva at sgvwater.com  Fri May  2 18:43:45 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May  2 18:45:39 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <481ADB06.2050206@farrows.org>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
	<481ADB06.2050206@farrows.org>
Message-ID: <fvfjtu$7ab$1@ger.gmane.org>

on 5-2-2008 2:12 AM Peter Farrow spake the following:
> shuttlebox wrote:
>> On Fri, May 2, 2008 at 10:19 AM, Peter Farrow <peter@farrows.org> wrote:
>>   
>>>  BTW, you didn't see that comment from Res' because it was sent to me,  just
>>> thought I would share it with you so you understand how you come across
>>> sometimes, take it on board, and make yourself a better person for it...
>>>     
>>
>> Maybe you shouldn't use Res as an example. :-) A guy who got in so
>> much trouble on this list he asked to be removed from it himself and
>> the wish was granted, then he subscribed again to lurk and posts
>> privately to people which all in all is kind of silly if you ask me.
>> In my mind Hugo is very reasonable compared to what I have read from
>> Res. After all, this list is populated by e-mail admins, if they are
>> "educated" about top-posting, how threading works and my favorite -
>> trimming replies, they might influence their users and we will have a
>> better world. :-)
>>
>>   
> I agree, but Hugo's reply just pressed my button, far too much tied up 
> with protocol, rather than just saying thanks.
> 
> If you constantly nit-pick over what really are irrellevances you end 
> with a mailing list tied up with discussions about posting, how to post, 
> how not to post etc etc, and it becomes worthless, rather like a 
> playground argument over who said what.
> 
> This list is already diluted far too much with self appointed net-cops, 
> and that really had to be said.  Given the same set of circumstances and 
> looking back, my only regret is that I wasn't harder on Hugo first time 
> round.   Res' comment seems right on the money in the case...
> 
> -- 
I suppose making a comment on the graphic signature will just start the fire 
again, so I won't do it.  ;-P


Disclaimer:
The above comment was just a poor attempt at humor. You are free to keep your 
comments and angry responses to yourself!


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/ca6757f9/signature.bin
From Neal at Morgan-Systems.com  Fri May  2 19:35:37 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Fri May  2 19:36:47 2008
Subject: OT: Netiquette Question
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>

At this risk of stirring things up, may I ask a dumb question?

One of you made a reference to "snip" - and I was unable to determine
whether you meant this was an example of poor netiquette.  If it is,
what is the preferred approach?  ...especially when the thread has taken
a turn and much of the original discussion no longer applies?   Start a
new thread?  


Thanks in advance.

Neal Morgan

From Kevin_Miller at ci.juneau.ak.us  Fri May  2 20:07:40 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri May  2 20:07:02 2008
Subject: Netiquette Question
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D3B5@city-exch-w3e.cbj.local>

Neal Morgan wrote:
> At this risk of stirring things up, may I ask a dumb question?
> 
> One of you made a reference to "snip" - and I was unable to determine
> whether you meant this was an example of poor netiquette.  If it is,
> what is the preferred approach?  ...especially when the thread has
> taken a turn and much of the original discussion no longer applies?  
> Start a new thread?

I've always been of the understanding that when the thread starts
getting long, that the majority of it should be snipped, leaving the bit
that the current post is in response to.  Makes it much easier to read.

I'm also of the opinion that if some don't snip, or toppost, or hijack
threads, if that's the worst that happens to me today I'm *waaaay* ahead
of the game.  It's not a bad life...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From arturs at netvision.net.il  Fri May  2 20:49:36 2008
From: arturs at netvision.net.il (Arthur Sherman)
Date: Fri May  2 20:50:49 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <fvfjtu$7ab$1@ger.gmane.org>
Message-ID: <026501c8ac8d$a6faa730$6600a8c0@dell>

> > This list is already diluted far too much with self appointed 
> > net-cops, and that really had to be said.  Given the same set of 

Absolutely agree.
I think these net-cops are doing more damage to JF and MS than their
help(??) to the list.
It has to be said: the list turns to be unfriendly!


Best,
--

Arthur Sherman 


From MailScanner at ecs.soton.ac.uk  Fri May  2 21:26:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  2 21:27:13 2008
Subject: Enough already. Was Re: OT: netiquette (was: The Perfect SpamSnake
 - Ubuntu 8.04 TLS)
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <481B78EC.4010808@ecs.soton.ac.uk>

Arthur Sherman wrote:
> <SNIP>
Now, now, folks.
Enough of this, guys.

Virtually no-one behaves badly out of neglect or anything wilful. We all 
had to start somewhere, and I bet even some of the old-timers (no insult 
intended!) on this list have accidentally top-posted or hijacked a 
thread earlier in their lives before they learned why it can be a 
problem for a few people. I get an awful lot of mail, and I don't mind 
people hijacking threads (I don't use threaded views in my mail client) 
or occasionally top-posting (I do it myself often enough!).

This list usually runs itself, and very rarely is my intervention 
needed, as I try to keep it to a minimum. You folks are normally pretty 
well-behaved and in the past I have received comments saying what a 
lovely polite list this is. I don't want that to change.

The poor guy who accidentally hijacked a thread at some point in this 
conversation didn't do it wilfully, trying to make your life hard or 
trying to ensure you didn't see his posting. He did it by mistake, and 
we all make them. I have a feeling that English is not his first 
language, so he may not have understood what was meant by any criticism 
of his posting.

Also, if you don't know that threaded mail clients exist, or you don't 
understand what is meant by this strange technical use of the term 
"threading", then any explanation will go straight over his head. Think 
about that before you criticise people; English ain't the only language 
spoken here. I have advised people in the past that if they know more 
Spanish than English, then they will get a better response by posting 
their question in Spanish as there are quite a few Spanish speakers here 
who can help them. No-one complains when a posting is made in Spanish.

So, please, lighten up a bit and try to remember that not only do people 
make mistakes, but they might neither know why they have made a mistake 
nor understand any criticism you make about them.

Can we please end this whole thread here and now. If you want to comment 
on this posting, send your comments to me off-list. I don't want to see 
this Subject: line again. I want to see this list go back to the 
helpful, constructive, polite and well-behaved place it normally is. I 
don't want to see any of this "net-cop" behaviour in future.

Have a nice weekend, get out and enjoy the Spring weather.

Best regards,

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dave.list at pixelhammer.com  Fri May  2 21:28:30 2008
From: dave.list at pixelhammer.com (DAve)
Date: Fri May  2 21:29:12 2008
Subject: OT: netiquette
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <481B796E.6030609@pixelhammer.com>

Arthur Sherman wrote:
>>> This list is already diluted far too much with self appointed 
>>> net-cops, and that really had to be said.  Given the same set of 
> 
> Absolutely agree.
> I think these net-cops are doing more damage to JF and MS than their
> help(??) to the list.
> It has to be said: the list turns to be unfriendly!

Can I be a net cop? Do I get a badge? 8^)


-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From davejones70 at gmail.com  Fri May  2 21:49:24 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Fri May  2 21:49:59 2008
Subject: MailScanner defunct processes
Message-ID: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>

> Dave Jones wrote:
>> >I have just released the latest stable release of MailScanner, 4.69.
>>
>> >There's quite a lot this month, but the main new features this month
are:
>>
>> >- - Can now extract embedded files from within Microsoft Office
documents
>> >and subject them to all the file tests like any other attachments.
>> FYI, I hope our problem with defunct processes doesn't start popping
>> up all over the place with this new feature.  We had to disable this
>> feature to get our MailScanner stable again but use another new
>> feature Julian added for us in this release.
>If you can actually send me an email message which you know causes the
>problem to appear, I can code round it. Last time I asked for this I
>didn't receive anything useful to me.

I am still trying to gather information to send you a message that caused
the defunct process.  I had over 600 df files in the inbound queue that I
made a copy of before commenting out the UnpackOle line.  Which one would be
the one you need?  Would it be the oldest one?  Is there some attibute about
the file that I can search for to pinpoint the bad one? Or should I just tgz
all of them and put them on a web server for you?

I apologize for not getting back to you sooner with the needed info.  We
have a major site upgrade going live in a few days so I have had to focus on
that.

>> ----SNIP of "Re: MailScanner defunct processes" -----
>> >The only way to disable the Storage_Lite code is to comment out the
>> >calls to sub "ExtractOle" in Message.pm (in
>> >/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
>> >whenever it sees an attachment which starts with the "magic" strings
>> >that define a Microsoft Office document.
>> I ended up commenting out 2 lines that were a single call to UnpackOle
>> and mail is flowing again with no defunct processes.
>> ----SNIP of "Re: MailScanner defunct processes" -----
>Send me problem-causing messages please. Preferably zipped up and put on
>an http site for me to download, so my MailScanner doesn't also hit
>problems with it.

>Coding round any problems with the OLE unpacker should be pretty easy,
>but I can't do it without any messages that exhibit problems.

>Thanks.

>Jules

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/359fdec3/attachment.html
From MailScanner at ecs.soton.ac.uk  Fri May  2 22:13:06 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  2 22:14:00 2008
Subject: MailScanner defunct processes
In-Reply-To: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>
References: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>
Message-ID: <481B83E2.4000703@ecs.soton.ac.uk>


Dave Jones wrote:
> > Dave Jones wrote:
> >> >I have just released the latest stable release of MailScanner, 4.69.
> >>
> >> >There's quite a lot this month, but the main new features this 
> month are:
> >>
> >> >- - Can now extract embedded files from within Microsoft Office 
> documents
> >> >and subject them to all the file tests like any other attachments.
> >> FYI, I hope our problem with defunct processes doesn't start popping
> >> up all over the place with this new feature.  We had to disable this
> >> feature to get our MailScanner stable again but use another new
> >> feature Julian added for us in this release.
> >If you can actually send me an email message which you know causes the
> >problem to appear, I can code round it. Last time I asked for this I
> >didn't receive anything useful to me.
>  
> I am still trying to gather information to send you a message that 
> caused the defunct process.  I had over 600 df files in the inbound 
> queue that I made a copy of before commenting out the UnpackOle line.  
> Which one would be the one you need?  Would it be the oldest one?
It will probably be amongst the oldest ones. Don't forget the matching 
qf files too!
Make a tar file of a bundle of all the oldest ones. ('ls -tr | head 
-100' will give you the 100 oldest files, then you just need to make 
sure you have the qf and df for each of these messages, the "-t" means 
"sort by date" and the "-r" means "oldest first").
Send me as many as you like, I can soon find the troublesome ones in there,
>   Is there some attibute about the file that I can search for to 
> pinpoint the bad one? Or should I just tgz all of them and put them on 
> a web server for you?
Just give me the lot.
>  
> I apologize for not getting back to you sooner with the needed info.  
> We have a major site upgrade going live in a few days so I have had to 
> focus on that.
No problem. Once I have isolated the problem, I can put out an update 
that fixes the problem.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dyioulos at firstbhph.com  Fri May  2 22:14:31 2008
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri May  2 22:15:17 2008
Subject: OT: netiquette
In-Reply-To: <481B796E.6030609@pixelhammer.com>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
	<481B796E.6030609@pixelhammer.com>
Message-ID: <200805021714.32307.dyioulos@firstbhph.com>

On Friday 02 May 2008 4:28 pm, DAve wrote:
> Arthur Sherman wrote:
> >>> This list is already diluted far too much with self appointed
> >>> net-cops, and that really had to be said.  Given the same set of
> >
> > Absolutely agree.
> > I think these net-cops are doing more damage to JF and MS than their
> > help(??) to the list.
> > It has to be said: the list turns to be unfriendly!
>
> Can I be a net cop? Do I get a badge? 8^)
>
>
> --
> In 50 years, our descendants will look back on the early years
> of the internet, and much like we now look back on men with
> rockets on their back and feathers glued to their arms, marvel
> that we had the intelligence to wipe the drool from our chins.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


Not only a badge, but a box of doughnuts, too!  :-)

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Fri May  2 22:58:33 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri May  2 22:59:08 2008
Subject: OT: Netiquette Question
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
Message-ID: <223f97700805021458k6a87ba7cxbdd7939ff759b0e6@mail.gmail.com>

2008/5/2 Neal Morgan <Neal@morgan-systems.com>:
> At this risk of stirring things up, may I ask a dumb question?
>
>  One of you made a reference to "snip" - and I was unable to determine
>  whether you meant this was an example of poor netiquette.  If it is,
>  what is the preferred approach?  ...especially when the thread has taken
>  a turn and much of the original discussion no longer applies?   Start a
>  new thread?

If at least marginally on-topic (whatever that may be:-), "snip" out
the parts that don't pply to your reply. ... "snip" refers to the
sound a pair  of scissors make as you do the necessary cutting ... But
you knew that:-);-)

If you go off on a tangent, by all means do start a new thread, or
change the subject, to reflect the new direction of the (sub-)thread.

At least ... that's my very humble opinion...

>
>  Thanks in advance.
>
>  Neal Morgan

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Fri May  2 23:01:27 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri May  2 23:02:01 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <fvfjtu$7ab$1@ger.gmane.org> <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>

2008/5/2 Arthur Sherman <arturs@netvision.net.il>:
> > > This list is already diluted far too much with self appointed
>  > > net-cops, and that really had to be said.  Given the same set of
>
>  Absolutely agree.
>  I think these net-cops are doing more damage to JF and MS than their
>  help(??) to the list.
>  It has to be said: the list turns to be unfriendly!
>
>
>  Best,

Not *that* bad a bunch, now are we really???!?!!?:-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Fri May  2 23:36:27 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  2 23:37:23 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
References: <fvfjtu$7ab$1@ger.gmane.org> <026501c8ac8d$a6faa730$6600a8c0@dell>
	<223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
Message-ID: <481B976B.7080201@ecs.soton.ac.uk>


Glenn Steen wrote:
> 2008/5/2 Arthur Sherman <arturs@netvision.net.il>:
>   
>>>> This list is already diluted far too much with self appointed
>>>>         
>>  > > net-cops, and that really had to be said.  Given the same set of
>>
>>  Absolutely agree.
>>  I think these net-cops are doing more damage to JF and MS than their
>>  help(??) to the list.
>>  It has to be said: the list turns to be unfriendly!
>>
>>
>>  Best,
>>     
>
> Not *that* bad a bunch, now are we really???!?!!?:-)
>   
Come on guys, that's enough for this thread. I don't want to have to say 
it again :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From roland at inbox4u.de  Sat May  3 08:58:29 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Sat May  3 08:59:42 2008
Subject: The Perfect SpamSnake - thank you!
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>

Hi All,

to return to the original Thread:

Although I was missing some settings, which I use, this How-To is very good and when reading the manual you realize, that the contributor has made an effort to complete it.

So: Thank you to the contributor, the manual is very good for beginners, even if they do not use Ubuntu.

Regards,
Roland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080503/52b1be21/attachment.html
From arturs at netvision.net.il  Sat May  3 10:30:46 2008
From: arturs at netvision.net.il (Arthur Sherman)
Date: Sat May  3 10:31:32 2008
Subject: OT: netiquette
In-Reply-To: <200805021714.32307.dyioulos@firstbhph.com>
Message-ID: <007901c8ad00$5e0c5190$6600a8c0@dell>

> > Can I be a net cop? Do I get a badge? 8^)
> 
> Not only a badge, but a box of doughnuts, too!  :-)
> 

I'd like a doughnut too, please!
:))


Best,
--

Arthur Sherman 


From micoots at yahoo.com  Sat May  3 10:50:57 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Sat May  3 10:51:48 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <481AF278.6090601@ecs.soton.ac.uk>
Message-ID: <952652.77332.qm@web33305.mail.mud.yahoo.com>

Hi Jules,

--- Julian Field <MailScanner@ecs.soton.ac.uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Michael Mansour wrote:
> > Hi,
> >
> > I'd like to separate the quarantined spam
> directory
> > for "normal" spam and high scoring spam ie. the
> > directory:
> >
> > /var/spool/MailScanner/quarantine/<date>/spam
> >
> > which contains both normal spam and high scoring
> spam.
> > I'd like to put the high scoring spam in an area
> of
> > it's own.
> >
> > Which is the best way to do this? or should I just
> use
> > a default rule to forward all high scoring spam an
> > another email address or "archive" for processing.
> >   
> With the latest stable version, you can store
> different levels of spam 
> in any arbitrary directory you like. Check out the
> new comments just 
> about "Spam Actions" in MailScanner.conf.

I read this bit:

#    store-<directory-path>  - store the message in
the <directory-path>

as meaning I can specify:

FromOrTo:       default      
store-/var/spool/MailScanner/quarantine/<date>/highscoringspam/

??

I also use MailWatch, so am wondering how this new
path would impact MailWatch's link on the bottom of
its Message Detail view?

Thanks.

Michael.


      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail


From MailScanner at ecs.soton.ac.uk  Sat May  3 11:16:07 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat May  3 11:17:01 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <952652.77332.qm@web33305.mail.mud.yahoo.com>
References: <952652.77332.qm@web33305.mail.mud.yahoo.com>
Message-ID: <481C3B67.6000300@ecs.soton.ac.uk>


Michael Mansour wrote:
> Hi Jules,
>
> --- Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>
>   
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Michael Mansour wrote:
>>     
>>> Hi,
>>>
>>> I'd like to separate the quarantined spam
>>>       
>> directory
>>     
>>> for "normal" spam and high scoring spam ie. the
>>> directory:
>>>
>>> /var/spool/MailScanner/quarantine/<date>/spam
>>>
>>> which contains both normal spam and high scoring
>>>       
>> spam.
>>     
>>> I'd like to put the high scoring spam in an area
>>>       
>> of
>>     
>>> it's own.
>>>
>>> Which is the best way to do this? or should I just
>>>       
>> use
>>     
>>> a default rule to forward all high scoring spam an
>>> another email address or "archive" for processing.
>>>   
>>>       
>> With the latest stable version, you can store
>> different levels of spam 
>> in any arbitrary directory you like. Check out the
>> new comments just 
>> about "Spam Actions" in MailScanner.conf.
>>     
>
> I read this bit:
>
> #    store-<directory-path>  - store the message in
> the <directory-path>
>
> as meaning I can specify:
>
> FromOrTo:       default      
> store-/var/spool/MailScanner/quarantine/<date>/highscoringspam/
>   
That's not how you specify the date, read the comments. But otherwise, yes.
> ??
>
> I also use MailWatch, so am wondering how this new
> path would impact MailWatch's link on the bottom of
> its Message Detail view?
>   
Not a clue, sorry.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jan-peter at koopmann.eu  Sat May  3 11:26:28 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Sat May  3 11:27:36 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <EMEW-k420jG8dbbef0af3edb197505e6415aa14e09b-481B976B.7080201@ecs.soton.ac.uk>
References: <fvfjtu$7ab$1@ger.gmane.org>
	<026501c8ac8d$a6faa730$6600a8c0@dell><223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
	<EMEW-k420jG8dbbef0af3edb197505e6415aa14e09b-481B976B.7080201@ecs.soton.ac.uk>
Message-ID: <EMEW-k42CQgd1690b52e5f8edc1fb9e70e685ec5913-5F9EB2B0731E5B4D88FC20780DFD16101E9D61@DE-SEXB01RZ.intern.seceidos.de>

> Come on guys, that's enough for this thread. I don't want to have to
say 
> it again :-)

Was that not a bit rude? *ducking* :-)
From mikael at syska.dk  Sat May  3 16:04:31 2008
From: mikael at syska.dk (Mikael Syska)
Date: Sat May  3 16:05:32 2008
Subject: The Perfect SpamSnake - thank you!
In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
References: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
Message-ID: <6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>

Hi,

On Sat, May 3, 2008 at 9:58 AM, Ehle, Roland <roland@inbox4u.de> wrote:
> to return to the original Thread:
>
>
>
> Although I was missing some settings, which I use, this How-To is very good
> and when reading the manual you realize, that the contributor has made an
> effort to complete it.

Well, havent followed all threads on this list ... but what "how-to"
are you talking about, since I guess there are lots of them online
.... ?

> So: Thank you to the contributor, the manual is very good for beginners,
> even if they do not use Ubuntu.
>
>
> Regards,
>
> Roland
> --
>  MailScanner mailing list
>  mailscanner@lists.mailscanner.info
>  http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>  Before posting, read http://wiki.mailscanner.info/posting
>
>  Support MailScanner development - buy the book off the website!
>
>

best regards
Mikael Syska
From roland at inbox4u.de  Sat May  3 17:30:03 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Sat May  3 17:30:50 2008
Subject: AW: The Perfect SpamSnake - thank you!
In-Reply-To: <6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>
References: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
	<6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A9@ts-dc2.TS-Webarts.local>

Hi Michael,

> Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> Gesendet: Samstag, 3. Mai 2008 17:05
>

[...]
> Well, havent followed all threads on this list ... but what "how-to"
> are you talking about, since I guess there are lots of them online
> .... ?

http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04

Regards,
Roland
From MailScanner at ecs.soton.ac.uk  Sun May  4 15:35:50 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sun May  4 15:36:56 2008
Subject: 4.69.9 and Word document unpacking problems
Message-ID: <481DC9C6.8050905@ecs.soton.ac.uk>

I have just updated the stable 4.69 release to 4.69.9.
Upgrade if you are having problems with some Word (and other OLE) 
documents causing "PPS Error" messages when they are unpacked.
This update should resolve this problem.

Thanks folks!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rob at kettle.org.uk  Mon May  5 07:31:11 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Mon May  5 07:31:58 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481DC9C6.8050905@ecs.soton.ac.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk>
Message-ID: <481EA9AF.3000603@kettle.org.uk>

Julian Field wrote:
> I have just updated the stable 4.69 release to 4.69.9.
> Upgrade if you are having problems with some Word (and other OLE)
> documents causing "PPS Error" messages when they are unpacked.
> This update should resolve this problem.
>
> Thanks folks!
>
> Jules
>
Hi,

after upgrading to this version I get the following error approx hourly:

/usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory

regards
Rob


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rob at kettle.org.uk  Mon May  5 08:40:58 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Mon May  5 08:41:40 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481EA9AF.3000603@kettle.org.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk> <481EA9AF.3000603@kettle.org.uk>
Message-ID: <481EBA0A.4070106@kettle.org.uk>

>
> Julian Field wrote:
>   
>> I have just updated the stable 4.69 release to 4.69.9.
>> Upgrade if you are having problems with some Word (and other OLE)
>> documents causing "PPS Error" messages when they are unpacked.
>> This update should resolve this problem.
>>
>> Thanks folks!
>>
>> Jules
>>
>>     
> Hi,
>
> after upgrading to this version I get the following error approx hourly:
>
> /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
>
> regards
> Rob
>
>
>   
forgot to say....  simply commenting out the vba32 line in /etc/MailScanner/virus.scanners.conf fixed the error.

Looks like the config to check the new vba32 has been added but not the wrapper to do the updates as yet.

Rob


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From john at tradoc.fr  Mon May  5 09:34:39 2008
From: john at tradoc.fr (John Wilcock)
Date: Mon May  5 09:35:25 2008
Subject: Watermarking action problem?
Message-ID: <481EC69F.2090808@tradoc.fr>

Just received a genuine out-of-office reply that was sent with a null 
sender, but didn't quote the original message and hence the watermark.

MS correctly added 5 points to the spam score, but this should not have 
been enough for the message to be considered as spam. (-1.5 + 5 = +3.5, 
with a threshold of 5) However, it still took the spam action rather 
than the nonspam action for the message.

This is with MS 4.67.6 (the latest gentoo ebuild), and the changelog 
doesn't mention any watermarking-related changes since.

The relevant MailScanner.conf settings are:

Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = 5
Required SpamAssassin Score = 5
Spam Actions = %rules-dir%/spam.actions.rules
Non Spam Actions = %rules-dir%/non.spam.actions.rules

These rules files hit defaults for this message, which are
(spam)
FromOrTo:       default store deliver header "X-Spam-Flag: YES"
(nonspam)
FromOrTo:       default store deliver

Log extract:

May  5 10:09:43 ns0 MailScanner[940]: Message D1EE98084.515BE had bad 
watermark, added 5 to spam score
May  5 10:09:44 ns0 MailScanner[940]: Message D1EE98084.515BE from 
212.227.15.27 () to tradoc.fr is spam, SpamAssassin (not cached, 
score=-1.5, required 5, autolearn=not spam, BAYES_00 -1.50, 
SPF_HELO_PASS -0.00, UNPARSEABLE_RELAY 0.00)
May  5 10:09:44 ns0 MailScanner[940]: Spam Actions: message 
D1EE98084.515BE actions are store,deliver,header


John.

-- 
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Mon May  5 11:20:48 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon May  5 11:21:43 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481EBA0A.4070106@kettle.org.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk> <481EA9AF.3000603@kettle.org.uk>
	<481EBA0A.4070106@kettle.org.uk>
Message-ID: <481EDF80.3090101@ecs.soton.ac.uk>


Rob Kettle wrote:
>> Julian Field wrote:
>>   
>>     
>>> I have just updated the stable 4.69 release to 4.69.9.
>>> Upgrade if you are having problems with some Word (and other OLE)
>>> documents causing "PPS Error" messages when they are unpacked.
>>> This update should resolve this problem.
>>>
>>> Thanks folks!
>>>
>>> Jules
>>>
>>>     
>>>       
>> Hi,
>>
>> after upgrading to this version I get the following error approx hourly:
>>
>> /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
>>
>> regards
>> Rob
>>
>>
>>   
>>     
> forgot to say....  simply commenting out the vba32 line in /etc/MailScanner/virus.scanners.conf fixed the error.
>
> Looks like the config to check the new vba32 has been added but not the wrapper to do the updates as yet.
>   
Bother. Just released 4.69.9-2 which should resolve this minor issue.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mailscanner at lists.mailscanner.info  Mon May  5 11:55:58 2008
From: mailscanner at lists.mailscanner.info (VIAGRA � Official Site)
Date: Mon May  5 11:56:12 2008
Subject: Dear mailscanner@lists.mailscanner.info May 83% 0FF
Message-ID: <20080505092609.5598.qmail@comp3>

An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/41cf8152/attachment.html
From p.katzmann at thiesen.com  Mon May  5 09:23:43 2008
From: p.katzmann at thiesen.com (Peter Katzmann)
Date: Mon May  5 13:02:20 2008
Subject: Problem with 4.69.9-1 Opensuse 10.3 , Module error
Message-ID: <481EC40F.5000105@thiesen.com>

Hello List,
I installed the new Version without any problems but when i tried to 
start it the follwing messages appears and Mailscanner quits.

peter

  is only avaliable with the XS version at 
/usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9
BEGIN failed--compilation aborted at 
/usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9.
Compilation failed in require at 
/usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at 
/usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
Compilation failed in require at 
/usr/lib/MailScanner/MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at 
/usr/lib/MailScanner/MailScanner/Message.pm line 48.
Compilation failed in require at /usr/sbin/MailScanner line 80.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From velda.midanovic at trezor.sr.gov.yu  Mon May  5 13:04:20 2008
From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic)
Date: Mon May  5 13:08:52 2008
Subject: MailScanner and SquirrelMail problems
Message-ID: <000801c8aea8$2cae0540$860a0fc0$@midanovic@trezor.sr.gov.yu>

I have a Red Hat 4 U5 setup with MailScanner and Clam AV working perfectly.

BUT

When I try to add a webmail (SquirrelMail) to the mix, it alll falls down.

I can log into the webmail, but when I try to send a mail through it I get
such things in my maillog :

****************

MailScanner[6486]: Cannot read queue directory /var/spool/mqueue.in

---

MailScanner[6491]: User's home directory /var/www is not writable

MailScanner[6491]: You need to set the "SpamAssassin User State Dir" to a
directory that the "Run As User" can write to

---

MailScanner [6491]: Using SpamAssassin results cache

MailScanner[6491]: Could not create SpamAssassin cache database
/var/spool/MailScanner/incoming/SpamAssassin.cache.db

---

And I have to restart the server to get it running OK again.

 
Any ideas?

 
Best from Velda


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/fe1a631a/attachment.html
From p.katzmann at thiesen.com  Mon May  5 13:18:47 2008
From: p.katzmann at thiesen.com (Peter Katzmann)
Date: Mon May  5 13:19:46 2008
Subject: Problem with 4.69.9-1 Opensuse 10.3 , Module error
In-Reply-To: <481EC40F.5000105@thiesen.com>
References: <481EC40F.5000105@thiesen.com>
Message-ID: <481EFB27.4060900@thiesen.com>

Hello Again,
i have found a way to resolve this issue:
downloading scalar and recompile and install it with xs
remove all compress and zlib installations inside perl  and run an 
update on cpan and then it seems working fine

peter


Peter Katzmann wrote:
> Hello List,
> I installed the new Version without any problems but when i tried to 
> start it the follwing messages appears and Mailscanner quits.
>
> peter
>
>  is only avaliable with the XS version at 
> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9
> BEGIN failed--compilation aborted at 
> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9.
> Compilation failed in require at 
> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
> BEGIN failed--compilation aborted at 
> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
> Compilation failed in require at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
> BEGIN failed--compilation aborted at 
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
> Compilation failed in require at /usr/sbin/MailScanner line 80.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
>
>
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From velda.midanovic at trezor.sr.gov.yu  Mon May  5 15:02:52 2008
From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic)
Date: Mon May  5 15:07:08 2008
Subject: MailScanner and SquirrelMail problems
Message-ID: <000d01c8aeb8$bbdff010$339fd030$@midanovic@trezor.sr.gov.yu>

Sorry for the bother.

I solved the problem.

Did not configure OK the /usr/share/squirrelmail/config.php

Now things are OK.

Best

Velda

 
From: Velda Midanovic [mailto:velda.midanovic@trezor.sr.gov.yu] 
Sent: Monday, May 05, 2008 2:04 PM
To: 'mailscanner@lists.mailscanner.info'
Subject: MailScanner and SquirrelMail problems

 
I have a Red Hat 4 U5 setup with MailScanner and Clam AV working perfectly.

BUT

When I try to add a webmail (SquirrelMail) to the mix, it alll falls down.

I can log into the webmail, but when I try to send a mail through it I get
such things in my maillog :

****************

MailScanner[6486]: Cannot read queue directory /var/spool/mqueue.in

---

MailScanner[6491]: User's home directory /var/www is not writable

MailScanner[6491]: You need to set the "SpamAssassin User State Dir" to a
directory that the "Run As User" can write to

---

MailScanner [6491]: Using SpamAssassin results cache

MailScanner[6491]: Could not create SpamAssassin cache database
/var/spool/MailScanner/incoming/SpamAssassin.cache.db

---

And I have to restart the server to get it running OK again.

 
Any ideas?

 
Best from Velda


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/7dfa036c/attachment.html
From ismail at ismailozatay.net  Mon May  5 16:51:47 2008
From: ismail at ismailozatay.net (Ismail OZATAY)
Date: Mon May  5 16:52:31 2008
Subject: Using MCP
References: <000d01c8aeb8$bbdff010$339fd030$@midanovic@trezor.sr.gov.yu>
Message-ID: <01c001c8aec7$eceeff70$65cba8c0@pc>

Hello ;

i have just enabled mcp in mailscanner.conf file and added some rules in 10_example.cf file like this ;

header   RULE1    Subject =~ /Undelivered Mail Returned to Sender/i
describe RULE1    Block1
score    RULE1    10

header   RULE2    Subject =~ /Mail delivery failed: returning message to sender/i
describe RULE2    Block2
score    RULE2    10

header   RULE3    Subject =~ /Returned mail/i
describe RULE3    Block3
score    RULE3    10

if i write full of the subject, mcp works good but i want to write only a part of the subject like RULE3.how can use this syntax ?

Thanks 

ismail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/0a02f7ac/attachment.html
From rpoe at plattesheriff.org  Mon May  5 17:34:08 2008
From: rpoe at plattesheriff.org (Rob Poe)
Date: Mon May  5 17:35:09 2008
Subject: Requiring RFC Compliance -- Tagging for MS ?
Message-ID: <481EF0B0.65ED.00A2.0@plattesheriff.org>

I had my MTA's set to require that forward and reverse DNS is set up properly, however the amount of brain dead sysadmins who do NOT set their Forward <-> Reverse DNS is staggering.

It *DID* reduce the spam amounts significantly, however the collateral damage was just too great.

Does anyone know how to make Sendmail tag in the header, so as to provide a scoring method for SA ?


From eric.noel at ouvaton.org  Mon May  5 23:59:51 2008
From: eric.noel at ouvaton.org (=?ISO-8859-1?Q?=C9ric_No=EBl?=)
Date: Tue May  6 00:00:26 2008
Subject: spamassasin (maybe) make all disapear...!!
Message-ID: <481F9167.5010608@ouvaton.org>

Hello,

I has installed mailscanner on my new ubuntu-server 8.04

I had problems.....the spam does not appear in mailbox ( with a kind of 
{mail?  )
But nospam mail are ok. I had the

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

On the end of each mail


I folow these tutorial:

https://help.ubuntu.com/community/MailScanner

In MailScanner.conf i had:
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"

Wher could i start now to resolve this problem?

Thanks

Eric Noel
From ssilva at sgvwater.com  Tue May  6 00:18:32 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May  6 00:19:23 2008
Subject: spamassasin (maybe) make all disapear...!!
In-Reply-To: <481F9167.5010608@ouvaton.org>
References: <481F9167.5010608@ouvaton.org>
Message-ID: <fvo4js$4gc$1@ger.gmane.org>

on 5-5-2008 3:59 PM ? spake the following:
> Hello,
> 
> I has installed mailscanner on my new ubuntu-server 8.04
> 
> I had problems.....the spam does not appear in mailbox ( with a kind of 
> {mail?  )
> But nospam mail are ok. I had the
> 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> On the end of each mail
> 
> 
> I folow these tutorial:
> 
> https://help.ubuntu.com/community/MailScanner
> 
> In MailScanner.conf i had:
> Spam Actions = deliver header "X-Spam-Status: Yes"
> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"
> 
> Wher could i start now to resolve this problem?
> 
> Thanks
> 
> Eric Noel
Try this howto and see if it has any additional info;
http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04
On a side note, it looks like the postfix people got to the Ubuntu hosted 
howto mentioned by the OP. It starts with an anti Mailscanner rant.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/b4130535/signature.bin
From jlmiller at mmtnetworks.com.au  Tue May  6 07:04:55 2008
From: jlmiller at mmtnetworks.com.au (Jon Miller)
Date: Tue May  6 07:07:46 2008
Subject: (no subject)
Message-ID: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>

I have a problem where some of the spam is not spam although it's marked.
The problem is although I can release it, the mail and attachments are
merged into a single email.  How do I tell MailScanner to keep the email and
attachment intact, e.g separate or in their original state.?

I also use Spamassassin, and mailwatch.

 
Regards,

 
Jon L. Miller, MCNE CNE CCNA

Director

MMT Networks Pty Ltd

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/5e3ed8f4/attachment.html
From john at tradoc.fr  Tue May  6 09:58:55 2008
From: john at tradoc.fr (John Wilcock)
Date: Tue May  6 09:59:39 2008
Subject: Watermarking action problem?
In-Reply-To: <481EC69F.2090808@tradoc.fr>
References: <481EC69F.2090808@tradoc.fr>
Message-ID: <48201DCF.4040506@tradoc.fr>

John Wilcock a ?crit :
> Just received a genuine out-of-office reply that was sent with a null 
> sender, but didn't quote the original message and hence the watermark.
> 
> MS correctly added 5 points to the spam score, but this should not have 
> been enough for the message to be considered as spam. (-1.5 + 5 = +3.5, 
> with a threshold of 5) However, it still took the spam action rather 
> than the nonspam action for the message.

Conversely, I just received a piece of spam with a null sender and (of 
course) no watermark. MS again correctly added points to the spam score. 
This time they should have been enough to push the message over the high 
spam threshold, but MS still took the ordinary spam action, not the high 
spam action.

Any ideas?

John.

-- 
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk  Tue May  6 10:01:24 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 10:02:23 2008
Subject: (no subject)
In-Reply-To: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>
References: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>
Message-ID: <48201E64.9020106@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jon Miller wrote:
>
> I have a problem where some of the spam is not spam although it?s 
> marked. The problem is although I can release it, the mail and 
> attachments are merged into a single email. How do I tell MailScanner 
> to keep the email and attachment intact, e.g separate or in their 
> original state.?
>
Set this in MailScanner.conf:
Quarantine Whole Messages As Queue Files = yes

> I also use Spamassassin, and mailwatch.
>
> Regards,
>
> Jon L. Miller, MCNE CNE CCNA
>
> Director
>
> MMT Networks Pty Ltd
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: windows-1252

wj8DBQFIIB5rEfZZRxQVtlQRAqytAJ9MU4VE2ro1oNFlqSMaKySaJWSfjwCgw/iC
lt8LIWBqrFZKCTzzL1MPeig=
=C1Bw
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From philippe at beau.nom.fr  Tue May  6 12:33:24 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May  6 12:33:04 2008
Subject: Problem running MailScanner & MailWatch
Message-ID: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>

Hi everybody,

So at first, thanks Julian for your daily work around MailScanner, it's a
great product :)

I have some shit since sometimes, and i don't arrive to solve this. It
seems to appear when i activate the logging with MailWatch. So i would
like an external advice on my configuration :

- OS is Centos r5
- Perl release is 5.10.0
- MySQL was downgraded from 5.0.22 to 4.1.22
- MailScanner is Version number in MailScanner.conf (4.68.8) is correct.

-> MailScanner --lint is okay

but when i launch MailScanner with Logging & MailWatch activated, i have
this error message :

Could not use Custom Function code
MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
Make sure the module is correct with perl -wc at
/usr/lib/MailScanner/MailScanner/Config.pm line 873

And it seems to have some dead process with "Compressing attachments".

I try in the past to upgrade the release of MailScanner, but i have more
and more shits and i don't arrive to have a clean process. Can you help me
with this ?

Best regards

Philippe,

From martinh at solidstatelogic.com  Tue May  6 12:52:54 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue May  6 12:53:52 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>

Philippe

What happens if you run logging or mailwatch on their own?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have more
> and more shits and i don't arrive to have a clean process. Can you help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From malli at mcrirents.com  Tue May  6 14:44:50 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Tue May  6 13:44:42 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
	<44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FCCA@exchange.computerrents.com>


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: Tuesday, May 06, 2008 6:53 AM
To: MailScanner discussion
Subject: RE: Problem running MailScanner & MailWatch

Philippe

What happens if you run logging or mailwatch on their own?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner,
it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is
correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i
have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be
"eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have
more
> and more shits and i don't arrive to have a clean process. Can you
help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


It could be a missing package such as DBD-MySQL.  Try that.

Regards,

MO
From MailScanner at ecs.soton.ac.uk  Tue May  6 13:48:01 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 13:48:56 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <48205381.2070600@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Philippe BEAU wrote:
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>   
Thanks!
> And it seems to have some dead process with "Compressing attachments".
>   
Make sure you have these both set in MailScanner.conf :
Debug = no
Debug SpamAssassin = no

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIFOIEfZZRxQVtlQRAvapAKDpxuzQB4FyHeipnlGAViGWu7hVVACgk28j
f+JS64YYxu9u6QZa9Ijxj/c=
=+/ky
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Phil.Udel at SalemCorp.com  Tue May  6 14:04:13 2008
From: Phil.Udel at SalemCorp.com (Phil Udel)
Date: Tue May  6 14:04:54 2008
Subject: Word Document and themeManager.x10.rel
Message-ID: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>

HI everyone.
Strange thing was reported to me today.  a User is getting a "Warning:
E-mail viruses detected" when he sends a Word Document.
 
How can I change the filename.rules.conf to allow ONLY these hidden
extensions.
themeManager.x10.rel
themeManager.x11.rel
themeManager.x12.rel
themeManager.x13.rel
 
 
This is the complete error:
One or more of the attachments (28784.doc, themeManager.x12.rel,
themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc, 1020.doc,
themeManager.x11.rel) are on the list of unacceptable attachments for this
site and will not have been delivered.

Consider renaming the files to avoid this constraint.

The virus detector said this about the message:

Report: Report: MailScanner: Attempt to hide real filename extension
(themeManager.x12.rel)

Report: MailScanner: Attempt to hide real filename extension
(themeManager.x10.rel)

Report: MailScanner: Attempt to hide real filename extension
(themeManager.x13.rel)

Report: MailScanner: Attempt to hide real filename extension
(themeManager.x11.rel)

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/168f25ed/attachment.html
From roland at inbox4u.de  Tue May  6 14:09:39 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Tue May  6 14:14:31 2008
Subject: AW: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394BB@ts-dc2.TS-Webarts.local>

Hi Philippe,

your probably did not copy the MailWatchLogging.pm into the CustomFunctions directory (see MailWatch Installation documentation)
Regards,
Roland

> -----Urspr?ngliche Nachricht-----
> Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] Im Auftrag von Philippe BEAU
> Gesendet: Dienstag, 6. Mai 2008 13:33
> An: mailscanner@lists.mailscanner.info
> Betreff: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's
> a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is
> correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i
> have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be
> "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have
> more
> and more shits and i don't arrive to have a clean process. Can you help
> me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From philippe at beau.nom.fr  Tue May  6 14:32:37 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May  6 14:33:12 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <48205381.2070600@ecs.soton.ac.uk>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
	<48205381.2070600@ecs.soton.ac.uk>
Message-ID: <005801c8af7d$a681db00$f3859100$@nom.fr>

Hi Julian,

Already done :(

Regards,

-----Message d'origine-----
De?: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] De la part de Julian
Field
Envoy??: mardi 6 mai 2008 14:48
??: MailScanner discussion
Objet?: Re: Problem running MailScanner & MailWatch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Philippe BEAU wrote:
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>   
Thanks!
> And it seems to have some dead process with "Compressing attachments".
>   
Make sure you have these both set in MailScanner.conf :
Debug = no
Debug SpamAssassin = no

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIFOIEfZZRxQVtlQRAvapAKDpxuzQB4FyHeipnlGAViGWu7hVVACgk28j
f+JS64YYxu9u6QZa9Ijxj/c=
=+/ky
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From philippe at beau.nom.fr  Tue May  6 14:33:22 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May  6 14:33:32 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
	<44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
Message-ID: <005901c8af7d$c181c820$44855860$@nom.fr>

Hi Martin,

Sorry, i don't understand what you want to mean. Can you explain me more
detailed ?

Thanks for your patience, I'm only French guy :)

Philippe,

-----Message d'origine-----
De?: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] De la part de
Martin.Hepworth
Envoy??: mardi 6 mai 2008 13:53
??: MailScanner discussion
Objet?: RE: Problem running MailScanner & MailWatch

Philippe

What happens if you run logging or mailwatch on their own?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have more
> and more shits and i don't arrive to have a clean process. Can you help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


From MailScanner at ecs.soton.ac.uk  Tue May  6 14:50:26 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 14:51:37 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
Message-ID: <48206222.7010400@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have this near the top of my filename.rules.conf file:

# Allow Office 2007 docs
allow   \.xml\d*\.rel$          -       -
allow   \.x\d+\.rel$            -       -
allow   \.rtf$                  -       -

Remember to separate each "word" of each line with a tab character and 
not just spaces. This is the one and only instance where tab characters 
are actually important.

Phil Udel wrote:
> HI everyone.
> Strange thing was reported to me today.  a User is getting a "Warning: 
> E-mail viruses detected" when he sends a Word Document.
>  
> How can I change the filename.rules.conf to allow ONLY these hidden 
> extensions.
> themeManager.x10.rel
> themeManager.x11.rel
> themeManager.x12.rel
> themeManager.x13.rel
>  
>  
> This is the complete error:
>
> One or more of the attachments (28784.doc, themeManager.x12.rel, 
> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc, 
> 1020.doc, themeManager.x11.rel) are on the list of unacceptable 
> attachments for this site and will not have been delivered.
>
> Consider renaming the files to avoid this constraint.
>
> The virus detector said this about the message:
>
> Report: Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x12.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x10.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x13.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x11.rel)
>
>  
>
>  
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIGIsEfZZRxQVtlQRAlFDAJ4nPzpk15Ic2NO4q6P5XmUf45F2UACgwfKW
q7mi5fmGXJ2URHgyOF/Nh+o=
=giaT
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From campbell at cnpapers.com  Tue May  6 15:11:09 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May  6 15:12:02 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
Message-ID: <482066FD.2050806@cnpapers.com>


Phil Udel wrote:
> HI everyone.
> Strange thing was reported to me today.  a User is getting a "Warning: 
> E-mail viruses detected" when he sends a Word Document.
>  
> How can I change the filename.rules.conf to allow ONLY these hidden 
> extensions.
> themeManager.x10.rel
> themeManager.x11.rel
> themeManager.x12.rel
> themeManager.x13.rel
>  
>  
> This is the complete error:
>
> One or more of the attachments (28784.doc, themeManager.x12.rel, 
> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc, 
> 1020.doc, themeManager.x11.rel) are on the list of unacceptable 
> attachments for this site and will not have been delivered.
>
> Consider renaming the files to avoid this constraint.
>
> The virus detector said this about the message:
>
> Report: Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x12.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x10.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x13.rel)
>
> Report: MailScanner: Attempt to hide real filename extension 
> (themeManager.x11.rel)
>
>  
Check your filename rules (might be filename.rules.conf) and search for 
the string "Attempt to hide real filename extension". Comment the line 
out and reload/restart Mailscanner. This used to be a Microsoft 
exploitable vulnerability. You shouldn't need it now, as best as I can 
recall, unless you are running old stuff.

I could be wrong.

Steve Campbell


From campbell at cnpapers.com  Tue May  6 15:14:00 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May  6 15:14:44 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <48206222.7010400@ecs.soton.ac.uk>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
	<48206222.7010400@ecs.soton.ac.uk>
Message-ID: <482067A8.4040608@cnpapers.com>


Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have this near the top of my filename.rules.conf file:
>
> # Allow Office 2007 docs
> allow   \.xml\d*\.rel$          -       -
> allow   \.x\d+\.rel$            -       -
> allow   \.rtf$                  -       -
>
> Remember to separate each "word" of each line with a tab character and 
> not just spaces. This is the one and only instance where tab characters 
> are actually important.
>
> Phil Udel wrote:
>   
>> HI everyone.
>> Strange thing was reported to me today.  a User is getting a "Warning: 
>> E-mail viruses detected" when he sends a Word Document.
>>  
>> How can I change the filename.rules.conf to allow ONLY these hidden 
>> extensions.
>> themeManager.x10.rel
>> themeManager.x11.rel
>> themeManager.x12.rel
>> themeManager.x13.rel
>>  
>>  
>> This is the complete error:
>>
>> One or more of the attachments (28784.doc, themeManager.x12.rel, 
>> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc, 
>> 1020.doc, themeManager.x11.rel) are on the list of unacceptable 
>> attachments for this site and will not have been delivered.
>>
>> Consider renaming the files to avoid this constraint.
>>
>> The virus detector said this about the message:
>>
>> Report: Report: MailScanner: Attempt to hide real filename extension 
>> (themeManager.x12.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension 
>> (themeManager.x10.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension 
>> (themeManager.x13.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension 
>> (themeManager.x11.rel)
>>
>>  
>>     
As I mentioned, I could be wrong.

Steve
>>  
>>
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.2 (Build 3005)
> Comment: Use Enigmail to decrypt or check this message is legitimate
> Charset: ISO-8859-1
>
> wj8DBQFIIGIsEfZZRxQVtlQRAlFDAJ4nPzpk15Ic2NO4q6P5XmUf45F2UACgwfKW
> q7mi5fmGXJ2URHgyOF/Nh+o=
> =giaT
> -----END PGP SIGNATURE-----
>
>   

From dom at vbi.vt.edu  Tue May  6 16:16:16 2008
From: dom at vbi.vt.edu (Dominik L. Borkowski)
Date: Tue May  6 16:16:59 2008
Subject: unable to process certain attachments
Message-ID: <200805061116.16560.dom@vbi.vt.edu>


Hello,
Recently we've encountered a few e-mails which were 'stuck' in our queues for 
a few days, mailscanner was never able to process them fully. Below you'll 
find a description of one of those e-mails. We would appreciate any insight 
as to how we may be able to fix this problem.


Each message would have the innocent log error (from address hashed out):

May  2 12:49:03 almaren MailScanner[21605]: Message m41GREcK020606 from
         198.82.162.213 (XXXXX@XXXXXX.XXX) to vbi.vt.edu is too big for spam 
checks (4715006 > 2000000 bytes)

The issue was that it would never go through, and mailscanner would attempt to 
process it for days, every few minutes. When running Mailscanner with --debug 
option, we got this error:

Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line 3168

Upon closer inspection, we found the message in our sendmail's mqueue.in:

s -la mqueue.in/
total 4608
drwxr-xr-x 2 root root       52 May  2 13:56 ./
drwxr-xr-x 5 root root       67 May  2 14:04 ../
-rw------- 1 root smmsp 4711318 May  1 12:27 dfm41GREcK020606
-rw------- 1 root smmsp    3688 May  1 12:27 qfm41GREcK020606

The message seems to contain only 8 attachments:

# grep filename dfm41GREcK020606
Content-disposition: attachment; filename=Figure1.jpg
Content-disposition: attachment; filename="Measkit Draft_latest.doc"
Content-disposition: attachment; filename=Table1.doc
Content-disposition: attachment; filename=Figure2.pdf
Content-disposition: attachment; filename=Figure3.pdf
Content-disposition: attachment; filename=Figure4.pdf
Content-disposition: attachment; filename=Figure5.pdf
Content-disposition: attachment; filename="Measkit Supplementary Material.doc"


While looking at the mailscanner's spool directory (thread responsible for 
processing this given message), we found a bit more:

# ls -la mailscanner/
total 3696
drwxr-xr-x 2 root root    4096 May  2 13:56 ./
drwxr-xr-x 5 root root      67 May  2 14:04 ../
-rw------- 1 root root     310 Jan  1  1980 .rel
-rw------- 1 root root     310 Jan  1  1980 .rels
-rw------- 1 root root     540 Jan  1  1980 .xml
-rw------- 1 root root     540 Jan  1  1980 1.xml
-rw------- 1 root root   34423 May  2 12:47 Figure1.jpg
-rw------- 1 root root  326283 May  2 12:47 Figure2.pdf
-rw------- 1 root root  273733 May  2 12:47 Figure3.pdf
-rw------- 1 root root  281037 May  2 12:47 Figure4.pdf
-rw------- 1 root root  259256 May  2 12:47 Figure5.pdf
-rw------- 1 root root  774144 May  2 12:47 Measkit\ Draft_latest.doc
-rw------- 1 root root 1026048 May  2 12:47 Measkit\ Supplementary\ 
Material.doc
-rw------- 1 root root   27108 May  2 12:47 Ole10Native
-rw------- 1 root root   52548 May  2 12:47 Ole10Native1
-rw------- 1 root root   12708 May  2 12:47 Ole10Native2
-rw------- 1 root root   57028 May  2 12:47 Ole10Native3
-rw------- 1 root root   53828 May  2 12:47 Ole10Native4
-rw------- 1 root root    3044 May  2 12:47 Ole10Native5
-rw------- 1 root root   11556 May  2 12:47 Ole10Native6
-rw------- 1 root root  507392 May  2 12:47 Table1.doc
-rw------- 1 root root    2023 May  2 12:47 msg-22314-1.txt
-rw------- 1 root root    2870 May  2 12:47 msg-22314-2.html
-rw------- 1 root root    6992 Jan  1  1980 theme1.xml
-rw------- 1 root root    6992 Jan  1  1980 theme11.xml
-rw------- 1 root root     283 Jan  1  1980 themeManager.x.rel
-rw------- 1 root root     138 Jan  1  1980 themeManager.xml
-rw------- 1 root root     283 Jan  1  1980 themeManager.xml.rels
-rw------- 1 root root     138 Jan  1  1980 themeManager1.xml
-rw------- 1 root root       0 May  2 12:47 \336i

I guess we have few questions:

1) How come there are so many additional files in the mailscanner's spool dir
2) What can we do to replicate the expansion of all the attachments
3) What causes mailscanner to break in Message.pm


Our setup includes:
- MailScanner 4.69.8
- Sendmail 8.13.7
- tnef 1.4.3
- perl 5.8.5 (modules up to date)

Any hints/suggestions would be greatly appreciated.
-- 
Dominik L. Borkowski - Senior Systems Administrator
Virginia Bioinformatics Institute - www.vbi.vt.edu
From MailScanner at ecs.soton.ac.uk  Tue May  6 16:47:13 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 16:48:10 2008
Subject: unable to process certain attachments
In-Reply-To: <200805061116.16560.dom@vbi.vt.edu>
References: <200805061116.16560.dom@vbi.vt.edu>
Message-ID: <48207D81.2060509@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dominik L. Borkowski wrote:
> Hello,
> Recently we've encountered a few e-mails which were 'stuck' in our queues for 
> a few days, mailscanner was never able to process them fully. Below you'll 
> find a description of one of those e-mails. We would appreciate any insight 
> as to how we may be able to fix this problem.
>
>
> Each message would have the innocent log error (from address hashed out):
>
> May  2 12:49:03 almaren MailScanner[21605]: Message m41GREcK020606 from
>          198.82.162.213 (XXXXX@XXXXXX.XXX) to vbi.vt.edu is too big for spam 
> checks (4715006 > 2000000 bytes)
>
> The issue was that it would never go through, and mailscanner would attempt to 
> process it for days, every few minutes. When running Mailscanner with --debug 
> option, we got this error:
>
> Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line 3168
>   
Download the very latest version of 4.69.9-3 and you will find this 
problem has gone away.

> I guess we have few questions:
>
> 1) How come there are so many additional files in the mailscanner's spool dir
>   
A docx file is actually a zip file containing all the bits that make up 
the document, so MailScanner has unpacked it like any other zip file. 
All the OleNative files are the embedded files extracted from the OLE 
document structure which can be used in there.
> 2) What can we do to replicate the expansion of all the attachments
>   
You can't, there aren't any command-line utilities that do all the work 
of MailScanner in this extraction. You can see a lot of it with "unzip 
- -v blahblah.docx".
> 3) What causes mailscanner to break in Message.pm
>   
A bug which I have already fixed.
>
> Our setup includes:
> - MailScanner 4.69.8
> - Sendmail 8.13.7
> - tnef 1.4.3
> - perl 5.8.5 (modules up to date)
>
> Any hints/suggestions would be greatly appreciated.
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIH2FEfZZRxQVtlQRAqn5AJ9t0D6VOAZ4StC7jMRdAJa9I1DGMwCgjKN2
pe4RcDFmVc7RO/OmFTBO0Z8=
=mEG7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at tippingmar.com  Tue May  6 18:23:32 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Tue May  6 18:24:23 2008
Subject: Watermarking action problem?
In-Reply-To: <48201DCF.4040506@tradoc.fr>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
Message-ID: <48209414.2030407@tippingmar.com>

John Wilcock wrote:
> John Wilcock a ?crit :
>> Just received a genuine out-of-office reply that was sent with a null 
>> sender, but didn't quote the original message and hence the watermark.
>>
>> MS correctly added 5 points to the spam score, but this should not 
>> have been enough for the message to be considered as spam. (-1.5 + 5 
>> = +3.5, with a threshold of 5) However, it still took the spam action 
>> rather than the nonspam action for the message.
>
> Conversely, I just received a piece of spam with a null sender and (of 
> course) no watermark. MS again correctly added points to the spam 
> score. This time they should have been enough to push the message over 
> the high spam threshold, but MS still took the ordinary spam action, 
> not the high spam action.
>
In my case, legitimate bounce messages quoting the original message 
containing my server's watermark are tagged as having bad watermarks.  
Have you seen that happen?

Mark
From davejones70 at gmail.com  Tue May  6 18:24:27 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Tue May  6 18:25:02 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>

Is there a way to make a rule conditional on a body content?  Would an SA
rule be required to get a hit on that score then take different action?

What I am trying to do it only append the inline HTML signature only on the
first outbound email for a particular domain.  Currently the HTML signature
is getting appended to the bottom of all outbound email (for my test email
address) so if the email originates from the outside and I reply, then _my
signature_ is being appended to the original bottom that _was not mine_.

So I need to find a way to detect and append the inline HTML signature only
to the first outbound email from my domain.  Can this be done with some
advanced rules based on SA scoring?

I have searched with various keywords in the mailing list archive with no
success.

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/d1a3b6ff/attachment.html
From dom at vbi.vt.edu  Tue May  6 18:41:34 2008
From: dom at vbi.vt.edu (Dominik L. Borkowski)
Date: Tue May  6 18:42:12 2008
Subject: unable to process certain attachments
In-Reply-To: <48207D81.2060509@ecs.soton.ac.uk>
References: <200805061116.16560.dom@vbi.vt.edu>
	<48207D81.2060509@ecs.soton.ac.uk>
Message-ID: <200805061341.34620.dom@vbi.vt.edu>

On Tuesday 06 May 2008 11:47:13 Julian Field wrote:
>
> Download the very latest version of 4.69.9-3 and you will find this
> problem has gone away.

Yep, that fixed it. Thank you for the prompt response.

> A docx file is actually a zip file containing all the bits that make up
> the document, so MailScanner has unpacked it like any other zip file.
> All the OleNative files are the embedded files extracted from the OLE
> document structure which can be used in there.

That would explain it, we actually assumed it was a regular .doc file based on 
the extension, rather than further analysis.

Thanks again,
sincerely
-- 
Dominik L. Borkowski - Senior Systems Administrator
Virginia Bioinformatics Institute - www.vbi.vt.edu
From MailScanner at ecs.soton.ac.uk  Tue May  6 18:58:42 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 18:59:33 2008
Subject: Watermarking action problem?
In-Reply-To: <48209414.2030407@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
	<48209414.2030407@tippingmar.com>
Message-ID: <48209C52.2020200@ecs.soton.ac.uk>


Mark Nienberg wrote:
> John Wilcock wrote:
>> John Wilcock a ?crit :
>>> Just received a genuine out-of-office reply that was sent with a 
>>> null sender, but didn't quote the original message and hence the 
>>> watermark.
>>>
>>> MS correctly added 5 points to the spam score, but this should not 
>>> have been enough for the message to be considered as spam. (-1.5 + 5 
>>> = +3.5, with a threshold of 5) However, it still took the spam 
>>> action rather than the nonspam action for the message.
>>
>> Conversely, I just received a piece of spam with a null sender and 
>> (of course) no watermark. MS again correctly added points to the spam 
>> score. This time they should have been enough to push the message 
>> over the high spam threshold, but MS still took the ordinary spam 
>> action, not the high spam action.
I'll take a look at that.
>>
> In my case, legitimate bounce messages quoting the original message 
> containing my server's watermark are tagged as having bad watermarks.  
> Have you seen that happen?
Is this watermark in the quoted headers? If in the quoted headers, was 
there any attached original body of the message?

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue May  6 19:42:39 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 19:43:38 2008
Subject: Watermarking action problem?
In-Reply-To: <48209414.2030407@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
	<48209414.2030407@tippingmar.com>
Message-ID: <4820A69F.6000205@ecs.soton.ac.uk>


Mark Nienberg wrote:
> John Wilcock wrote:
>> John Wilcock a ?crit :
>>> Just received a genuine out-of-office reply that was sent with a 
>>> null sender, but didn't quote the original message and hence the 
>>> watermark.
>>>
>>> MS correctly added 5 points to the spam score, but this should not 
>>> have been enough for the message to be considered as spam. (-1.5 + 5 
>>> = +3.5, with a threshold of 5) However, it still took the spam 
>>> action rather than the nonspam action for the message.
I can't find this one either, sorry. :-(
>>
>> Conversely, I just received a piece of spam with a null sender and 
>> (of course) no watermark. MS again correctly added points to the spam 
>> score. This time they should have been enough to push the message 
>> over the high spam threshold, but MS still took the ordinary spam 
>> action, not the high spam action.
>>
> In my case, legitimate bounce messages quoting the original message 
> containing my server's watermark are tagged as having bad watermarks.  
> Have you seen that happen?
>
> Mark
Please can you send me a badly-behaved message demonstrating this 
problem (with the watermark), and all your Watermark settings, including 
the Secret. Given that lot I should be able to work out why it's going 
wrong.

I've just re-created a message bounce by hand, and it worked out just 
fine. So I can't reproduce it yet :-(

Not doing well here...

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue May  6 19:49:49 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 19:50:23 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>
References: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>
Message-ID: <4820A84D.2020605@ecs.soton.ac.uk>

It's in the latest releases. Here's the relevant chunk from 
MailScanner.conf:

# This option can be used to stop any duplication of en email signature
# appearing in the HTML of an email message. It looks for the "alt"
# attribute in the <img> tag specifying the image to be inserted int the
# HTML signature. If you want to use this option without inserting an image
# into the signature, simply specify an <img> tag without a "src" attribute.
#
# If the "alt" tag appears, and contains the word "MailScanner" and the
# word "Signature" and the %org-name% you specified at the top of this file,
# then the message is considered to already be signed. If this option is
# also set to "yes", then it will not be signed again. Multiple image
# signatures at the bottom of a message can make the message very large and
# ugly once it has been replied to a couple of times.
# This can also be the filename of a ruleset.
Allow Multiple HTML Signatures = no

This should do exactly what you're looking for. If it doesn't then let 
me know and I'll see what adjustments can be made.

Dave Jones wrote:
> Is there a way to make a rule conditional on a body content?  Would an 
> SA rule be required to get a hit on that score then take different action?
>
> What I am trying to do it only append the inline HTML signature only 
> on the first outbound email for a particular domain.  Currently the 
> HTML signature is getting appended to the bottom of all outbound email 
> (for my test email address) so if the email originates from the 
> outside and I reply, then _my signature_ is being appended to the 
> original bottom that _was not mine_.
>
> So I need to find a way to detect and append the inline HTML signature 
> only to the first outbound email from my domain.  Can this be done 
> with some advanced rules based on SA scoring?
>
> I have searched with various keywords in the mailing list archive with 
> no success.
>
> -- 
> Dave Jones 

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue May  6 19:52:45 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May  6 19:53:34 2008
Subject: unable to process certain attachments
In-Reply-To: <200805061341.34620.dom@vbi.vt.edu>
References: <200805061116.16560.dom@vbi.vt.edu>	<48207D81.2060509@ecs.soton.ac.uk>
	<200805061341.34620.dom@vbi.vt.edu>
Message-ID: <4820A8FD.8060000@ecs.soton.ac.uk>


Dominik L. Borkowski wrote:
> On Tuesday 06 May 2008 11:47:13 Julian Field wrote:
>   
>> Download the very latest version of 4.69.9-3 and you will find this
>> problem has gone away.
>>     
>
> Yep, that fixed it. Thank you for the prompt response.
>
>   
>> A docx file is actually a zip file containing all the bits that make up
>> the document, so MailScanner has unpacked it like any other zip file.
>> All the OleNative files are the embedded files extracted from the OLE
>> document structure which can be used in there.
>>     
>
> That would explain it, we actually assumed it was a regular .doc file based on 
> the extension, rather than further analysis.
>
> Thanks again,
> sincerely
>   
Any chance you could send me a copy of the docx file that was causing 
the "Negative" error message please? Either in an email (off-list) or 
put it on a http site somewhere and send me the URL. I would like to see 
what's exactly wrong with my code that pulls out the OleNative objects. 
There's clearly some more bits to the format that my code doesn't quite 
understand.

The current code works okay, but clearly doesn't manage to extract all 
the files it could. So it could be further improved.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at tippingmar.com  Tue May  6 22:34:48 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Tue May  6 22:35:35 2008
Subject: Watermarking action problem?
In-Reply-To: <48209C52.2020200@ecs.soton.ac.uk>
References: <481EC69F.2090808@tradoc.fr>
	<48201DCF.4040506@tradoc.fr>	<48209414.2030407@tippingmar.com>
	<48209C52.2020200@ecs.soton.ac.uk>
Message-ID: <4820CEF8.7060705@tippingmar.com>

Julian Field wrote:
> Mark Nienberg wrote:
>> In my case, legitimate bounce messages quoting the original message 
>> containing my server's watermark are tagged as having bad 
>> watermarks.  Have you seen that happen?
> Is this watermark in the quoted headers? If in the quoted headers, was 
> there any attached original body of the message?
>
Pardon, I didn't mean to hijack this thread.  The original message was 
attached and it contains the watermark. 
The details with an example are in the original thread:

http://article.gmane.org/gmane.mail.virus.mailscanner/63214

Mark
From hvdkooij at vanderkooij.org  Tue May  6 22:48:10 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue May  6 22:48:56 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <4820D21A.4030301@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Philippe BEAU wrote:

| So at first, thanks Julian for your daily work around MailScanner, it's a
| great product :)
|
| I have some shit since sometimes, and i don't arrive to solve this. It
| seems to appear when i activate the logging with MailWatch. So i would
| like an external advice on my configuration :
|
| - OS is Centos r5
| - Perl release is 5.10.0

Just where did you obtain this perl version? Centos 5 ships with perl
5.8 and I am curious if you have a pressing need for this perl version
on your MailScanner box.

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIINIYBvzDRVjxmYERArmJAJ9EMDPKTAw68VLzYWTgI1EXGxplLgCguNlI
0cBpxN7I2M2zHz+B/WxFW6o=
=EC9v
-----END PGP SIGNATURE-----
From test at remedial-teacher.nl  Wed May  7 10:21:24 2008
From: test at remedial-teacher.nl (Test)
Date: Wed May  7 10:24:07 2008
Subject: MailWatch Not logging non-spam possible ?
Message-ID: <20080507112112.F9CD.EE63E960@remedial-teacher.nl>

Is it possible to prevent MailWatch from logging non-spam to mysql ?
-- 
Test <test@remedial-teacher.nl>

From stef at aoc-uk.com  Wed May  7 10:39:49 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Wed May  7 10:40:38 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To: <FLATULOUSICSsiWdBds00003261@flatulous.aoc-uk.com>
References: <47F88A2D.9060508@vanderkooij.org>	<223f97700804061238jd43245bhb766df569190555f@mail.gmail.com>	<48005D32.3040802@vanderkooij.org>	<223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com>	<223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com>	<48012788.8070401@vanderkooij.org>	<223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com>	<4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>
	<FLATULOUSICSsiWdBds00003261@flatulous.aoc-uk.com>
Message-ID: <200805070940.m479e1E7018876@safir.blacknight.ie>


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Hugo van der Kooij
> Sent: 14 April 2008 06:47
>
> Well. I am not a wiki kind of person. So I just added it to 
> my MailScanner page: 
> http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD
> 

Do you perchance have a similar method whereby one can bypass email
*from* certain senders?

Now I know in this day and age of forged addressing this has potential
drawbacks but it would save me a pile of rulewriting in MS.

Thanks

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454 
From MailScanner at ecs.soton.ac.uk  Wed May  7 11:08:55 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 11:09:49 2008
Subject: Watermarking action problem?
In-Reply-To: <4820CEF8.7060705@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr>	<48201DCF.4040506@tradoc.fr>	<48209414.2030407@tippingmar.com>	<48209C52.2020200@ecs.soton.ac.uk>
	<4820CEF8.7060705@tippingmar.com>
Message-ID: <48217FB7.9050505@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mark Nienberg wrote:
> Julian Field wrote:
>> Mark Nienberg wrote:
>>> In my case, legitimate bounce messages quoting the original message 
>>> containing my server's watermark are tagged as having bad 
>>> watermarks.  Have you seen that happen?
>> Is this watermark in the quoted headers? If in the quoted headers, 
>> was there any attached original body of the message?
>>
> Pardon, I didn't mean to hijack this thread.  The original message was 
> attached and it contains the watermark. The details with an example 
> are in the original thread:
>
> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>
> Mark
Sorry, that's no use. Without the original sender details and everything 
there as originally given in the message, I can't test the watermark at 
all. Sorry.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIX+5EfZZRxQVtlQRAhhqAKC8WLIu9Sq9JyXLr6irR71ZsgmD9wCgp4s9
XuBu0hJAat5jhasoxhJxsfo=
=DNbJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From davejones70 at gmail.com  Wed May  7 12:16:59 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Wed May  7 12:17:35 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>

>It's in the latest releases. Here's the relevant chunk from
>MailScanner.conf:

># This option can be used to stop any duplication of en email signature
># appearing in the HTML of an email message. It looks for the "alt"
># attribute in the <img> tag specifying the image to be inserted int the
># HTML signature. If you want to use this option without inserting an image
># into the signature, simply specify an <img> tag without a "src"
attribute.
>#
># If the "alt" tag appears, and contains the word "MailScanner" and the
># word "Signature" and the %org-name% you specified at the top of this
file,
># then the message is considered to already be signed. If this option is
># also set to "yes", then it will not be signed again. Multiple image
># signatures at the bottom of a message can make the message very large and
># ugly once it has been replied to a couple of times.
># This can also be the filename of a ruleset.
>Allow Multiple HTML Signatures = no

>This should do exactly what you're looking for. If it doesn't then let
>me know and I'll see what adjustments can be made.
You added this feature for me and it is working great.  We are only getting
one signature.  If we send the first email out, then everything looks great
-- our logo/slogan is appended to the bottom of our email.  The situation I
am trying to prevent is when the first email is sent inbound and we
reply/forward causing our logo/slogan to be added to the bottom of the
original external person's email.  It makes things appear that
xyz.com(external company) has our
abc.com logo/slogan.

All I need now it to be able to detect an original email based on something
in the headers or body so I can make the signature rule conditional on this.

>Dave Jones wrote:
>> Is there a way to make a rule conditional on a body content?  Would an
>> SA rule be required to get a hit on that score then take different
action?
>>
>> What I am trying to do it only append the inline HTML signature only
>> on the first outbound email for a particular domain.  Currently the
>> HTML signature is getting appended to the bottom of all outbound email
>> (for my test email address) so if the email originates from the
>> outside and I reply, then _my signature_ is being appended to the
>> original bottom that _was not mine_.
>>
>> So I need to find a way to detect and append the inline HTML signature
>> only to the first outbound email from my domain.  Can this be done
>> with some advanced rules based on SA scoring?
>>
>> I have searched with various keywords in the mailing list archive with
>> no success.
>>
>> --
.> Dave Jones

>Jules

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/f10d6cf8/attachment.html
From pedro.hoffmann at gmail.com  Wed May  7 13:32:58 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed May  7 13:33:34 2008
Subject: Mailscanner changing the size of attachment
Message-ID: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>

Hello.

I'm using Mailscanner, postfix, and spamassassin.

I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner. but
it blocks my e-mail saying that the file exceeds the maximum size.
I enter in quarantine and it shows up almost 50MB the file.

Why mailscanner changed the size of file?
When downloading the file it says the real size.

Already try to uencode the message. But file size stay the same. It was a
.doc file with a few images on it.

Thanks al!

Regards
Pedro Bordin Hoffmann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/5a790a2e/attachment.html
From MailScanner at ecs.soton.ac.uk  Wed May  7 14:05:14 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 14:06:14 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
Message-ID: <4821A90A.1070802@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dave Jones wrote:
> >It's in the latest releases. Here's the relevant chunk from
> >MailScanner.conf:
>
> ># This option can be used to stop any duplication of en email signature
> ># appearing in the HTML of an email message. It looks for the "alt"
> ># attribute in the <img> tag specifying the image to be inserted int the
> ># HTML signature. If you want to use this option without inserting an 
> image
> ># into the signature, simply specify an <img> tag without a "src" 
> attribute.
> >#
> ># If the "alt" tag appears, and contains the word "MailScanner" and the
> ># word "Signature" and the %org-name% you specified at the top of 
> this file,
> ># then the message is considered to already be signed. If this option is
> ># also set to "yes", then it will not be signed again. Multiple image
> ># signatures at the bottom of a message can make the message very 
> large and
> ># ugly once it has been replied to a couple of times.
> ># This can also be the filename of a ruleset.
> >Allow Multiple HTML Signatures = no
>
> >This should do exactly what you're looking for. If it doesn't then let
> >me know and I'll see what adjustments can be made.
> You added this feature for me and it is working great.  We are only 
> getting one signature.  If we send the first email out, then 
> everything looks great -- our logo/slogan is appended to the bottom of 
> our email.  The situation I am trying to prevent is when the first 
> email is sent inbound and we reply/forward causing our logo/slogan to 
> be added to the bottom of the original external person's email.  It 
> makes things appear that xyz.com <http://xyz.com> (external company) 
> has our abc.com <http://abc.com> logo/slogan.
>
> All I need now it to be able to detect an original email based on 
> something in the headers or body so I can make the signature rule 
> conditional on this.
Can you work out a way of doing this? I already look through the body 
looking for my signature. How can I work out if the message doesn't 
belong to me but still not sign it?
I can't figure this one out, sorry.
>
> >Dave Jones wrote:
> >> Is there a way to make a rule conditional on a body content?  Would an
> >> SA rule be required to get a hit on that score then take different 
> action?
> >>
> >> What I am trying to do it only append the inline HTML signature only
> >> on the first outbound email for a particular domain.  Currently the
> >> HTML signature is getting appended to the bottom of all outbound email
> >> (for my test email address) so if the email originates from the
> >> outside and I reply, then _my signature_ is being appended to the
> >> original bottom that _was not mine_.
> >>
> >> So I need to find a way to detect and append the inline HTML signature
> >> only to the first outbound email from my domain.  Can this be done
> >> with some advanced rules based on SA scoring?
> >>
> >> I have searched with various keywords in the mailing list archive with
> >> no success.
> >>
> >> --
> .> Dave Jones
>
> >Jules
>
> -- 
> Dave Jones 

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIakOEfZZRxQVtlQRAs3kAJ9lunqBxR8MjIWTvKAn20wKX2QJ4gCg06wc
WPimnJ9tWTEtHg+4dvDO2p0=
=FdcE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed May  7 14:06:07 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 14:06:34 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4821A93E.3040909@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Pedro Bordin Hoffmann - [M]orpheus wrote:
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in 
> Mailscanner. but it blocks my e-mail saying that the file exceeds the 
> maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
That is to be expected. Binary files are Base64-encoded when added to 
emails, which causes about a 4/3rds growth in size.
>
> Why mailscanner changed the size of file?
> When downloading the file it says the real size.
>
> Already try to uencode the message. But file size stay the same. It 
> was a .doc file with a few images on it.
>
> Thanks al!
>
> Regards
> Pedro Bordin Hoffmann
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIalFEfZZRxQVtlQRAnIbAJ9ND9/dxwKrFfrqbYa+Zprdi9xEyQCfe6n8
I8pS8jkLC7wFi032s3k7vgA=
=jrx7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From martinh at solidstatelogic.com  Wed May  7 14:12:30 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed May  7 14:13:05 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <078715b17183654ba486a5617712c7c5@solidstatelogic.com>

Pedro

The 'file' may be 36GB but in order to get into and email you need to encode it. This adds 50% to the file, so a 36GB file will end up as a 54GB email.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Pedro Bordin Hoffmann -
> [M]orpheus
> Sent: 07 May 2008 13:33
> To: mailscanner@lists.mailscanner.info
> Subject: Mailscanner changing the size of attachment
>
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
> but it blocks my e-mail saying that the file exceeds the maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
> When downloading the file it says the real size.
>
> Already try to uencode the message. But file size stay the same. It was a
> .doc file with a few images on it.
>
> Thanks al!
>
> Regards
> Pedro Bordin Hoffmann
>


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From theodrake at comcast.net  Wed May  7 14:31:55 2008
From: theodrake at comcast.net (Ed)
Date: Wed May  7 14:32:49 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4821AF4B.2020300@comcast.net>

Pedro Bordin Hoffmann - [M]orpheus wrote:
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in 
> Mailscanner. but it blocks my e-mail saying that the file exceeds the 
> maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
This isn't caused by Mailscanner its just the effect of sending a binary 
file using SMTP.

From pedro.hoffmann at gmail.com  Wed May  7 15:27:38 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed May  7 15:28:13 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <4821AF4B.2020300@comcast.net>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
	<4821AF4B.2020300@comcast.net>
Message-ID: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>

So the answer is becouse it encode the messages?
Is there a way to fix it?

Will he always change de real file size?

thanks
2008/5/7 Ed <theodrake@comcast.net>:

> Pedro Bordin Hoffmann - [M]orpheus wrote:
>
> > Hello.
> >
> > I'm using Mailscanner, postfix, and spamassassin.
> >
> > I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
> > but it blocks my e-mail saying that the file exceeds the maximum size.
> > I enter in quarantine and it shows up almost 50MB the file.
> >
> > Why mailscanner changed the size of file?
> >
> This isn't caused by Mailscanner its just the effect of sending a binary
> file using SMTP.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/66505194/attachment.html
From martinh at solidstatelogic.com  Wed May  7 15:44:27 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed May  7 15:45:04 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
Message-ID: <a544af58e82b704791a361ce91a87285@solidstatelogic.com>


This is how files are transmitted my email. You have to convert 'binary' files into ascii which is how email works.

Therefore the file 'grows' by 50% when in an email.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Pedro Bordin Hoffmann -
> [M]orpheus
> Sent: 07 May 2008 15:28
> To: MailScanner discussion
> Subject: Re: Mailscanner changing the size of attachment
>
> So the answer is becouse it encode the messages?
> Is there a way to fix it?
>
> Will he always change de real file size?
>
> thanks
>
> 2008/5/7 Ed <theodrake@comcast.net>:
>
>
> 	Pedro Bordin Hoffmann - [M]orpheus wrote:
>
>
> 		Hello.
>
> 		I'm using Mailscanner, postfix, and spamassassin.
>
> 		I attached a file with 36 MB, and I have limit of 40 MB in
> Mailscanner. but it blocks my e-mail saying that the file exceeds the
> maximum size.
> 		I enter in quarantine and it shows up almost 50MB the file.
>
> 		Why mailscanner changed the size of file?
>
>
> 	This isn't caused by Mailscanner its just the effect of sending a
> binary file using SMTP.
>
>
> 	--
> 	MailScanner mailing list
> 	mailscanner@lists.mailscanner.info
> 	http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> 	Before posting, read http://wiki.mailscanner.info/posting
>
> 	Support MailScanner development - buy the book off the website!
>
>


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Wed May  7 15:55:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 15:56:59 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>	<4821AF4B.2020300@comcast.net>
	<21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
Message-ID: <4821C2FA.3040504@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Pedro Bordin Hoffmann - [M]orpheus wrote:
> So the answer is becouse it encode the messages?
Yes.
> Is there a way to fix it?
No. That's how email works. Get used to it :-)
>
> Will he always change de real file size?
>
> thanks
> 2008/5/7 Ed <theodrake@comcast.net <mailto:theodrake@comcast.net>>:
>
>     Pedro Bordin Hoffmann - [M]orpheus wrote:
>
>         Hello.
>
>         I'm using Mailscanner, postfix, and spamassassin.
>
>         I attached a file with 36 MB, and I have limit of 40 MB in
>         Mailscanner. but it blocks my e-mail saying that the file
>         exceeds the maximum size.
>         I enter in quarantine and it shows up almost 50MB the file.
>
>         Why mailscanner changed the size of file?
>
>     This isn't caused by Mailscanner its just the effect of sending a
>     binary file using SMTP.
>
>
>     -- 
>     MailScanner mailing list
>     mailscanner@lists.mailscanner.info
>     <mailto:mailscanner@lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIcMAEfZZRxQVtlQRAiWBAKDU/+64rmw/tJZKU8SUA4NBJdd7mwCfbK72
yJkf11jSspHG0DH18nQu3b0=
=GDP/
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dstraka at caspercollege.edu  Wed May  7 17:27:34 2008
From: dstraka at caspercollege.edu (Daniel Straka)
Date: Wed May  7 17:28:25 2008
Subject: Will Watermarking Stop Backscatter?
References: <482182550200000000028138@gw.caspercollege.edu>
	<482182C5020000000002813A@gw.caspercollege.edu>
	<482182D4020000000002813C@gw.caspercollege.edu>
	<482182EB020000000002813E@gw.caspercollege.edu>
	<4821831C0200000000028140@gw.caspercollege.edu>
	<4821837F0200000000028142@gw.caspercollege.edu>
	<482184160200000000028145@gw.caspercollege.edu>
Message-ID: <48218415.61A4.0000.0@caspercollege.edu>

Backscatter is becoming a real nuisance here. Can I stop it with MailScanner? I did a "backscatter" search on the MS wiki but that yielded nothing. How are all of you dealing with backscatter? 

I've read some comments from the list and I'm trying to decipher if watermarking will stop backscatter. It sounds hit-n-miss from the recent list postings. Was it added as a feature to stop backscatter? How does MailScanner know if a message is a bounce or not?

Thanks in advance...
-- 

Dan Straka
Systems Coordinator
Casper College
www.caspercollege.edu ( http://www.caspercollege.edu/ )


From spamlists at coders.co.uk  Wed May  7 17:41:23 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Wed May  7 17:43:06 2008
Subject: Conditional rule based on content information
In-Reply-To: <4821A90A.1070802@ecs.soton.ac.uk>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
	<4821A90A.1070802@ecs.soton.ac.uk>
Message-ID: <4821DBB3.8020405@coders.co.uk>

Julian Field wrote:
> Can you work out a way of doing this? I already look through the body 
> looking for my signature. How can I work out if the message doesn't 
> belong to me but still not sign it?
> I can't figure this one out, sorry.
>   
Jules - can you not do a simple test for "in-reply-to"?

matt
From blazek at lake-coe.k12.ca.us  Wed May  7 17:55:45 2008
From: blazek at lake-coe.k12.ca.us (King, Blaze)
Date: Wed May  7 17:56:21 2008
Subject: Blacklist by subject
In-Reply-To: <48218415.61A4.0000.0@caspercollege.edu>
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu>
	<48218415.61A4.0000.0@caspercollege.edu>
Message-ID: <CB148E09DC6A564F9C25F73446ED6ECA411378@exchange2.lake-coe.k12.ca.us>

I think this ability was added in a recent release, but now I can't find
it in the changelogs...  I need to blacklist by subject.  I'm running
MailScanner 4.67.3.  Is that function added in one of the newer
versions?

Blaze King
Lake County Office of Education
From MailScanner at ecs.soton.ac.uk  Wed May  7 18:33:38 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 18:34:34 2008
Subject: Blacklist by subject
In-Reply-To: <CB148E09DC6A564F9C25F73446ED6ECA411378@exchange2.lake-coe.k12.ca.us>
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu>	<48218415.61A4.0000.0@caspercollege.edu>
	<CB148E09DC6A564F9C25F73446ED6ECA411378@exchange2.lake-coe.k12.ca.us>
Message-ID: <4821E7F2.9060100@ecs.soton.ac.uk>


King, Blaze wrote:
> I think this ability was added in a recent release, but now I can't find
> it in the changelogs...  I need to blacklist by subject.  I'm running
> MailScanner 4.67.3.  Is that function added in one of the newer
> versions?
>   
You can do this with a SpamAssassin rule to detect the subject keywords 
you're looking for, and then use the "SpamAssassin Rule Actions" setting 
in MailScanner.conf to make those rules cause the "delete" or 
"not-deliver" action.

Hopefully that's enough to get you started!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From lists at tippingmar.com  Wed May  7 20:05:29 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Wed May  7 20:06:14 2008
Subject: Watermarking action problem?
In-Reply-To: <48217FB7.9050505@ecs.soton.ac.uk>
References: <481EC69F.2090808@tradoc.fr>	<48201DCF.4040506@tradoc.fr>	<48209414.2030407@tippingmar.com>	<48209C52.2020200@ecs.soton.ac.uk>	<4820CEF8.7060705@tippingmar.com>
	<48217FB7.9050505@ecs.soton.ac.uk>
Message-ID: <4821FD79.5000304@tippingmar.com>

Julian Field wrote:
>
>> Pardon, I didn't mean to hijack this thread.  The original message was 
>> attached and it contains the watermark. The details with an example 
>> are in the original thread:
>>
>> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>>
>> Mark
>>     
> Sorry, that's no use. Without the original sender details and everything 
> there as originally given in the message, I can't test the watermark at 
> all. Sorry.
>
>   
It is reproducible for me if I send to a bad address at certain 
domains.  Would you mind sending a message to

somebadaddress at arup dot com

and see if you trigger the bad watermark test?

Thanks,
Mark
From MailScanner at ecs.soton.ac.uk  Wed May  7 21:41:10 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May  7 21:42:10 2008
Subject: Watermarking action problem?
In-Reply-To: <4821FD79.5000304@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr>	<48201DCF.4040506@tradoc.fr>	<48209414.2030407@tippingmar.com>	<48209C52.2020200@ecs.soton.ac.uk>	<4820CEF8.7060705@tippingmar.com>	<48217FB7.9050505@ecs.soton.ac.uk>
	<4821FD79.5000304@tippingmar.com>
Message-ID: <482213E6.8080305@ecs.soton.ac.uk>


Mark Nienberg wrote:
> Julian Field wrote:
>>
>>> Pardon, I didn't mean to hijack this thread.  The original message 
>>> was attached and it contains the watermark. The details with an 
>>> example are in the original thread:
>>>
>>> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>>>
>>> Mark
>>>     
>> Sorry, that's no use. Without the original sender details and 
>> everything there as originally given in the message, I can't test the 
>> watermark at all. Sorry.
>>
>>   
> It is reproducible for me if I send to a bad address at certain 
> domains.  Would you mind sending a message to
>
> somebadaddress at arup dot com
>
> and see if you trigger the bad watermark test?
Sure.
>
> Thanks,
> Mark

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Thu May  8 06:50:22 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  8 06:51:07 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To: <200805070940.m479e1E7018876@safir.blacknight.ie>
References: <47F88A2D.9060508@vanderkooij.org>	<223f97700804061238jd43245bhb766df569190555f@mail.gmail.com>	<48005D32.3040802@vanderkooij.org>	<223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com>	<223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com>	<48012788.8070401@vanderkooij.org>	<223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com>	<4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>	<FLATULOUSICSsiWdBds00003261@flatulous.aoc-uk.com>
	<200805070940.m479e1E7018876@safir.blacknight.ie>
Message-ID: <4822949E.70106@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stef Morrell wrote:
|> -----Original Message-----
|> From: mailscanner-bounces@lists.mailscanner.info
|> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
|> Of Hugo van der Kooij
|> Sent: 14 April 2008 06:47
|>
|> Well. I am not a wiki kind of person. So I just added it to
|> my MailScanner page:
|> http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD
|>
|
| Do you perchance have a similar method whereby one can bypass email
| *from* certain senders?

Any access list you put in there with a OK instead of a HOLD will do the
trick.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIIpSdBvzDRVjxmYERAhueAJ0WfxKicTk93l8dWwxawArYye7lLwCgsye+
mjFNppxdZBZn6AzP+Be0ZcU=
=1SIX
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Thu May  8 06:54:06 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  8 06:54:17 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4822957E.3050304@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pedro Bordin Hoffmann - [M]orpheus wrote:
| Hello.
|
| I'm using Mailscanner, postfix, and spamassassin.
|
| I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
| but it blocks my e-mail saying that the file exceeds the maximum size.
| I enter in quarantine and it shows up almost 50MB the file.
|
| Why mailscanner changed the size of file?
| When downloading the file it says the real size.
|
| Already try to uencode the message. But file size stay the same. It was
| a .doc file with a few images on it.

The following article is mandatory reading material:
http://email.about.com/cs/standards/a/base64_encoding.htm

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIIpV9BvzDRVjxmYERAvdpAKCNm2b5IGFOxxOkhsEnfwaTOwvJXgCfWKRC
oXwAQ14x7p32cEwVuRPkXS4=
=+OH9
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Thu May  8 06:57:47 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  8 06:57:56 2008
Subject: Blacklist by subject
In-Reply-To: <CB148E09DC6A564F9C25F73446ED6ECA411378@exchange2.lake-coe.k12.ca.us>
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu>	<48218415.61A4.0000.0@caspercollege.edu>
	<CB148E09DC6A564F9C25F73446ED6ECA411378@exchange2.lake-coe.k12.ca.us>
Message-ID: <4822965B.5030803@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

King, Blaze wrote:
| I think this ability was added in a recent release, but now I can't find
| it in the changelogs...  I need to blacklist by subject.  I'm running
| MailScanner 4.67.3.  Is that function added in one of the newer
| versions?

If you run postfix you can also do this in the MTA. I kill everything
that contains subject headers with charactersets I am un able to read
anyway.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIIpZZBvzDRVjxmYERAvdzAJ4woGg9Ak/iksLfya5kk8ftDT2pEgCfWGOG
HPbcjgyF+A7KqALWtRDyiQk=
=QwDq
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk  Thu May  8 10:26:34 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 10:27:33 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
Message-ID: <4822C74A.4020808@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dave Jones wrote:
> >It's in the latest releases. Here's the relevant chunk from
> >MailScanner.conf:
>
> ># This option can be used to stop any duplication of en email signature
> ># appearing in the HTML of an email message. It looks for the "alt"
> ># attribute in the <img> tag specifying the image to be inserted int the
> ># HTML signature. If you want to use this option without inserting an 
> image
> ># into the signature, simply specify an <img> tag without a "src" 
> attribute.
> >#
> ># If the "alt" tag appears, and contains the word "MailScanner" and the
> ># word "Signature" and the %org-name% you specified at the top of 
> this file,
> ># then the message is considered to already be signed. If this option is
> ># also set to "yes", then it will not be signed again. Multiple image
> ># signatures at the bottom of a message can make the message very 
> large and
> ># ugly once it has been replied to a couple of times.
> ># This can also be the filename of a ruleset.
> >Allow Multiple HTML Signatures = no
>
> >This should do exactly what you're looking for. If it doesn't then let
> >me know and I'll see what adjustments can be made.
> You added this feature for me and it is working great.  We are only 
> getting one signature.  If we send the first email out, then 
> everything looks great -- our logo/slogan is appended to the bottom of 
> our email.  The situation I am trying to prevent is when the first 
> email is sent inbound and we reply/forward causing our logo/slogan to 
> be added to the bottom of the original external person's email.  It 
> makes things appear that xyz.com <http://xyz.com> (external company) 
> has our abc.com <http://abc.com> logo/slogan.
>
> All I need now it to be able to detect an original email based on 
> something in the headers or body so I can make the signature rule 
> conditional on this.
I've done this for you. You give it a list of header names. If it finds 
any of them in the headers of the message, it decides it's actually a 
reply and won't attach the HTML signature to it. Is that okay?
>
> >Dave Jones wrote:
> >> Is there a way to make a rule conditional on a body content?  Would an
> >> SA rule be required to get a hit on that score then take different 
> action?
> >>
> >> What I am trying to do it only append the inline HTML signature only
> >> on the first outbound email for a particular domain.  Currently the
> >> HTML signature is getting appended to the bottom of all outbound email
> >> (for my test email address) so if the email originates from the
> >> outside and I reply, then _my signature_ is being appended to the
> >> original bottom that _was not mine_.
> >>
> >> So I need to find a way to detect and append the inline HTML signature
> >> only to the first outbound email from my domain.  Can this be done
> >> with some advanced rules based on SA scoring?
> >>
> >> I have searched with various keywords in the mailing list archive with
> >> no success.
> >>
> >> --
> .> Dave Jones
>
> >Jules
>
> -- 
> Dave Jones 

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIsdLEfZZRxQVtlQRAuYTAKD8McOaXald/DIz55Zu4N/jQ9QsTwCffdKs
r1bbaJXusO4sFn7TfEh40pA=
=E4vm
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From jlmiller at mmtnetworks.com.au  Thu May  8 12:22:19 2008
From: jlmiller at mmtnetworks.com.au (Jon L. Miller)
Date: Thu May  8 12:23:13 2008
Subject: attachments embedded in mail
Message-ID: <2470.202.89.176.40.1210245739.squirrel@webmail.mmtnetworks.com.au>

For some reason whenever an email is marked as SPAM it's attachment is
embedded in the mail.  When we discover a false postive and go to release
it through MailWatch the enduser has an unreadable email.  Is there a
setting that can keep the attachments as they were originally?  I store
the SPAM for up to 14 days before I delete them.

example:

mail:/var/spool/MailScanner/quarantine/20080507/spam# cat
66E29150006.782A7 | more
C?        5488117             670               2              
0T1210140966 418440Acreate_time=1210140966Arew
rite_context=remoteSrancore@iinet.net.auA!log_client_address=203.153.242.20A*log_message_origin=unknown[203.15
3.242.20]A$log_helo_name=pmx.mmtnetworks.com.auAlog_protocol_name=ESMTPAclient_name=unknownA-reverse_client_na
me=242.20-dslgw.amnet.net.auAclient_address=203.153.242.20A
helo_name=pmx.mmtnetworks.com.auAclient_address_ty
pe=2A0dsn_orig_rcpt=rfc822;soniaf@sothertons-wa.com.auOoniaf@sothertons-wa.com.auRoniaf@sothertons-wa.com.au
A0dsn_orig_rcpt=rfc822;Stacey@sothertons-wa.com.auOtacey@sothertons-wa.com.auRtacey@sothertons-wa.com.auMN@R
eceived: from pmx.mmtnetworks.com.au (unknown [203.153.242.20])N@       by
mail.mmtnetworks.com.au (Postfix) w
ith ESMTP id 66E29150006;N&     Wed,  7 May 2008 14:16:06 +0800
(WST)NqReceived: from outbound.icp-qv1-irony-o
ut1.iinet.net.au (outbound.icp-qv1-irony-out1.iinet.net.au
[203.59.1.108])NH    by pmx.mmtnetworks.com.au (8.1
3.8/8.13.8) with ESMTP id m475nHpZ031839;N      Wed, 7 May 2008 13:49:18
+0800N%        (envelope-from rancore
@iinet.net.au)N1X-IronPort-AV: E=Sophos;i="4.27,446,1204470000"; N&  
d="qbb'?scan'208,217";a="325419110"N<Rec
eived: from unknown (HELO Workstation1) ([203.59.195.56])NS  by
outbound.icp-qv1-irony-out1.iinet.net.au with
SMTP; 07 May 2008 13:39:48 +0800N9Message-ID:
<003501c8b004$c1b93f80$0200a8c0@Workstation1>N*Reply-To: "Rancor
e" <rancore@iinet.net.au>N&From: "Rancore" <rancore@iinet.net.au>N2To:
"Stacey Dymock" <Stacey@sothertons-wa.c
om.au>,N-        "Sonia" <soniaf@sothertons-wa.com.au>NSubject: TUSCOM
GROUPN$Date: Wed, 7 May 2008 13:31:19 +
0800NOrganization: Rancore Pty LtdNMIME-Version: 1.0NContent-Type:
multipart/mixed;N5   boundary="----=_NextPa
X-Priority: 3NX-MSMail-Priority: NormalN2X-Mailer: Microsoft Outlook
Express 6.00.2900.3138N8X-MimeOLE: Produc
ed By Microsoft MimeOLE V6.00.2900.3198NZX-PMX-Version: 5.4.2.338381,
Antispam-Engine: 2.6.0.325393, Antispam-
Data: 2008.5.6.113753NX-PMX-Spam: Gauge=IIIIIIII, Probability=8%,
Report='HTML_90_100 0.1, HTML_NO_HTTP 0.1, B
ODY_SIZE_10000_PLUS 0, USER_AGENT_OE 0, __CT 0, __CTYPE_HAS_BOUNDARY 0,
__CTYPE_MULTIPART 0, __FRAUD_419_SUBJ_
ALLCAPS 0, __HAS_MSGID 0, __HAS_MSMAIL_PRI 0, __HAS_X_MAILER 0,
__HAS_X_PRIORITY 0, __LINES_OF_YELLING 0, __MI
ME_HTML 0, __MIME_VERSION 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0,
__USER_AGENT_MS_GENERIC 0'NN,This is a multi
-part message in MIME
format.NN+------=_NextPart_000_002B_01C8B046.A21A6FE0N$Content-Type:
multipart/alternati
ve;N5  
boundary="----=_NextPart_001_002C_01C8B046.A21A6FE0"NNN+------=_NextPart_001_002C_01C8B046.A21A6FE0NCo
ntent-Type: text/plain;N       
charset="iso-8859-1"N+Content-Transfer-Encoding: quoted-printableNNREGARDS
 KA
MALN+------=_NextPart_001_002C_01C8B046.A21A6FE0NContent-Type: text/html;N
     charset="iso-8859-1"N+Content-
Transfer-Encoding: quoted-printableNN><!DOCTYPE HTML PUBLIC "-//W3C//DTD
HTML 4.0 Transitional//EN">N^L<HTML><
HEAD>N7<META http-equiv=3DContent-Type content=3D"text/html;
=Ncharset=3Diso-8859-1">N:<META content=3D"MSHTML
 6.00.6000.16640" name=3DGENERATOR>N<STYLE></STYLE>N</HEAD>N<BODY
bgColor=3D#ffffff>N0<DIV><FONT face=3DArial
size=3D2>REGARDS&nbsp; =N
KAMAL</FONT></DIV></BODY></HTML>NN-------=_NextPart_001_002C_01C8B046.A21A6FE0--NN+-
-----=_NextPart_000_002B_01C8B046.A21A6FE0N'Content-Type:
application/octet-stream;N-   name="Tuscom Subdivisi
on Consultants PL.QBB"N!Content-Transfer-Encoding: base64N
Content-Disposition: attachment;N1   filename="Tusc
om Subdivision Consultants
PL.QBB"NNLRYYAAAYAAgABAKxqpzhFhgEACgABAAcAAQABAAC4lABFhgUAAQABAABFhgIATwACAAAAALiUA
DIpNLPQAAAORrpzjka6c4OQBHOlxRdWlja0Jvb2tzXDIwMDVcVHVzY29tIFN1YmRpdmlzaW9uIENvbnN1NLbHRhbnRzIFBMLlFCVwBFhgQABAA
BADMEBAAABCZRAADAaheAgD8uPgn6h+mPpD8G/iD6o0BJ7ePtNLZx/VPy3/xfzz738PQ+l7siiHGQQIAGgSpEqShxIfWrSaUD4oQIAAQQEFBQr
2t9li29khbA2gexQANLmK7YDAT6EkDAAAIFDBxAkABg4aNgQQMHDyBEkDBxyzCoYOEChgwaW9nAESXoWi00BAgIMCAAgQABNLc2yxavXcVGSXt
bDYR7p8AWBjsO9bx761/97+OHiv539vBSB8sQMYqb4B0PCHw5+RA8QfoS8k8e9uNLAhDmYl/Fv2cD8BUAjD8y/tzZxfCHCYMgI3o9hplzBKUQA
VmHq7C0OvZRmbEdgnU1QIYFQAENAhAANL6Pe/p5mAbwFS4spFNFYAFKxO5bMQiM9iJT4LJdX13H7CrRMGFyWUgl9GXKT5K+LEEXNHx5UybMa8N
LaVNmyhg5Zcq4AVAWMEvQAMxDt4r9A/jBjgIAHABsCShguUuAAAIFDBRAgOQPHjx/3ozJA4fPDCB0NL3Ny48oeP3KZ44AACzBUoUK4cWRIECZE
FeJhYefDnChWtTbGxAkcKHTt49PDhAciRIpKGFDACawq+NLOAqY6Krib42rVmMCCiBGj8sOGzh16vCQgidPEiFHRpwocUbKli5YlAAh8iQIhDJ
TllQJ8gWLlQx1NLumih2gWki5ApRIoYOYIkgZJ68pA8cABlHqthEFZAoYLFVKma5W8gPgwkShg4cOBEChQJDygUsHABNLQwYNWziMAqUhDBgRg
bTVEpPFhQoV1KalVb0ITC40ZNRAcQNHggULsLCx82KKHz9/4tgRI4dPzt3kNL5s+cIlJEhCBx4oKHZilUoGAxDZoKGIQO7aAh4Wbt1dCxgAcMH
w+AOBGSpQmlIFaQTBmiaYkWJ7iWNLgEuzhMq3L/vIENGyhUu3MKA+fVVtOiQYNGrYOJAgQZE9acacCXMnBhQ5eGpMMdMGjhsxHDx4MJetNLhAh
lzUCYCOcuhAoBLFq4GAEjgAwfNArYwIFjxAx1O1j4KJEEUhEqRGR1sTcnihI5UPjVLYSiSJm2NLRlUqsqp/jc+mWCkIGzBu7tD5Y0dPGBtR+vB
Js8FDBw89qG1SunCYOMeysFmXsoK9wxHDx8xS9uNGNLjhw2djDoMeMHnCBNhjB5QglIliRCgnhSkuUJOgTw3DCp4s6BPjKlSMktDwQ5EB0wemo
gQMS8CQMjNLRpQ9ZviUubElzhw/a3pciWOFSJQrSYAgmbIlBYqVhYMjaTJixJhRjZqMG/34/dhBqZKNH0SCCBnSNLpMiRI0SS6Flazvw8+RLlS
xVDUo5cqfIFEZclXewgQMNFz5hsHlCFuGRpbdkqSMjnZtnKuS+KjOmjNLRwwcPnDi6LiiBUkOK3L04C1kQIQQcYFloUYCRQp1L8uWO5UlS94Om
oV+8YKhQwePmHMDEyFziCgxNLMqXJpiZamGRZ0ukKESlaqAix0gtbLDNDuAh6ccGLp05sy51BGlYNmWy6Pnxg+KEzo8+eOnjq8NFBNLR06PPnO
CIHkywmS5OwFKh4oVL5cGjRgy5sWoYeMezKXBo8eNH0GCOBlCp8iSI3iStpHECCckQaJcNLwVoIBbki5EMnM0S6EMlwiksnTmDLwUEOvIZuamB
P2PQ5AyOKjCh19vS5kcdG3nDAhw14QM4BgAKxNLSAEuXIoW3r4XBgJm5Khh4MaNHCBktNPx4ocWJJOITCniZ0s+OVKW0Inyj06TKFKmUFOTCjV
8AA7ANLyp8DuP/tMABgLEALAYAi7i0THAxEO3DQ/WDU7YNIqxPn9L0aRK4m1lZNF4woYQjk6kEsEwIOatzNNLkPgFYUA5Lm7te7WBXA2m+6YLQ
JRqALl6ojBB8OpcsYcGSKx9Fsr9agW5unqJ4hcMIMO3WC9R1GoGNLubp6OV0g0rgA0rilelYmCsLlpYSElxJydfXSTXQv3dRqCrkaWPe5iealh
NL3ag9TzSB7SWIyg4n3NLkkLpe7WGXF29BBfdS3BhJElA6cH1VD+A+x90+BeAxQBAIGeAkl0eEkQ7gHDaEsgMRXEIzXSq34uFNLRCkGEKUYQC5
2oaCLfWDoYgAKwhUTRpTi8MTUCKEWGyA9xQYhhCsmxyjF4YmJV0I1AEEXy80gtzZANLEnCSFvvCUIsZdLEmDOEqpkcippgaiXAV+yvFEroYI4f
UgGRxagBSEF0sg0IXW/EQluKA/QOCgP0DNLuP/tPAAAL0AIAoAiDkw0dnEwEO3AwfvBqEtQfd5XgEhUEANAoFTA+EMgV7xgKgg4mDSbqaiFcKi
vNL7ysMJCrAfM2IFlDeVzioFQheISB1Gg2QfL5CQaJiQqHoPhjrRaC+r2CQqJhQtQJEpykVFmqFgrCENLkpComFBukqHc1AoKiQpgX90kQ5UKD
7WCQQ1FgkKVeir6fYWGRMWEApcMBa5WcEhUqNmWlLJEqH5fNLYaJWWAiLtSISFRMKgIJEqPoGqB8OeOwfwP1vJwGACAJoFADUSaeCKoToGTY+F
XPk75l8pplQ/cAuNLgEUCDyWTz1Kcv2eSGs6QUktx/p6JbZrJzw++AgRECTkV08Q2kWl2CeEJOb31zN8zOUgzjTmuCdiNNLD7lhB1maRCYI4Qy
ZO/P3TBjSTFh+eCVgMkpIDMVVDIlMKsIZUkU58xfAv0U5uLHYP4D73w4BAAIANL6DMAYKA0inMCAERGYRA7KvLZ2xBrB5U6c8a8aQNiSh0xZNL
YSTMnzRs3IIb2zanDhk4YN3TmgIDyNLgimsqcmoAeJKGjZsq27M2iqgI6dMGbowVAoih4ycN3MruvaCgCygAqquQNiIUWMmcMoIClE6FlACNLm
VGB6GMBNRAI1hUkGAECInUNwM4xL/dAOL0C+HULfB8SWewfwP1vpwEAHACGIAAUUBoBCiRIEKFCNLhgwhEpOozK1HjshM+pMKEqVLkYx84qSJH
CdGnjqBCiUqFilXrey8+qVqE6t2rlzByidrFq0aiZAcNLSVptBIk0AqOkEZmmoZmmwUvVKlStXOWCFUjWPFq0bP3DlUvXjkFCgp4SQiIlwCgpQ
aYpWUZJCTBCNLSgyJlA6jpDSZpiQZJaXBCClBJFIyjJKSZ5qSY5SUDiOkRJFIqTBKSplpSophVQ5GIiXC8KRkGCUlNLwQgpdSRSWgxPSoFRUjK
MkFJIIiXFKClhpin1RkmJMEJKJYmUEsOTUm6UlBLjUh7VUhIpIUZJqTBNNLqTaJap8RUI0lkcZjlDQI0zRkw8opMImUHKOkFJim5Bq+lKEJ4A2
wc8zL3UCIpgzgzxugehQA9z8vNLdwMB/AAeYH5IELB/APe/nQUAkAWI0QAQBIEtqeziYCDawazEAGwDRl2uFtEXjD+1ywCA5xCRyDGrNLg3dHy
AGirzTHqyYHAQdrNetabUcidaPmgABAQOnqHAYSOWYF8ydCjj0BpatzKKg5EDyHghIGRXwONLGEA2Urs6B4NEDgYlTIQcIIAAKF2dw0Eih4Pif
--More--

--------------------------------
Jon L. Miller, MCNE CNS CCNA
MMT Networks Pty Ltd
East Perth, WA 6004
WA, Australia
+61 89227 0892
-------------------------------------------------

From davejones70 at gmail.com  Thu May  8 12:50:00 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Thu May  8 12:50:34 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805080450i3a857a18nfcddfde08eda3b65@mail.gmail.com>

>Dave Jones wrote:
>> >It's in the latest releases. Here's the relevant chunk from
>> >MailScanner.conf:
>>
>> ># This option can be used to stop any duplication of en email signature
>> ># appearing in the HTML of an email message. It looks for the "alt"
>> ># attribute in the <img> tag specifying the image to be inserted int the
>> ># HTML signature. If you want to use this option without inserting an
>> image
>> ># into the signature, simply specify an <img> tag without a "src"
>> attribute.
>> >#
>> ># If the "alt" tag appears, and contains the word "MailScanner" and the
>> ># word "Signature" and the %org-name% you specified at the top of
>> this file,
>> ># then the message is considered to already be signed. If this option is
>> ># also set to "yes", then it will not be signed again. Multiple image
>> ># signatures at the bottom of a message can make the message very
>> large and
>> ># ugly once it has been replied to a couple of times.
>> ># This can also be the filename of a ruleset.
>> >Allow Multiple HTML Signatures = no
>>
>> >This should do exactly what you're looking for. If it doesn't then let
>> >me know and I'll see what adjustments can be made.
>> You added this feature for me and it is working great.  We are only
>> getting one signature.  If we send the first email out, then
>> everything looks great -- our logo/slogan is appended to the bottom of
>> our email.  The situation I am trying to prevent is when the first
>> email is sent inbound and we reply/forward causing our logo/slogan to
>> be added to the bottom of the original external person's email.  It
>> makes things appear that xyz.com <http://xyz.com> (external company)
>> has our abc.com <http://abc.com> logo/slogan.
>>
>> All I need now it to be able to detect an original email based on
>> something in the headers or body so I can make the signature rule
>> conditional on this.
>Can you work out a way of doing this? I already look through the body
>looking for my signature. How can I work out if the message doesn't
>belong to me but still not sign it?
>I can't figure this one out, sorry.
I am trying to figure this one out on my own.  My original question was
intended to be a generic question about how you can look through the body of
an email and then enable or disable a rule based on that hit in the body.
Do I use a custom SA score?  If so, then how do you setup the signature rule
to be conditional on this SA score hit?
>>
>> >Dave Jones wrote:
>> >> Is there a way to make a rule conditional on a body content?  Would an
>> >> SA rule be required to get a hit on that score then take different
>> action?
>> >>
>> >> What I am trying to do it only append the inline HTML signature only
>> >> on the first outbound email for a particular domain.  Currently the
>> >> HTML signature is getting appended to the bottom of all outbound email
>> >> (for my test email address) so if the email originates from the
>> >> outside and I reply, then _my signature_ is being appended to the
>> >> original bottom that _was not mine_.
>> >>
>> >> So I need to find a way to detect and append the inline HTML signature
>> >> only to the first outbound email from my domain.  Can this be done
>> >> with some advanced rules based on SA scoring?
>> >>
>> >> I have searched with various keywords in the mailing list archive with
>> >> no success.
>> >>
>> >> --
>> >> Dave Jones
>>
>> >Jules
>>
>> --
>> Dave Jones

>Jules

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/eb0f4eaf/attachment.html
From davejones70 at gmail.com  Thu May  8 12:57:29 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Thu May  8 12:57:39 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805080457x47ed2d9dw23ccda7f64961551@mail.gmail.com>

>> All I need now it to be able to detect an original email based on
>> something in the headers or body so I can make the signature rule
>> conditional on this.
>I've done this for you. You give it a list of header names. If it finds
>any of them in the headers of the message, it decides it's actually a
>reply and won't attach the HTML signature to it. Is that okay?
That sounds perfect.  I should be able to find some unique header names to
key on.
(Sorry I sent the last email before seeing this reply from you.)
This might be a useful feature for other circumstances if admins had a
variable like _ISORIGINAL_ to use in rules if there is a reliable way to
detect the first email in a series so you could add or remove processing on
first emails.
>>

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/b5631049/attachment.html
From dcurtis at sbschools.net  Thu May  8 13:46:41 2008
From: dcurtis at sbschools.net (dcurtis@sbschools.net)
Date: Thu May  8 13:48:56 2008
Subject: BlackBerry
Message-ID: <24AAD26C88B9534093235DD9C02F4D176499D7@exchangesrvr.sbschools.net>

I hate to ask stupid questions, but this will probably turn out so. I
have a customer that has one user with a BlackBerry. Every time he sends
mail he gets the below message. I have looked through the
filename.rules.conf and find nothing with the ETP.DAT or even DAT. I
must be missing something simple.

MailScanner version 4.66.5
Fedora Core 5.

From: network@etp1107.etp.na.blackberry.net
[mailto:network@etp1107.etp.na.blackberry.net] 
Sent: Wednesday, May 07, 2008 11:50 AM
To: XXXXXXXXXXX
Subject: {Filename?} RIM_bca28a80-e9c0-11d1-87fe-00600811c6a2

Warning: This message has had one or more attachments removed
Warning: (ETP.DAT).
Warning: Please read the "xxxx.ws-Attachment-Warning.txt" attachment(s)
for more information.

This message is used to carry data between the BlackBerry handheld and
an associated server. Please do not delete, move or respond to this
message - it will be processed by the server.

BEGINETP 291
AVK8oZoAAAAAIBAIMzE5MTk2NzYgEERHZXJ2YWlzQGN2Y2Eud3MAWtwVclAFQ01JTUUDQICA
gIFqAAAwQjVBNTRCRjYrRysxAJOqelBnKlRGlnjzJShY5f0AGa5jB3lNWcWw55ikbUbV3qcu
4vWHkOzovhdQ8jXuh5y0waJY4LAqi/MOqrWY3tNXlNaqpSJYTLgC+qeX/ut6biOqswxyswuD
6iTXsweP2+AmmImTeJl4YM12UTqiXYv4TG8EP0u/80U/v7EkCDPG3cDS07gw1f8c/ofPvmTC
f75jFf6qrxS7j4rrYwC0jOjOHEwqeY2/mFEe9lC6Gcg3HNRNwU54yVLJ45qzFo6FMCPEXVvv
uXPQGcYcCOBpxvI2Iw1HmxPq1YaT
ENDETP -274629644


______________________________________________________________
______________________________________________________________
This email may contain information protected under the Family 
Educational Rights and Privacy Act (FERPA) or the Health Insurance 
Portability and Accountability Act (HIPAA).  If this email contains 
confidential and/or privileged health or student information and you 
are not entitled to access such information under FERPA or HIPAA, 
federal regulations require that you destroy this email without 
reviewing it and you may not forward it to anyone.


--
This message has been scanned for viruses and
dangerous content by MailScanner, ClamAV and Bitdefender  and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/e58b526d/attachment.html
From stef at aoc-uk.com  Thu May  8 14:12:27 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May  8 14:20:19 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To: <FLATULOUSoygXLsxpTl0000097a@flatulous.aoc-uk.com>
References: <47F88A2D.9060508@vanderkooij.org>	<223f97700804061238jd43245bhb766df569190555f@mail.gmail.com>	<48005D32.3040802@vanderkooij.org>	<223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com>	<223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com>	<48012788.8070401@vanderkooij.org>	<223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com>	<4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>	<FLATULOUSICSsiWdBds00003261@flatulous.aoc-uk.com><200805070940.m479e1E7018876@safir.blacknight.ie>
	<FLATULOUSoygXLsxpTl0000097a@flatulous.aoc-uk.com>
Message-ID: <200805081320.m48DJfmX007639@safir.blacknight.ie>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Hugo van der Kooij
> Sent: 08 May 2008 06:50
>
> | Do you perchance have a similar method whereby one can bypass email
> | *from* certain senders?
> 
> Any access list you put in there with a OK instead of a HOLD 
> will do the trick.

So, if I were, for example, to use your rule file e.g.
/etc/postfix/MailScanner

#	These senders will not be scanned with MailScanner
/^bypass@example\.org$/			OK
#       Everyone else will go through MailScanner!
/.*/                                    HOLD
/^$/                                    HOLD

But in the context of 

smtpd_sender_restrictions =
	some_options,
...
	check_sender_access regexp:/etc/postfix/MailScanner

That will have the desired effect.

Could you whitelist both senders & recipients this way, or would it hit
the HOLD action in either ruleset to pass via MS?

Regards

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From pmcewan at energywebnetwork.com  Thu May  8 14:24:38 2008
From: pmcewan at energywebnetwork.com (Paul McEwan)
Date: Thu May  8 14:25:21 2008
Subject: MailScanner Blacklists
Message-ID: <012701c8b10e$ddfa3540$99ee9fc0$@com>

I've been using MailScanner for the last year or so and it works great.
But, spam is always a problem.  I'm using SpamAssassin with MailScanner and
I recently started using some blacklists.  It greatly reduced the spam, but
unfortunately, some legitimate email got blocked.  People working remotely
could not always send email because they had dynamic ips blocked by the
blacklists.  One of the ISPs was Bell South.  Is there some way to get
around this problem?

I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and SendMail
8.12.11.  I was trying to use the following blacklist setting:

Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL

Any help would be great

Thanks

-- Paul


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From gary at sgluk.com  Thu May  8 14:42:57 2008
From: gary at sgluk.com (Gary Pentland)
Date: Thu May  8 14:43:48 2008
Subject: MailScanner Blacklists
In-Reply-To: <EMEW-k47EY6765c5db11b7b4e270840286263dd6fa4-012701c8b10e$ddfa3540$99ee9fc0$@com>
References: <EMEW-k47EY6765c5db11b7b4e270840286263dd6fa4-012701c8b10e$ddfa3540$99ee9fc0$@com>
Message-ID: <CECBF038AC8DF546A861C7D5E6FFC64E4073955DFE@sgl-nc-exch-1.sgluk.com>

Hi,

Not a guarantee but removing "SORBS-DUL" will fix a lot of it.  DUL generally means "Dialup users" which remote people in hotels etc. often get hit by.  I'd suspect that'll halve you problems.

Gary

mailscanner-bounces@lists.mailscanner.info wrote:
> I've been using MailScanner for the last year or so and it works
> great. But, spam is always a problem.  I'm using SpamAssassin with
> MailScanner and I recently started using some blacklists.  It
> greatly reduced the spam, but unfortunately, some legitimate
> email got blocked.  People working remotely could not always
> send email because they had dynamic ips blocked by the
> blacklists.  One of the ISPs was Bell South.  Is there some
> way to get around this problem?
>
> I'm running RedHat Enterprise Linux 3 with MailScanner
> 4.60.8-1 and SendMail 8.12.11.  I was trying to use the following
> blacklist setting:
>
> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL
>
> Any help would be great
>
> Thanks
>
> -- Paul
>
>
>
> --
> This message has been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  8 14:47:17 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 14:48:33 2008
Subject: MailScanner Blacklists
In-Reply-To: <012701c8b10e$ddfa3540$99ee9fc0$@com>
References: <012701c8b10e$ddfa3540$99ee9fc0$@com>
Message-ID: <48230465.6070002@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Put simply, you can't use DUL lists on servers that have to accept mail 
from customers' dialup (or broadband etc) IP addresses. You need to be 
very selective about what DNSBL's you use.

However, you can filter out spam in other ways. Have a hunt on the Wiki 
for my HOWTO from last July.

Paul McEwan wrote:
> I've been using MailScanner for the last year or so and it works great.
> But, spam is always a problem.  I'm using SpamAssassin with MailScanner and
> I recently started using some blacklists.  It greatly reduced the spam, but
> unfortunately, some legitimate email got blocked.  People working remotely
> could not always send email because they had dynamic ips blocked by the
> blacklists.  One of the ISPs was Bell South.  Is there some way to get
> around this problem?
>
> I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and SendMail
> 8.12.11.  I was trying to use the following blacklist setting:
>
> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL
>
> Any help would be great
>
> Thanks
>
> -- Paul
>
>
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIwRlEfZZRxQVtlQRAtW3AJwOfJ7DCR39re026xxWqSpwP+helACgvn5J
414+MSkTf2Ez/3RVrD00K4k=
=QVX4
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Thu May  8 15:03:56 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu May  8 15:04:33 2008
Subject: BlackBerry
In-Reply-To: <24AAD26C88B9534093235DD9C02F4D176499D7@exchangesrvr.sbschools.net>
References: <24AAD26C88B9534093235DD9C02F4D176499D7@exchangesrvr.sbschools.net>
Message-ID: <223f97700805080703id5564ddoc9ee242379b16cf8@mail.gmail.com>

2008/5/8  <dcurtis@sbschools.net>:
>
>
>
> I hate to ask stupid questions, but this will probably turn out so. I have a
> customer that has one user with a BlackBerry. Every time he sends mail he
> gets the below message. I have looked through the filename.rules.conf and
> find nothing with the ETP.DAT or even DAT. I must be missing something
> simple.

This is actually not a stupid question. It is a stupid BlackBerry
behaviour, but not a stupid question:-).
When you activate the BB/User, blackberry will send you the encrypted
activation in a mail... for your BES server to pick up/act on.
They send it properly ascii armored in the message body (IIRC:), as
well as an attached binary file.
This file will be detected as an MS-DOS COM executable from time to
time (very optimistic file magic "strings" ... or rather one byte
codes... in some versions of the file command...), or other prohibited
content.
There are three possible "solutions" that I can think of:
- Whitelist the sender domain wrt filetype checking. This is a bit
"icky and uncertain", but... it's what I ended up doing.
- Try to use "file -i" instead of file. Might make a difference, might
not. I haven't tried this approach... yet:-).
- Remove all "too optimistic" file magics from the magic file (and
regenerate the binary with "file -C").

This issue tewnd to crop up from time to time... A search of the MS
list archives might give other workable solutions... Although I think
not:-).

(snippety-snip)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk  Thu May  8 15:05:37 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 15:06:24 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805080457x47ed2d9dw23ccda7f64961551@mail.gmail.com>
References: <67a55ed50805080457x47ed2d9dw23ccda7f64961551@mail.gmail.com>
Message-ID: <482308B1.2020306@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dave Jones wrote:
> >> All I need now it to be able to detect an original email based on
> >> something in the headers or body so I can make the signature rule
> >> conditional on this.
> >I've done this for you. You give it a list of header names. If it finds
> >any of them in the headers of the message, it decides it's actually a
> >reply and won't attach the HTML signature to it. Is that okay?
> That sounds perfect.  I should be able to find some unique header 
> names to key on.
> (Sorry I sent the last email before seeing this reply from you.)
> This might be a useful feature for other circumstances if admins had a 
> variable like _ISORIGINAL_ to use in rules if there is a reliable way 
> to detect the first email in a series so you could add or remove 
> processing on first emails.
Give 4.70.1-1 a try and let me know what you think.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIIwixEfZZRxQVtlQRAohBAKCZ+dXB+ckG7PvA2dOXjkWncRjunACfX3/a
swppiWglfUQe5mgTAvEVYdk=
=Iehw
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From velda.midanovic at trezor.sr.gov.yu  Thu May  8 15:09:05 2008
From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic)
Date: Thu May  8 15:13:30 2008
Subject: Keeping some users semi-local
Message-ID: <003401c8b115$1931e8f0$4b95bad0$@midanovic@trezor.sr.gov.yu>

Is it at all possible to keep only SOME users from sending mail only to some
domains, while other users may send where they please?

I have RH4U5+MailScanner+ClamAV+Sendmail, and limited users are going to use
ONLY SquirrelMail.

Velda


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/f0d0dc61/attachment.html
From stef at aoc-uk.com  Thu May  8 15:21:59 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May  8 15:22:33 2008
Subject: releasing mail fromquarantine doesn't work with postfix ?
In-Reply-To: <FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com>
References: <200804252108.53288.mrebsamen@unimatrix0.ch><200804261204.17912.mrebsamen@unimatrix0.ch><223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com><200804280025.50756.mrebsamen@unimatrix0.ch>
	<FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com>
Message-ID: <200805081422.m48ELwv2012573@safir.blacknight.ie>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Glenn Steen
> Sent: 28 April 2008 09:56
> If you can, please check if this is general or if it is 
> something that has been introduced in later versions of 
> Postfix. I'm pretty sure that last I looked (oh so many 
> versions ago:-), the info in the wiki was enough, more or less.

I've been ill for a while, so I'm playing catchup on this list, so
apologies for the late reply.

Anyway - that page should still be correct as I wrote it. The directory
names in quarantine have the additional few characters on the end of the
queuefile name, however the raw queue files within the directories have
their original filenames intact. Or at least, this is how it appears for
me using the following..

# Do you want to quarantine the original *entire* message as well as
# just the infected attachments?
# This can also be the filename of a ruleset.
Quarantine Whole Message = yes

# When you quarantine an entire message, do you want to store it as
# raw mail queue files (so you can easily send them onto users) or
# as human-readable files (header then body in 1 file)?
Quarantine Whole Messages As Queue Files = yes

This information current as of MailScanner 4.69

Regards

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454 
From gmatt at nerc.ac.uk  Thu May  8 15:21:44 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Thu May  8 15:22:33 2008
Subject: MailScanner Blacklists
In-Reply-To: <012701c8b10e$ddfa3540$99ee9fc0$@com>
References: <012701c8b10e$ddfa3540$99ee9fc0$@com>
Message-ID: <48230C78.9030608@nerc.ac.uk>

Paul McEwan wrote:
> I've been using MailScanner for the last year or so and it works great.
> But, spam is always a problem.  I'm using SpamAssassin with MailScanner and
> I recently started using some blacklists.  It greatly reduced the spam, but
> unfortunately, some legitimate email got blocked.  People working remotely
> could not always send email because they had dynamic ips blocked by the
> blacklists.  One of the ISPs was Bell South.  Is there some way to get
> around this problem?
> 
> I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and SendMail
> 8.12.11.  I was trying to use the following blacklist setting:
> 
> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL

I have a feeling that you are doubling up here. As someone else said, 
the SORBS-DUL is a dialup list and Zen also contains a dialup block 
list, I dont know if the NJABL list still contains the dynablock list 
but that became the PBL list which is part of Zen.

Personally, I use a single carefully selected block list at the MTA 
layer (which I can selectively whitelist if ever necessary) and the rest 
are used in SA. I found using them in MS a tad restrictive.

My advice; use block lists with care.

G

> 
> Any help would be great
> 
> Thanks
> 
> -- Paul
> 
> 
> 


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From dcurtis at sbschools.net  Thu May  8 15:42:50 2008
From: dcurtis at sbschools.net (dcurtis@sbschools.net)
Date: Thu May  8 15:43:52 2008
Subject: BlackBerry
In-Reply-To: <223f97700805080703id5564ddoc9ee242379b16cf8@mail.gmail.com>
References: <24AAD26C88B9534093235DD9C02F4D176499D7@exchangesrvr.sbschools.net>
	<223f97700805080703id5564ddoc9ee242379b16cf8@mail.gmail.com>
Message-ID: <24AAD26C88B9534093235DD9C02F4D176499DA@exchangesrvr.sbschools.net>

Thanks for the info. I just implemented
http://lists.mailscanner.info/pipermail/mailscanner/2007-December/080666
.html and will reply back if this fails.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn
Steen
Sent: Thursday, May 08, 2008 10:04 AM
To: MailScanner discussion
Subject: Re: BlackBerry

2008/5/8  <dcurtis@sbschools.net>:
>
>
>
> I hate to ask stupid questions, but this will probably turn out so. I
have a
> customer that has one user with a BlackBerry. Every time he sends mail
he
> gets the below message. I have looked through the filename.rules.conf
and
> find nothing with the ETP.DAT or even DAT. I must be missing something
> simple.

This is actually not a stupid question. It is a stupid BlackBerry
behaviour, but not a stupid question:-).
When you activate the BB/User, blackberry will send you the encrypted
activation in a mail... for your BES server to pick up/act on.
They send it properly ascii armored in the message body (IIRC:), as
well as an attached binary file.
This file will be detected as an MS-DOS COM executable from time to
time (very optimistic file magic "strings" ... or rather one byte
codes... in some versions of the file command...), or other prohibited
content.
There are three possible "solutions" that I can think of:
- Whitelist the sender domain wrt filetype checking. This is a bit
"icky and uncertain", but... it's what I ended up doing.
- Try to use "file -i" instead of file. Might make a difference, might
not. I haven't tried this approach... yet:-).
- Remove all "too optimistic" file magics from the magic file (and
regenerate the binary with "file -C").

This issue tewnd to crop up from time to time... A search of the MS
list archives might give other workable solutions... Although I think
not:-).

(snippety-snip)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

______________________________________________________________
______________________________________________________________
This email may contain information protected under the Family 
Educational Rights and Privacy Act (FERPA) or the Health Insurance 
Portability and Accountability Act (HIPAA).  If this email contains 
confidential and/or privileged health or student information and you 
are not entitled to access such information under FERPA or HIPAA, 
federal regulations require that you destroy this email without 
reviewing it and you may not forward it to anyone.


--
This message has been scanned for viruses and
dangerous content by MailScanner, ClamAV and Bitdefender  and is
believed to be clean.

From glenn.steen at gmail.com  Thu May  8 16:06:05 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu May  8 16:06:41 2008
Subject: releasing mail fromquarantine doesn't work with postfix ?
In-Reply-To: <200805081422.m48ELwv2012573@safir.blacknight.ie>
References: <200804252108.53288.mrebsamen@unimatrix0.ch>
	<200804261204.17912.mrebsamen@unimatrix0.ch>
	<223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com>
	<200804280025.50756.mrebsamen@unimatrix0.ch>
	<FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com>
	<200805081422.m48ELwv2012573@safir.blacknight.ie>
Message-ID: <223f97700805080806n54189c66j56ae415f2d3a998f@mail.gmail.com>

2008/5/8 Stef Morrell <stef@aoc-uk.com>:
> > -----Original Message-----
>  > From: mailscanner-bounces@lists.mailscanner.info
>  > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>  > Of Glenn Steen
>  > Sent: 28 April 2008 09:56
>  > If you can, please check if this is general or if it is
>  > something that has been introduced in later versions of
>  > Postfix. I'm pretty sure that last I looked (oh so many
>  > versions ago:-), the info in the wiki was enough, more or less.
>
>  I've been ill for a while, so I'm playing catchup on this list, so
>  apologies for the late reply.
>
>  Anyway - that page should still be correct as I wrote it. The directory
>  names in quarantine have the additional few characters on the end of the
>  queuefile name, however the raw queue files within the directories have
>  their original filenames intact. Or at least, this is how it appears for
>  me using the following..
>
>  # Do you want to quarantine the original *entire* message as well as
>  # just the infected attachments?
>  # This can also be the filename of a ruleset.
>  Quarantine Whole Message = yes
>
>  # When you quarantine an entire message, do you want to store it as
>  # raw mail queue files (so you can easily send them onto users) or
>  # as human-readable files (header then body in 1 file)?
>  Quarantine Whole Messages As Queue Files = yes
>
>  This information current as of MailScanner 4.69
Yes, definitely for queue files in the "normal" quarantine, but not
for the spam quarantine... Right?
Look in the spam subfolder...

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From steve.freegard at fsl.com  Thu May  8 16:24:17 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu May  8 16:24:57 2008
Subject: MailScanner Blacklists
In-Reply-To: <012701c8b10e$ddfa3540$99ee9fc0$@com>
References: <012701c8b10e$ddfa3540$99ee9fc0$@com>
Message-ID: <48231B21.60108@fsl.com>

Paul McEwan wrote:
> I've been using MailScanner for the last year or so and it works great.
> But, spam is always a problem.  I'm using SpamAssassin with MailScanner and
> I recently started using some blacklists.  It greatly reduced the spam, but
> unfortunately, some legitimate email got blocked.  People working remotely
> could not always send email because they had dynamic ips blocked by the
> blacklists.  One of the ISPs was Bell South.  Is there some way to get
> around this problem?

The 'proper' way to do this would be to use SMTP AUTH for your users 
when they are roaming or use POP-before-SMTP otherwise.

Then do all your RBL checking in Sendmail with delay-checks enabled, so 
that users that have used SMTP AUTH or POP-before-SMTP are then exempt 
from RBL checks (as they are effectively whitelisted).

> I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and SendMail
> 8.12.11.  I was trying to use the following blacklist setting:
> 
> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL

I don't use the 'Spam List' option in MailScanner and prefer to do this 
at the SMTP phase, that way you can reduce the load on MailScanner and 
have the MTA bypass RBL tests for specific users (e.g. AUTH) easily.

I also wouldn't use SORBS as I've been bitten by their policies in the 
past e.g. don't be surprised to see Google mail servers in the blacklist 
and don't be surprised to find static IPs with generic rDNS in the 
dial-up lists (which is what I suspect the problem was with Bell South).

Cheers,
Steve.
From Chris.Russell at knowledgeit.co.uk  Thu May  8 16:31:26 2008
From: Chris.Russell at knowledgeit.co.uk (Chris Russell)
Date: Thu May  8 16:32:22 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
Message-ID: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>

Hi All,
 
 Probably one for Julian, as right now its a "from the top of your head"
question.
 
 When using Exim, and have store and queue files=yes. Does Mailscanner
copy the original spool file, or read it in, then recreate the outbound
queue file ?
 
 I have an odd issue. This only seems to affect HTML email, mostly from
mailing lists/groups and with long from addresses (ie:
xdkdddddddddd_ddsfsdfsdfsdfsfdsdfsdf@lists.xxxxx.xxxxxx.xxxx.com) etc.
 
 Basically, these will be passed by MailScanner, however will not be
sent.  The reason for this is exim doesn't sanity check for \r\n at the
end of the -D spool file when sending, it basically throws this out via
remote smtp. If there is no \r\n at the end of the file, the period on a
line by itself never happens.
 
 When I look at the spool file (-D),  the end line is the end of the
HTML and no \r\n is present.
 
 Just wondering if this is a potential bug ? Mailscanner version is a
little behind 4.66.5 however I can't see anything for exim in the recent
change logs. Other HTML email goes through fine, the only commonality I
can find is long sender addresses, but no idea why this would affect the
creation of the spool file.
 
 Julian, any potential thoughts ?
 
Thanks
 
Chris
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/d7557780/attachment.html
From stef at aoc-uk.com  Thu May  8 16:50:49 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May  8 16:51:28 2008
Subject: releasing mail fromquarantine doesn't work with postfix ?
In-Reply-To: <FLATULOUSiZij0w4TPn000009fb@flatulous.aoc-uk.com>
References: <200804252108.53288.mrebsamen@unimatrix0.ch><200804261204.17912.mrebsamen@unimatrix0.ch><223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com><200804280025.50756.mrebsamen@unimatrix0.ch><FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com><200805081422.m48ELwv2012573@safir.blacknight.ie>
	<FLATULOUSiZij0w4TPn000009fb@flatulous.aoc-uk.com>
Message-ID: <200805081551.m48Fosrn018983@safir.blacknight.ie>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf 
> Of Glenn Steen
> Sent: 08 May 2008 16:06
>
> but not for the spam quarantine... Right?
> Look in the spam subfolder...

Ooo... Now you're asking. I don't routinely quarantine spam, as I would
in short order need to buy a small property full of hard disk. I'll have
a play with it and see.

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From pmcewan at energywebnetwork.com  Thu May  8 16:57:35 2008
From: pmcewan at energywebnetwork.com (Paul McEwan)
Date: Thu May  8 16:58:22 2008
Subject: MailScanner Blacklists
In-Reply-To: <48231B21.60108@fsl.com>
References: <012701c8b10e$ddfa3540$99ee9fc0$@com> <48231B21.60108@fsl.com>
Message-ID: <014701c8b124$3bd0d560$b3728020$@com>

OK, everybody has given very useful information this morning

SMTP AUTH is enabled.  So MailScanner checks before they authenticate, and
that's why they're getting bounced?

If so, I'll do as everyone suggests and make SendMail do the checks with a
carefully selected blacklist

Thanks

-- Paul

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
Freegard
Sent: Thursday, May 08, 2008 11:24 AM
To: MailScanner discussion
Subject: Re: MailScanner Blacklists

Paul McEwan wrote:
> I've been using MailScanner for the last year or so and it works great.
> But, spam is always a problem.  I'm using SpamAssassin with MailScanner
and
> I recently started using some blacklists.  It greatly reduced the spam,
but
> unfortunately, some legitimate email got blocked.  People working remotely
> could not always send email because they had dynamic ips blocked by the
> blacklists.  One of the ISPs was Bell South.  Is there some way to get
> around this problem?

The 'proper' way to do this would be to use SMTP AUTH for your users 
when they are roaming or use POP-before-SMTP otherwise.

Then do all your RBL checking in Sendmail with delay-checks enabled, so 
that users that have used SMTP AUTH or POP-before-SMTP are then exempt 
from RBL checks (as they are effectively whitelisted).

> I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and
SendMail
> 8.12.11.  I was trying to use the following blacklist setting:
> 
> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL

I don't use the 'Spam List' option in MailScanner and prefer to do this 
at the SMTP phase, that way you can reduce the load on MailScanner and 
have the MTA bypass RBL tests for specific users (e.g. AUTH) easily.

I also wouldn't use SORBS as I've been bitten by their policies in the 
past e.g. don't be surprised to see Google mail servers in the blacklist 
and don't be surprised to find static IPs with generic rDNS in the 
dial-up lists (which is what I suspect the problem was with Bell South).

Cheers,
Steve.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  8 18:19:52 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 18:21:02 2008
Subject: MailScanner Blacklists
In-Reply-To: <014701c8b124$3bd0d560$b3728020$@com>
References: <012701c8b10e$ddfa3540$99ee9fc0$@com> <48231B21.60108@fsl.com>
	<014701c8b124$3bd0d560$b3728020$@com>
Message-ID: <48233638.40107@ecs.soton.ac.uk>


Paul McEwan wrote:
> OK, everybody has given very useful information this morning
>
> SMTP AUTH is enabled.  So MailScanner checks before they authenticate, and
> that's why they're getting bounced?
>   
No, MailScanner checks afterwards, but _despite_ they have 
authenticated. MailScanner doesn't know they authenticated, only your 
MTA knows that.
> If so, I'll do as everyone suggests and make SendMail do the checks with a
> carefully selected blacklist
>   
That's the right solution. Make sure you set sendmail to delay-checks as 
otherwise they will be rejected before they have a chance to authenticate.
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
> Freegard
> Sent: Thursday, May 08, 2008 11:24 AM
> To: MailScanner discussion
> Subject: Re: MailScanner Blacklists
>
> Paul McEwan wrote:
>   
>> I've been using MailScanner for the last year or so and it works great.
>> But, spam is always a problem.  I'm using SpamAssassin with MailScanner
>>     
> and
>   
>> I recently started using some blacklists.  It greatly reduced the spam,
>>     
> but
>   
>> unfortunately, some legitimate email got blocked.  People working remotely
>> could not always send email because they had dynamic ips blocked by the
>> blacklists.  One of the ISPs was Bell South.  Is there some way to get
>> around this problem?
>>     
>
> The 'proper' way to do this would be to use SMTP AUTH for your users 
> when they are roaming or use POP-before-SMTP otherwise.
>
> Then do all your RBL checking in Sendmail with delay-checks enabled, so 
> that users that have used SMTP AUTH or POP-before-SMTP are then exempt 
> from RBL checks (as they are effectively whitelisted).
>
>   
>> I'm running RedHat Enterprise Linux 3 with MailScanner 4.60.8-1 and
>>     
> SendMail
>   
>> 8.12.11.  I was trying to use the following blacklist setting:
>>
>> Spam List = SORBS-SPAM spamhaus-ZEN spamcop.net NJABL SORBS-DUL
>>     
>
> I don't use the 'Spam List' option in MailScanner and prefer to do this 
> at the SMTP phase, that way you can reduce the load on MailScanner and 
> have the MTA bypass RBL tests for specific users (e.g. AUTH) easily.
>
> I also wouldn't use SORBS as I've been bitten by their policies in the 
> past e.g. don't be surprised to see Google mail servers in the blacklist 
> and don't be surprised to find static IPs with generic rDNS in the 
> dial-up lists (which is what I suspect the problem was with Bell South).
>
> Cheers,
> Steve.
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May  8 18:25:56 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 18:26:20 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
Message-ID: <482337A4.4060403@ecs.soton.ac.uk>


Chris Russell wrote:
> Hi All,
>  
>  Probably one for Julian, as right now its a "from the top of your 
> head" question.
Aye aye, cap'n :-)
>  
>  When using Exim, and have store and queue files=yes. Does Mailscanner 
> copy the original spool file, or read it in, then recreate the 
> outbound queue file ?
It will recreate the outbound queue file if the message has changed at 
all, otherwise it should just copy the spool file.
>  
>  I have an odd issue. This only seems to affect HTML email, mostly 
> from mailing lists/groups and with long from addresses (ie: 
> xdkdddddddddd_ddsfsdfsdfsdfsfdsdfsdf@lists.xxxxx.xxxxxx.xxxx.com 
> <mailto:xdkdddddddddd_ddsfsdfsdfsdfsfdsdfsdf@lists.xxxxx.xxxxxx.xxxx.com>) 
> etc.
I think that's a red herring. I don't think I *ever* measure the length 
of the email address.
People who don't know the term should read this:
http://en.wikipedia.org/wiki/Red_herring_(narrative)
(That's for the benefit of the many people on this list for whom English 
is not their first, or even second, language. :-)
>  
>  Basically, these will be passed by MailScanner, however will not be 
> sent.  The reason for this is exim doesn't sanity check for \r\n at 
> the end of the -D spool file when sending, it basically throws this 
> out via remote smtp. If there is no \r\n at the end of the file, the 
> period on a line by itself never happens.
>  
>  When I look at the spool file (-D),  the end line is the end of the 
> HTML and no \r\n is present.
Is this just in the outbound queue file, or also in the inbound file 
and/or in any quarantine file created?
>  
>  Just wondering if this is a potential bug ? Mailscanner version is a 
> little behind 4.66.5 however I can't see anything for exim in the 
> recent change logs. Other HTML email goes through fine, the only 
> commonality I can find is long sender addresses, but no idea why this 
> would affect the creation of the spool file.
As I said, I think that's a red herring.
>  
>  Julian, any potential thoughts ?
It sounds like it may well be a bug. I'll take a look in the Exim code 
and work out a fix for you. It needs to go in all the output copies of 
the original, as the message should end with a proper line termination 
sequence.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Thu May  8 19:10:11 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu May  8 19:10:46 2008
Subject: releasing mail fromquarantine doesn't work with postfix ?
In-Reply-To: <200805081551.m48Fosrn018983@safir.blacknight.ie>
References: <200804252108.53288.mrebsamen@unimatrix0.ch>
	<200804261204.17912.mrebsamen@unimatrix0.ch>
	<223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com>
	<200804280025.50756.mrebsamen@unimatrix0.ch>
	<FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com>
	<200805081422.m48ELwv2012573@safir.blacknight.ie>
	<FLATULOUSiZij0w4TPn000009fb@flatulous.aoc-uk.com>
	<200805081551.m48Fosrn018983@safir.blacknight.ie>
Message-ID: <223f97700805081110k1bb63bdfld2f17d8506bd1970@mail.gmail.com>

2008/5/8 Stef Morrell <stef@aoc-uk.com>:
> > -----Original Message-----
>  > From: mailscanner-bounces@lists.mailscanner.info
>  > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
>  > Of Glenn Steen
>
> > Sent: 08 May 2008 16:06
>  >
>  > but not for the spam quarantine... Right?
>  > Look in the spam subfolder...
>
>  Ooo... Now you're asking. I don't routinely quarantine spam, as I would
>  in short order need to buy a small property full of hard disk. I'll have
>  a play with it and see.
>
Since I'm a MW user... I never use queue files only. But I do know
that you have this difference for the message file (RFC822 text
file)... In the "normal" quarantine it is a directory containing the
message and all attachments, and in the spam quarantine it is only the
message file named by the queue ID.
>From the testing I've done (ages ago, so my generally ... spotted...
memory come into play:-), this is more or less the same for queue
files too. Only diff is as you say, that the message is completely
untouched (even for the original queue file name) in the normal
quarantine, but the "log-safe" queue ID (with the added entropy) is
used in the spam quarantine.
I hope you have the time to update the wiki, since I surely don't:-(

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From hvdkooij at vanderkooij.org  Thu May  8 20:07:26 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May  8 20:08:11 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To: <200805081320.m48DJfmX007639@safir.blacknight.ie>
References: <47F88A2D.9060508@vanderkooij.org>	<223f97700804061238jd43245bhb766df569190555f@mail.gmail.com>	<48005D32.3040802@vanderkooij.org>	<223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com>	<223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com>	<48012788.8070401@vanderkooij.org>	<223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com>	<4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>	<FLATULOUSICSsiWdBds00003261@flatulous.aoc-uk.com><200805070940.m479e1E7018876@safir.blacknight.ie>	<FLATULOUSoygXLsxpTl0000097a@flatulous.aoc-uk.com>
	<200805081320.m48DJfmX007639@safir.blacknight.ie>
Message-ID: <48234F6E.8040206@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stef Morrell wrote:
|> -----Original Message-----
|> From: mailscanner-bounces@lists.mailscanner.info
|> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
|> Of Hugo van der Kooij
|> Sent: 08 May 2008 06:50
|>
|> | Do you perchance have a similar method whereby one can bypass email
|> | *from* certain senders?
|>
|> Any access list you put in there with a OK instead of a HOLD
|> will do the trick.
|
| So, if I were, for example, to use your rule file e.g.
| /etc/postfix/MailScanner
|
| #	These senders will not be scanned with MailScanner
| /^bypass@example\.org$/			OK
| #       Everyone else will go through MailScanner!
| /.*/                                    HOLD
| /^$/                                    HOLD
|
| But in the context of
|
| smtpd_sender_restrictions =
| 	some_options,
| ...
| 	check_sender_access regexp:/etc/postfix/MailScanner
|
| That will have the desired effect.
|
| Could you whitelist both senders & recipients this way, or would it hit
| the HOLD action in either ruleset to pass via MS?

Nope. Once you hit a rule you are done.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFII09eBvzDRVjxmYERAs0GAJ99aGO+93rcqDNoWSWncWbFhocNuwCaAxJx
aFY23xy/C5D0Gt0+0EYu/ro=
=UxL0
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk  Thu May  8 20:12:56 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 20:13:57 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
Message-ID: <482350B8.1010706@ecs.soton.ac.uk>


Chris Russell wrote:
> Hi All,
>  
>  Probably one for Julian, as right now its a "from the top of your 
> head" question.
>  
>  When using Exim, and have store and queue files=yes. Does Mailscanner 
> copy the original spool file, or read it in, then recreate the 
> outbound queue file ?
>  
>  I have an odd issue. This only seems to affect HTML email, mostly 
> from mailing lists/groups and with long from addresses (ie: 
> xdkdddddddddd_ddsfsdfsdfsdfsfdsdfsdf@lists.xxxxx.xxxxxx.xxxx.com 
> <mailto:xdkdddddddddd_ddsfsdfsdfsdfsfdsdfsdf@lists.xxxxx.xxxxxx.xxxx.com>) 
> etc.
>  
>  Basically, these will be passed by MailScanner, however will not be 
> sent.  The reason for this is exim doesn't sanity check for \r\n at 
> the end of the -D spool file when sending, it basically throws this 
> out via remote smtp. If there is no \r\n at the end of the file, the 
> period on a line by itself never happens.
>  
>  When I look at the spool file (-D),  the end line is the end of the 
> HTML and no \r\n is present.
>  
>  Just wondering if this is a potential bug ? Mailscanner version is a 
> little behind 4.66.5 however I can't see anything for exim in the 
> recent change logs. Other HTML email goes through fine, the only 
> commonality I can find is long sender addresses, but no idea why this 
> would affect the creation of the spool file.
>  
>  Julian, any potential thoughts ?
Chris,

Please gunzip the attached file,
rename it to EximDiskStore.pm
and put it in /usr/lib/MailScanner/MailScanner over the top of your 
existing one (best make a backup of your existing one first in case it 
goes bang in your face!)

So please try the attached replacement. It should check that when it's 
writing to the output file, the last byte it wrote was a cr or lf, and 
writes a newline character if it wasn't.

I can see this occurring if, for example, you add a signature on the end 
of a plain-text message (with "Sign Clean Messages = yes"). Edit the 
inline text signature file with Notepad in Windows, and you can get a 
text file that doesn't end with a newline character (I believe). Then 
MailScanner will write the signature on the end of the plain-text 
message, resulting in a message that now does not end with a newline 
character.

Exim doesn't appear to check that the SMTP message body it sends ends in 
a newline (which it doesn't need to normally as any message read from 
another SMTP server must end in a newline). So rather than try to find 
every possible point at which I read any data that is added onto the end 
of the message (and I'm bound to miss one by Sod's law), I am now 
checking what I have just written to ensure it ends in a newline 
character. I don't want to just arbitrarily add a newline to the end of 
every message, as that will just make the output files bigger by 1 byte 
which is a really trashy thing to do to your carefully crafted messages.

Please let me know if
a) it works at all (i.e. causes no damage, doesn't crash, etc)
and/or
b) it solves the problem.

Cheers!

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: EximDiskStore_pm.gz
Type: application/x-gzip
Size: 5960 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/bd60df12/EximDiskStore_pm.gz
From Chris.Russell at knowledgeit.co.uk  Thu May  8 20:39:19 2008
From: Chris.Russell at knowledgeit.co.uk (Chris Russell)
Date: Thu May  8 20:42:44 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
	<482337A4.4060403@ecs.soton.ac.uk>
Message-ID: <1638CDD827D51E4D8E9B2741290E1C91BF5273@wkits02.knowledgeit.co.uk>


> It will recreate the outbound queue file if the message has changed at
> all, otherwise it should just copy the spool file.
 
 Just had a look at one of them, the body looks unchanged, the headers however are {Spam?}
 
>  When I look at the spool file (-D),  the end line is the end of the
> HTML and no \r\n is present.
> Is this just in the outbound queue file, or also in the inbound file and/or in any quarantine file created?
 
 Its the outbound queue. I've not caught any in quarantine or input yet. I do know that another plain exim server we have passes these ok.
 
 Exim is configured with 2 seperate queues in and out.
 
> It sounds like it may well be a bug. I'll take a look in the Exim code and work out a fix for you. It needs to go in all the output copies of
> the original, as the message should end with a proper line termination sequence.
 
 Thanks for this :) - I would have thought exim would check too mind you!
 
Thanks
 
Chris
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4336 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/d457b8e9/attachment.bin
From MailScanner at ecs.soton.ac.uk  Thu May  8 21:46:29 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May  8 21:47:26 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C91BF5273@wkits02.knowledgeit.co.uk>
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>	<482337A4.4060403@ecs.soton.ac.uk>
	<1638CDD827D51E4D8E9B2741290E1C91BF5273@wkits02.knowledgeit.co.uk>
Message-ID: <482366A5.2020702@ecs.soton.ac.uk>

Chris,

Chris Russell wrote:
>> It will recreate the outbound queue file if the message has changed at
>> all, otherwise it should just copy the spool file.
>>     
>  
>  Just had a look at one of them, the body looks unchanged, the headers however are {Spam?}
>  
>   
>>  When I look at the spool file (-D),  the end line is the end of the
>> HTML and no \r\n is present.
>> Is this just in the outbound queue file, or also in the inbound file and/or in any quarantine file created?
>>     
>  
>  Its the outbound queue. I've not caught any in quarantine or input yet. I do know that another plain exim server we have passes these ok.
>  
>  Exim is configured with 2 seperate queues in and out.
>  
>   
>> It sounds like it may well be a bug. I'll take a look in the Exim code and work out a fix for you. It needs to go in all the output copies of
>> the original, as the message should end with a proper line termination sequence.
>>     
>  
>  Thanks for this :) - I would have thought exim would check too mind you!
>   
The guy who writes Exim is about the only sane one there is. Every other 
MTA author is brain-damaged in one way or another :-)
Theoretically it's a test he doesn't need to do, and it's faster without 
it (slightly). So he probably optimised it out. About the only author 
who actually banked on the fact that people would play with queue files 
was the author of sendmail. He did it properly, documented them, put 
error checks in them, everything. At the other end of the scale is 
P*****x who say you mustn't even look at the fact they exist, let alone 
actually read them.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Kevin_Miller at ci.juneau.ak.us  Thu May  8 23:03:37 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu May  8 23:03:01 2008
Subject: Correct setting for ClamAV...
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>

I just updated MailScanner and ClamAV and noticed a slight discrepency
in the instructions.  After running upgrade_MailScanner it printed the
following:

Important Note
--------------
Your setting for 'Monitors for ClamAV Updates' is broken.
It should look like this (unless your ClamAV is installed
somewhere else)
Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/*
/usr/local/share/clamav/*.cvd
(watch the linewrap)

In the MailScanner.conf.rpmnew file however it had the following line:
  Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld
/usr/local/share/clamav/*.cvd
(again, it's probably wrapped)

I went w/the rpmnew setting as I have cld & cvd files, but no *.inc
directories.

Is that the correct thing to do?  If so, please correct the
upgrade_MailScanner program so the warning is output correctly.  

If not, I guess the default MailScanner.conf file needs to be corrected.

Thanks much...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 
From Chris.Russell at knowledgeit.co.uk  Thu May  8 23:29:52 2008
From: Chris.Russell at knowledgeit.co.uk (Chris Russell)
Date: Thu May  8 23:30:27 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>
	<482350B8.1010706@ecs.soton.ac.uk>
Message-ID: <1638CDD827D51E4D8E9B2741290E1C91BF5275@wkits02.knowledgeit.co.uk>


> Please let me know if
> a) it works at all (i.e. causes no damage, doesn't crash, etc)
> and/or
> b) it solves the problem.

HI Jules,
 
 No Joy I`m afraid. I basically took the existing queue file, removed the headers for Spam Checking and pushed this into the input queue with a chown. 
 
 MailScanner processed this (added the headers, etc) but no newline hence same problem.
 
 Delved a little bit deeper:
 
 If I added a newline to this before I pushed it back into the input queue, it went through fine (almost suggesting an exim issue).
 
 And, the message itself is HTML only and 7 bit encoding, ie:
 
046  Content-Type: text/html; charset="ISO-8859-1"
032  Content-Transfer-Encoding: 7bit

  Meaning the body is straight html with no mime etc.
 
 Agree with you on Phil Hazel incidently, he's been a great help when I've had wierd and wonderful issues, he's been missed since his retirement although it is thoroughly deserved.
 
Chris
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4532 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080508/14997bf2/attachment.bin
From tech1 at computer-care.com.au  Fri May  9 04:14:12 2008
From: tech1 at computer-care.com.au (Glen Prestidge)
Date: Fri May  9 04:13:05 2008
Subject: User's home directory /var/spool/postfix is not writable
In-Reply-To: <0BF7D13F77C13A4FABE821E88BE17F4A092C6620@cwsvr.CWDOMAIN.local>
Message-ID: <000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>

HI all

 
I am having a problem with my  freebsd 6.2 with Mailscanner + clamav +
Spamassin

 
p5-Mail-ClamAV-0.20_3

MailScanner-4.67.6_1

p5-Mail-SpamAssassin-3.2.4_4

postfix-2.5.1_2,1

 
I can not get the mail to be scanned by the mailscanner due to this error

 
May  8 02:14:48 testrig MailScanner[1470]: User's home directory
/var/spool/postfix is not writable

 
I have reinstalled all the packages, chmod 755 on the /var/spool/postfix -
still not working, I have attempted to move the postfix dir into /tmp
because I read something about the razor agent log causing problems? There
isn't a razor log there.

 
I have tried to go back to previous versions of the software but didn't have
any luck. This is now occurring on 2 servers.

 
Regards 

 
Glen Prestidge

 
CONFIDENTIAL NOTE :  The information contained in this email is intended
only for the use of the individual or entity named above and may contain
information that is privileged, confidential and exempt from disclosure
under applicable law.  If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited.  If you have received
this message in error, please immediately notify the sender and delete the
mail.  Thank you.

 
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/59e637ac/attachment.html
From R.Sterenborg at netsourcing.nl  Fri May  9 06:36:21 2008
From: R.Sterenborg at netsourcing.nl (Rob Sterenborg)
Date: Fri May  9 06:36:54 2008
Subject: User's home directory /var/spool/postfix is not writable
In-Reply-To: <000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>
References: <0BF7D13F77C13A4FABE821E88BE17F4A092C6620@cwsvr.CWDOMAIN.local>
	<000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>
Message-ID: <74ACEB3E6A055643A89B8CEC74C7BF2405D951C2@WISENT.dcyb.net>

> HI all
> 
> I am having a problem with my  freebsd 6.2 with Mailscanner
>  + clamav + Spamassin
> 
> p5-Mail-ClamAV-0.20_3
> MailScanner-4.67.6_1
> p5-Mail-SpamAssassin-3.2.4_4
> postfix-2.5.1_2,1
> 
> I can not get the mail to be scanned by the mailscanner due
> to this error
> 
> May  8 02:14:48 testrig MailScanner[1470]: User's home
> directory /var/spool/postfix is not writable
> 
> I have reinstalled all the packages, chmod 755 on the
> /var/spool/postfix - still not working,

As what user is Mailscanner running and who is the owner of
/var/spool/postfix?


Grts,
Rob
From mrebsamen at unimatrix0.ch  Fri May  9 06:43:58 2008
From: mrebsamen at unimatrix0.ch (Marco Rebsamen)
Date: Fri May  9 06:43:06 2008
Subject: User's home directory /var/spool/postfix is not writable
In-Reply-To: <000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>
References: <000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>
Message-ID: <200805090743.58846.mrebsamen@unimatrix0.ch>

Am Freitag, 9. Mai 2008 05:14:12 schrieb Glen Prestidge:
> HI all
>
>
>
> I am having a problem with my  freebsd 6.2 with Mailscanner + clamav +
> Spamassin
>
> p5-Mail-ClamAV-0.20_3
> MailScanner-4.67.6_1
> p5-Mail-SpamAssassin-3.2.4_4
> postfix-2.5.1_2,1
>
> I can not get the mail to be scanned by the mailscanner due to this error
>
> May  8 02:14:48 testrig MailScanner[1470]: User's home directory
> /var/spool/postfix is not writable
Check the directory Ownership "755" ist not enaugh if it is owned by the wrong 
user.

Also Check the username under which Mailscanner runs...

>
> I have reinstalled all the packages, chmod 755 on the /var/spool/postfix -
> still not working, I have attempted to move the postfix dir into /tmp
> because I read something about the razor agent log causing problems? There
> isn't a razor log there.
>
>
>
> I have tried to go back to previous versions of the software but didn't
> have any luck. This is now occurring on 2 servers.
>
>
>
> Regards
>
>
>
> Glen Prestidge
>
>
>
> CONFIDENTIAL NOTE :  The information contained in this email is intended
> only for the use of the individual or entity named above and may contain
> information that is privileged, confidential and exempt from disclosure
> under applicable law.  If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited.  If you have received
> this message in error, please immediately notify the sender and delete the
> mail.  Thank you.
From martinh at solidstatelogic.com  Fri May  9 08:54:32 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri May  9 08:55:59 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <482366A5.2020702@ecs.soton.ac.uk>
Message-ID: <bff8888c3c0c7d4383dc11f4d4cf715f@solidstatelogic.com>

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Julian Field
> Sent: 08 May 2008 21:46
> To: MailScanner discussion
> Subject: Re: Mailscanner and Exim - Spool File Return Code problems.
>
> Chris,
>
> Chris Russell wrote:
> >> It will recreate the outbound queue file if the message has changed at
> >> all, otherwise it should just copy the spool file.
> >>
> >
> >  Just had a look at one of them, the body looks unchanged, the headers
> however are {Spam?}
> >
> >
> >>  When I look at the spool file (-D),  the end line is the end of the
> >> HTML and no \r\n is present.
> >> Is this just in the outbound queue file, or also in the inbound file
> and/or in any quarantine file created?
> >>
> >
> >  Its the outbound queue. I've not caught any in quarantine or input yet.
> I do know that another plain exim server we have passes these ok.
> >
> >  Exim is configured with 2 seperate queues in and out.
> >
> >
> >> It sounds like it may well be a bug. I'll take a look in the Exim code
> and work out a fix for you. It needs to go in all the output copies of
> >> the original, as the message should end with a proper line termination
> sequence.
> >>
> >
> >  Thanks for this :) - I would have thought exim would check too mind
> you!
> >
> The guy who writes Exim is about the only sane one there is. Every other
> MTA author is brain-damaged in one way or another :-)
> Theoretically it's a test he doesn't need to do, and it's faster without
> it (slightly). So he probably optimised it out. About the only author
> who actually banked on the fact that people would play with queue files
> was the author of sendmail. He did it properly, documented them, put
> error checks in them, everything. At the other end of the scale is
> P*****x who say you mustn't even look at the fact they exist, let alone
> actually read them.
>
> Jules
>
> --
> Julian Field MEng CITP CEng


Jules

Unfortunately Phil Hazel retired Sept 2007 and hence there's been very little Exim development since as his exim work was sponsored by his work. There's a couple of guys co-ordinating stuff but very relatively little work going on AFAIK.

--

martin


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Fri May  9 09:06:26 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 09:07:38 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>
Message-ID: <48240602.2000805@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well spotted!
Thanks for that. It will be fixed in the next release.


Kevin Miller wrote:
> I just updated MailScanner and ClamAV and noticed a slight discrepency
> in the instructions.  After running upgrade_MailScanner it printed the
> following:
>
> Important Note
> --------------
> Your setting for 'Monitors for ClamAV Updates' is broken.
> It should look like this (unless your ClamAV is installed
> somewhere else)
> Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/*
> /usr/local/share/clamav/*.cvd
> (watch the linewrap)
>
> In the MailScanner.conf.rpmnew file however it had the following line:
>   Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld
> /usr/local/share/clamav/*.cvd
> (again, it's probably wrapped)
>
> I went w/the rpmnew setting as I have cld & cvd files, but no *.inc
> directories.
>
> Is that the correct thing to do?  If so, please correct the
> upgrade_MailScanner program so the warning is output correctly.  
>
> If not, I guess the default MailScanner.conf file needs to be corrected.
>
> Thanks much...
>
> ...Kevin
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJAYDEfZZRxQVtlQRArpVAKCSDv6ub0DLLgRcWyKrtI8rnt0u6wCggCrc
k6rUwKQ2QxPn9s73vmh6FVg=
=0sTm
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May  9 09:08:19 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 09:08:58 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <1638CDD827D51E4D8E9B2741290E1C91BF5275@wkits02.knowledgeit.co.uk>
References: <1638CDD827D51E4D8E9B2741290E1C9101857A20@wkits02.knowledgeit.co.uk>	<482350B8.1010706@ecs.soton.ac.uk>
	<1638CDD827D51E4D8E9B2741290E1C91BF5275@wkits02.knowledgeit.co.uk>
Message-ID: <48240673.9060702@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Chris Russell wrote:
>   
>> Please let me know if
>> a) it works at all (i.e. causes no damage, doesn't crash, etc)
>> and/or
>> b) it solves the problem.
>>     
>
> HI Jules,
>  
>  No Joy I`m afraid. I basically took the existing queue file, removed the headers for Spam Checking and pushed this into the input queue with a chown. 
>  
>  MailScanner processed this (added the headers, etc) but no newline hence same problem.
>   
The file in the incoming dir will have to newline. It's the file that 
goes into the outbound Exim's queue that matters.
>  
>  Delved a little bit deeper:
>  
>  If I added a newline to this before I pushed it back into the input queue, it went through fine (almost suggesting an exim issue).
>  
>  And, the message itself is HTML only and 7 bit encoding, ie:
>  
> 046  Content-Type: text/html; charset="ISO-8859-1"
> 032  Content-Transfer-Encoding: 7bit
>
>   Meaning the body is straight html with no mime etc.
>  
>  Agree with you on Phil Hazel incidently, he's been a great help when I've had wierd and wonderful issues, he's been missed since his retirement although it is thoroughly deserved.
>  
> Chris
>  
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJAZ0EfZZRxQVtlQRAk9uAKC7jSFSiTFW0xjmxNC6AIvzOzCzcQCePmDq
8ZYPcA16/oelnculRI/ebtg=
=mGRs
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Chris.Russell at knowledgeit.co.uk  Fri May  9 09:45:20 2008
From: Chris.Russell at knowledgeit.co.uk (Chris Russell)
Date: Fri May  9 09:46:15 2008
Subject: Mailscanner and Exim - Spool File Return Code problems.
In-Reply-To: <bff8888c3c0c7d4383dc11f4d4cf715f@solidstatelogic.com>
References: <482366A5.2020702@ecs.soton.ac.uk>
	<bff8888c3c0c7d4383dc11f4d4cf715f@solidstatelogic.com>
Message-ID: <1638CDD827D51E4D8E9B2741290E1C9101857A74@wkits02.knowledgeit.co.uk>

 
> Unfortunately Phil Hazel retired Sept 2007 and hence there's been very
little Exim development since as his exim work was sponsored by 
> his work. There's a couple of guys co-ordinating stuff but very
relatively little work going on AFAIK.

Hi Martin,

 Thats also what I`m finding. Theres also a fair few bugs currently open
which haven't been updated since January.

 One of them, funnily enough, is something very similar to my main issue
:-/, so it may be an exim problem after all.


Cheers,

Chris
From MailScanner at ecs.soton.ac.uk  Fri May  9 10:25:41 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 10:26:40 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <48240602.2000805@ecs.soton.ac.uk>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>
	<48240602.2000805@ecs.soton.ac.uk>
Message-ID: <48241895.9050009@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just occurred to me: ClamAV 0.93 is not yet supported by Mail::ClamAV, 
ie. the "clamavmodule" virus scanner, which is what uses this setting. 
So I won't fix this until I adopt an updated Mail::ClamAV which works 
properly with 0.93.

Julian Field wrote:
> * PGP Signed: 05/09/08 at 09:06:27
>
> Well spotted!
> Thanks for that. It will be fixed in the next release.
>
>
> Kevin Miller wrote:
>> I just updated MailScanner and ClamAV and noticed a slight discrepency
>> in the instructions.  After running upgrade_MailScanner it printed the
>> following:
>>
>> Important Note
>> --------------
>> Your setting for 'Monitors for ClamAV Updates' is broken.
>> It should look like this (unless your ClamAV is installed
>> somewhere else)
>> Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/*
>> /usr/local/share/clamav/*.cvd
>> (watch the linewrap)
>>
>> In the MailScanner.conf.rpmnew file however it had the following line:
>>   Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld
>> /usr/local/share/clamav/*.cvd
>> (again, it's probably wrapped)
>>
>> I went w/the rpmnew setting as I have cld & cvd files, but no *.inc
>> directories.
>>
>> Is that the correct thing to do?  If so, please correct the
>> upgrade_MailScanner program so the warning is output correctly. 
>> If not, I guess the default MailScanner.conf file needs to be corrected.
>>
>> Thanks much...
>>
>> ...Kevin
>>   
>
> Jules
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJBiWEfZZRxQVtlQRAhGbAKCp+2aIj+wnb3KrBKnjfiEip3vy7wCfesya
ImnjX/+zTklrnlbaTZ5OtEo=
=VSQ7
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From stef at aoc-uk.com  Fri May  9 10:36:49 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Fri May  9 10:38:53 2008
Subject: releasing mail fromquarantine doesn't work with postfix ?
In-Reply-To: <FLATULOUSQp9saTYxzd00000a14@flatulous.aoc-uk.com>
References: <200804252108.53288.mrebsamen@unimatrix0.ch><200804261204.17912.mrebsamen@unimatrix0.ch><223f97700804271259j5fc64f94xf18ffed94f047cfa@mail.gmail.com><200804280025.50756.mrebsamen@unimatrix0.ch><FLATULOUSstgr3SU0hX00000372@flatulous.aoc-uk.com><200805081422.m48ELwv2012573@safir.blacknight.ie><FLATULOUSiZij0w4TPn000009fb@flatulous.aoc-uk.com><200805081551.m48Fosrn018983@safir.blacknight.ie>
	<FLATULOUSQp9saTYxzd00000a14@flatulous.aoc-uk.com>
Message-ID: <200805090938.m499cK9c027291@safir.blacknight.ie>

mailscanner-bounces@lists.mailscanner.info wrote:
> 2008/5/8 Stef Morrell <stef@aoc-uk.com>:
>>> -----Original Message-----
>>  > From: mailscanner-bounces@lists.mailscanner.info
>>  > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf  >
>> Of Glenn Steen 
>> 
>>> Sent: 08 May 2008 16:06
>>  >
>>  > but not for the spam quarantine... Right?
>>  > Look in the spam subfolder...
>> 
>>  Ooo... Now you're asking. I don't routinely quarantine spam, as I
>>  would in short order need to buy a small property full of hard
>> disk. I'll have  a play with it and see. 
>> 
> Since I'm a MW user... I never use queue files only. 

Right - that's fine as I am testing with raw queue files.

> Only diff is as you say, that the message is completely
> untouched (even for the original queue file name) in the normal
> quarantine, but the "log-safe" queue ID (with the added entropy) is
> used in the spam quarantine. 

Yup - it seems that in spam quarantine, it does retain the additional
entropy on the filename.

>I hope you have the time to update the
> wiki, since I surely don't:-( 

Shouldn't take long. I wonder if I can remember my wiki login...

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From support-lists at petdoctors.co.uk  Fri May  9 11:38:56 2008
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Fri May  9 11:39:52 2008
Subject: Strangeness with HTML formatted emails
Message-ID: <9FCB13DDDC5B4B7E9E9ADF3C21627F0B@SUPPORT01V>

Hi, I'm afraid to say my boss likes the look of HTML stationery in Outlook
and despite my best efforts to dissuade him he wants to use it!
 
I have created a template and tested it - it looks fine in Googlemail when
sent to an external address, but comes back in to me converted to ASCII.
 
Strange thing is that we do receive lots of 'pretty' HTML emails from other
sources OK, but if I forward these to myself they get ASCIIfied too.
 
I am exploring many options, but having tweaked a few settings in Outlook
(mail format is HTML) and MailScanner (4.69.8) (Convert Dangerous HTML To
Text = no, Convert HTML To Text = no), I cannot get our own stationery-based
emails to turn up in one piece. 
 
I am also playing with an appointment reminders system (OpenEMM) on a
separate box that sends HTML templated emails via its own copy of plain old
sendmail and these *do* turn up OK in my inbox.
 
Any suggestions are welcome (apart from 'shoot the boss' - I'm saving that
one for later)!?
 
Thanks
 
Nigel Kendrick
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/b6d7a9db/attachment-0001.html
From gmatt at nerc.ac.uk  Fri May  9 13:03:28 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May  9 13:04:32 2008
Subject: change in behaviour
Message-ID: <48243D90.4030206@nerc.ac.uk>

Installing MailScanner at a customer site on RHEL3 I noticed file 
locking problems. It seems the auto-detecting of required lock type 
(dependent on sendmail version) does not work in 4.68.8.

When I manually set the lock type to flock, the locking problems 
disappeared.

Waaay back on this list there was much discussion about lock type and 
then Julian made MailScanner autodetect the required locking... am I 
misremembering? Anyway, 4.68.8 defaulted to posix whereas the previous 
version (4.50.15) autodetected correctly and worked with a blank "Lock 
Type ="

Not a major problem as I found and fixed it by setting "Lock Type = 
flock"  but thought it might be of interest.

RHEL3
sendmail 8.12.x
perl 5.8.0
MailScanner 4.68.8
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From ajos1 at onion.demon.co.uk  Fri May  9 14:13:24 2008
From: ajos1 at onion.demon.co.uk (ajos1 at onion)
Date: Fri May  9 13:14:08 2008
Subject: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
Message-ID: <sentfri09may20081313240000ajos1@www.sonicbadger.com>

-

I have upgraded to 4.69 and I am getting these messages....

=========
/etc/cron.hourly/update_virus_scanners:

/usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
=========

I assume there is a file missing from the mailscanner.rpm ... or am I doing something wrong?
From Denis.Beauchemin at USherbrooke.ca  Fri May  9 13:32:29 2008
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Fri May  9 13:33:14 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <48241895.9050009@ecs.soton.ac.uk>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>	<48240602.2000805@ecs.soton.ac.uk>
	<48241895.9050009@ecs.soton.ac.uk>
Message-ID: <4824445D.1090401@USherbrooke.ca>

Julian Field a ?crit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Just occurred to me: ClamAV 0.93 is not yet supported by Mail::ClamAV, 
> ie. the "clamavmodule" virus scanner, which is what uses this setting. 
> So I won't fix this until I adopt an updated Mail::ClamAV which works 
> properly with 0.93.
>
>   

Julian,

I just checked on Dag's website and he only has ClamAV 0.92.1...  so 
what installation method do you recommend for clamd?

Thanks!

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


From martinh at solidstatelogic.com  Fri May  9 13:45:56 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri May  9 13:46:41 2008
Subject: change in behaviour
In-Reply-To: <48243D90.4030206@nerc.ac.uk>
Message-ID: <a7aaf052a6199b48b9e7b7b5f3253b9a@solidstatelogic.com>

Greg

It selects the lock type based on the MTA itself not just the version.

Most people are on modern sendmails now so for sendmail it defaults to posix rather than flock.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Greg Matthews
> Sent: 09 May 2008 13:03
> To: MailScanner discussion
> Subject: change in behaviour
>
> Installing MailScanner at a customer site on RHEL3 I noticed file
> locking problems. It seems the auto-detecting of required lock type
> (dependent on sendmail version) does not work in 4.68.8.
>
> When I manually set the lock type to flock, the locking problems
> disappeared.
>
> Waaay back on this list there was much discussion about lock type and
> then Julian made MailScanner autodetect the required locking... am I
> misremembering? Anyway, 4.68.8 defaulted to posix whereas the previous
> version (4.50.15) autodetected correctly and worked with a blank "Lock
> Type ="
>
> Not a major problem as I found and fixed it by setting "Lock Type =
> flock"  but thought it might be of interest.
>
> RHEL3
> sendmail 8.12.x
> perl 5.8.0
> MailScanner 4.68.8
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> --
> This message (and any attachments) is for the recipient only. NERC
> is subject to the Freedom of Information Act 2000 and the contents
> of this email and any reply you make may be disclosed by NERC unless
> it is exempt from release under the Act. Any material supplied to
> NERC may be stored in an electronic records management system.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From MailScanner at ecs.soton.ac.uk  Fri May  9 13:56:05 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 13:57:05 2008
Subject: change in behaviour
In-Reply-To: <48243D90.4030206@nerc.ac.uk>
References: <48243D90.4030206@nerc.ac.uk>
Message-ID: <482449E5.1050604@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

But I haven't touched the locking code in absolutely ages :-(

It the sendmail is earlier than 8.12 then you need to specify flock, 
which may well be relevant to old systems like RHEL3.

Greg Matthews wrote:
> Installing MailScanner at a customer site on RHEL3 I noticed file 
> locking problems. It seems the auto-detecting of required lock type 
> (dependent on sendmail version) does not work in 4.68.8.
>
> When I manually set the lock type to flock, the locking problems 
> disappeared.
>
> Waaay back on this list there was much discussion about lock type and 
> then Julian made MailScanner autodetect the required locking... am I 
> misremembering? Anyway, 4.68.8 defaulted to posix whereas the previous 
> version (4.50.15) autodetected correctly and worked with a blank "Lock 
> Type ="
>
> Not a major problem as I found and fixed it by setting "Lock Type = 
> flock"  but thought it might be of interest.
>
> RHEL3
> sendmail 8.12.x
> perl 5.8.0
> MailScanner 4.68.8

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJEnmEfZZRxQVtlQRAkAUAJwLaFEC9+CuqTxTKRFNAf+rjxxuiwCgmEKA
x30EG1EgUR7y3RSTcCi/OEI=
=Z1pB
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May  9 14:11:43 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 14:12:58 2008
Subject: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
In-Reply-To: <sentfri09may20081313240000ajos1@www.sonicbadger.com>
References: <sentfri09may20081313240000ajos1@www.sonicbadger.com>
Message-ID: <48244D8F.7090205@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ajos1 at onion wrote:
> -
>
> I have upgraded to 4.69 and I am getting these messages....
>
> =========
> /etc/cron.hourly/update_virus_scanners:
>
> /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
> =========
>
> I assume there is a file missing from the mailscanner.rpm ... or am I doing something wrong?
>   
If you have 4.69.9-3 you should have all the relevant files.
Check to make sure you do actually have a vba32-wrapper file. If not, 
then a quick upgrade may be called for.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJE2QEfZZRxQVtlQRAgk/AKDyrTZKxnmEUtNPtlwFBw2uGj7CSgCgw7ea
gGZPCxVYwUEICDT2kSdfmtE=
=WY6R
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Fri May  9 14:21:23 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 14:22:02 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <4824445D.1090401@USherbrooke.ca>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>	<48240602.2000805@ecs.soton.ac.uk>	<48241895.9050009@ecs.soton.ac.uk>
	<4824445D.1090401@USherbrooke.ca>
Message-ID: <48244FD3.4010707@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Denis Beauchemin wrote:
> Julian Field a ?crit :
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Just occurred to me: ClamAV 0.93 is not yet supported by 
>> Mail::ClamAV, ie. the "clamavmodule" virus scanner, which is what 
>> uses this setting. So I won't fix this until I adopt an updated 
>> Mail::ClamAV which works properly with 0.93.
>>
>>   
>
> Julian,
>
> I just checked on Dag's website and he only has ClamAV 0.92.1...  so 
> what installation method do you recommend for clamd?
I would just stick with 0.92.1 until he updates his site.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJE/UEfZZRxQVtlQRAp+CAJ4u7THJPTD7bzGpZXhTYQXYjuv4uQCfftbD
1TS9ohFk1O+73sUWXzr/rJ0=
=Kzyu
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Denis.Beauchemin at USherbrooke.ca  Fri May  9 15:01:03 2008
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Fri May  9 15:01:52 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <48244FD3.4010707@ecs.soton.ac.uk>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>	<48240602.2000805@ecs.soton.ac.uk>	<48241895.9050009@ecs.soton.ac.uk>	<4824445D.1090401@USherbrooke.ca>
	<48244FD3.4010707@ecs.soton.ac.uk>
Message-ID: <4824591F.8020707@USherbrooke.ca>

Julian Field a ?crit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Denis Beauchemin wrote:
>   
>> Julian Field a ?crit :
>>     
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Just occurred to me: ClamAV 0.93 is not yet supported by 
>>> Mail::ClamAV, ie. the "clamavmodule" virus scanner, which is what 
>>> uses this setting. So I won't fix this until I adopt an updated 
>>> Mail::ClamAV which works properly with 0.93.
>>>
>>>   
>>>       
>> Julian,
>>
>> I just checked on Dag's website and he only has ClamAV 0.92.1...  so 
>> what installation method do you recommend for clamd?
>>     
> I would just stick with 0.92.1 until he updates his site.
>
> Jules
>   

OK, thanks.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


From t.d.lee at durham.ac.uk  Fri May  9 15:16:39 2008
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri May  9 15:18:53 2008
Subject: change in behaviour
In-Reply-To: <48243D90.4030206@nerc.ac.uk>
References: <48243D90.4030206@nerc.ac.uk>
Message-ID: <Pine.GSO.4.58.0805091502230.28623@arachne.dur.ac.uk>

On Fri, 9 May 2008, Greg Matthews wrote:

> Installing MailScanner at a customer site on RHEL3 I noticed file
> locking problems. It seems the auto-detecting of required lock type
> (dependent on sendmail version) does not work in 4.68.8.
>
> When I manually set the lock type to flock, the locking problems
> disappeared.
>
> Waaay back on this list there was much discussion about lock type and
> then Julian made MailScanner autodetect the required locking... am I
> misremembering? Anyway, 4.68.8 defaulted to posix whereas the previous
> version (4.50.15) autodetected correctly and worked with a blank "Lock
> Type ="

My own recollection (itself perhaps faulty) of the possible auto-detect
implies that you might be mis-remembering.

I think there were a couple of spates of discussion about the desirability
of autodetect, but I think the outcome was that there was no simple,
sure-fire reliable way for other software (e.g. the MS perl script) to
achieve, without fault, the auto-detection of locking-type in the host's
sendmail.

So I think the state for the last few years has been:
 o  no auto-detect;
 o  default OK for most modern OSes (modern sendmail) for most occasions
    (but not "all OSes for all sendmail versions for all occasions");
 o  still an element of human-checking recommended.

Presumably Julian would welcome a contributed snippet of perl code that
really could reliably auto-detect all sendmail versions on any OS.

(Happy to be contradicted on this...!)


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From gmatt at nerc.ac.uk  Fri May  9 16:28:23 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May  9 16:29:21 2008
Subject: change in behaviour
In-Reply-To: <Pine.GSO.4.58.0805091502230.28623@arachne.dur.ac.uk>
References: <48243D90.4030206@nerc.ac.uk>
	<Pine.GSO.4.58.0805091502230.28623@arachne.dur.ac.uk>
Message-ID: <48246D97.8070700@nerc.ac.uk>

David Lee wrote:
> On Fri, 9 May 2008, Greg Matthews wrote:
>> Waaay back on this list there was much discussion about lock type and
>> then Julian made MailScanner autodetect the required locking... am I
>> misremembering? Anyway, 4.68.8 defaulted to posix whereas the previous
>> version (4.50.15) autodetected correctly and worked with a blank "Lock
>> Type ="
> 
> My own recollection (itself perhaps faulty) of the possible auto-detect
> implies that you might be mis-remembering.

so it seems! just seemed at odd regression from the previously installed 
version.

anyway - thanks for all the feedback.

GREG

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From Neal at Morgan-Systems.com  Fri May  9 16:56:13 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Fri May  9 16:57:20 2008
Subject: Inode Preservation Possible?
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A4A0@server-16.MorganSys.net>

Hi Julian and list!

I've been using MailScanner with ZMailer successfully for some time.
One thing I didn't like was the fact that there was a "disconnect" in
the logs (syslog, mail) between the message ID when received by SMTP,
handed off to MS, taken again by router/scheduler.  This made it very
difficult to diagnose problems with individual messages.

I'll try to keep the background info short.  Zmailer derives a message
ID from the inode and create date.  If I could keep the message in the
same/original file, the logging would stay correct from ZM to MS and
back.

I managed to build on the work of others (Carlos?), added some of my own
scripts to preserve the original inode through copying and cat'ing.  It
works but it's kind of ugly.

So, the question is, would it be possible to make MailScanner do this
for me?  In other words, don't delete the incoming file, instead copy it
to its work area, perform whatever changes are necessary, then put the
altered content BACK into the original file so the inode would be
preserved?   ...finally, and equally important, use a "mv" to put in the
outgoing folder rather than copying.

This isn't a high priority thing, more a feature request.


Many thanks,

Neal Morgan


From MailScanner at ecs.soton.ac.uk  Fri May  9 17:22:48 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May  9 17:24:00 2008
Subject: Inode Preservation Possible?
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A4A0@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A4A0@server-16.MorganSys.net>
Message-ID: <48247A58.30101@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Neal Morgan wrote:
> Hi Julian and list!
>
> I've been using MailScanner with ZMailer successfully for some time.
> One thing I didn't like was the fact that there was a "disconnect" in
> the logs (syslog, mail) between the message ID when received by SMTP,
> handed off to MS, taken again by router/scheduler.  This made it very
> difficult to diagnose problems with individual messages.
>
> I'll try to keep the background info short.  Zmailer derives a message
> ID from the inode and create date.  If I could keep the message in the
> same/original file, the logging would stay correct from ZM to MS and
> back.
>
> I managed to build on the work of others (Carlos?), added some of my own
> scripts to preserve the original inode through copying and cat'ing.  It
> works but it's kind of ugly.
>
> So, the question is, would it be possible to make MailScanner do this
> for me?  In other words, don't delete the incoming file, instead copy it
> to its work area, perform whatever changes are necessary, then put the
> altered content BACK into the original file so the inode would be
> preserved?
And what happens when the power dies or the OS crashes when you are 
half-way through over-writing the content of the original file? I don't 
like this *at all*, sorry.

>    ...finally, and equally important, use a "mv" to put in the
> outgoing folder rather than copying.
>   
I can only mv if I'm not modifying the file.

MailScanner never "owns" a message, as a power outage or crash could 
cause you to lose a message.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIJHpnEfZZRxQVtlQRAlSIAJ9nQkS+xSQl/BJhbJqP40EoJsWQtACg2ZHc
bozRAO4zpCepVH5K45li5bc=
=WUdc
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Fri May  9 18:04:19 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May  9 18:05:11 2008
Subject: Strangeness with HTML formatted emails
In-Reply-To: <9FCB13DDDC5B4B7E9E9ADF3C21627F0B@SUPPORT01V>
References: <9FCB13DDDC5B4B7E9E9ADF3C21627F0B@SUPPORT01V>
Message-ID: <g0205v$cco$3@ger.gmane.org>

on 5-9-2008 3:38 AM Nigel Kendrick spake the following:
> Hi, I'm afraid to say my boss likes the look of HTML stationery in 
> Outlook and despite my best efforts to dissuade him he wants to use it!
>  
> I have created a template and tested it - it looks fine in Googlemail 
> when sent to an external address, but comes back in to me converted to 
> ASCII.
>  
> Strange thing is that we do receive lots of 'pretty' HTML emails from 
> other sources OK, but if I forward these to myself they get ASCIIfied too.
>  
> I am exploring many options, but having tweaked a few settings in 
> Outlook (mail format is HTML) and MailScanner (4.69.8) (Convert 
> Dangerous HTML To Text = no, Convert HTML To Text = no), I cannot get 
> our own stationery-based emails to turn up in one piece.
>  
> I am also playing with an appointment reminders system (OpenEMM) on a 
> separate box that sends HTML templated emails via its own copy of plain 
> old sendmail and these *do* turn up OK in my inbox.
>  
> Any suggestions are welcome (apart from 'shoot the boss' - I'm saving 
> that one for later)!?
>  
> Thanks
>  
> Nigel Kendrick
>  
> 
Could your MUA be set to display in text?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/f3526c4b/signature.bin
From ssilva at sgvwater.com  Fri May  9 18:00:51 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May  9 18:05:23 2008
Subject: Correct setting for ClamAV...
In-Reply-To: <48244FD3.4010707@ecs.soton.ac.uk>
References: <D1587DCF6294524BAFA2C9944312FCC8C7D3ED@city-exch-w3e.cbj.local>	<48240602.2000805@ecs.soton.ac.uk>	<48241895.9050009@ecs.soton.ac.uk>	<4824445D.1090401@USherbrooke.ca>
	<48244FD3.4010707@ecs.soton.ac.uk>
Message-ID: <g01vvf$cco$2@ger.gmane.org>

on 5-9-2008 6:21 AM Julian Field spake the following:
> 
> 
> Denis Beauchemin wrote:
>> Julian Field a ?crit :
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Just occurred to me: ClamAV 0.93 is not yet supported by 
>>> Mail::ClamAV, ie. the "clamavmodule" virus scanner, which is what 
>>> uses this setting. So I won't fix this until I adopt an updated 
>>> Mail::ClamAV which works properly with 0.93.
>>>
>>>   
>> Julian,
> 
>> I just checked on Dag's website and he only has ClamAV 0.92.1...  so 
>> what installation method do you recommend for clamd?
> I would just stick with 0.92.1 until he updates his site.
> 
> Jules
> 
When I was experimenting with clamd, there are sample init scripts in the clam 
tarball that seem to work OK, at least with the CentOS 4 server I experimented 
on. So if someone wants 0.93 and can't wait, there is an option.
-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/1099e54d/signature.bin
From Neal at Morgan-Systems.com  Fri May  9 18:42:48 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Fri May  9 18:44:14 2008
Subject: Inode Preservation Possible?
In-Reply-To: <48247A58.30101@ecs.soton.ac.uk>
References: <7D1CC61717004141A57CA6CA1C8087EC18A4A0@server-16.MorganSys.net>
	<48247A58.30101@ecs.soton.ac.uk>
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A4A1@server-16.MorganSys.net>

Julian Field wrote:
> Neal Morgan wrote:
> > Hi Julian and list!
> >
> > I've been using MailScanner with ZMailer successfully for some time.
> > One thing I didn't like was the fact that there was a "disconnect"
in
> > the logs (syslog, mail) between the message ID when received by
SMTP,
> > handed off to MS, taken again by router/scheduler.  This made it
very
> > difficult to diagnose problems with individual messages.
> >
> > I'll try to keep the background info short.  Zmailer derives a
message
> > ID from the inode and create date.  If I could keep the message in
the
> > same/original file, the logging would stay correct from ZM to MS and
> > back.
> >
> > I managed to build on the work of others (Carlos?), added some of my
own
> > scripts to preserve the original inode through copying and cat'ing.
It
> > works but it's kind of ugly.
> >
> > So, the question is, would it be possible to make MailScanner do
this
> > for me?  In other words, don't delete the incoming file, instead
copy it
> > to its work area, perform whatever changes are necessary, then put
the
> > altered content BACK into the original file so the inode would be
> > preserved?
> And what happens when the power dies or the OS crashes when you are 
> half-way through over-writing the content of the original file? I
don't 
> like this *at all*, sorry.
> 
> >    ...finally, and equally important, use a "mv" to put in the
> > outgoing folder rather than copying.
> >   
> I can only mv if I'm not modifying the file.
> 
> MailScanner never "owns" a message, as a power outage or crash could 
> cause you to lose a message.
> 
> Jules
> 
> 

Thanks for your feedback.

That's a valid concern.  My ugly hack addresses this by keeping the
original and sending a copy to MS.  The original is only touched when I
have a valid match in output from MS.  At this point, the contents of
the original are replaced with the contents of the file from MS.  If
there were a problem I still have the output from MS, so I haven't lost
anything.

What I'm trying to accomplish here is to have a complete audit trail in
syslog as the message moves through the various processes.  It's a real
pain in the neck to troubleshoot if the ID changes when the messages
enters MS and is returned.  

Below is a sample of what I've managed to accomplish with my hack.  (If
you know the message of interest was "S1049805AbYEIRIA" when received by
smtpserver, you can grep for that in syslog).  

I'm just wondering if there is a better way to accomplish this:


10:08:00 smtpserver[21196]: S1049805AbYEIRIA: (9813c) accepted from
s.myserver.org/54957
10:08:15 MailScanner[13776]: ZMMS: (S1049805AbYEIRIA) ID=1049805
OutQueueDir=/var/spool/postoffice/router/D
10:08:15 MailScanner[13776]: ZMMS: (S1049805AbYEIRIA) Creating rename
map: D/1065521 back to D/1049805
10:08:27 router[21264]: ZMMS: (S1049805AbYEIRIA) D/1049805 has been
scanned and is now being routed
10:08:27 router[3594]: S1049805AbYEIRIA:
from=<someaddress@myserver.org>, <snip>
10:08:27 smtp[14101]: S1049805AbYEIRIA: to=<someotheraddress
someaddress@myserver.org>, delay=<snip>
10:08:27 scheduler[3579]: S1049805AbYEIRIA: complete (total 1
recipients, 0 failed)


With the default MS/ZM setup, the "S1049805AbYEIRIA" ID would have
changed at least once, and there would be no way to draw a conclusion
about what its new ID is without manually scanning the order of syslog
recs and trying to interpolate.  (That ID is derived from inode and
create date.  A new file back from MS generates a different ID.)

Thanks again for your feedback.  If you don't have any other suggestions
I guess I'll just keep my hack...


Thanks,

Neal Morgan

From pedro.hoffmann at gmail.com  Fri May  9 23:41:19 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Fri May  9 23:41:55 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <4822957E.3050304@vanderkooij.org>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
	<4822957E.3050304@vanderkooij.org>
Message-ID: <21be6cae0805091541o6bca6887w989b8f7ba747752@mail.gmail.com>

Thanks alll for helping!!

Best wishes
Pedro.


2008/5/7, Hugo van der Kooij <hvdkooij@vanderkooij.org>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Pedro Bordin Hoffmann - [M]orpheus wrote:
> | Hello.
> |
> | I'm using Mailscanner, postfix, and spamassassin.
> |
> | I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
> | but it blocks my e-mail saying that the file exceeds the maximum size.
> | I enter in quarantine and it shows up almost 50MB the file.
> |
> | Why mailscanner changed the size of file?
> | When downloading the file it says the real size.
> |
> | Already try to uencode the message. But file size stay the same. It was
> | a .doc file with a few images on it.
>
> The following article is mandatory reading material:
> http://email.about.com/cs/standards/a/base64_encoding.htm
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>        A: Yes.
>        >Q: Are you sure?
>        >>A: Because it reverses the logical flow of conversation.
>        >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIIpV9BvzDRVjxmYERAvdpAKCNm2b5IGFOxxOkhsEnfwaTOwvJXgCfWKRC
> oXwAQ14x7p32cEwVuRPkXS4=
> =+OH9
> -----END PGP SIGNATURE-----
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/8a692077/attachment.html
From glenn.steen at gmail.com  Sat May 10 00:14:36 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat May 10 00:15:10 2008
Subject: User's home directory /var/spool/postfix is not writable
In-Reply-To: <200805090743.58846.mrebsamen@unimatrix0.ch>
References: <000c01c8b182$c2f65ed0$0a0aa8c0@CWDOMAIN.local>
	<200805090743.58846.mrebsamen@unimatrix0.ch>
Message-ID: <223f97700805091614g1b26262ex45e01d99cfd92e03@mail.gmail.com>

2008/5/9 Marco Rebsamen <mrebsamen@unimatrix0.ch>:
> Am Freitag, 9. Mai 2008 05:14:12 schrieb Glen Prestidge:
>> HI all
>>
>>
>>
>> I am having a problem with my  freebsd 6.2 with Mailscanner + clamav +
>> Spamassin
>>
>> p5-Mail-ClamAV-0.20_3
>> MailScanner-4.67.6_1
>> p5-Mail-SpamAssassin-3.2.4_4
>> postfix-2.5.1_2,1
>>
>> I can not get the mail to be scanned by the mailscanner due to this error
>>
>> May  8 02:14:48 testrig MailScanner[1470]: User's home directory
>> /var/spool/postfix is not writable
> Check the directory Ownership "755" ist not enaugh if it is owned by the wrong
> user.
>
> Also Check the username under which Mailscanner runs...
>
>>
>> I have reinstalled all the packages, chmod 755 on the /var/spool/postfix -
>> still not working, I have attempted to move the postfix dir into /tmp
>> because I read something about the razor agent log causing problems? There
>> isn't a razor log there.
>>
>>
>>
>> I have tried to go back to previous versions of the software but didn't
>> have any luck. This is now occurring on 2 servers.
>>
>>
>>
>> Regards
>>
>>
>>
>> Glen Prestidge
>>
Marco, please define "wrong user" here... To me, the problem Glen is
having sound like normal chroot jail behavior;-).

If so, one way around it all is to create the "missing directories" by
hand and then chowning them from root to the PF user... Likely both a
.razor and .spamassassin directory might be "missing"... Then again...
there are other ways (that should be in the wiki already) around this
type of problem (mainly: explicitly configure a writable path for both
SA and razor:-).

But as Rob so very rightly point out, actual user/owner is key to the solution.
How about it Glen? Could you tell a bit more?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From lists at gmnet.net  Sat May 10 01:43:04 2008
From: lists at gmnet.net (Rick Bragg)
Date: Sat May 10 01:43:45 2008
Subject: MailScanner restart problem.
Message-ID: <1210380185.8225.99.camel@isis>

I'm building a new system, and today I rebooted it and MailScanner did
not come up.

So I started it by hand with the init script, and I got this message:

# /etc/init.d/mailscanner restart
 * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
 is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
Compilation failed in require at /usr/sbin/MailScanner line 80.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.


Does anybody know what might have happened?

I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
modules...

Thanks!
Rick


From malli at mcrirents.com  Sat May 10 03:05:52 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Sat May 10 02:05:48 2008
Subject: MailScanner restart problem.
References: <1210380185.8225.99.camel@isis>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com>


________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
Sent: Fri 5/9/2008 8:43 PM
To: MailScanner discussion
Subject: MailScanner restart problem.


I'm building a new system, and today I rebooted it and MailScanner did
not come up.

So I started it by hand with the init script, and I got this message:

# /etc/init.d/mailscanner restart
 * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
 is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
Compilation failed in require at /usr/sbin/MailScanner line 80.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.


Does anybody know what might have happened?

I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
modules...

Thanks!
Rick


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

 
Hi  Rick,

I've seen this behavior on Ubuntu as well.  The way I got around it was doing the following:


9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)


Edit /etc/rc.local and add the following before the exit line:

mkdir /var/run/MailScanner
mkdir /var/lock/subsys
mkdir /var/lock/subsys/MailScanner
chown -R postfix:www-data /var/run/MailScanner
chown -R postfix:www-data /var/lock/subsys/MailScanner
/etc/init.d/postfix restart
/etc/init.d/mailscanner restart

That should do it for you.

Regards,

Mohammed Alli


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 5497 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/230fdbe8/attachment.bin
From lists at gmnet.net  Sat May 10 02:28:16 2008
From: lists at gmnet.net (Rick Bragg)
Date: Sat May 10 02:29:02 2008
Subject: MailScanner restart problem.
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com>
References: <1210380185.8225.99.camel@isis>
	<3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com>
Message-ID: <1210382896.8225.104.camel@isis>


On Fri, 2008-05-09 at 21:05 -0500, Mohammed Alli wrote:
> ________________________________
> 
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> Sent: Fri 5/9/2008 8:43 PM
> To: MailScanner discussion
> Subject: MailScanner restart problem.
> 
> 
> 
> I'm building a new system, and today I rebooted it and MailScanner did
> not come up.
> 
> So I started it by hand with the init script, and I got this message:
> 
> # /etc/init.d/mailscanner restart
>  * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
>  is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
> BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
> Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> Compilation failed in require at /usr/sbin/MailScanner line 80.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
> 
> 
> Does anybody know what might have happened?
> 
> I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
> modules...
> 
> Thanks!
> Rick
> 
> 
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
>  
> 
> Hi  Rick,
> 
> I've seen this behavior on Ubuntu as well.  The way I got around it was doing the following:
> 
> 
> 9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)
> 
> 
> Edit /etc/rc.local and add the following before the exit line:
> 
> mkdir /var/run/MailScanner
> mkdir /var/lock/subsys
> mkdir /var/lock/subsys/MailScanner
> chown -R postfix:www-data /var/run/MailScanner
> chown -R postfix:www-data /var/lock/subsys/MailScanner
> /etc/init.d/postfix restart
> /etc/init.d/mailscanner restart
> 
> That should do it for you.
> 
> Regards,
> 
> Mohammed Alli
> 
> 

That didn't seem to do it.  I still have the same problem.  also, during
boot, it sail "cannot creat directory `/var/run/MailScanner': File
exists

I am using it with sendmail, clamav, and spamassassin...

Anybody have this same issue?

Thanks
rick
 

From malli at mcrirents.com  Sat May 10 03:40:08 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Sat May 10 02:44:06 2008
Subject: MailScanner restart problem.
References: <1210380185.8225.99.camel@isis><3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com>
	<1210382896.8225.104.camel@isis>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9C5@exchange.computerrents.com>


________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
Sent: Fri 5/9/2008 9:28 PM
To: MailScanner discussion
Subject: RE: MailScanner restart problem.


On Fri, 2008-05-09 at 21:05 -0500, Mohammed Alli wrote:
> ________________________________
>
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> Sent: Fri 5/9/2008 8:43 PM
> To: MailScanner discussion
> Subject: MailScanner restart problem.
>
>
>
> I'm building a new system, and today I rebooted it and MailScanner did
> not come up.
>
> So I started it by hand with the init script, and I got this message:
>
> # /etc/init.d/mailscanner restart
>  * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
>  is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
> BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
> Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> Compilation failed in require at /usr/sbin/MailScanner line 80.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
>
>
> Does anybody know what might have happened?
>
> I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
> modules...
>
> Thanks!
> Rick
>
>
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> 
>
> Hi  Rick,
>
> I've seen this behavior on Ubuntu as well.  The way I got around it was doing the following:
>
>
> 9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)
>
>
> Edit /etc/rc.local and add the following before the exit line:
>
> mkdir /var/run/MailScanner
> mkdir /var/lock/subsys
> mkdir /var/lock/subsys/MailScanner
> chown -R postfix:www-data /var/run/MailScanner
> chown -R postfix:www-data /var/lock/subsys/MailScanner
> /etc/init.d/postfix restart
> /etc/init.d/mailscanner restart
>
> That should do it for you.
>
> Regards,
>
> Mohammed Alli
>
>

That didn't seem to do it.  I still have the same problem.  also, during
boot, it sail "cannot creat directory `/var/run/MailScanner': File
exists

I am using it with sendmail, clamav, and spamassassin...

Anybody have this same issue?

Thanks
rick


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Hey Rick,
 
It looks like it's a missing or broken install of Compress::Zlib installation.  Try apt-get install libcompress-zlib-perl .  Remove what I told you to do and reboot and see what happens.
 
MO


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 7049 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080509/c63c02cb/attachment-0001.bin
From lists at gmnet.net  Sat May 10 04:14:39 2008
From: lists at gmnet.net (Rick Bragg)
Date: Sat May 10 04:15:25 2008
Subject: MailScanner restart problem.
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9C5@exchange.computerrents.com>
References: <1210380185.8225.99.camel@isis>
	<3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com>
	<1210382896.8225.104.camel@isis>
	<3B1A431BDA34C54581BE43253BC1BD9302F9C5@exchange.computerrents.com>
Message-ID: <1210389279.8225.108.camel@isis>

On Fri, 2008-05-09 at 21:40 -0500, Mohammed Alli wrote:
> ________________________________
> 
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> Sent: Fri 5/9/2008 9:28 PM
> To: MailScanner discussion
> Subject: RE: MailScanner restart problem.
> 
> 
> 
> 
> On Fri, 2008-05-09 at 21:05 -0500, Mohammed Alli wrote:
> > ________________________________
> >
> > From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> > Sent: Fri 5/9/2008 8:43 PM
> > To: MailScanner discussion
> > Subject: MailScanner restart problem.
> >
> >
> >
> > I'm building a new system, and today I rebooted it and MailScanner did
> > not come up.
> >
> > So I started it by hand with the init script, and I got this message:
> >
> > # /etc/init.d/mailscanner restart
> >  * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
> >  is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
> > BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
> > Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> > BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> > Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> > BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> > Compilation failed in require at /usr/sbin/MailScanner line 80.
> > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
> >
> >
> > Does anybody know what might have happened?
> >
> > I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
> > modules...
> >
> > Thanks!
> > Rick
> >
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> > 
> >
> > Hi  Rick,
> >
> > I've seen this behavior on Ubuntu as well.  The way I got around it was doing the following:
> >
> >
> > 9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)
> >
> >
> > Edit /etc/rc.local and add the following before the exit line:
> >
> > mkdir /var/run/MailScanner
> > mkdir /var/lock/subsys
> > mkdir /var/lock/subsys/MailScanner
> > chown -R postfix:www-data /var/run/MailScanner
> > chown -R postfix:www-data /var/lock/subsys/MailScanner
> > /etc/init.d/postfix restart
> > /etc/init.d/mailscanner restart
> >
> > That should do it for you.
> >
> > Regards,
> >
> > Mohammed Alli
> >
> >
> 
> That didn't seem to do it.  I still have the same problem.  also, during
> boot, it sail "cannot creat directory `/var/run/MailScanner': File
> exists
> 
> I am using it with sendmail, clamav, and spamassassin...
> 
> Anybody have this same issue?
> 
> Thanks
> rick
> 
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> Hey Rick,
>  
> It looks like it's a missing or broken install of Compress::Zlib installation.  Try apt-get install libcompress-zlib-perl .  Remove what I told you to do and reboot and see what happens.
>  
> MO
> 

OK,
After re-installing a bunch of perl and compression things, and going
into cpan etc... I finally got it to work.

The only lingering problem now, is this:

# apt-get install
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up mailscanner (4.68.8-1) ...
Checking/installing report files ...
invoke-rc.d: initscript mailscanner, action "start" failed.
dpkg: error processing mailscanner (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 mailscanner
E: Sub-process /usr/bin/dpkg returned an error code (1)


It seems that it is half installed, but it works fine.  shat should I do
about it?  I am a bit new to Ubuntu, so any help I can get is greatly
appreciated.

Thanks
rick


From malli at mcrirents.com  Sat May 10 12:32:33 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Sat May 10 11:32:25 2008
Subject: MailScanner restart problem.
References: <1210380185.8225.99.camel@isis><3B1A431BDA34C54581BE43253BC1BD9302F9C4@exchange.computerrents.com><1210382896.8225.104.camel@isis><3B1A431BDA34C54581BE43253BC1BD9302F9C5@exchange.computerrents.com>
	<1210389279.8225.108.camel@isis>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9C8@exchange.computerrents.com>

 
Regards,
 
 
Mohammed Alli
Account Executive
Office: (908) 753-9500 x1140
Cell: (908) 834-5362
Fax: (732) 819-9191
Email: malli@mcrirents.com
Web: www.mcrirents.com
<mailto:malli@mcrirents.com>  

________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
Sent: Fri 5/9/2008 11:14 PM
To: MailScanner discussion
Subject: RE: MailScanner restart problem.


On Fri, 2008-05-09 at 21:40 -0500, Mohammed Alli wrote:
> ________________________________
>
> From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> Sent: Fri 5/9/2008 9:28 PM
> To: MailScanner discussion
> Subject: RE: MailScanner restart problem.
>
>
>
>
> On Fri, 2008-05-09 at 21:05 -0500, Mohammed Alli wrote:
> > ________________________________
> >
> > From: mailscanner-bounces@lists.mailscanner.info on behalf of Rick Bragg
> > Sent: Fri 5/9/2008 8:43 PM
> > To: MailScanner discussion
> > Subject: MailScanner restart problem.
> >
> >
> >
> > I'm building a new system, and today I rebooted it and MailScanner did
> > not come up.
> >
> > So I started it by hand with the init script, and I got this message:
> >
> > # /etc/init.d/mailscanner restart
> >  * Restarting mail spam/virus scanner MailScanner                                                                            No MailScanner found running; none killed.
> >  is only avaliable with the XS version at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9
> > BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Compress/Zlib.pm line 9.
> > Compilation failed in require at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> > BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Archive/Zip.pm line 11.
> > Compilation failed in require at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> > BEGIN failed--compilation aborted at /usr/share/MailScanner//MailScanner/Message.pm line 48.
> > Compilation failed in require at /usr/sbin/MailScanner line 80.
> > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
> >
> >
> > Does anybody know what might have happened?
> >
> > I am using Ubuntu 8.04 server AMD64.  I recently installed a few perl
> > modules...
> >
> > Thanks!
> > Rick
> >
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> >
> > Hi  Rick,
> >
> > I've seen this behavior on Ubuntu as well.  The way I got around it was doing the following:
> >
> >
> > 9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)
> >
> >
> > Edit /etc/rc.local and add the following before the exit line:
> >
> > mkdir /var/run/MailScanner
> > mkdir /var/lock/subsys
> > mkdir /var/lock/subsys/MailScanner
> > chown -R postfix:www-data /var/run/MailScanner
> > chown -R postfix:www-data /var/lock/subsys/MailScanner
> > /etc/init.d/postfix restart
> > /etc/init.d/mailscanner restart
> >
> > That should do it for you.
> >
> > Regards,
> >
> > Mohammed Alli
> >
> >
>
> That didn't seem to do it.  I still have the same problem.  also, during
> boot, it sail "cannot creat directory `/var/run/MailScanner': File
> exists
>
> I am using it with sendmail, clamav, and spamassassin...
>
> Anybody have this same issue?
>
> Thanks
> rick
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> Hey Rick,
> 
> It looks like it's a missing or broken install of Compress::Zlib installation.  Try apt-get install libcompress-zlib-perl .  Remove what I told you to do and reboot and see what happens.
> 
> MO
>

OK,
After re-installing a bunch of perl and compression things, and going
into cpan etc... I finally got it to work.

The only lingering problem now, is this:

# apt-get install
Reading package lists... Done
Building dependency tree      
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up mailscanner (4.68.8-1) ...
Checking/installing report files ...
invoke-rc.d: initscript mailscanner, action "start" failed.
dpkg: error processing mailscanner (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 mailscanner
E: Sub-process /usr/bin/dpkg returned an error code (1)


It seems that it is half installed, but it works fine.  shat should I do
about it?  I am a bit new to Ubuntu, so any help I can get is greatly
appreciated.

Thanks
rick


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Hey Rick,

You can try the following to force install of whatever is missing:

apt-get -f install

If it still doesn't work, do the following:

rm -r /var/cache/apt/archives/dpkg*

apt-get -f install

Regards,

Mohammed Alli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 10417 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080510/d31117ca/attachment.bin
From davejones70 at gmail.com  Sat May 10 13:50:13 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Sat May 10 13:50:47 2008
Subject: Correct setting for ClamAV...
Message-ID: <67a55ed50805100550h3bc7ce68t64c090880371ee1d@mail.gmail.com>

>> I just checked on Dag's website and he only has ClamAV 0.92.1...  so
>> what installation method do you recommend for clamd?
>>
> I would just stick with 0.92.1 until he updates his site.
>

Try using Dag's newer RPMForge site for:

http://dag.wieers.com/rpm/packages/rpmforge-release/

All CentOS servers must have RPMForge!

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080510/8c1acd8e/attachment.html
From bcarruthers at iii.net.au  Mon May 12 01:25:11 2008
From: bcarruthers at iii.net.au (Brett Carruthers)
Date: Mon May 12 01:28:13 2008
Subject: MailWatch Spam Learn / Bayes DB
Message-ID: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>

Hi,

 
I have a few week old install of MailScanner / MailWatch / Scalix on
CentOS 5.1 and my bayes DB is going OK but is still giving me 0% chances
on some spam mail.

 
So I want to train it a bit more so the bayes works even better.

 
What do I have to do to get MailWatch to be able to manually spam/ham
learn on its ?Message Operations? report?

 
Currently, if I try and learn spam it gives me an error about the
message not being in the quarantine eg.

Message m4BK4Wg4005306 not found in quarantine

 
Some settings from MailScanner.conf

--

Quarantine dir = /var/spool/MailScanner/quarantine

Quarantine Infections = yes

Quarantine Whole Messages As Queue Files = yes

Quarantine Whole Message = yes

Spam Actions = store-spam

High Scoring Spam Actions = delete (don?t need to worry about these as
its already learnt these are Spam!)

Non Spam Actions = deliver store header "X-Spam-Status: No"

 
If anyone could lean me in the right direction I would appreciate it
very much!

 
Thanks,

Brett

                                               
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080512/8b07335a/attachment.html
From malli at mcrirents.com  Mon May 12 05:09:21 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Mon May 12 04:13:08 2008
Subject: MailWatch Spam Learn / Bayes DB
References: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9302F9CD@exchange.computerrents.com>


________________________________

From: mailscanner-bounces@lists.mailscanner.info on behalf of Brett Carruthers
Sent: Sun 5/11/2008 8:25 PM
To: mailscanner@lists.mailscanner.info
Subject: MailWatch Spam Learn / Bayes DB


Hi, 

I have a few week old install of MailScanner / MailWatch / Scalix on CentOS 5.1 and my bayes DB is going OK but is still giving me 0% chances on some spam mail. 

So I want to train it a bit more so the bayes works even better. 

What do I have to do to get MailWatch to be able to manually spam/ham learn on its 'Message Operations' report? 

Currently, if I try and learn spam it gives me an error about the message not being in the quarantine eg. 

Message m4BK4Wg4005306 not found in quarantine 

Some settings from MailScanner.conf 

-- 

Quarantine dir = /var/spool/MailScanner/quarantine 

Quarantine Infections = yes 

Quarantine Whole Messages As Queue Files = yes 

Quarantine Whole Message = yes 

Spam Actions = store-spam 

High Scoring Spam Actions = delete (don't need to worry about these as its already learnt these are Spam!) 

Non Spam Actions = deliver store header "X-Spam-Status: No" 

If anyone could lean me in the right direction I would appreciate it very much! 

Thanks, 

Brett 

                                               
Hi Brett,

 
Try the following to fix your message operation error:

9.23 Fix for the Reporting Function in Message Operations

Change the following in /var/www/mailscanner/do_message_ops.php file:

$id = $Regs[1];

to

$id = str_replace("_", ".",$Regs[1]);

Good Luck

Mohammed

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 5540 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080511/bf69d035/attachment.bin
From glenn.steen at gmail.com  Mon May 12 08:47:05 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon May 12 08:47:41 2008
Subject: MailWatch Spam Learn / Bayes DB
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9CD@exchange.computerrents.com>
References: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>
	<3B1A431BDA34C54581BE43253BC1BD9302F9CD@exchange.computerrents.com>
Message-ID: <223f97700805120047p63764918j7204fd805f3f32bb@mail.gmail.com>

2008/5/12 Mohammed Alli <malli@mcrirents.com>:
>
>  ________________________________
>
>  From: mailscanner-bounces@lists.mailscanner.info on behalf of Brett Carruthers
>  Sent: Sun 5/11/2008 8:25 PM
>  To: mailscanner@lists.mailscanner.info
>  Subject: MailWatch Spam Learn / Bayes DB
>
>
>
>
>
>  Hi,
>
>  I have a few week old install of MailScanner / MailWatch / Scalix on CentOS 5.1 and my bayes DB is going OK but is still giving me 0% chances on some spam mail.
>
>  So I want to train it a bit more so the bayes works even better.
>
>  What do I have to do to get MailWatch to be able to manually spam/ham learn on its 'Message Operations' report?
>
>  Currently, if I try and learn spam it gives me an error about the message not being in the quarantine eg.
>
>  Message m4BK4Wg4005306 not found in quarantine
>
>  Some settings from MailScanner.conf
>
>  --
>
>  Quarantine dir = /var/spool/MailScanner/quarantine
>
>  Quarantine Infections = yes
>
>  Quarantine Whole Messages As Queue Files = yes
>
>  Quarantine Whole Message = yes
>
>  Spam Actions = store-spam
>
>  High Scoring Spam Actions = delete (don't need to worry about these as its already learnt these are Spam!)
>
>  Non Spam Actions = deliver store header "X-Spam-Status: No"
>
>  If anyone could lean me in the right direction I would appreciate it very much!
>
>  Thanks,
>
>  Brett
>
>
>
>
>
>  Hi Brett,
>
>
>
>  Try the following to fix your message operation error:
>
>  9.23 Fix for the Reporting Function in Message Operations
>
>  Change the following in /var/www/mailscanner/do_message_ops.php file:
>
>  $id = $Regs[1];
>
>  to
>
>  $id = str_replace("_", ".",$Regs[1]);
>
>  Good Luck
>
>  Mohammed
>
That IS a good fix, provided you use Postfix, which Brett doesn't seem to do.
Much more likely that there simply is nothing in the quarantine to
learn from. There is a simple one-line fix to message_ops.php that
"enhance the SQL to actually check that the message is quarantined
(fix by Dhawal Doshy, go search the MailWatch list archives...)... If
one want to be able to do this at all, one need to include "store" in
the Non Spam Actions ...
Brett, if you look at the details page for the message, do you have
the "learn/release" block at the bottom? I'm pretty certain you don't.

Oh and BTW, this should've gone to the MailWatch list rather than the
MailScanner one... Slightly OT here:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon May 12 08:50:07 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon May 12 08:50:43 2008
Subject: MailWatch Spam Learn / Bayes DB
In-Reply-To: <223f97700805120047p63764918j7204fd805f3f32bb@mail.gmail.com>
References: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>
	<3B1A431BDA34C54581BE43253BC1BD9302F9CD@exchange.computerrents.com>
	<223f97700805120047p63764918j7204fd805f3f32bb@mail.gmail.com>
Message-ID: <223f97700805120050t4bc7e455y170dcd83604e0dee@mail.gmail.com>

2008/5/12 Glenn Steen <glenn.steen@gmail.com>:
> 2008/5/12 Mohammed Alli <malli@mcrirents.com>:
>
>
> >
>  >  ________________________________
>  >
>  >  From: mailscanner-bounces@lists.mailscanner.info on behalf of Brett Carruthers
>  >  Sent: Sun 5/11/2008 8:25 PM
>  >  To: mailscanner@lists.mailscanner.info
>  >  Subject: MailWatch Spam Learn / Bayes DB
>  >
>  >
>  >
>  >
>  >
>  >  Hi,
>  >
>  >  I have a few week old install of MailScanner / MailWatch / Scalix on CentOS 5.1 and my bayes DB is going OK but is still giving me 0% chances on some spam mail.
>  >
>  >  So I want to train it a bit more so the bayes works even better.
>  >
>  >  What do I have to do to get MailWatch to be able to manually spam/ham learn on its 'Message Operations' report?
>  >
>  >  Currently, if I try and learn spam it gives me an error about the message not being in the quarantine eg.
>  >
>  >  Message m4BK4Wg4005306 not found in quarantine
>  >
>  >  Some settings from MailScanner.conf
>  >
>  >  --
>  >
>  >  Quarantine dir = /var/spool/MailScanner/quarantine
>  >
>  >  Quarantine Infections = yes
>  >
>  >  Quarantine Whole Messages As Queue Files = yes
>  >
>  >  Quarantine Whole Message = yes
>  >
>  >  Spam Actions = store-spam
>  >
>  >  High Scoring Spam Actions = delete (don't need to worry about these as its already learnt these are Spam!)
>  >
>  >  Non Spam Actions = deliver store header "X-Spam-Status: No"
>  >
>  >  If anyone could lean me in the right direction I would appreciate it very much!
>  >
>  >  Thanks,
>  >
>  >  Brett
>  >
>  >
>  >
>  >
>  >
>  >  Hi Brett,
>  >
>  >
>  >
>  >  Try the following to fix your message operation error:
>  >
>  >  9.23 Fix for the Reporting Function in Message Operations
>  >
>  >  Change the following in /var/www/mailscanner/do_message_ops.php file:
>  >
>  >  $id = $Regs[1];
>  >
>  >  to
>  >
>  >  $id = str_replace("_", ".",$Regs[1]);
>  >
>  >  Good Luck
>  >
>  >  Mohammed
>  >
>  That IS a good fix, provided you use Postfix, which Brett doesn't seem to do.
>  Much more likely that there simply is nothing in the quarantine to
>  learn from. There is a simple one-line fix to message_ops.php that
>  "enhance the SQL to actually check that the message is quarantined
>  (fix by Dhawal Doshy, go search the MailWatch list archives...)... If
>  one want to be able to do this at all, one need to include "store" in
>  the Non Spam Actions ...
>  Brett, if you look at the details page for the message, do you have
>  the "learn/release" block at the bottom? I'm pretty certain you don't.
>
>  Oh and BTW, this should've gone to the MailWatch list rather than the
>  MailScanner one... Slightly OT here:-).
>
>  Cheers

Oh, sorry... you do have "store" set. Hm. This tyraining, is it from
the MessageOps page, or the details? What happens if you try train
manually? Is the message content "there"? Do you have a
clean_quarantine script in cron, and what have you set the cleani9ng
period to be?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From hvdkooij at vanderkooij.org  Mon May 12 09:04:43 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon May 12 09:05:27 2008
Subject: MailWatch Spam Learn / Bayes DB
In-Reply-To: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>
References: <L49DCB4E7ECDA402780D8B76EEF8C48A3.1210552044.mailserv.iii.net.au@MHS>
Message-ID: <4827FA1B.5030007@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brett Carruthers wrote:

| I have a few week old install of MailScanner / MailWatch / Scalix on
| CentOS 5.1 and my bayes DB is going OK but is still giving me 0% chances
| on some spam mail.

....
| High Scoring Spam Actions = delete (don?t need to worry about these as
| its already learnt these are Spam!)

Right. And if those message are send of with less then Bayes-99 then you
still lost a way to educate your bayesian database.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIJ/oZBvzDRVjxmYERAhwEAJ4y9MaWFZelBF2RDkkTAHMnj51v0wCgleh4
ayOMBPDoiXTnmE4h1kTrY5M=
=4Uul
-----END PGP SIGNATURE-----
From mailscanner at lists.com.ar  Mon May 12 13:07:35 2008
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Mon May 12 13:08:31 2008
Subject: Inode Preservation Possible?
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A4A1@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A4A0@server-16.MorganSys.net>
	<48247A58.30101@ecs.soton.ac.uk>
	<7D1CC61717004141A57CA6CA1C8087EC18A4A1@server-16.MorganSys.net>
Message-ID: <1210594055.13049.18.camel@morticia.pert.com.ar>

Hi, another zmailer user...

nice to see you. 

I wrote (copy/paste/hack) the ZMailer and it's store module

We use a custom log to follow the mails in the differen parts
of the program.

Don't forget that the inodes are constantly reused.


This is how we deal with that (I think we are happy with our solution
there)

First, we build a custom message identifier
with a md5, (that's a patch to Julian MS)
Then we have a custom log hooked 
in "Always Looked Up Last"

That way, when we want to follow a single mail, we
look first for it's md5, and our log, 

We have almost all the data that's usually needed.

If we need more, with some data in that same log,
we could find the conversation in the smtpserver/router/scheduler
part (we also have some custom log in the router)


That logging/md5 part didn't get to the trunk, but it's a trivial one


Saludos
Leonardo Helman
Pert Consultores SRL
Argentina


On Fri, 2008-05-09 at 10:42 -0700, Neal Morgan wrote:
> Julian Field wrote:
> > Neal Morgan wrote:
> > > Hi Julian and list!
> > >
> > > I've been using MailScanner with ZMailer successfully for some time.
> > > One thing I didn't like was the fact that there was a "disconnect"
> in
> > > the logs (syslog, mail) between the message ID when received by
> SMTP,
> > > handed off to MS, taken again by router/scheduler.  This made it
> very
> > > difficult to diagnose problems with individual messages.
> > >
> > > I'll try to keep the background info short.  Zmailer derives a
> message
> > > ID from the inode and create date.  If I could keep the message in
> the
> > > same/original file, the logging would stay correct from ZM to MS and
> > > back.
> > >
> > > I managed to build on the work of others (Carlos?), added some of my
> own
> > > scripts to preserve the original inode through copying and cat'ing.
> It
> > > works but it's kind of ugly.
> > >
> > > So, the question is, would it be possible to make MailScanner do
> this
> > > for me?  In other words, don't delete the incoming file, instead
> copy it
> > > to its work area, perform whatever changes are necessary, then put
> the
> > > altered content BACK into the original file so the inode would be
> > > preserved?
> > And what happens when the power dies or the OS crashes when you are 
> > half-way through over-writing the content of the original file? I
> don't 
> > like this *at all*, sorry.
> > 
> > >    ...finally, and equally important, use a "mv" to put in the
> > > outgoing folder rather than copying.
> > >   
> > I can only mv if I'm not modifying the file.
> > 
> > MailScanner never "owns" a message, as a power outage or crash could 
> > cause you to lose a message.
> > 
> > Jules
> > 
> > 
> 
> Thanks for your feedback.
> 
> That's a valid concern.  My ugly hack addresses this by keeping the
> original and sending a copy to MS.  The original is only touched when I
> have a valid match in output from MS.  At this point, the contents of
> the original are replaced with the contents of the file from MS.  If
> there were a problem I still have the output from MS, so I haven't lost
> anything.
> 
> What I'm trying to accomplish here is to have a complete audit trail in
> syslog as the message moves through the various processes.  It's a real
> pain in the neck to troubleshoot if the ID changes when the messages
> enters MS and is returned.  
> 
> Below is a sample of what I've managed to accomplish with my hack.  (If
> you know the message of interest was "S1049805AbYEIRIA" when received by
> smtpserver, you can grep for that in syslog).  
> 
> I'm just wondering if there is a better way to accomplish this:
> 
> 
> 10:08:00 smtpserver[21196]: S1049805AbYEIRIA: (9813c) accepted from
> s.myserver.org/54957
> 10:08:15 MailScanner[13776]: ZMMS: (S1049805AbYEIRIA) ID=1049805
> OutQueueDir=/var/spool/postoffice/router/D
> 10:08:15 MailScanner[13776]: ZMMS: (S1049805AbYEIRIA) Creating rename
> map: D/1065521 back to D/1049805
> 10:08:27 router[21264]: ZMMS: (S1049805AbYEIRIA) D/1049805 has been
> scanned and is now being routed
> 10:08:27 router[3594]: S1049805AbYEIRIA:
> from=<someaddress@myserver.org>, <snip>
> 10:08:27 smtp[14101]: S1049805AbYEIRIA: to=<someotheraddress
> someaddress@myserver.org>, delay=<snip>
> 10:08:27 scheduler[3579]: S1049805AbYEIRIA: complete (total 1
> recipients, 0 failed)
> 
> 
> With the default MS/ZM setup, the "S1049805AbYEIRIA" ID would have
> changed at least once, and there would be no way to draw a conclusion
> about what its new ID is without manually scanning the order of syslog
> recs and trying to interpolate.  (That ID is derived from inode and
> create date.  A new file back from MS generates a different ID.)
> 
> Thanks again for your feedback.  If you don't have any other suggestions
> I guess I'll just keep my hack...
> 
> 
> Thanks,
> 
> Neal Morgan
> 

From bcarruthers at iii.net.au  Tue May 13 00:14:29 2008
From: bcarruthers at iii.net.au (Brett Carruthers)
Date: Tue May 13 00:17:52 2008
Subject: MailWatch Spam Learn / Bayes DB
In-Reply-To: <223f97700805120050t4bc7e455y170dcd83604e0dee@mail.gmail.com>
Message-ID: <L08D8AFF916BC4fd69CFD2F5C70B21FD8.1210634200.mailserv.iii.net.au@MHS>


-----Original Message-----
From: Glenn Steen [mailto:glenn.steen@gmail.com] 
Sent: Monday, 12 May 2008 5:50 PM
To: MailScanner discussion
Subject: Re: MailWatch Spam Learn / Bayes DB

2008/5/12 Glenn Steen <glenn.steen@gmail.com>:
> 2008/5/12 Mohammed Alli <malli@mcrirents.com>:
>
>
> >
>  >  ________________________________
>  >
>  >  From: mailscanner-bounces@lists.mailscanner.info on behalf of 
Brett Carruthers
>  >  Sent: Sun 5/11/2008 8:25 PM
>  >  To: mailscanner@lists.mailscanner.info
>  >  Subject: MailWatch Spam Learn / Bayes DB
>  >
>  >
>  >
>  >
>  >
>  >  Hi,
>  >
>  >  I have a few week old install of MailScanner / MailWatch / Scalix 
on CentOS 5.1 and my bayes DB is going OK but is still giving me 0% 
chances on some spam mail.
>  >
>  >  So I want to train it a bit more so the bayes works even better.
>  >
>  >  What do I have to do to get MailWatch to be able to manually 
spam/ham learn on its 'Message Operations' report?
>  >
>  >  Currently, if I try and learn spam it gives me an error about the 
message not being in the quarantine eg.
>  >
>  >  Message m4BK4Wg4005306 not found in quarantine
>  >
>  >  Some settings from MailScanner.conf
>  >
>  >  --
>  >
>  >  Quarantine dir = /var/spool/MailScanner/quarantine
>  >
>  >  Quarantine Infections = yes
>  >
>  >  Quarantine Whole Messages As Queue Files = yes
>  >
>  >  Quarantine Whole Message = yes
>  >
>  >  Spam Actions = store-spam
>  >
>  >  High Scoring Spam Actions = delete (don't need to worry about 
these as its already learnt these are Spam!)
>  >
>  >  Non Spam Actions = deliver store header "X-Spam-Status: No"
>  >
>  >  If anyone could lean me in the right direction I would appreciate 
it very much!
>  >
>  >  Thanks,
>  >
>  >  Brett
>  >
>  >
>  >
>  >
>  >
>  >  Hi Brett,
>  >
>  >
>  >
>  >  Try the following to fix your message operation error:
>  >
>  >  9.23 Fix for the Reporting Function in Message Operations
>  >
>  >  Change the following in /var/www/mailscanner/do_message_ops.php 
file:
>  >
>  >  $id = $Regs[1];
>  >
>  >  to
>  >
>  >  $id = str_replace("_", ".",$Regs[1]);
>  >
>  >  Good Luck
>  >
>  >  Mohammed
>  >
>  That IS a good fix, provided you use Postfix, which Brett doesn't 
seem to do.
>  Much more likely that there simply is nothing in the quarantine to
>  learn from. There is a simple one-line fix to message_ops.php that
>  "enhance the SQL to actually check that the message is quarantined
>  (fix by Dhawal Doshy, go search the MailWatch list archives...)... If
>  one want to be able to do this at all, one need to include "store" in
>  the Non Spam Actions ...
>  Brett, if you look at the details page for the message, do you have
>  the "learn/release" block at the bottom? I'm pretty certain you 
don't.
>
>  Oh and BTW, this should've gone to the MailWatch list rather than the
>  MailScanner one... Slightly OT here:-).
>
>  Cheers

Oh, sorry... you do have "store" set. Hm. This tyraining, is it from
the MessageOps page, or the details? What happens if you try train
manually? Is the message content "there"? Do you have a
clean_quarantine script in cron, and what have you set the cleani9ng
period to be?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 

Hi Glen,

Sorry for the topic being OT, I have recognized the problem being 
quarantine related and started at MailScanner... I'll go away and ask 
the MailWatch list if I can confirm my quarantine settings!

I don't seem to see the quarantine messages anymore since I turned off 
'Quarantine Whole Messages As Queue Files' yesterday, before that I 
would get the files in the quarantine albeit with a different queue 
identifier than the SQL logged eg qfm4C5WuYl031783 for queue, SQL wants 
a format of m4CKXUKw031678.

I have been using the 'MessageOps' page in reports and my individual 
message's don't show learn spam/ham. I can't seem to find my messages in 
quarantine unless I have the full queue file logged. I think I need to 
use just the message content if I were to train the bayes engine (not 
the full queue file), can you please confirm if I am right in this 
assumption? I would like to try and train manually but I haven't been 
able to store all my messages...

I have the clean_quarantine script ready to go but don't have it 
currently running...

Thanks for your help,
Brett

From bcarruthers at iii.net.au  Tue May 13 00:15:31 2008
From: bcarruthers at iii.net.au (Brett Carruthers)
Date: Tue May 13 00:18:20 2008
Subject: MailWatch Spam Learn / Bayes DB
In-Reply-To: <4827FA1B.5030007@vanderkooij.org>
Message-ID: <L430B9B1894894690B1A036222F39F905.1210634268.mailserv.iii.net.au@MHS>


-----Original Message-----
From: Hugo van der Kooij [mailto:hvdkooij@vanderkooij.org] 
Sent: Monday, 12 May 2008 6:05 PM
To: MailScanner discussion
Subject: Re: MailWatch Spam Learn / Bayes DB

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brett Carruthers wrote:

| I have a few week old install of MailScanner / MailWatch / Scalix on
| CentOS 5.1 and my bayes DB is going OK but is still giving me 0% 
chances
| on some spam mail.

....
| High Scoring Spam Actions = delete (dont need to worry about these 
as
| its already learnt these are Spam!)

Right. And if those message are send of with less then Bayes-99 then you
still lost a way to educate your bayesian database.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIJ/oZBvzDRVjxmYERAhwEAJ4y9MaWFZelBF2RDkkTAHMnj51v0wCgleh4
ayOMBPDoiXTnmE4h1kTrY5M=
=4Uul
-----END PGP SIGNATURE-----
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

Hugo,

Point taken, once I get things sorted out I will keep the high scoring 
spam to double check as well.

Thanks,
Brett


From bcarruthers at iii.net.au  Tue May 13 06:15:45 2008
From: bcarruthers at iii.net.au (Brett Carruthers)
Date: Tue May 13 06:18:58 2008
Subject: FW: MailWatch Spam Learn / Bayes DB SOLVED
Message-ID: <LC6AE768F9669475888ED057BB33D4C3E.1210655890.mailserv.iii.net.au@MHS>


-----Original Message-----
From: Brett Carruthers 
Sent: Tuesday, 13 May 2008 9:14 AM
To: mailscanner@lists.mailscanner.info
Subject: RE: MailWatch Spam Learn / Bayes DB


-----Original Message-----
From: Glenn Steen [mailto:glenn.steen@gmail.com] 
Sent: Monday, 12 May 2008 5:50 PM
To: MailScanner discussion
Subject: Re: MailWatch Spam Learn / Bayes DB

2008/5/12 Glenn Steen <glenn.steen@gmail.com>:
> 2008/5/12 Mohammed Alli <malli@mcrirents.com>:
>
>
> >
>  >  ________________________________
>  >
>  >  From: mailscanner-bounces@lists.mailscanner.info on behalf of 
Brett Carruthers
>  >  Sent: Sun 5/11/2008 8:25 PM
>  >  To: mailscanner@lists.mailscanner.info
>  >  Subject: MailWatch Spam Learn / Bayes DB
>  >
>  >
>  >
>  >
>  >
>  >  Hi,
>  >
>  >  I have a few week old install of MailScanner / MailWatch / Scalix 
on CentOS 5.1 and my bayes DB is going OK but is still giving me 0% 
chances on some spam mail.
>  >
>  >  So I want to train it a bit more so the bayes works even better.
>  >
>  >  What do I have to do to get MailWatch to be able to manually 
spam/ham learn on its 'Message Operations' report?
>  >
>  >  Currently, if I try and learn spam it gives me an error about the 
message not being in the quarantine eg.
>  >
>  >  Message m4BK4Wg4005306 not found in quarantine
>  >
>  >  Some settings from MailScanner.conf
>  >
>  >  --
>  >
>  >  Quarantine dir = /var/spool/MailScanner/quarantine
>  >
>  >  Quarantine Infections = yes
>  >
>  >  Quarantine Whole Messages As Queue Files = yes
>  >
>  >  Quarantine Whole Message = yes
>  >
>  >  Spam Actions = store-spam
>  >
>  >  High Scoring Spam Actions = delete (don't need to worry about 
these as its already learnt these are Spam!)
>  >
>  >  Non Spam Actions = deliver store header "X-Spam-Status: No"
>  >
>  >  If anyone could lean me in the right direction I would appreciate 
it very much!
>  >
>  >  Thanks,
>  >
>  >  Brett
>  >
>  >
>  >
>  >
>  >
>  >  Hi Brett,
>  >
>  >
>  >
>  >  Try the following to fix your message operation error:
>  >
>  >  9.23 Fix for the Reporting Function in Message Operations
>  >
>  >  Change the following in /var/www/mailscanner/do_message_ops.php 
file:
>  >
>  >  $id = $Regs[1];
>  >
>  >  to
>  >
>  >  $id = str_replace("_", ".",$Regs[1]);
>  >
>  >  Good Luck
>  >
>  >  Mohammed
>  >
>  That IS a good fix, provided you use Postfix, which Brett doesn't 
seem to do.
>  Much more likely that there simply is nothing in the quarantine to
>  learn from. There is a simple one-line fix to message_ops.php that
>  "enhance the SQL to actually check that the message is quarantined
>  (fix by Dhawal Doshy, go search the MailWatch list archives...)... If
>  one want to be able to do this at all, one need to include "store" in
>  the Non Spam Actions ...
>  Brett, if you look at the details page for the message, do you have
>  the "learn/release" block at the bottom? I'm pretty certain you 
don't.
>
>  Oh and BTW, this should've gone to the MailWatch list rather than the
>  MailScanner one... Slightly OT here:-).
>
>  Cheers

Oh, sorry... you do have "store" set. Hm. This tyraining, is it from
the MessageOps page, or the details? What happens if you try train
manually? Is the message content "there"? Do you have a
clean_quarantine script in cron, and what have you set the cleani9ng
period to be?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-- 

Hi Glen,

Sorry for the topic being OT, I have recognized the problem being 
quarantine related and started at MailScanner... I'll go away and ask 
the MailWatch list if I can confirm my quarantine settings!

I don't seem to see the quarantine messages anymore since I turned off 
'Quarantine Whole Messages As Queue Files' yesterday, before that I 
would get the files in the quarantine albeit with a different queue 
identifier than the SQL logged eg qfm4C5WuYl031783 for queue, SQL wants 
a format of m4CKXUKw031678.

I have been using the 'MessageOps' page in reports and my individual 
message's don't show learn spam/ham. I can't seem to find my messages in 

quarantine unless I have the full queue file logged. I think I need to 
use just the message content if I were to train the bayes engine (not 
the full queue file), can you please confirm if I am right in this 
assumption? I would like to try and train manually but I haven't been 
able to store all my messages...

I have the clean_quarantine script ready to go but don't have it 
currently running...

Thanks for your help,
Brett

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


Good news, I solved the problem, it was all to do with permissions on 
the quarantine dirs and the bayes dir. I can now learn and train from 
Mailwatch successfully.

Thanks for your help,
Brett


From glenn.steen at gmail.com  Tue May 13 10:19:05 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Tue May 13 10:19:40 2008
Subject: FW: MailWatch Spam Learn / Bayes DB SOLVED
In-Reply-To: <LC6AE768F9669475888ED057BB33D4C3E.1210655890.mailserv.iii.net.au@MHS>
References: <LC6AE768F9669475888ED057BB33D4C3E.1210655890.mailserv.iii.net.au@MHS>
Message-ID: <223f97700805130219wb9be926x2e3bc5729583408@mail.gmail.com>

2008/5/13 Brett Carruthers <bcarruthers@iii.net.au>:
>
>
>  -----Original Message-----
>  From: Brett Carruthers
>  Sent: Tuesday, 13 May 2008 9:14 AM
>  To: mailscanner@lists.mailscanner.info
>  Subject: RE: MailWatch Spam Learn / Bayes DB
>
>
>
>  -----Original Message-----
>  From: Glenn Steen [mailto:glenn.steen@gmail.com]
>  Sent: Monday, 12 May 2008 5:50 PM
>  To: MailScanner discussion
>  Subject: Re: MailWatch Spam Learn / Bayes DB
>
>  2008/5/12 Glenn Steen <glenn.steen@gmail.com>:
>  > 2008/5/12 Mohammed Alli <malli@mcrirents.com>:
>  >
>  >
>  > >
>  >  >  ________________________________
>  >  >
>  >  >  From: mailscanner-bounces@lists.mailscanner.info on behalf of
>  Brett Carruthers
>  >  >  Sent: Sun 5/11/2008 8:25 PM
>  >  >  To: mailscanner@lists.mailscanner.info
>  >  >  Subject: MailWatch Spam Learn / Bayes DB
>  >  >
>  >  >
>  >  >
>  >  >
>  >  >
>  >  >  Hi,
>  >  >
>  >  >  I have a few week old install of MailScanner / MailWatch / Scalix
>  on CentOS 5.1 and my bayes DB is going OK but is still giving me 0%
>  chances on some spam mail.
>  >  >
>  >  >  So I want to train it a bit more so the bayes works even better.
>  >  >
>  >  >  What do I have to do to get MailWatch to be able to manually
>  spam/ham learn on its 'Message Operations' report?
>  >  >
>  >  >  Currently, if I try and learn spam it gives me an error about the
>  message not being in the quarantine eg.
>  >  >
>  >  >  Message m4BK4Wg4005306 not found in quarantine
>  >  >
>  >  >  Some settings from MailScanner.conf
>  >  >
>  >  >  --
>  >  >
>  >  >  Quarantine dir = /var/spool/MailScanner/quarantine
>  >  >
>  >  >  Quarantine Infections = yes
>  >  >
>  >  >  Quarantine Whole Messages As Queue Files = yes
>  >  >
>  >  >  Quarantine Whole Message = yes
>  >  >
>  >  >  Spam Actions = store-spam
>  >  >
>  >  >  High Scoring Spam Actions = delete (don't need to worry about
>  these as its already learnt these are Spam!)
>  >  >
>  >  >  Non Spam Actions = deliver store header "X-Spam-Status: No"
>  >  >
>  >  >  If anyone could lean me in the right direction I would appreciate
>  it very much!
>  >  >
>  >  >  Thanks,
>  >  >
>  >  >  Brett
>  >  >
>  >  >
>  >  >
>  >  >
>  >  >
>  >  >  Hi Brett,
>  >  >
>  >  >
>  >  >
>  >  >  Try the following to fix your message operation error:
>  >  >
>  >  >  9.23 Fix for the Reporting Function in Message Operations
>  >  >
>  >  >  Change the following in /var/www/mailscanner/do_message_ops.php
>  file:
>  >  >
>  >  >  $id = $Regs[1];
>  >  >
>  >  >  to
>  >  >
>  >  >  $id = str_replace("_", ".",$Regs[1]);
>  >  >
>  >  >  Good Luck
>  >  >
>  >  >  Mohammed
>  >  >
>  >  That IS a good fix, provided you use Postfix, which Brett doesn't
>  seem to do.
>  >  Much more likely that there simply is nothing in the quarantine to
>  >  learn from. There is a simple one-line fix to message_ops.php that
>  >  "enhance the SQL to actually check that the message is quarantined
>  >  (fix by Dhawal Doshy, go search the MailWatch list archives...)... If
>  >  one want to be able to do this at all, one need to include "store" in
>  >  the Non Spam Actions ...
>  >  Brett, if you look at the details page for the message, do you have
>  >  the "learn/release" block at the bottom? I'm pretty certain you
>  don't.
>  >
>  >  Oh and BTW, this should've gone to the MailWatch list rather than the
>  >  MailScanner one... Slightly OT here:-).
>  >
>  >  Cheers
>
>  Oh, sorry... you do have "store" set. Hm. This tyraining, is it from
>  the MessageOps page, or the details? What happens if you try train
>  manually? Is the message content "there"? Do you have a
>  clean_quarantine script in cron, and what have you set the cleani9ng
>  period to be?
>
>  Cheers
>  --
>  -- Glenn
>  email: glenn < dot > steen < at > gmail < dot > com
>  work: glenn < dot > steen < at > ap1 < dot > se
>  --
>
>  Hi Glen,
>
>  Sorry for the topic being OT, I have recognized the problem being
>  quarantine related and started at MailScanner... I'll go away and ask
>  the MailWatch list if I can confirm my quarantine settings!
>
>  I don't seem to see the quarantine messages anymore since I turned off
>  'Quarantine Whole Messages As Queue Files' yesterday, before that I
>  would get the files in the quarantine albeit with a different queue
>  identifier than the SQL logged eg qfm4C5WuYl031783 for queue, SQL wants
>  a format of m4CKXUKw031678.
That is the queue file, which is what you get from having the wrong
setting in MailScanner.conf ... You should have a file called
"message" in there (for the virus quarantine...), which contain the
RFC822 message (the whole message, less the envelope info... which is
fine, since you have that in the database). In the non-spam and spam
quarantine you should have files named as the queue ID, containg the
same thing (the plain text RFC822 message).
MailWatch depends on this.

>  I have been using the 'MessageOps' page in reports and my individual
>  message's don't show learn spam/ham. I can't seem to find my messages in
>
>  quarantine unless I have the full queue file logged. I think I need to
No, this is likely completely backwards:-). Likely due to your
permission issue (see the MW list post(s)).

>  use just the message content if I were to train the bayes engine (not
>  the full queue file), can you please confirm if I am right in this
>  assumption? I would like to try and train manually but I haven't been
>  able to store all my messages...
>
>  I have the clean_quarantine script ready to go but don't have it
>  currently running...
>
>  Thanks for your help,
>  Brett
>
>  --
>  MailScanner mailing list
>  mailscanner@lists.mailscanner.info
>  http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>  Before posting, read http://wiki.mailscanner.info/posting
>
>  Support MailScanner development - buy the book off the website!
>
>
>
>  Good news, I solved the problem, it was all to do with permissions on
>  the quarantine dirs and the bayes dir. I can now learn and train from
>  Mailwatch successfully.

And likely have reset the quarantine as queue files setting to "no"?


>  Thanks for your help,
>  Brett
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From telecaadmin at gmail.com  Tue May 13 11:12:15 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Tue May 13 11:13:29 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <48218415.61A4.0000.0@caspercollege.edu>
References: <482182550200000000028138@gw.caspercollege.edu>	<482182C5020000000002813A@gw.caspercollege.edu>	<482182D4020000000002813C@gw.caspercollege.edu>	<482182EB020000000002813E@gw.caspercollege.edu>	<4821831C0200000000028140@gw.caspercollege.edu>	<4821837F0200000000028142@gw.caspercollege.edu>	<482184160200000000028145@gw.caspercollege.edu>
	<48218415.61A4.0000.0@caspercollege.edu>
Message-ID: <4829697F.1010502@gmail.com>

> Backscatter is becoming a real nuisance here. Can I stop it with
> MailScanner? I did a "backscatter" search on the MS wiki but that
> yielded nothing. How are all of you dealing with backscatter?

How about taking the easier way and simply reconfigure your front-end
and back-end servers to not accept any unknown recipients?

For Postfix, simply add LDAP queries (I can help you with them, if you
are e.g. using AD) - a matter of 5 minutes.
For Sendmail I've been told it's also relatively easy ;)

For Exchange, this is just one click away (google helps here).

Cheers,
Ronny

From jan-peter at koopmann.eu  Tue May 13 11:48:24 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Tue May 13 11:49:38 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>
References: <482182550200000000028138@gw.caspercollege.edu>	<482182C5020000000002813A@gw.caspercollege.edu>	<482182D4020000000002813C@gw.caspercollege.edu>	<482182EB020000000002813E@gw.caspercollege.edu>	<4821831C0200000000028140@gw.caspercollege.edu>	<4821837F0200000000028142@gw.caspercollege.edu>	<482184160200000000028145@gw.caspercollege.edu><48218415.61A4.0000.0@caspercollege.edu>
	<EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>
Message-ID: <EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>

Hi Ronny,

> How about taking the easier way and simply reconfigure your front-end
> and back-end servers to not accept any unknown recipients?

I agree this is a valid and very important step. However it will not
prevent backscatter. If a spammer is using a legitimate e-mail address
from his system and then sends a million mails, this poor fellow in
Daniel's company will receive quite a lot bounces, NDRs etc.

To answer Daniel's original question: Yes, watermarking should stop most
(if not all) backscatter that is out there. There are commercial
programs out there as well (e.g. BarricadeMX) that use a very nifty
E-Mail watermarking system as well. Give them a try. It is worth it.

Regards,
  JP
From tgc at statsbiblioteket.dk  Tue May 13 12:41:30 2008
From: tgc at statsbiblioteket.dk (Tom G. Christensen)
Date: Tue May 13 12:42:04 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>
References: <482182550200000000028138@gw.caspercollege.edu>
	<482182C5020000000002813A@gw.caspercollege.edu>
	<482182D4020000000002813C@gw.caspercollege.edu>
	<482182EB020000000002813E@gw.caspercollege.edu>
	<4821831C0200000000028140@gw.caspercollege.edu>
	<4821837F0200000000028142@gw.caspercollege.edu>
	<482184160200000000028145@gw.caspercollege.edu>
	<48218415.61A4.0000.0@caspercollege.edu>
	<EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>
	<EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <48297E6A.6020206@statsbiblioteket.dk>

Koopmann, Jan-Peter wrote:
> To answer Daniel's original question: Yes, watermarking should stop most
> (if not all) backscatter that is out there. There are commercial
> programs out there as well (e.g. BarricadeMX) that use a very nifty
> E-Mail watermarking system as well. Give them a try. It is worth it.
> 
Stupid question perhaps, but how will it handle this case:
example.com enables watermarking using MailScanner
userA has emailaddress userA@example.com
On his homepc he configures his mail program to use userA@example.com as 
the From adress.
When he sends mail from home he uses his ISP smarthost and not the 
mailsystem at example.com
What happens when mail sent this way is bounced somewhere on the way?

-tgc
From J.Ede at birchenallhowden.co.uk  Tue May 13 12:59:07 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Tue May 13 13:00:30 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <48297E6A.6020206@statsbiblioteket.dk>
References: <482182550200000000028138@gw.caspercollege.edu>
	<482182C5020000000002813A@gw.caspercollege.edu>
	<482182D4020000000002813C@gw.caspercollege.edu>
	<482182EB020000000002813E@gw.caspercollege.edu>
	<4821831C0200000000028140@gw.caspercollege.edu>
	<4821837F0200000000028142@gw.caspercollege.edu>
	<482184160200000000028145@gw.caspercollege.edu>
	<48218415.61A4.0000.0@caspercollege.edu>
	<EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>
	<EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>,
	<48297E6A.6020206@statsbiblioteket.dk>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BDFD@server02.bhl.local>

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen [tgc@statsbiblioteket.dk]
Sent: 13 May 2008 12:41
To: MailScanner discussion
Subject: Re: Will Watermarking Stop Backscatter?

Koopmann, Jan-Peter wrote:
> To answer Daniel's original question: Yes, watermarking should stop most
> (if not all) backscatter that is out there. There are commercial
> programs out there as well (e.g. BarricadeMX) that use a very nifty
> E-Mail watermarking system as well. Give them a try. It is worth it.
>
Stupid question perhaps, but how will it handle this case:
example.com enables watermarking using MailScanner
userA has emailaddress userA@example.com
On his homepc he configures his mail program to use userA@example.com as
the From adress.
When he sends mail from home he uses his ISP smarthost and not the
mailsystem at example.com
What happens when mail sent this way is bounced somewhere on the way?

-tgc


Why not just give that user authenticated outgoing smtp?

Jason
From martinh at solidstatelogic.com  Tue May 13 13:15:26 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue May 13 13:16:16 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <48297E6A.6020206@statsbiblioteket.dk>
Message-ID: <cce501e3c362d64bbdf10d65710cfa54@solidstatelogic.com>

Tom

It won't and if you use SPF it will give a spam result as well.

Email 'should' flow the SMTP gateway for that domain.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen
> Sent: 13 May 2008 12:42
> To: MailScanner discussion
> Subject: Re: Will Watermarking Stop Backscatter?
>
> Koopmann, Jan-Peter wrote:
> > To answer Daniel's original question: Yes, watermarking should stop most
> > (if not all) backscatter that is out there. There are commercial
> > programs out there as well (e.g. BarricadeMX) that use a very nifty
> > E-Mail watermarking system as well. Give them a try. It is worth it.
> >
> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com
> On his homepc he configures his mail program to use userA@example.com as
> the From adress.
> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com
> What happens when mail sent this way is bounced somewhere on the way?
>
> -tgc
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From tgc at statsbiblioteket.dk  Tue May 13 13:52:13 2008
From: tgc at statsbiblioteket.dk (Tom G. Christensen)
Date: Tue May 13 13:52:47 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BDFD@server02.bhl.local>
References: <482182550200000000028138@gw.caspercollege.edu>
	<482182C5020000000002813A@gw.caspercollege.edu>
	<482182D4020000000002813C@gw.caspercollege.edu>
	<482182EB020000000002813E@gw.caspercollege.edu>
	<4821831C0200000000028140@gw.caspercollege.edu>
	<4821837F0200000000028142@gw.caspercollege.edu>
	<482184160200000000028145@gw.caspercollege.edu>
	<48218415.61A4.0000.0@caspercollege.edu>
	<EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>
	<EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>
	<48297E6A.6020206@statsbiblioteket.dk>
	<4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BDFD@server02.bhl.local>
Message-ID: <48298EFD.8020803@statsbiblioteket.dk>

Jason Ede wrote:
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen [tgc@statsbiblioteket.dk]
> Sent: 13 May 2008 12:41
> To: MailScanner discussion
> Subject: Re: Will Watermarking Stop Backscatter?
> 
> Koopmann, Jan-Peter wrote:
>> To answer Daniel's original question: Yes, watermarking should stop most
>> (if not all) backscatter that is out there. There are commercial
>> programs out there as well (e.g. BarricadeMX) that use a very nifty
>> E-Mail watermarking system as well. Give them a try. It is worth it.
>>
> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com
> On his homepc he configures his mail program to use userA@example.com as
> the From adress.
> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com
> What happens when mail sent this way is bounced somewhere on the way?
> 
> -tgc
> 
> 
> Why not just give that user authenticated outgoing smtp?
> 
Let's say for arguments sake that this is not an option.

My guess would be that example.com rejects the bounce but I'd like a 
second opinion.

-tgc
From tgc at statsbiblioteket.dk  Tue May 13 14:10:42 2008
From: tgc at statsbiblioteket.dk (Tom G. Christensen)
Date: Tue May 13 14:11:17 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <cce501e3c362d64bbdf10d65710cfa54@solidstatelogic.com>
References: <cce501e3c362d64bbdf10d65710cfa54@solidstatelogic.com>
Message-ID: <48299352.7080404@statsbiblioteket.dk>

Martin.Hepworth wrote:
> Tom
> 
> It won't and if you use SPF it will give a spam result as well.
> 
I assume what you're saying is that example.com won't accept the bounce, 
that is pretty much what I expected.

> Email 'should' flow the SMTP gateway for that domain.
> 
Yes I suppose. Damn spammers :(

-tgc

>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen
>> Sent: 13 May 2008 12:42
>> To: MailScanner discussion
>> Subject: Re: Will Watermarking Stop Backscatter?
>>
>> Koopmann, Jan-Peter wrote:
>>> To answer Daniel's original question: Yes, watermarking should stop most
>>> (if not all) backscatter that is out there. There are commercial
>>> programs out there as well (e.g. BarricadeMX) that use a very nifty
>>> E-Mail watermarking system as well. Give them a try. It is worth it.
>>>
>> Stupid question perhaps, but how will it handle this case:
>> example.com enables watermarking using MailScanner
>> userA has emailaddress userA@example.com
>> On his homepc he configures his mail program to use userA@example.com as
>> the From adress.
>> When he sends mail from home he uses his ISP smarthost and not the
>> mailsystem at example.com
>> What happens when mail sent this way is bounced somewhere on the way?
>>
>> -tgc
From jan-peter at koopmann.eu  Tue May 13 14:55:13 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Tue May 13 14:56:16 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <EMEW-k4CF6cd7c55877068c168f2e5abe300abe7f82-48298EFD.8020803@statsbiblioteket.dk>
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu><48218415.61A4.0000.0@caspercollege.edu><EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com><EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de><48297E6A.6020206@statsbiblioteket.dk><4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BDFD@server02.bhl.local>
	<EMEW-k4CF6cd7c55877068c168f2e5abe300abe7f82-48298EFD.8020803@statsbiblioteket.dk>
Message-ID: <EMEW-k4CFyY241028f04ee716e32fbd14ecd13b10e6-5F9EB2B0731E5B4D88FC20780DFD161029C80A@DE-SEXB01RZ.intern.seceidos.de>

> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com

> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com

Bad idea.

> What happens when mail sent this way is bounced somewhere on the way?

The bounce will be rejected by the MailScanner system of example.com.

> My guess would be that example.com rejects the bounce but I'd like a 
> second opinion.

Correct.
From davidj at bytesinteractive.com  Tue May 13 16:42:17 2008
From: davidj at bytesinteractive.com (David Jourard)
Date: Tue May 13 16:42:54 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <4829697F.1010502@gmail.com>
References: <482182550200000000028138@gw.caspercollege.edu>	<482182C5020000000002813A@gw.caspercollege.edu>	<482182D4020000000002813C@gw.caspercollege.edu>	<482182EB020000000002813E@gw.caspercollege.edu>	<4821831C0200000000028140@gw.caspercollege.edu>	<4821837F0200000000028142@gw.caspercollege.edu>	<482184160200000000028145@gw.caspercollege.edu>	<48218415.61A4.0000.0@caspercollege.edu>
	<4829697F.1010502@gmail.com>
Message-ID: <4829B6D9.2040002@bytesinteractive.com>

Ronny T. Lampert wrote:
>> Backscatter is becoming a real nuisance here. Can I stop it with
>> MailScanner? I did a "backscatter" search on the MS wiki but that
>> yielded nothing. How are all of you dealing with backscatter?
>
> How about taking the easier way and simply reconfigure your front-end
> and back-end servers to not accept any unknown recipients?
>
> For Postfix, simply add LDAP queries (I can help you with them, if you
> are e.g. using AD) - a matter of 5 minutes.
> For Sendmail I've been told it's also relatively easy ;)
I have one client  getting lots of NDRs. 

I want to stop all NDR email just for her email address.

Anyone know how to do this with sendmail or where I can find out.

Thanks in advance.
David J.
From hvdkooij at vanderkooij.org  Tue May 13 17:39:39 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue May 13 17:40:23 2008
Subject: Will Watermarking Stop Backscatter?
In-Reply-To: <48297E6A.6020206@statsbiblioteket.dk>
References: <482182550200000000028138@gw.caspercollege.edu>	<482182C5020000000002813A@gw.caspercollege.edu>	<482182D4020000000002813C@gw.caspercollege.edu>	<482182EB020000000002813E@gw.caspercollege.edu>	<4821831C0200000000028140@gw.caspercollege.edu>	<4821837F0200000000028142@gw.caspercollege.edu>	<482184160200000000028145@gw.caspercollege.edu>	<48218415.61A4.0000.0@caspercollege.edu>	<EMEW-k4CCMd8498ed6ec8f949432b1b717d475ce4a1-4829697F.1010502@gmail.com>	<EMEW-k4CCmcbc921fa4811865b42772a8503ca33e2b-5F9EB2B0731E5B4D88FC20780DFD161029C7F6@DE-SEXB01RZ.intern.seceidos.de>
	<48297E6A.6020206@statsbiblioteket.dk>
Message-ID: <4829C44B.6050404@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom G. Christensen wrote:
| Koopmann, Jan-Peter wrote:
|> To answer Daniel's original question: Yes, watermarking should stop most
|> (if not all) backscatter that is out there. There are commercial
|> programs out there as well (e.g. BarricadeMX) that use a very nifty
|> E-Mail watermarking system as well. Give them a try. It is worth it.
|>
| Stupid question perhaps, but how will it handle this case:
| example.com enables watermarking using MailScanner
| userA has emailaddress userA@example.com
| On his homepc he configures his mail program to use userA@example.com as
| the From adress.
| When he sends mail from home he uses his ISP smarthost and not the
| mailsystem at example.com
| What happens when mail sent this way is bounced somewhere on the way?

It will be dumped. The problem is that you shouldn't allow people to do
this to begin with. People may think it is not flexible but it is that
darn "I don't care if is wrong just do it"mentality that is allow so
much spam.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIKcRIBvzDRVjxmYERAtYlAJ97sRUKUxB8QWjRbCupi3oIiKY/8gCfYpXR
TOHFdR06L6Lpru9j00D/oes=
=s5JX
-----END PGP SIGNATURE-----
From telecaadmin at gmail.com  Wed May 14 12:22:12 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Wed May 14 12:23:23 2008
Subject: HOLD mail for certain recipients and do not process by MS
Message-ID: <482ACB64.7010801@gmail.com>

Hi,

I'm in need of a very dirty hack (don't ask).
I'm using postfix + MailScanner with the HOLD method for all incoming mail.

Now I need to HOLD some recipients indefinately and NOT process them by
MS at all. The queue files must sit around and nothing should be
done to them.


The 2 alternatives I see:

1) Can postfix be instructed to have another queue created (with
behaviour as the hold queue, but with name "locked") where I can direct
recipients to in their original queue file form?

I was thinking of setting up a seperate postfix method (in master.cf)
that will take care of those, but I'm a bit lost if that's even possible 
despite of all the special docs I have.


2) Can MailScanner be instructed to MOVE certain recipients as whole
queue files to some directory?

I was thinking of the Archive Mail functionality, but a quick test with 
a rule didn't succeed.

$> mkdir /var/spool/MailScanner/LOCKED && chown postfix:postfix $_

In MailScanner.conf:

Archive Mail = %rules-dir%/archive.conf

/etc/MailScanner/rules/archive.conf:

To:	holdme@domain.com	/var/spool/MailScanner/LOCKED


Thanks,
Ronny
From rick at duvals.ca  Wed May 14 18:13:58 2008
From: rick at duvals.ca (Rick Duval)
Date: Wed May 14 18:14:36 2008
Subject: accessing message variables in a custom funciton
Message-ID: <4baa40ce0805141013t3972973fv24855b97dda05b3b@mail.gmail.com>

I'm writing a custom function and am trying to access the variable that are
shown at the top of Message.pm (per jules instructions).

Problem is that when I run a line like:

my $rickfrom = $message->{from};

I don't get anything back in the $rickfrom, it's empty.

I admit I'm not that experienced with Perl in general but can somebody point
me in the right direction for accessing those vars?

Also, is there any one var that will just give me the first clean "to"
address without and <>, etc.

Thanks

Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080514/83d7f304/attachment.html
From jplorier at montecarlotv.com.uy  Wed May 14 18:18:57 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Wed May 14 18:24:29 2008
Subject: New way of spam?
In-Reply-To: <200805141105.m4EB0mGq019921@safir.blacknight.ie>
Message-ID: <L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>

Hi everybody,

It's the second time in a month that a user get bombarded with tons of 
spam comming from bouncings. They put the users mail account in the From 
so when the mail server replies that the user doesn't exist it get to 
the real user account. As the sending server is legal, the mails get 
trough mailscanner.
Anyone knows a way to stop this?.
Thanks,

Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444


-----Mensaje original-----
De: mailscanner-request@lists.mailscanner.info 
[mailto:mailscanner-request@lists.mailscanner.info] 
Enviado el: Mi?rcoles, 14 de Mayo de 2008 08:06 a.m.
Para: mailscanner@lists.mailscanner.info
Asunto: MailScanner Digest, Vol 29, Issue 19

Send MailScanner mailing list submissions to
	mailscanner@lists.mailscanner.info

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
or, via email, send a message with subject or body 'help' to
	mailscanner-request@lists.mailscanner.info

You can reach the person managing the list at
	mailscanner-owner@lists.mailscanner.info

When replying, please edit your Subject line so it is more specific
than "Re: Contents of MailScanner digest..."


Today's Topics:

   1. Re: Will Watermarking Stop Backscatter? (Tom G. Christensen)
   2. RE: Will Watermarking Stop Backscatter? (Jason Ede)
   3. RE: Will Watermarking Stop Backscatter? (Martin.Hepworth)
   4. Re: Will Watermarking Stop Backscatter? (Tom G. Christensen)
   5. Re: Will Watermarking Stop Backscatter? (Tom G. Christensen)
   6. RE: Will Watermarking Stop Backscatter? (Koopmann, Jan-Peter)
   7. Re: Will Watermarking Stop Backscatter? (David Jourard)
   8. Re: Will Watermarking Stop Backscatter? (Hugo van der Kooij)


----------------------------------------------------------------------

Message: 1
Date: Tue, 13 May 2008 13:41:30 +0200
From: "Tom G. Christensen" <tgc@statsbiblioteket.dk>
Subject: Re: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <48297E6A.6020206@statsbiblioteket.dk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Koopmann, Jan-Peter wrote:
> To answer Daniel's original question: Yes, watermarking should stop 
most
> (if not all) backscatter that is out there. There are commercial
> programs out there as well (e.g. BarricadeMX) that use a very nifty
> E-Mail watermarking system as well. Give them a try. It is worth it.
> 
Stupid question perhaps, but how will it handle this case:
example.com enables watermarking using MailScanner
userA has emailaddress userA@example.com
On his homepc he configures his mail program to use userA@example.com as 

the From adress.
When he sends mail from home he uses his ISP smarthost and not the 
mailsystem at example.com
What happens when mail sent this way is bounced somewhere on the way?

-tgc


------------------------------

Message: 2
Date: Tue, 13 May 2008 12:59:07 +0100
From: Jason Ede <J.Ede@birchenallhowden.co.uk>
Subject: RE: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID:
	<4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BDFD@server02.bhl.local>
Content-Type: text/plain; charset="us-ascii"

________________________________________
From: mailscanner-bounces@lists.mailscanner.info 
[mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tom G. 
Christensen [tgc@statsbiblioteket.dk]
Sent: 13 May 2008 12:41
To: MailScanner discussion
Subject: Re: Will Watermarking Stop Backscatter?

Koopmann, Jan-Peter wrote:
> To answer Daniel's original question: Yes, watermarking should stop 
most
> (if not all) backscatter that is out there. There are commercial
> programs out there as well (e.g. BarricadeMX) that use a very nifty
> E-Mail watermarking system as well. Give them a try. It is worth it.
>
Stupid question perhaps, but how will it handle this case:
example.com enables watermarking using MailScanner
userA has emailaddress userA@example.com
On his homepc he configures his mail program to use userA@example.com as
the From adress.
When he sends mail from home he uses his ISP smarthost and not the
mailsystem at example.com
What happens when mail sent this way is bounced somewhere on the way?

-tgc


Why not just give that user authenticated outgoing smtp?

Jason


------------------------------

Message: 3
Date: Tue, 13 May 2008 13:15:26 +0100
From: "Martin.Hepworth" <martinh@solidstatelogic.com>
Subject: RE: Will Watermarking Stop Backscatter?
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Message-ID: <cce501e3c362d64bbdf10d65710cfa54@solidstatelogic.com>
Content-Type: text/plain;	charset="us-ascii"

Tom

It won't and if you use SPF it will give a spam result as well.

Email 'should' flow the SMTP gateway for that domain.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen
> Sent: 13 May 2008 12:42
> To: MailScanner discussion
> Subject: Re: Will Watermarking Stop Backscatter?
>
> Koopmann, Jan-Peter wrote:
> > To answer Daniel's original question: Yes, watermarking should stop 
most
> > (if not all) backscatter that is out there. There are commercial
> > programs out there as well (e.g. BarricadeMX) that use a very nifty
> > E-Mail watermarking system as well. Give them a try. It is worth it.
> >
> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com
> On his homepc he configures his mail program to use userA@example.com 
as
> the From adress.
> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com
> What happens when mail sent this way is bounced somewhere on the way?
>
> -tgc
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************


------------------------------

Message: 4
Date: Tue, 13 May 2008 14:52:13 +0200
From: "Tom G. Christensen" <tgc@statsbiblioteket.dk>
Subject: Re: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <48298EFD.8020803@statsbiblioteket.dk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Jason Ede wrote:
> ________________________________________
> From: mailscanner-bounces@lists.mailscanner.info 
[mailscanner-bounces@lists.mailscanner.info] On Behalf Of Tom G. 
Christensen [tgc@statsbiblioteket.dk]
> Sent: 13 May 2008 12:41
> To: MailScanner discussion
> Subject: Re: Will Watermarking Stop Backscatter?
> 
> Koopmann, Jan-Peter wrote:
>> To answer Daniel's original question: Yes, watermarking should stop 
most
>> (if not all) backscatter that is out there. There are commercial
>> programs out there as well (e.g. BarricadeMX) that use a very nifty
>> E-Mail watermarking system as well. Give them a try. It is worth it.
>>
> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com
> On his homepc he configures his mail program to use userA@example.com 
as
> the From adress.
> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com
> What happens when mail sent this way is bounced somewhere on the way?
> 
> -tgc
> 
> 
> Why not just give that user authenticated outgoing smtp?
> 
Let's say for arguments sake that this is not an option.

My guess would be that example.com rejects the bounce but I'd like a 
second opinion.

-tgc


------------------------------

Message: 5
Date: Tue, 13 May 2008 15:10:42 +0200
From: "Tom G. Christensen" <tgc@statsbiblioteket.dk>
Subject: Re: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <48299352.7080404@statsbiblioteket.dk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Martin.Hepworth wrote:
> Tom
> 
> It won't and if you use SPF it will give a spam result as well.
> 
I assume what you're saying is that example.com won't accept the bounce, 

that is pretty much what I expected.

> Email 'should' flow the SMTP gateway for that domain.
> 
Yes I suppose. Damn spammers :(

-tgc

>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Tom G. Christensen
>> Sent: 13 May 2008 12:42
>> To: MailScanner discussion
>> Subject: Re: Will Watermarking Stop Backscatter?
>>
>> Koopmann, Jan-Peter wrote:
>>> To answer Daniel's original question: Yes, watermarking should stop 
most
>>> (if not all) backscatter that is out there. There are commercial
>>> programs out there as well (e.g. BarricadeMX) that use a very nifty
>>> E-Mail watermarking system as well. Give them a try. It is worth it.
>>>
>> Stupid question perhaps, but how will it handle this case:
>> example.com enables watermarking using MailScanner
>> userA has emailaddress userA@example.com
>> On his homepc he configures his mail program to use userA@example.com 
as
>> the From adress.
>> When he sends mail from home he uses his ISP smarthost and not the
>> mailsystem at example.com
>> What happens when mail sent this way is bounced somewhere on the way?
>>
>> -tgc


------------------------------

Message: 6
Date: Tue, 13 May 2008 15:55:13 +0200
From: "Koopmann, Jan-Peter" <jan-peter@koopmann.eu>
Subject: RE: Will Watermarking Stop Backscatter?
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Message-ID:
	<EMEW-k4CFyY241028f04ee716e32fbd14ecd13b10e6-5F9EB2B0731E5B4D88FC20
780DFD161029C80A@DE-SEXB01RZ.intern.seceidos.de>
	
Content-Type: text/plain;	charset="US-ASCII"

> Stupid question perhaps, but how will it handle this case:
> example.com enables watermarking using MailScanner
> userA has emailaddress userA@example.com

> When he sends mail from home he uses his ISP smarthost and not the
> mailsystem at example.com

Bad idea.

> What happens when mail sent this way is bounced somewhere on the way?

The bounce will be rejected by the MailScanner system of example.com.

> My guess would be that example.com rejects the bounce but I'd like a 
> second opinion.

Correct.


------------------------------

Message: 7
Date: Tue, 13 May 2008 11:42:17 -0400
From: David Jourard <davidj@bytesinteractive.com>
Subject: Re: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <4829B6D9.2040002@bytesinteractive.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Ronny T. Lampert wrote:
>> Backscatter is becoming a real nuisance here. Can I stop it with
>> MailScanner? I did a "backscatter" search on the MS wiki but that
>> yielded nothing. How are all of you dealing with backscatter?
>
> How about taking the easier way and simply reconfigure your front-end
> and back-end servers to not accept any unknown recipients?
>
> For Postfix, simply add LDAP queries (I can help you with them, if you
> are e.g. using AD) - a matter of 5 minutes.
> For Sendmail I've been told it's also relatively easy ;)
I have one client  getting lots of NDRs. 

I want to stop all NDR email just for her email address.

Anyone know how to do this with sendmail or where I can find out.

Thanks in advance.
David J.


------------------------------

Message: 8
Date: Tue, 13 May 2008 18:39:39 +0200
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
Subject: Re: Will Watermarking Stop Backscatter?
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Message-ID: <4829C44B.6050404@vanderkooij.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom G. Christensen wrote:
| Koopmann, Jan-Peter wrote:
|> To answer Daniel's original question: Yes, watermarking should stop 
most
|> (if not all) backscatter that is out there. There are commercial
|> programs out there as well (e.g. BarricadeMX) that use a very nifty
|> E-Mail watermarking system as well. Give them a try. It is worth it.
|>
| Stupid question perhaps, but how will it handle this case:
| example.com enables watermarking using MailScanner
| userA has emailaddress userA@example.com
| On his homepc he configures his mail program to use userA@example.com 
as
| the From adress.
| When he sends mail from home he uses his ISP smarthost and not the
| mailsystem at example.com
| What happens when mail sent this way is bounced somewhere on the way?

It will be dumped. The problem is that you shouldn't allow people to do
this to begin with. People may think it is not flexible but it is that
darn "I don't care if is wrong just do it"mentality that is allow so
much spam.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIKcRIBvzDRVjxmYERAtYlAJ97sRUKUxB8QWjRbCupi3oIiKY/8gCfYpXR
TOHFdR06L6Lpru9j00D/oes=
=s5JX
-----END PGP SIGNATURE-----


------------------------------

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read the Wiki (http://wiki.mailscanner.info/).

Support MailScanner development - buy the book off the website! 


End of MailScanner Digest, Vol 29, Issue 19
*******************************************

-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que est limpio.

From jan-peter at koopmann.eu  Wed May 14 19:12:55 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Wed May 14 19:13:57 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie>
	<EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
Message-ID: <EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>

Search for BackScatter in this list and on the SpamAssassin list. This
is not new. In fact this is quite old but the effects grow larger and
larger. Use E-Mail watermarking with MailScanner or BarricadeMX to stop
it completely. If this is not possible look for SpamAssassin and VBounce
Plugin.


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Juan
Pablo Lorier
Sent: Wednesday, May 14, 2008 7:19 PM
To: mailscanner@lists.mailscanner.info
Subject: New way of spam?

Hi everybody,

It's the second time in a month that a user get bombarded with tons of 
spam comming from bouncings. They put the users mail account in the From

so when the mail server replies that the user doesn't exist it get to 
the real user account. As the sending server is legal, the mails get 
trough mailscanner.
Anyone knows a way to stop this?.
Thanks,

Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444

From Kevin_Miller at ci.juneau.ak.us  Wed May 14 19:17:22 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Wed May 14 19:16:43 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D41B@city-exch-w3e.cbj.local>

Koopmann, Jan-Peter wrote:
> Search for BackScatter in this list and on the SpamAssassin list. This
> is not new. In fact this is quite old but the effects grow larger and
> larger. Use E-Mail watermarking with MailScanner or BarricadeMX to
> stop it completely. If this is not possible look for SpamAssassin and
> VBounce Plugin.

Also use SPF.  It won't stop it from coming in, but it will help limit
it from being sent...


...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From mrebsamen at unimatrix0.ch  Wed May 14 21:58:26 2008
From: mrebsamen at unimatrix0.ch (Marco Rebsamen)
Date: Wed May 14 21:57:15 2008
Subject: HOLD mail for certain recipients and do not process by MS
In-Reply-To: <482ACB64.7010801@gmail.com>
References: <482ACB64.7010801@gmail.com>
Message-ID: <200805142258.26344.mrebsamen@unimatrix0.ch>


Hi

I've done something similar..
Since I use a Microsoft Exchange in my network, i wanted to use a Linux system 
with MailScanner as a Relay.

I try to make it short. My users have a public folder in theyr outlook where 
they can place not detected Spam Mails. My Linux Relay gets the mails from 
there via IMAP with fetchmail and delivers them to the Spamassassin learner. 
Since fetchmail delivers to the local MTA i hade to figure out a method to 
not Scan those mails because the header would be changed and so on...

What i did is i addet an additional Rule to the "header_checks" file:
/for <user@localhost>/	REDIRECT user@localhost

this line stays befor the default MailScanner Rule.


Maybe this helps you ?


Am Mittwoch, 14. Mai 2008 13:22:12 schrieb Ronny T. Lampert:
> Hi,
>
> I'm in need of a very dirty hack (don't ask).
> I'm using postfix + MailScanner with the HOLD method for all incoming mail.
>
> Now I need to HOLD some recipients indefinately and NOT process them by
> MS at all. The queue files must sit around and nothing should be
> done to them.
>
>
> The 2 alternatives I see:
>
> 1) Can postfix be instructed to have another queue created (with
> behaviour as the hold queue, but with name "locked") where I can direct
> recipients to in their original queue file form?
>
> I was thinking of setting up a seperate postfix method (in master.cf)
> that will take care of those, but I'm a bit lost if that's even possible
> despite of all the special docs I have.
>
>
> 2) Can MailScanner be instructed to MOVE certain recipients as whole
> queue files to some directory?
>
> I was thinking of the Archive Mail functionality, but a quick test with
> a rule didn't succeed.
>
> $> mkdir /var/spool/MailScanner/LOCKED && chown postfix:postfix $_
>
> In MailScanner.conf:
>
> Archive Mail = %rules-dir%/archive.conf
>
> /etc/MailScanner/rules/archive.conf:
>
> To:	holdme@domain.com	/var/spool/MailScanner/LOCKED
>
>
>
> Thanks,
> Ronny
From lists at designmedia.com  Thu May 15 09:09:29 2008
From: lists at designmedia.com (Henry Kwan)
Date: Thu May 15 09:10:15 2008
Subject: MailScanner/SpamAssassin Debug?
Message-ID: <1899.71.139.31.11.1210838969.squirrel@webmail.designmedia.com>

Hi,

Am setting up a MailScanner frontend (CentOS5, Postfix, MailScanner,
SpamAssassin, ClamAV) and everything seems to be up and running but since
I'm currently using a test domain, I'm not getting a lot of emails yet. 
How can I be sure that MailScanner/SpamAssassin is functioning correct? 
When I send test emails from something like GMail, very few SA tests get
triggered.  If I run SpamAssassin by itself and get the expected results,
does that mean everything is OK?

What exactly does "Debug SpamAssassin = yes" do?  There's no apparent
difference in output or in the log file.

Thanks.


From jplorier at montecarlotv.com.uy  Thu May 15 12:25:55 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Thu May 15 12:31:08 2008
Subject: New way of spam?
In-Reply-To: <200805151110.m4FB1uT6007463@safir.blacknight.ie>
Message-ID: <L66ED1A20ACBD47569922B8688082D772.1210851021.mail2.CANAL4@MHS>

Hi,

Thanks everybody for the hand. I'll search back and try to implement as 
much as I can.
Sorry for not deleting the last mailist, I was in a hurry and I forgot 
to.
Thanks again

Juan Pablo Lorier
From mailscanner at lists.com.ar  Thu May 15 12:42:26 2008
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Thu May 15 12:43:17 2008
Subject: accessing message variables in a custom funciton
In-Reply-To: <4baa40ce0805141013t3972973fv24855b97dda05b3b@mail.gmail.com>
References: <4baa40ce0805141013t3972973fv24855b97dda05b3b@mail.gmail.com>
Message-ID: <1210851746.12378.4.camel@morticia.pert.com.ar>

Do you have this part?:

sub MyFunctionExample {
    my($message) = @_;
}

$message is not predefined in perl, and it's not global

Or this (if you are setting a custom scanner)
  my($ip, $from, $to, $message) = @_;


Look for the examples in CustomFunctions dir

And do read "learning perl" it's a very good book


On Wed, 2008-05-14 at 13:13 -0400, Rick Duval wrote:
> I'm writing a custom function and am trying to access the variable
> that are shown at the top of Message.pm (per jules instructions).
> 
> Problem is that when I run a line like:
> 
> my $rickfrom = $message->{from};
> 
> I don't get anything back in the $rickfrom, it's empty.
> 
> I admit I'm not that experienced with Perl in general but can somebody
> point me in the right direction for accessing those vars?
> 
> Also, is there any one var that will just give me the first clean "to"
> address without and <>, etc.
> 
> Thanks
> 
> Rick
> 

From gerard at seibercom.net  Thu May 15 13:57:33 2008
From: gerard at seibercom.net (Gerard)
Date: Thu May 15 13:58:16 2008
Subject: New way of spam?
In-Reply-To: <L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie>
	<L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
Message-ID: <20080515085733.4818c07c@scorpio>

On Wed, 14 May 2008 14:18:57 -0300
"Juan Pablo Lorier" <jplorier@montecarlotv.com.uy> wrote:

> It's the second time in a month that a user get bombarded with tons
> of spam comming from bouncings. They put the users mail account in
> the From so when the mail server replies that the user doesn't exist
> it get to the real user account. As the sending server is legal, the
> mails get trough mailscanner.

This is commonly known as 'backscatter'. It is not really anything new.
What MTA are you employing. If it is a Postfix setup, you can block
backscatter before it is ever accepted, which is a preferable method of
handling this phenomenon.

-- 
?Gerard?
gerard@seibercom.net

Language is a virus from another planet.

	William Burroughs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080515/1ed4ba37/signature.bin
From MailScanner at ecs.soton.ac.uk  Thu May 15 15:11:58 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 15 15:13:13 2008
Subject: HOLD mail for certain recipients and do not process by MS
In-Reply-To: <482ACB64.7010801@gmail.com>
References: <482ACB64.7010801@gmail.com>
Message-ID: <482C44AE.4060707@ecs.soton.ac.uk>


Ronny T. Lampert wrote:
> Hi,
>
> I'm in need of a very dirty hack (don't ask).
> I'm using postfix + MailScanner with the HOLD method for all incoming 
> mail.
>
> Now I need to HOLD some recipients indefinately and NOT process them by
> MS at all. The queue files must sit around and nothing should be
> done to them.
>
>
> The 2 alternatives I see:
>
> 1) Can postfix be instructed to have another queue created (with
> behaviour as the hold queue, but with name "locked") where I can direct
> recipients to in their original queue file form?
>
> I was thinking of setting up a seperate postfix method (in master.cf)
> that will take care of those, but I'm a bit lost if that's even 
> possible despite of all the special docs I have.
>
>
> 2) Can MailScanner be instructed to MOVE certain recipients as whole
> queue files to some directory?
Create a SA rule to catch them and use SpamAssassin Rule Actions to 
store them in your archive. That's one way of doing it, I'm sure there 
are others.
>
> I was thinking of the Archive Mail functionality, but a quick test 
> with a rule didn't succeed.
>
> $> mkdir /var/spool/MailScanner/LOCKED && chown postfix:postfix $_
>
> In MailScanner.conf:
>
> Archive Mail = %rules-dir%/archive.conf
>
> /etc/MailScanner/rules/archive.conf:
>
> To:    holdme@domain.com    /var/spool/MailScanner/LOCKED
>
>
>
> Thanks,
> Ronny

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May 15 15:14:22 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 15 15:17:14 2008
Subject: MailScanner/SpamAssassin Debug?
In-Reply-To: <1899.71.139.31.11.1210838969.squirrel@webmail.designmedia.com>
References: <1899.71.139.31.11.1210838969.squirrel@webmail.designmedia.com>
Message-ID: <482C453E.4030605@ecs.soton.ac.uk>


Henry Kwan wrote:
> Hi,
>
> Am setting up a MailScanner frontend (CentOS5, Postfix, MailScanner,
> SpamAssassin, ClamAV) and everything seems to be up and running but since
> I'm currently using a test domain, I'm not getting a lot of emails yet. 
> How can I be sure that MailScanner/SpamAssassin is functioning correct? 
> When I send test emails from something like GMail, very few SA tests get
> triggered.  If I run SpamAssassin by itself and get the expected results,
> does that mean everything is OK?
>
> What exactly does "Debug SpamAssassin = yes" do?  There's no apparent
> difference in output or in the log file.
>   
It is designed to be used from the command-line (as "--debug-sa") in 
conjunction with the Debug switch "--debug".

So run MailScanner on one batch of messages with
MailScanner --debug --debug-sa
and you will see a *very* different output.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From x72m35 at gmail.com  Thu May 15 15:58:05 2008
From: x72m35 at gmail.com (Lasantha Marian)
Date: Thu May 15 15:56:21 2008
Subject: Watermark header addition in Exim does not work
Message-ID: <482C4F7D.8050708@gmail.com>

Friends,

I have observered in Exim/MailScanner installations Watermark header 
addition does not work. But observing the logs reveal that Watermarking 
works. Further, addition of other headers by MailScanner (eg. 
X-YZ-MailScanner-SpamScore, X-YZ-MailScanner-From, etc) works perfectly.

As per the debugging that I have done in Message.pm; I don't see any 
problem at line 334 (Version 4.69.9) either.

Same type of installations with Postfix/MailScanner works well in adding 
the Watermark header.

Has anybody come across this condition ?

I use the following Watermarking configuration in both type of 
installations.

  Use Watermarking = yes
  Add Watermark = yes
  Check Watermarks With No Sender = yes
  Treat Invalid Watermarks With No Sender as Spam = spam
  Check Watermarks To Skip Spam Checks = yes
  Watermark Secret = %org-name%-AABBCCDDEEFFGGHHIIJJ
  Watermark Lifetime = 604800
  Watermark Header = X-%org-name%-MailScanner-Watermark:

Thanks in advance.

Lasantha.
From admin at lctn.org  Thu May 15 16:44:49 2008
From: admin at lctn.org (Raymond Norton)
Date: Thu May 15 16:47:38 2008
Subject: clamd problems after update
In-Reply-To: <9111397.4131210866210928.JavaMail.root@mail.lctn.org>
Message-ID: <3079376.4151210866289586.JavaMail.root@mail.lctn.org>

I updated an older vm server to MailScanner-4.66.5-3.rpm.tar.gz /install-Clam-0.92.1-SA-3.2.4.tar.gz , because I was getting a bunch of false positives. It is running fine, but I keep getting errors about clamd: 


May 15 10:39:43 mail-gw MailScanner[27690]: Spam Checks: Found 1 spam messages 
May 15 10:39:43 mail-gw MailScanner[27690]: Virus and Content Scanning: Starting 
May 15 10:39:43 mail-gw MailScanner[28651]: ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON 
May 15 10:39:43 mail-gw MailScanner[27690]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . 
May 15 10:39:43 mail-gw MailScanner[27690]: Virus Scanning: Clamd found 1 infections 

Mailwatch shows no viruses found on web interface 

Restarting, and reinstalling does not fix things. What should I be looking for that is causing this problem? 


-- 
Raymond Norton 
LCTN 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080515/8e73acb2/attachment.html
From sandrews at andrewscompanies.com  Thu May 15 18:58:12 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Thu May 15 18:58:49 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>

For watermarking to operate correctly, do I have to use the MS box as an
outbound relay as well?  Right now, I'm habitually using them only on
inbound and not currently using watermarking.  I find that when I use
watermarking, my SA rules don't fire.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Koopmann, Jan-Peter
Sent: Wednesday, May 14, 2008 2:13 PM
To: MailScanner discussion
Subject: RE: New way of spam?

Search for BackScatter in this list and on the SpamAssassin list. This
is not new. In fact this is quite old but the effects grow larger and
larger. Use E-Mail watermarking with MailScanner or BarricadeMX to stop
it completely. If this is not possible look for SpamAssassin and VBounce
Plugin.


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Juan
Pablo Lorier
Sent: Wednesday, May 14, 2008 7:19 PM
To: mailscanner@lists.mailscanner.info
Subject: New way of spam?

Hi everybody,

It's the second time in a month that a user get bombarded with tons of 
spam comming from bouncings. They put the users mail account in the From

so when the mail server replies that the user doesn't exist it get to 
the real user account. As the sending server is legal, the mails get 
trough mailscanner.
Anyone knows a way to stop this?.
Thanks,

Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From jan-peter at koopmann.eu  Thu May 15 21:57:46 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Thu May 15 21:59:09 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4EKRhbc1442542f462ba1de31b26641936d13-1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS><EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
	<EMEW-k4EKRhbc1442542f462ba1de31b26641936d13-1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
Message-ID: <EMEW-k4EMw79630deb90d20d47416b46d721c26a4dd-5F9EB2B0731E5B4D88FC20780DFD161029C931@DE-SEXB01RZ.intern.seceidos.de>

> For watermarking to operate correctly, do I have to use the MS box as
an
> outbound relay as well?  Right now, I'm habitually using them only on
> inbound and not currently using watermarking.  I find that when I use
> Watermarking, my SA rules don't fire.

If the outbound mail is not processed by MailScanner (or whatever is
doing watermarking in your setup): How is the watermark supposed to get
into the mail? So yes, if you want watermarking then the outbound and
inbound mail should flow through the same watermarking system.
From lists at designmedia.com  Fri May 16 01:41:25 2008
From: lists at designmedia.com (Henry Kwan)
Date: Fri May 16 04:01:07 2008
Subject: MailScanner & CentOS5/Sendmail
Message-ID: <loom.20080515T235813-172@post.gmane.org>

After setting up a gateway using CentOS5 & postfix, I'm attempting to set one up
using sendmail to see which MTA I want to use.

But I'm having a bit of problem with file permissions.  If I set
mqueue/mqueue.in to root.bin & 750 as recommended by the MailScanner page
(http://www.mailscanner.info/sendmail.html), I end up with a ton of "Cannot cd
to dir /var/spool/mqueue.in to read messages, Permission denied" error messages.

If I chown both folders to mail.mail, MailScanner will stop complaining but then
when I send a test message to myself, I get a "sendmail[5777]: m4G0Wf7t005777:
SYSERR(root): collect: Cannot write ./dfm4G0Wf7t005777 (bfcommit, uid=0,
gid=51): Permission denied" error.

So what ownership and file permissions should mqueue/mqueue.in have?

Thanks.


From gcle at smcaus.com.au  Fri May 16 04:41:09 2008
From: gcle at smcaus.com.au (Gerard Cleary)
Date: Fri May 16 04:42:27 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <loom.20080515T235813-172@post.gmane.org>
References: <loom.20080515T235813-172@post.gmane.org>
Message-ID: <200805161341.10070.gcle@smcaus.com.au>

On Fri, 16 May 2008 10:41:25 Henry Kwan wrote:
> After setting up a gateway using CentOS5 & postfix, I'm attempting to set
> one up using sendmail to see which MTA I want to use.
>
> But I'm having a bit of problem with file permissions.  If I set
> mqueue/mqueue.in to root.bin & 750 as recommended by the MailScanner page
> (http://www.mailscanner.info/sendmail.html), I end up with a ton of "Cannot
> cd to dir /var/spool/mqueue.in to read messages, Permission denied" error
> messages.
>
> If I chown both folders to mail.mail, MailScanner will stop complaining but
> then when I send a test message to myself, I get a "sendmail[5777]:
> m4G0Wf7t005777: SYSERR(root): collect: Cannot write ./dfm4G0Wf7t005777
> (bfcommit, uid=0, gid=51): Permission denied" error.
>
> So what ownership and file permissions should mqueue/mqueue.in have?
>
> Thanks.
Our system uses Centos 4.5 and Sendmail.
/var/spool/mqueue has modes 700 and ownership root.mail
/var/spool/mqueue.in has modes 700 and ownership root.root

HTH.
Gerard.


-- 


-- 
This email message and any related attachments are confidential and should
only be read by those persons to whom they were addressed. They may contain
copyright, personal or legally privileged information. If you are not the
intended recipient of this email, any use of this information is strictly
prohibited and it must be deleted from your system. Views expressed in this
message are the views of the sender and are not necessarily views of SMC
Corporation, or it's subsidiaries, except where the message expressly states
otherwise.
Any advice contained herein should be treated as preliminary advice only and
subject to formal written confirmation. Although this email and any
attachments are believed to be free of any virus or any other defect which may
cause damage or loss, it is the responsibility of the recipient to ensure that
they are virus-free. SMC accepts no liability for any loss or damage that may
occur as a result of the transmission of this email or its attachments to the
recipient.

From lists at designmedia.com  Fri May 16 07:02:13 2008
From: lists at designmedia.com (Henry Kwan)
Date: Fri May 16 07:03:10 2008
Subject: MailScanner & CentOS5/Sendmail
References: <loom.20080515T235813-172@post.gmane.org>
	<200805161341.10070.gcle@smcaus.com.au>
Message-ID: <loom.20080516T054527-832@post.gmane.org>

Gerard Cleary <gcle <at> smcaus.com.au> writes:

> Our system uses Centos 4.5 and Sendmail.
> /var/spool/mqueue has modes 700 and ownership root.mail
> /var/spool/mqueue.in has modes 700 and ownership root.root

Whoops.

After looking at MailScanner.conf again, I realized my mistake.  I had set "Run
As User" and "Run As Group" to "mail".  Didn't even see the "(not normally used
for sendmail)" bit a couple of lines up.  After unsetting them, everything is
working now.

After sending a few test emails, I noticed that MailScanner/sendmail doesn't
reject unknown users at the SMTP stage but rather it accepts the email for
delivery and then a DSN is generated afterwards.

How do you get sendmail to reject at the SMTP stage like postfix does with
"relay_recipients.db"?

Thanks.


From x72m35 at gmail.com  Fri May 16 08:26:05 2008
From: x72m35 at gmail.com (Lasantha Marian)
Date: Fri May 16 08:24:25 2008
Subject: Watermark header addition in Exim does not work
In-Reply-To: <482C4F7D.8050708@gmail.com>
References: <482C4F7D.8050708@gmail.com>
Message-ID: <482D370D.9060305@gmail.com>

Skipped content of type multipart/alternative-------------- next part --------------
272a273,274
>   $this->{addmshmac} = 0;
>   $this->{mshmac} = "";
334c336,337
<       $global::MS->{mta}->AppendHeader($this, $mshmacheader, "$expiry\@$hash");
---
>       $this->{addmshmac} = 1;
>       $this->{mshmac} = "$expiry\@$hash";
1875a1879,1887
>   
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->AddMultipleHeader($this, 'mshmacheader', $mshmac, ', ');
>   }
> 
4843a4856,4864
> 
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->AddMultipleHeader($this, 'mshmacheader', $mshmac, ', ');
>   }
> 
5259a5281,5289
> 
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->AddMultipleHeader($this, 'mshmacheader', $mshmac, ', ');
>   }
> 
From MailScanner at ecs.soton.ac.uk  Fri May 16 08:41:56 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 16 08:43:02 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <loom.20080516T054527-832@post.gmane.org>
References: <loom.20080515T235813-172@post.gmane.org>	<200805161341.10070.gcle@smcaus.com.au>
	<loom.20080516T054527-832@post.gmane.org>
Message-ID: <482D3AC4.7070006@ecs.soton.ac.uk>


Henry Kwan wrote:
> Gerard Cleary <gcle <at> smcaus.com.au> writes:
>
>   
>> Our system uses Centos 4.5 and Sendmail.
>> /var/spool/mqueue has modes 700 and ownership root.mail
>> /var/spool/mqueue.in has modes 700 and ownership root.root
>>     
>
> Whoops.
>
> After looking at MailScanner.conf again, I realized my mistake.  I had set "Run
> As User" and "Run As Group" to "mail".  Didn't even see the "(not normally used
> for sendmail)" bit a couple of lines up.  After unsetting them, everything is
> working now.
>
> After sending a few test emails, I noticed that MailScanner/sendmail doesn't
> reject unknown users at the SMTP stage but rather it accepts the email for
> delivery and then a DSN is generated afterwards.
>
> How do you get sendmail to reject at the SMTP stage like postfix does with
> "relay_recipients.db"?
>   
You need FEATURE(blacklist_recipients) I think. It is certainly *very* 
possible and quite simple to do in sendmail. I always thought it did it 
by default :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From bernard.lheureux at bbsoft4.org  Fri May 16 09:34:58 2008
From: bernard.lheureux at bbsoft4.org (Bernard Lheureux)
Date: Fri May 16 09:35:24 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <482D3AC4.7070006@ecs.soton.ac.uk>
References: <loom.20080515T235813-172@post.gmane.org>
	<200805161341.10070.gcle@smcaus.com.au>
	<loom.20080516T054527-832@post.gmane.org>
	<482D3AC4.7070006@ecs.soton.ac.uk>
Message-ID: <1210926898.4311.10.camel@belbr105.ibs.net>


On Fri, 2008-05-16 at 08:41 +0100, Julian Field wrote:

> > After sending a few test emails, I noticed that MailScanner/sendmail doesn't
> > reject unknown users at the SMTP stage but rather it accepts the email for
> > delivery and then a DSN is generated afterwards.
> >
> > How do you get sendmail to reject at the SMTP stage like postfix does with
> > "relay_recipients.db"?
> >   
> You need FEATURE(blacklist_recipients) I think. It is certainly *very* 
> possible and quite simple to do in sendmail. I always thought it did it 
> by default :-)
You can do it from /etc/mail/access

by setting it to:

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain		RELAY
localhost			RELAY
127.0.0.1			RELAY
195.238.2.29			RELAY  #your SMTP server IP
To:postmaster@yourdomain.com    OK     #relay OK to this address
To:root@yourdomain.com		OK     #relay OK to this address
To:you@yourdomain.com		OK     #relay OK to this address
To:yourdomain.com		REJECT #then rejects any other address

When the file is correctly filled for EACH E-Mail Addres, Alias and
Domain make a:
makemap hash /etc/mail/access < /etc/mail/access
And that's it...


 M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici :
 http://www.aful.org/ressources/documentations/msie-problemes-securite/

--
(?-   Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML
//\   http://www.bbsoft4.org/Mailinglists.htm ** MailTo:root@bbsoft4.org
v_/_  http://www.bbsoft4.org/ <<<<<< () >>>>>> http://www.portalinux.org

From gmatt at nerc.ac.uk  Fri May 16 09:36:24 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May 16 09:37:15 2008
Subject: New way of spam?
In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
	<1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
Message-ID: <482D4788.5030200@nerc.ac.uk>

Steven Andrews wrote:
> For watermarking to operate correctly, do I have to use the MS box as an
> outbound relay as well?  Right now, I'm habitually using them only on
> inbound and not currently using watermarking.  I find that when I use
> watermarking, my SA rules don't fire.

there are ways around this. Depends on your MTA - I can only speak for 
sendmail. If you use sendmail you can try milter-null, I found it works 
great, you'll need to install it on your outbound as well as your 
inbound and share the "secret" between them.

I believe postfix can also use sendmail milters but postfix may have its 
own solution too.

If you're using Exchange outbound then you're probably out of luck!

GREG


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From t.d.lee at durham.ac.uk  Fri May 16 10:31:22 2008
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri May 16 10:32:28 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <1210926898.4311.10.camel@belbr105.ibs.net>
References: <loom.20080515T235813-172@post.gmane.org>
	<200805161341.10070.gcle@smcaus.com.au>
	<loom.20080516T054527-832@post.gmane.org>
	<482D3AC4.7070006@ecs.soton.ac.uk>
	<1210926898.4311.10.camel@belbr105.ibs.net>
Message-ID: <Pine.GSO.4.58.0805161011190.28623@arachne.dur.ac.uk>

On Fri, 16 May 2008, Bernard Lheureux wrote:

> On Fri, 2008-05-16 at 08:41 +0100, Julian Field wrote:
>
> > > After sending a few test emails, I noticed that MailScanner/sendmail doesn't
> > > reject unknown users at the SMTP stage but rather it accepts the email for
> > > delivery and then a DSN is generated afterwards.
> > >
> > > How do you get sendmail to reject at the SMTP stage like postfix does with
> > > "relay_recipients.db"?
> > >
> > You need FEATURE(blacklist_recipients) I think. It is certainly *very*
> > possible and quite simple to do in sendmail. I always thought it did it
> > by default :-)
> You can do it from /etc/mail/access
> [...]

Another method available is sendmail's 'virtusertable' which gives:
   user@foo.com -> id-A@machine-Z
   user@bar.com -> id-B@machine-Y
   a.n.other@baz.org -> id-C@machineX

And (the bit you probably want to know) if the recipient is not in the
left-hand-side of the table then the email is rejected at SMTP stage.
(There are many other details, but this MailScanner-list discussion is
already approaching "off-topic"!)

This 'virtusertable' facility can be useful at large sites with multiple
domains. Our two main domains each have around 25,000 entries.

So we use:
 o  'virtusertable': accept email for known users, reject unknown users
    (with frequent, automated updates from Personnel (HR) databases);
 o  'access': occasional blocking of external things that are bothering
    us (updates relatively infrequent; done by Postmaster).


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From m.anderlini at database.it  Fri May 16 10:55:32 2008
From: m.anderlini at database.it (Marcello Anderlini Database Informatica)
Date: Fri May 16 10:56:28 2008
Subject: R: New way of spam?
In-Reply-To: <482D4788.5030200@nerc.ac.uk>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de><1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
	<482D4788.5030200@nerc.ac.uk>
Message-ID: <023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>

I've get a look at it but for me it seems hard to configure.

Does exist some more easy ?

thanks 


Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 

-----Messaggio originale-----
Da: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Greg
Matthews
Inviato: venerd? 16 maggio 2008 10.36
A: MailScanner discussion
Oggetto: Re: New way of spam?

Steven Andrews wrote:
> For watermarking to operate correctly, do I have to use the MS box as 
> an outbound relay as well?  Right now, I'm habitually using them only 
> on inbound and not currently using watermarking.  I find that when I 
> use watermarking, my SA rules don't fire.

there are ways around this. Depends on your MTA - I can only speak for
sendmail. If you use sendmail you can try milter-null, I found it works
great, you'll need to install it on your outbound as well as your inbound
and share the "secret" between them.

I believe postfix can also use sendmail milters but postfix may have its own
solution too.

If you're using Exchange outbound then you're probably out of luck!

GREG


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

--
This message (and any attachments) is for the recipient only. NERC is
subject to the Freedom of Information Act 2000 and the contents of this
email and any reply you make may be disclosed by NERC unless it is exempt
from release under the Act. Any material supplied to NERC may be stored in
an electronic records management system.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
Messaggio verificato dal servizio antivirus di Database Informatica


-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From jan-peter at koopmann.eu  Fri May 16 11:02:12 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Fri May 16 11:03:12 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4FBWp5417ed097a080c71e22c1522ca98e260-482D4788.5030200@nerc.ac.uk>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de><1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
	<EMEW-k4FBWp5417ed097a080c71e22c1522ca98e260-482D4788.5030200@nerc.ac.uk>
Message-ID: <EMEW-k4FC2U8f77effbf0c747dccda89f08df7f685a-5F9EB2B0731E5B4D88FC20780DFD161029C969@DE-SEXB01RZ.intern.seceidos.de>

> there are ways around this. Depends on your MTA - I can only speak for

> sendmail. If you use sendmail you can try milter-null, I found it
works 
> great, you'll need to install it on your outbound as well as your 
> inbound and share the "secret" between them.

Generally speaking: You just need to use the same watermarking mechanism
with the same secret for outgoing and incoming mails. No need for the
same boxes etc. But outgoing mail has to me watermarked correctly. 
From ccaaarb at ucl.ac.uk  Fri May 16 11:22:54 2008
From: ccaaarb at ucl.ac.uk (Adrian Barker)
Date: Fri May 16 11:26:36 2008
Subject: Problem using the SpamAssassin Rule Actions
Message-ID: <482D607E.3020501@ucl.ac.uk>


We are trying to use the 'SpamAssassin Rule Actions' to add a header
when the 'VBounce' SpamAssassin rule is triggered. This is to help our
users filter out false delivery status reports, but MailScanner reports
an error. We tried:

SpamAssassin Rule Actions = ANY_BOUNCE_MESSAGE=>deliver,header
"X-UCL-FALSE-DSN: Yes"

which produces the error:
May 16 10:04:41 vscan-d MailScanner[11814]: Message 1Jwvrj-0003zH-JL
produced illegal Non-Spam Actions " "X-UCL-FALSE-DSN: Yes"", so message
is being delivered

Removing the 'deliver' option still results in an error. We are using
MailScanner 4.66.5, which is not the latest version, but the Changelog
does not mention any bug fixes in this area.

Any suggestions ?


-- 

Adrian Barker
Internet Technology Section
Information Systems
University College London, Gower Street, London WC1E 6BT
External phone: +44 20 7679 5140,  Fax (+44) 20 7388 5406
Internal phone: x 25140
Email: A.Barker@ucl.ac.uk


From telecaadmin at gmail.com  Fri May 16 11:32:13 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Fri May 16 11:33:46 2008
Subject: clamd problems after update
In-Reply-To: <3079376.4151210866289586.JavaMail.root@mail.lctn.org>
References: <3079376.4151210866289586.JavaMail.root@mail.lctn.org>
Message-ID: <482D62AD.4060606@gmail.com>

> May 15 10:39:43 mail-gw MailScanner[27690]: Spam Checks: Found 1 spam 
> messages
> May 15 10:39:43 mail-gw MailScanner[27690]: Virus and Content Scanning: 
> Starting
> May 15 10:39:43 mail-gw MailScanner[28651]: ERROR:: COULD NOT CONNECT TO 
> CLAMD, RECOMMEND RESTARTING DAEMON
> May 15 10:39:43 mail-gw MailScanner[27690]: Clamd::ERROR:: COULD NOT 
> CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
> May 15 10:39:43 mail-gw MailScanner[27690]: Virus Scanning: Clamd found 
> 1 infections

You can try the util "clamdscan" (NOT clamscan) which will contact clamd 
to have files scanned.
If that works your clamd is alive. If it says something along

connect(): No such file or directory
WARNING: Can't connect to clamd.

then your clamd is broken.
Try starting it with

$> /etc/init.d/clamd start

If again that doesn't work - try locating clamd (I don't know where the 
clam-sa package is installing it, but I take it it's 
/usr/local/sbin/clamd) and start it manually to see what happens.

BR,
Ronny
From gmatt at nerc.ac.uk  Fri May 16 11:48:16 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May 16 11:49:24 2008
Subject: R: New way of spam?
In-Reply-To: <023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de><1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>	<482D4788.5030200@nerc.ac.uk>
	<023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>
Message-ID: <482D6670.80305@nerc.ac.uk>

Marcello Anderlini Database Informatica wrote:
> I've get a look at it but for me it seems hard to configure.
> 
> Does exist some more easy ?

pay someone else to do it?

> 
> thanks 
> 
> 
> Dr. Marcello Anderlini
> m.anderlini@database.it


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From gmatt at nerc.ac.uk  Fri May 16 11:49:08 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May 16 11:50:10 2008
Subject: New way of spam?
In-Reply-To: <EMEW-k4FC2U8f77effbf0c747dccda89f08df7f685a-5F9EB2B0731E5B4D88FC20780DFD161029C969@DE-SEXB01RZ.intern.seceidos.de>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de><1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>	<EMEW-k4FBWp5417ed097a080c71e22c1522ca98e260-482D4788.5030200@nerc.ac.uk>
	<EMEW-k4FC2U8f77effbf0c747dccda89f08df7f685a-5F9EB2B0731E5B4D88FC20780DFD161029C969@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <482D66A4.8050907@nerc.ac.uk>

Koopmann, Jan-Peter wrote:
>> there are ways around this. Depends on your MTA - I can only speak for
> 
>> sendmail. If you use sendmail you can try milter-null, I found it
> works 
>> great, you'll need to install it on your outbound as well as your 
>> inbound and share the "secret" between them.
> 
> Generally speaking: You just need to use the same watermarking mechanism
> with the same secret for outgoing and incoming mails. No need for the
> same boxes etc. But outgoing mail has to me watermarked correctly. 

exactly but running MailScanner just to add a watermark seems a bit 
heavyweight.

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From martinh at solidstatelogic.com  Fri May 16 12:02:43 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri May 16 12:03:34 2008
Subject: Problem using the SpamAssassin Rule Actions
In-Reply-To: <482D607E.3020501@ucl.ac.uk>
Message-ID: <74134f7ce64eb64a937cc2718226d7d3@solidstatelogic.com>

Adrian

MailScanner has a similar functionality.

All SA does when conbined with Mailscanner is pass back the score.

MailScanner then decides that to do with the email. Have a look at the Spam Actions conditions - you can put in a custom header here.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Adrian Barker
> Sent: 16 May 2008 11:23
> To: MailScanner discussion
> Subject: Problem using the SpamAssassin Rule Actions
>
>
> We are trying to use the 'SpamAssassin Rule Actions' to add a header
> when the 'VBounce' SpamAssassin rule is triggered. This is to help our
> users filter out false delivery status reports, but MailScanner reports
> an error. We tried:
>
> SpamAssassin Rule Actions = ANY_BOUNCE_MESSAGE=>deliver,header
> "X-UCL-FALSE-DSN: Yes"
>
> which produces the error:
> May 16 10:04:41 vscan-d MailScanner[11814]: Message 1Jwvrj-0003zH-JL
> produced illegal Non-Spam Actions " "X-UCL-FALSE-DSN: Yes"", so message
> is being delivered
>
> Removing the 'deliver' option still results in an error. We are using
> MailScanner 4.66.5, which is not the latest version, but the Changelog
> does not mention any bug fixes in this area.
>
> Any suggestions ?
>
>
> --
>
> Adrian Barker
> Internet Technology Section
> Information Systems
> University College London, Gower Street, London WC1E 6BT
> External phone: +44 20 7679 5140,  Fax (+44) 20 7388 5406
> Internal phone: x 25140
> Email: A.Barker@ucl.ac.uk
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From gmatt at nerc.ac.uk  Fri May 16 12:08:24 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May 16 12:09:15 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <Pine.GSO.4.58.0805161011190.28623@arachne.dur.ac.uk>
References: <loom.20080515T235813-172@post.gmane.org>	<200805161341.10070.gcle@smcaus.com.au>	<loom.20080516T054527-832@post.gmane.org>	<482D3AC4.7070006@ecs.soton.ac.uk>	<1210926898.4311.10.camel@belbr105.ibs.net>
	<Pine.GSO.4.58.0805161011190.28623@arachne.dur.ac.uk>
Message-ID: <482D6B28.5000200@nerc.ac.uk>

David Lee wrote:
> Another method available is sendmail's 'virtusertable' which gives:
>    user@foo.com -> id-A@machine-Z
>    user@bar.com -> id-B@machine-Y
>    a.n.other@baz.org -> id-C@machineX
> 
> And (the bit you probably want to know) if the recipient is not in the
> left-hand-side of the table then the email is rejected at SMTP stage.
> (There are many other details, but this MailScanner-list discussion is
> already approaching "off-topic"!)
> 
> This 'virtusertable' facility can be useful at large sites with multiple
> domains. Our two main domains each have around 25,000 entries.
> 
> So we use:
>  o  'virtusertable': accept email for known users, reject unknown users
>     (with frequent, automated updates from Personnel (HR) databases);
>  o  'access': occasional blocking of external things that are bothering
>     us (updates relatively infrequent; done by Postmaster).

additionally, we also make use of milter-ahead as we cannot always be 
authoritative for users at domains which we relay for. Using this milter 
allows us to delegate that authority to the domains themselves

> 
> 


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From gerard at seibercom.net  Fri May 16 12:34:57 2008
From: gerard at seibercom.net (Gerard)
Date: Fri May 16 12:35:39 2008
Subject: R: New way of spam?
In-Reply-To: <023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie>
	<EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>
	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de>
	<1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>
	<482D4788.5030200@nerc.ac.uk>
	<023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>
Message-ID: <20080516073457.21c1d335@scorpio>

On Fri, 16 May 2008 11:55:32 +0200
"Marcello Anderlini Database Informatica" <m.anderlini@database.it>
wrote:

[snip]

> I've get a look at it but for me it seems hard to configure.

Could you be a little more specific? Exactly what 'seems hard to
configure' to you? In addition, what MTA and OS types and versions are
we talking about here?


-- 
?Gerard?
gerard@seibercom.net

LEVERAGE: 	Even if someone doesn't care what the world thinks
		about them, they always hope their mother doesn't find
		out.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080516/8c971c91/signature.bin
From m.anderlini at database.it  Fri May 16 13:04:09 2008
From: m.anderlini at database.it (Marcello Anderlini Database Informatica)
Date: Fri May 16 13:05:00 2008
Subject: R: R: New way of spam?
In-Reply-To: <482D6670.80305@nerc.ac.uk>
References: <200805141105.m4EB0mGq019921@safir.blacknight.ie><EMEW-k4DK804ccdc5189b48d0257dec0bfbdef37634-L585BABFE196F4505AC9F59BB3A81CE1C.1210785775.mail2.CANAL4@MHS>	<EMEW-k4DKDA148339983248b05f9fed605c06ed428c-5F9EB2B0731E5B4D88FC20780DFD161029C8B4@DE-SEXB01RZ.intern.seceidos.de><1964AAFBC212F742958F9275BF63DBB0760E69@winchester.andrewscompanies.com>	<482D4788.5030200@nerc.ac.uk><023a01c8b73a$fad6dab0$2e01a8c0@dbdomain.database.it>
	<482D6670.80305@nerc.ac.uk>
Message-ID: <025601c8b74c$f25eb670$2e01a8c0@dbdomain.database.it>

Thanks for the answere, very helpfull !  


Dr. Marcello Anderlini
m.anderlini@database.it
---------------------------------------------
Database Informatica S.r.l.
Microsoft Certified Partner
Tel.  +39059775070
Fax. +39059779545
http://www.database.it
--------------------------------------------- 

-----Messaggio originale-----
Da: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] Per conto di Greg
Matthews
Inviato: venerd? 16 maggio 2008 12.48
A: MailScanner discussion
Oggetto: Re: R: New way of spam?

Marcello Anderlini Database Informatica wrote:
> I've get a look at it but for me it seems hard to configure.
> 
> Does exist some more easy ?

pay someone else to do it?

> 
> thanks
> 
> 
> Dr. Marcello Anderlini
> m.anderlini@database.it


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

--
This message (and any attachments) is for the recipient only. NERC is
subject to the Freedom of Information Act 2000 and the contents of this
email and any reply you make may be disclosed by NERC unless it is exempt
from release under the Act. Any material supplied to NERC may be stored in
an electronic records management system.

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

--
Messaggio verificato dal servizio antivirus di Database Informatica


-- 
Messaggio verificato dal servizio antivirus di Database Informatica

From jplorier at montecarlotv.com.uy  Fri May 16 14:21:35 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Fri May 16 14:27:30 2008
Subject: New way of spam?
In-Reply-To: <200805161227.m4GCJuNq030738@safir.blacknight.ie>
Message-ID: <LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>

Thanks again everybody. I see others are in the same situation as I am.

Greg:

Thanks for the sendmail tip ('cos it's my MTA). I actually use Scalix 
(with sendmail) for outgoing and mailscanner in another server for 
incoming. If I get it right, the watermark must be in the outgoing mail 
so when the bounce comes back, if it hasn't got the watermark it means 
is not a bounce from my server, right?


Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444

From ccaaarb at ucl.ac.uk  Fri May 16 16:35:34 2008
From: ccaaarb at ucl.ac.uk (Adrian Barker)
Date: Fri May 16 16:39:41 2008
Subject: Problem using the SpamAssassin Rule Actions
In-Reply-To: <74134f7ce64eb64a937cc2718226d7d3@solidstatelogic.com>
References: <74134f7ce64eb64a937cc2718226d7d3@solidstatelogic.com>
Message-ID: <482DA9C6.4020809@ucl.ac.uk>


Thanks. What we would like to do is to be able to treat delivery reports 
in a different manner to spam, so that our users can filter spam and 
separately filter unwanted delivery reports. This can be done using the 
SpamAssassin 'Vbounce' rules, which then trigger the 'SpamAssassin Rule 
Actions' to add a header, but this results in a MailScanner error.


-- 

Adrian Barker
Internet Technology Section
Information Systems
University College London, Gower Street, London WC1E 6BT
External phone: +44 20 7679 5140,  Fax (+44) 20 7388 5406
Internal phone: x 25140
Email: A.Barker@ucl.ac.uk


Martin.Hepworth wrote:
> Adrian
> 
> MailScanner has a similar functionality.
> 
> All SA does when conbined with Mailscanner is pass back the score.
> 
> MailScanner then decides that to do with the email. Have a look at the Spam Actions conditions - you can put in a custom header here.
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Adrian Barker
>> Sent: 16 May 2008 11:23
>> To: MailScanner discussion
>> Subject: Problem using the SpamAssassin Rule Actions
>>
>>
>> We are trying to use the 'SpamAssassin Rule Actions' to add a header
>> when the 'VBounce' SpamAssassin rule is triggered. This is to help our
>> users filter out false delivery status reports, but MailScanner reports
>> an error. We tried:
>>
>> SpamAssassin Rule Actions = ANY_BOUNCE_MESSAGE=>deliver,header
>> "X-UCL-FALSE-DSN: Yes"
>>
>> which produces the error:
>> May 16 10:04:41 vscan-d MailScanner[11814]: Message 1Jwvrj-0003zH-JL
>> produced illegal Non-Spam Actions " "X-UCL-FALSE-DSN: Yes"", so message
>> is being delivered
>>
>> Removing the 'deliver' option still results in an error. We are using
>> MailScanner 4.66.5, which is not the latest version, but the Changelog
>> does not mention any bug fixes in this area.
>>
>> Any suggestions ?
>>
>>
>> --
>>
>> Adrian Barker
>> Internet Technology Section
>> Information Systems
>> University College London, Gower Street, London WC1E 6BT
>> External phone: +44 20 7679 5140,  Fax (+44) 20 7388 5406
>> Internal phone: x 25140
>> Email: A.Barker@ucl.ac.uk
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
> 
> 
> 
> 
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
> 

From gmatt at nerc.ac.uk  Fri May 16 17:17:57 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Fri May 16 17:18:46 2008
Subject: New way of spam?
In-Reply-To: <LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>
References: <LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>
Message-ID: <482DB3B5.1030805@nerc.ac.uk>

Juan Pablo Lorier wrote:
> Thanks again everybody. I see others are in the same situation as I am.
> 
> Greg:
> 
> Thanks for the sendmail tip ('cos it's my MTA). I actually use Scalix 
> (with sendmail) for outgoing and mailscanner in another server for 
> incoming. If I get it right, the watermark must be in the outgoing mail 
> so when the bounce comes back, if it hasn't got the watermark it means 
> is not a bounce from my server, right?

you need to be able to set and check the "watermark" on both incoming 
and outgoing so you run the milter on both. Just remember they need to 
have the same "secret". But otherwise, yes, you've got it right.

GREG

> 
> 
> Ing. Juan Pablo Lorier
> Monte Carlo TV SA
> Montevideo, Uruguay
> +(598)2 9244444
> 


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From darren at torsion.co.uk  Fri May 16 17:54:25 2008
From: darren at torsion.co.uk (Darren Walker)
Date: Fri May 16 17:53:45 2008
Subject: Spamassassin Problem
In-Reply-To: <LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>
References: <200805161227.m4GCJuNq030738@safir.blacknight.ie>
	<LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>
Message-ID: <011201c8b775$7fb0a9c0$1001a8c0@Lappy2>


Hi

I have set MailScanner to use ClamAV and Spamassassin. 

Mail is coming in and obviously a large amout of it is SPAM. 

I have set High Scoring Spam with a level of 10 to be deleted

When I turn on 'spam checks' on - no action is taken on the mail.
SpamAssassin confirms that it is spam but doesn't delete it - but nor does
it deliver it. The mail just builds up in the mqueue.in.

If I turn off spam checking then it works fine. I have run Maliscanner
--lint and it finds no problems.

I have left it turned on for about an hour and no email is deleted or
delivered.
Any ideas?

Thanks

Darren

From shuttlebox at gmail.com  Fri May 16 19:25:22 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 16 19:26:02 2008
Subject: Spamassassin Problem
In-Reply-To: <011201c8b775$7fb0a9c0$1001a8c0@Lappy2>
References: <200805161227.m4GCJuNq030738@safir.blacknight.ie>
	<LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS>
	<011201c8b775$7fb0a9c0$1001a8c0@Lappy2>
Message-ID: <625385e30805161125r46d78ca6vb87af7b8374faa48@mail.gmail.com>

On Fri, May 16, 2008 at 6:54 PM, Darren Walker <darren@torsion.co.uk> wrote:
>
>  Hi
>
>  I have set MailScanner to use ClamAV and Spamassassin.
>
>  Mail is coming in and obviously a large amout of it is SPAM.
>
>  I have set High Scoring Spam with a level of 10 to be deleted
>
>  When I turn on 'spam checks' on - no action is taken on the mail.
>  SpamAssassin confirms that it is spam but doesn't delete it - but nor does
>  it deliver it. The mail just builds up in the mqueue.in.
>
>  If I turn off spam checking then it works fine. I have run Maliscanner
>  --lint and it finds no problems.
>
>  I have left it turned on for about an hour and no email is deleted or
>  delivered.
>  Any ideas?

Post your spam related options here please.

-- 
/peter
From gwong at linktechit.com  Fri May 16 20:41:55 2008
From: gwong at linktechit.com (Gregory Wong)
Date: Fri May 16 20:42:44 2008
Subject: Multiple server in transport file
Message-ID: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>

Hi everyone. I am starting to relay for a domain that uses multiple front end mail servers to accept mail mainly for redundancy purposes. In the transport file, the domains I am relaying for are currently setup like this:

domain.com smtp:[mx1.domain.com]

If I wanted to enter more than one mail server for domain.com, how do I do it? If its not possible does anyone else have any workarounds?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080516/c086e3fa/attachment.html
From admin at lctn.org  Fri May 16 20:47:08 2008
From: admin at lctn.org (Raymond Norton)
Date: Fri May 16 20:50:21 2008
Subject: clamd problems after update
In-Reply-To: <4126635.7741210967103405.JavaMail.root@mail.lctn.org>
Message-ID: <26947887.7941210967228456.JavaMail.root@mail.lctn.org>

>You can try the util "clamdscan" (NOT clamscan) which will contact clamd 
>to have files scanned. 
>If that works your clamd is alive. If it says something along 

>connect(): No such file or directory 
>WARNING: Can't connect to clamd. 

>then your clamd is broken. 
>Try starting it with 

$> /etc/init.d/clamd start 


clamdscan works fine, but I am still getting the following errors, and mailwatch shows zero viruses, even though tailing maillog shows viruses are discovered. Spent most of two days on this now:( Nothing gets logged to clamd.log unless I start it manually. Clamav.log shows nothing. Clamav is owner of both logss. 


May 16 14:40:27 relay-1 MailScanner[3889]: ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON 
May 16 14:40:27 relay-1 MailScanner[3750]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: . 
May 16 14:40:27 relay-1 MailScanner[3750]: Virus Scanning: Clamd found 1 infections 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080516/85c52819/attachment.html
From hvdkooij at vanderkooij.org  Fri May 16 20:59:48 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri May 16 21:00:32 2008
Subject: Multiple server in transport file
In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
Message-ID: <482DE7B4.4020506@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregory Wong wrote:
| Hi everyone. I am starting to relay for a domain that uses multiple
| front end mail servers to accept mail mainly for redundancy purposes. In
| the transport file, the domains I am relaying for are currently setup
| like this:
|
| domain.com smtp:[mx1.domain.com]
|
| If I wanted to enter more than one mail server for domain.com, how do I
| do it? If its not possible does anyone else have any workarounds?

Technically. It's not a job for MailScanner. It is the job of the
unlisted MTA that you are using.

There are several options:
~ 1. Point to a hostname that will resolve it's A records at random to
one of the servers.
~ 2. Use split DNS and let the internal server do the MX thing again
instead of using the transport file.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFILeeyBvzDRVjxmYERAqT6AJ9TdZTH6JkosoVe+EET0WI0yhKwvQCgosfC
3eisJJuxdtiOgcJYqvFyIro=
=IF66
-----END PGP SIGNATURE-----
From lists at designmedia.com  Fri May 16 21:04:26 2008
From: lists at designmedia.com (Henry Kwan)
Date: Fri May 16 21:05:12 2008
Subject: MailScanner & CentOS5/Sendmail
References: <loom.20080515T235813-172@post.gmane.org>	<200805161341.10070.gcle@smcaus.com.au>
	<loom.20080516T054527-832@post.gmane.org>
	<482D3AC4.7070006@ecs.soton.ac.uk>
Message-ID: <loom.20080516T195948-343@post.gmane.org>

Julian Field <MailScanner <at> ecs.soton.ac.uk> writes:
> Henry Kwan wrote:
> > How do you get sendmail to reject at the SMTP stage like postfix does with
> > "relay_recipients.db"?
> >   
> You need FEATURE(blacklist_recipients) I think. It is certainly *very* 
> possible and quite simple to do in sendmail. I always thought it did it 
> by default 

I'm running MailScanner/sendmail in gateway mode to an Exchange box.  So I
followed the directions here:

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:setup_a_gateway

Added the Exchange box IP into mailertable and then added the domain into
relay-domains.

Is there a better way to configure Mailscanner/sendmail as a gateway to Exchange
so that it rejects at the SMTP stage instead of having a DSN generated?

Thanks.


From steinkel at pa.net  Fri May 16 21:11:27 2008
From: steinkel at pa.net (Leland J. Steinke)
Date: Fri May 16 21:12:04 2008
Subject: Multiple server in transport file
In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
Message-ID: <482DEA6F.5040708@pa.net>

Gregory Wong wrote:
Change
> domain.com smtp:[mx1.domain.com]
to

domain.com	smtp:[mx.domain.com]

where "mx.domain.com" has multiple A records pointing at the mail 
servers for domain.com.

We do this for our post-processing mail servers and it works 
wonderfully.  Round-robin DNS load-balancing works wonderfully when one 
has a well-behaved MTA.


Leland
From ms-list at alexb.ch  Fri May 16 21:27:56 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Fri May 16 21:28:39 2008
Subject: Multiple server in transport file
In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
Message-ID: <482DEE4C.4050705@alexb.ch>

On 5/16/2008 9:41 PM, Gregory Wong wrote:
> Hi everyone. I am starting to relay for a domain that uses multiple
> front end mail servers to accept mail mainly for redundancy purposes.
> In the transport file, the domains I am relaying for are currently
> setup like this:
> 
> domain.com smtp:[mx1.domain.com]
> 
> If I wanted to enter more than one mail server for domain.com, how do
> I do it? If its not possible does anyone else have any workarounds?

you can do it using DNS roundrobin

rrobin.domain.com  1.2.3.4
rrobin.domain.com  5.6.7.8
rrobin.domain.com  4.3.2.1
etc

where
1.2.3.4 = mx1.domain.com
5.6.7.8 = mx2.domain.com
4.3.2.1 = mx3.domain.com
etc

domain.com smtp:[rrobin.domain.com]


From Kevin_Miller at ci.juneau.ak.us  Fri May 16 21:42:51 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri May 16 21:42:09 2008
Subject: MailScanner & CentOS5/Sendmail
In-Reply-To: <loom.20080516T195948-343@post.gmane.org>
References: <loom.20080515T235813-172@post.gmane.org>	<200805161341.10070.gcle@smcaus.com.au><loom.20080516T054527-832@post.gmane.org><482D3AC4.7070006@ecs.soton.ac.uk>
	<loom.20080516T195948-343@post.gmane.org>
Message-ID: <D1587DCF6294524BAFA2C9944312FCC8C7D434@city-exch-w3e.cbj.local>

Henry Kwan wrote:
> Julian Field <MailScanner <at> ecs.soton.ac.uk> writes:
>> Henry Kwan wrote:
>>> How do you get sendmail to reject at the SMTP stage like postfix
>>> does with "relay_recipients.db"? 
>>> 
>> You need FEATURE(blacklist_recipients) I think. It is certainly
>> *very* possible and quite simple to do in sendmail. I always thought
>> it did it by default
> 
> I'm running MailScanner/sendmail in gateway mode to an Exchange box. 
> So I followed the directions here:
> 
>
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:sendmail:how_to:setup_a_gateway
> 
> Added the Exchange box IP into mailertable and then added the domain
> into relay-domains.
> 
> Is there a better way to configure Mailscanner/sendmail as a gateway
> to Exchange so that it rejects at the SMTP stage instead of having a
> DSN generated? 
> 
> Thanks.

smf-sav is a good solution.  

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
From steve.freegard at fsl.com  Fri May 16 22:10:52 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Fri May 16 22:12:22 2008
Subject: Multiple server in transport file
In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
Message-ID: <482DF85C.8010406@fsl.com>

Gregory Wong wrote:
> Hi everyone. I am starting to relay for a domain that uses multiple 
> front end mail servers to accept mail mainly for redundancy purposes. In 
> the transport file, the domains I am relaying for are currently setup 
> like this:
> 
>  
> 
> domain.com smtp:[mx1.domain.com]
> 
>  
> 
> If I wanted to enter more than one mail server for domain.com, how do I 
> do it? If its not possible does anyone else have any workarounds?
> 
>  

It would help if you said which MTA you are using....

The sendmail way to do this (in /etc/mail/mailertable):

domain.com	esmtp:[1.2.3.4]:[5.6.7.8]:[host.domain.com]

However, the entries are used in order like an MX record, so a 
connection to each server in the order listed (left-to-right) is 
attempted and if the connection fails the next server listed is used.

Regards,
Steve.
From ms-list at alexb.ch  Fri May 16 23:21:39 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Fri May 16 23:22:27 2008
Subject: Multiple server in transport file
In-Reply-To: <482DF85C.8010406@fsl.com>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
	<482DF85C.8010406@fsl.com>
Message-ID: <482E08F3.8060900@alexb.ch>

On 5/16/2008 11:10 PM, Steve Freegard wrote:
> Gregory Wong wrote:
>> Hi everyone. I am starting to relay for a domain that uses multiple 
>> front end mail servers to accept mail mainly for redundancy purposes. 
>> In the transport file, the domains I am relaying for are currently 
>> setup like this:
>>
>>  
>>
>> domain.com smtp:[mx1.domain.com]
>>
>>  
>>
>> If I wanted to enter more than one mail server for domain.com, how do 
>> I do it? If its not possible does anyone else have any workarounds?
>>
>>  
> 
> It would help if you said which MTA you are using....
> 
> The sendmail way to do this (in /etc/mail/mailertable):
> 
> domain.com    esmtp:[1.2.3.4]:[5.6.7.8]:[host.domain.com]
> 
> However, the entries are used in order like an MX record, so a 
> connection to each server in the order listed (left-to-right) is 
> attempted and if the connection fails the next server listed is used.

he did, sort of: "transport file" = Postfix
I doubt a sendmail user would give it that name :-)

beer? :-)

Alex

From lists at designmedia.com  Fri May 16 23:57:07 2008
From: lists at designmedia.com (Henry Kwan)
Date: Fri May 16 23:57:50 2008
Subject: MailScanner & CentOS5/Sendmail
References: <loom.20080515T235813-172@post.gmane.org>
	<200805161341.10070.gcle@smcaus.com.au>
	<loom.20080516T054527-832@post.gmane.org>
	<482D3AC4.7070006@ecs.soton.ac.uk>
	<1210926898.4311.10.camel@belbr105.ibs.net>
Message-ID: <loom.20080516T225223-273@post.gmane.org>

Bernard Lheureux <bernard.lheureux <at> bbsoft4.org> writes:

> On Fri, 2008-05-16 at 08:41 +0100, Julian Field wrote:
> 
> > > How do you get sendmail to reject at the SMTP stage like postfix does with
> > > "relay_recipients.db"?

> You can do it from /etc/mail/access

Ah.  Ok, thanks for the tip.

Now it returns:

550 5.2.1 <invalid email address>... Mailbox disabled for this recipient

Not quite the same as postfix's:

550 5.1.1 <invalid email address>: Recipient address rejected: User unknown in
relay recipient table

But the same result, I suppose.

Thanks again.


From x72m35 at gmail.com  Sat May 17 08:07:15 2008
From: x72m35 at gmail.com (Lasantha Marian)
Date: Sat May 17 08:05:29 2008
Subject: Watermark header addition in Exim does not work
In-Reply-To: <482D370D.9060305@gmail.com>
References: <482C4F7D.8050708@gmail.com> <482D370D.9060305@gmail.com>
Message-ID: <482E8423.9090506@gmail.com>

Dear Julian,

Please, will you share your wisdom on this.

Thanks and best regards,

Lasantha.

*----- Original Message -----*
*Subject:* Watermark header addition in Exim does not work
*Date:* Fri, 16/May/2008 12:56:05 PM +0550
*From:* Lasantha Marian <x72m35@gmail.com>
*To:* MailScanner discussion <mailscanner@lists.mailscanner.info>
> Friends,
>
> I gave some thought and explored the MailScanner source for 
> Watermarking. After few hours of scanning I realized that tweaking the 
> module "Message.pm", I could handle the situation. I did some changes 
> in the subroutines "new", "DeliverUnscanned", "DeliverUnmodifiedBody" 
> and "DeliverModifiedBody". I have attached the diff file 
> (Message.pm-4.69.9-a.diff) against version 4.69.9.
>
> My test using this patch on both test and production environment have 
> shown me that it works, whether it be Postfix or Exim.
>
> Please Julian let me know, whether what I have done could lead to 
> trouble in future ?
> Should there be other modules and subroutines be changed for this 
> purpose ?
> I have chosen to add multiple header values to the Watermark header, 
> Is this advisable in multi-host (relay and destination) environment ?
>
> Thanks and best regards,
>
> Lasantha.
>
> *----- Original Message -----*
> *Subject:* Watermark header addition in Exim does not work
> *Date:* Thu, 15/May/2008 8:28:05 PM +0550
> *From:* Lasantha Marian <x72m35@gmail.com>
> *To:* MailScanner discussion <mailscanner@lists.mailscanner.info>
>> Friends,
>>
>> I have observered in Exim/MailScanner installations Watermark header 
>> addition does not work. But observing the logs reveal that 
>> Watermarking works. Further, addition of other headers by MailScanner 
>> (eg. X-YZ-MailScanner-SpamScore, X-YZ-MailScanner-From, etc) works 
>> perfectly.
>>
>> As per the debugging that I have done in Message.pm; I don't see any 
>> problem at line 334 (Version 4.69.9) either.
>>
>> Same type of installations with Postfix/MailScanner works well in 
>> adding the Watermark header.
>>
>> Has anybody come across this condition ?
>>
>> I use the following Watermarking configuration in both type of 
>> installations.
>>
>>  Use Watermarking = yes
>>  Add Watermark = yes
>>  Check Watermarks With No Sender = yes
>>  Treat Invalid Watermarks With No Sender as Spam = spam
>>  Check Watermarks To Skip Spam Checks = yes
>>  Watermark Secret = %org-name%-AABBCCDDEEFFGGHHIIJJ
>>  Watermark Lifetime = 604800
>>  Watermark Header = X-%org-name%-MailScanner-Watermark:
>>
>> Thanks in advance.
>>
>> Lasantha.
>>
From telecaadmin at gmail.com  Sat May 17 08:13:05 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Sat May 17 08:14:38 2008
Subject: Multiple server in transport file
In-Reply-To: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
References: <6052545A7C35D54FBDD1051DFDD2045103F8FDF062@EX2K7VS01.4emm.local>
Message-ID: <482E8581.3080906@gmail.com>

> Hi everyone. I am starting to relay for a domain that uses multiple 
> front end mail servers to accept mail mainly for redundancy purposes. In 
> the transport file, the domains I am relaying for are currently setup 
> like this:
 >
> domain.com smtp:[mx1.domain.com]
> 
>  
> 
> If I wanted to enter more than one mail server for domain.com, how do I 
> do it? If its not possible does anyone else have any workarounds?


If you do not want to mess around with DNS, here is the direct config 
file approach:

Create a new protocol name (say fstmp - fallback smtp), let it be a SMTP 
transport and tell _that exact_ transport to use certain fallbacks.
As such those fallbacks will not affect your main SMTP transports which 
is very important.


How to do that:
Copy the smtp line in /etc/postfix/master.cf and rename it to fsmtp or 
so (all with tabs, beware the line-break!) and append the -o 
smtp_fallback_relay parameter:

fsmtp      unix  -       -       n       -       -       smtp
         -o smtp_fallback_relay=[1.2.3.2],[1.2.3.3]


and in /etc/postfix/transport


domain.com	fsmtp:[1.2.3.1]


So you now usually will use 1.2.3.1 as primary relay, but if that goes 
down, postfix will check the .2 and .3!

Cheers,
Ronny
From davejones70 at gmail.com  Sat May 17 13:28:37 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Sat May 17 13:29:12 2008
Subject: clamd problems after update
Message-ID: <67a55ed50805170528l10e9de2asddf0418e835bcc9a@mail.gmail.com>

>>You can try the util "clamdscan" (NOT clamscan) which will contact clamd
>>to have files scanned.
>>If that works your clamd is alive. If it says something along

>>connect(): No such file or directory
>>WARNING: Can't connect to clamd.

>>then your clamd is broken.
>>Try starting it with

>$> /etc/init.d/clamd start

>clamdscan works fine, but I am still getting the following errors, and
mailwatch shows zero viruses, even though tailing maillog shows viruses are
discovered. Spent most of two days on this >now:( Nothing gets logged to
clamd.log unless I start it manually. Clamav.log shows nothing. Clamav is
owner of both logss.

>May 16 14:40:27 relay-1 MailScanner[3889]: ERROR:: COULD NOT CONNECT TO
CLAMD, RECOMMEND RESTARTING DAEMON
>May 16 14:40:27 relay-1 MailScanner[3750]: Clamd::ERROR:: COULD NOT CONNECT
TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
>May 16 14:40:27 relay-1 MailScanner[3750]: Virus Scanning: Clamd found 1
infections

I have to change my /etc/clamd.conf to "LocalSocket /tmp/clamd" (or "Clamd
Socket = /tmp/clamd.socket" in the MailScanner.conf) so MailScanner can find
Clamd via the socket file.  Run "MailScanner --lint" before you do anything
and note any clam errors.  Then make the edit, restart clamd and run
"MailScanner --lint" again to see if everything is happy after the change.

-- 
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080517/9fc98664/attachment.html
From admin at lctn.org  Sat May 17 14:28:24 2008
From: admin at lctn.org (Raymond Norton)
Date: Sat May 17 14:31:26 2008
Subject: clamd problems after update
In-Reply-To: <8699410.9561211030759179.JavaMail.root@mail.lctn.org>
Message-ID: <8067669.9581211030904487.JavaMail.root@mail.lctn.org>

>I have to change my /etc/clamd.conf to "LocalSocket /tmp/clamd" (or "Clamd Socket = /tmp/clamd.socket" in the MailScanner.conf) so MailScanner can find Clamd via the >socket file. Run "MailScanner --lint" before you do anything and note any clam errors. Then make the edit, restart clamd and run "MailScanner --lint" again to see if everything >is happy after the change. 


I got it working. (found this info on http://www.global-domination.org/forum/viewtopic.php?t=893) 


Here is clamd.conf: 

AllowSupplementaryGroups true 
ArchiveBlockEncrypted true 
ArchiveBlockMax true 
ArchiveMaxCompressionRatio 300 
DatabaseDirectory /usr/local/share/clamav 
DetectBrokenExecutables true 
FixStaleSocket true 
LocalSocket /tmp/clamd 
LogFacility LOG_MAIL 
LogFile /var/log/clamav/clamd.log 
LogFileMaxSize 10M 
LogSyslog true 
MaxConnectionQueueLength 30 
MaxThreads 50 
PidFile /var/run/clamav/clamd.pid 
ReadTimeout 300 
TemporaryDirectory /tmp 
User clamav 


Had to add the following to Mailscanner.conf: 

Clamd Port = 3310 
Clamd Socket = /tmp/clamd 
Clamd Lock File = # /var/lock/subsys/clamd 
Clamd Use Threads = no 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080517/57062b4c/attachment.html
From darren at torsion.co.uk  Sat May 17 14:08:56 2008
From: darren at torsion.co.uk (Darren Walker)
Date: Sat May 17 15:09:19 2008
Subject: Spamassassin Problem
In-Reply-To: <625385e30805161125r46d78ca6vb87af7b8374faa48@mail.gmail.com>
References: <200805161227.m4GCJuNq030738@safir.blacknight.ie><LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS><011201c8b775$7fb0a9c0$1001a8c0@Lappy2>
	<625385e30805161125r46d78ca6vb87af7b8374faa48@mail.gmail.com>
Message-ID: <004401c8b81f$2a8b7a60$1001a8c0@Lappy2>

Hi

Thanks
Have cut the main sections that I think are relevant. I have tried upgrading
to the latest versions of both MailScanner and Spamassassin, but there is
still a problem if I turn on Spam Checks

SETTINGS 
Spam Checks = yes
Spam List = spamhaus-ZEN # You can un-comment this to enable them
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 2
Spam List Timeout = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = no
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 20
Ignore Spam Whitelist If Recipients Exceed = 20
Max Spam Check Size = 200k


# What to do with spam

#Spam Actions = store forward anonymous@ecs.soton.ac.uk
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = delete
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Bounce Spam As Attachment = no


Cheers

Darren


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of shuttlebox
Sent: 16 May 2008 19:25
To: MailScanner discussion
Subject: Re: Spamassassin Problem

On Fri, May 16, 2008 at 6:54 PM, Darren Walker <darren@torsion.co.uk> wrote:
>
>  Hi
>
>  I have set MailScanner to use ClamAV and Spamassassin.
>
>  Mail is coming in and obviously a large amout of it is SPAM.
>
>  I have set High Scoring Spam with a level of 10 to be deleted
>
>  When I turn on 'spam checks' on - no action is taken on the mail.
>  SpamAssassin confirms that it is spam but doesn't delete it - but nor
does
>  it deliver it. The mail just builds up in the mqueue.in.
>
>  If I turn off spam checking then it works fine. I have run Maliscanner
>  --lint and it finds no problems.
>
>  I have left it turned on for about an hour and no email is deleted or
>  delivered.
>  Any ideas?

Post your spam related options here please.

-- 
/peter
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


-- 
This message has been scanned for viruses and
dangerous content by Torsion Internet Ltd, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Sat May 17 16:35:50 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sat May 17 16:36:45 2008
Subject: Spamassassin Problem
In-Reply-To: <004401c8b81f$2a8b7a60$1001a8c0@Lappy2>
References: <200805161227.m4GCJuNq030738@safir.blacknight.ie><LB457A4F38A5E4e36AC920DD40E0AE4C4.1210944364.mail2.CANAL4@MHS><011201c8b775$7fb0a9c0$1001a8c0@Lappy2>	<625385e30805161125r46d78ca6vb87af7b8374faa48@mail.gmail.com>
	<004401c8b81f$2a8b7a60$1001a8c0@Lappy2>
Message-ID: <482EFB56.6070608@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Darren Walker wrote:

| Have cut the main sections that I think are relevant. I have tried
upgrading
| to the latest versions of both MailScanner and Spamassassin, but there is
| still a problem if I turn on Spam Checks

Please indicate what details are you have researched in your messages to
learn why so many messages are marked as spam. Are particular decisions?

Did you read the threads about obsolete RBL's? In your case if your
backup server is listed on spamhaus then you get hit a lot.

As it is your primary MX is not accepting SMTP cnnections which does not
make or a well organized configuration.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFILvtUBvzDRVjxmYERAs6MAKCG++W4atiONBCRQ00TERN/ORqX/QCePJbT
t9fJCmQJGfJWQ096bxMOgZ8=
=kvC2
-----END PGP SIGNATURE-----
From J.Ede at birchenallhowden.co.uk  Mon May 19 10:45:13 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Mon May 19 10:48:49 2008
Subject: All quiet?
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>

Is there a problem on this as I've had nothing from the list since saturday, or has everyone just had a weekend off?

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080519/de0eb840/attachment.html
From gerard at seibercom.net  Mon May 19 12:23:31 2008
From: gerard at seibercom.net (Gerard)
Date: Mon May 19 12:24:24 2008
Subject: All quiet?
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
Message-ID: <20080519072331.786f86a6@scorpio>

On Mon, 19 May 2008 10:45:13 +0100
Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:

> Is there a problem on this as I've had nothing from the list since
> saturday, or has everyone just had a weekend off?

"No news is good news!"

-- 
?Gerard?
gerard@seibercom.net

Hate the sin and love the sinner.

	Mahatma Gandhi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080519/da8ec56a/signature.bin
From jan-peter at koopmann.eu  Mon May 19 12:43:22 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Mon May 19 12:44:34 2008
Subject: All quiet?
In-Reply-To: <EMEW-k4ICdg7facb0f48c192e090428125736c9ce09-4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
References: <EMEW-k4ICdg7facb0f48c192e090428125736c9ce09-4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
Message-ID: <EMEW-k4IDhce216b56a1dfe39d314e153b145685f7d-5F9EB2B0731E5B4D88FC20780DFD161029CAAB@DE-SEXB01RZ.intern.seceidos.de>

I was just woundering about the same thing. But since I can see your
message, there should not be a problem. J

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080519/19806852/attachment.html
From theodrake at comcast.net  Mon May 19 13:26:54 2008
From: theodrake at comcast.net (Ed)
Date: Mon May 19 14:22:21 2008
Subject: All quiet?
In-Reply-To: <20080519072331.786f86a6@scorpio>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<20080519072331.786f86a6@scorpio>
Message-ID: <4831720E.8040204@comcast.net>

Gerard wrote:
> On Mon, 19 May 2008 10:45:13 +0100
> Jason Ede <J.Ede@birchenallhowden.co.uk> wrote:
>
>   
>> Is there a problem on this as I've had nothing from the list since
>> saturday, or has everyone just had a weekend off?
>>     
>
> "No news is good news!"
>
>   
With almost instant communications the sudden lack of it can be bad news :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080519/e4af3281/attachment.html
From martinh at solidstatelogic.com  Mon May 19 14:43:07 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Mon May 19 14:43:17 2008
Subject: test email 14.42 BST
Message-ID: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From rgreen at trayerproducts.com  Mon May 19 15:07:03 2008
From: rgreen at trayerproducts.com (Rodney Green)
Date: Mon May 19 15:08:11 2008
Subject: test email 14.42 BST
In-Reply-To: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
References: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
Message-ID: <48318987.8000001@trayerproducts.com>

Received your e-mail, Martin. The list definitely seems quiet though.

Martin.Hepworth wrote:
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>
>   


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From twiztar at gmail.com  Mon May 19 15:09:24 2008
From: twiztar at gmail.com (Erik Weber)
Date: Mon May 19 15:09:37 2008
Subject: test email 14.42 BST
In-Reply-To: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
References: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
Message-ID: <48318A14.9000301@gmail.com>


Dunno when 14:42 is, but it arrived here at 15:43 CET

-- 
Erik
From lhaig at haigmail.com  Mon May 19 15:10:02 2008
From: lhaig at haigmail.com (lhaig-haigmail.com)
Date: Mon May 19 15:10:14 2008
Subject: test email 14.42 BST
In-Reply-To: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
References: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
Message-ID: <7db30e72494279fe6033ae8b3ac511b6@haigmail.com>

I got it

On Mon, 19 May 2008 14:43:07 +0100, "Martin.Hepworth"
<martinh@solidstatelogic.com> wrote:
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> 
> 
> 
> 
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
> 
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!

From dave.list at pixelhammer.com  Mon May 19 15:17:24 2008
From: dave.list at pixelhammer.com (DAve)
Date: Mon May 19 15:17:46 2008
Subject: test email 14.42 BST
In-Reply-To: <48318987.8000001@trayerproducts.com>
References: <5b5c5e8d1de06c44a9941b94d019eeea@solidstatelogic.com>
	<48318987.8000001@trayerproducts.com>
Message-ID: <48318BF4.2060503@pixelhammer.com>

Rodney Green wrote:
> Received your e-mail, Martin. The list definitely seems quiet though.
> 

We have no problems, we figured out our performance issue and now we are 
kicking spam butt, best results than we ever saw previously. Good thing 
too because the spammers have been hitting us very hard the last two weeks.

DAve

-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From hvdkooij at vanderkooij.org  Mon May 19 15:25:13 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon May 19 15:25:24 2008
Subject: All quiet?
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
Message-ID: <48318DC9.3020401@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Ede wrote:
| Is there a problem on this as I've had nothing from the list since
| saturday, or has everyone just had a weekend off?

I am not sure what was going on this weekend. But most mailinglists with
~ "work related" subjects tend to be more quiet over the weekend anyway.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIMY3HBvzDRVjxmYERAvKzAKCZlVYLN9wVZ31ZqDyPwQAleLLAtACfXC4q
epRfv78ZAU+fUJS/HZ5avA4=
=7jKB
-----END PGP SIGNATURE-----
From gmatt at nerc.ac.uk  Mon May 19 15:45:47 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Mon May 19 15:46:23 2008
Subject: occasional bayes failure
Message-ID: <4831929B.3010506@nerc.ac.uk>

On one of my production relays I'm seeing occasional messages come 
through that seem to miss Bayes scanning. What could be the cause of 
this? The vast majority of low and high scoring spam shows a BAYES score 
but occasionally not:

May 19 15:30:24 mailr-w MailScanner[28305]: Message m4JEUIY6031013 from 
210.35.74.3 (customer.support@britannia.co.uk) to ceh.ac.uk is spam, 
SpamAssassin (cached, score=11.974, required 5, autolearn=spam, 
BOTNET_CLIENT 0.20, BOTNET_CLIENTWORDS 0.20, BOTNET_IPINHOSTNAME 0.30, 
BOTNET_SOHO -0.40, DCC_CHECK 1.70, FORGED_MUA_OUTLOOK 3.12, 
FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00, HTML_MESSAGE 0.00, 
MIME_HTML_ONLY 1.46, MISSING_HEADERS 1.29, MSGID_FROM_MTA_HEADER 0.80, 
MSOE_MID_WRONG_CASE 0.82, RDNS_DYNAMIC 0.10, SPF_SOFTFAIL 0.60, 
URIBL_PH_SURBL 1.79)

I've checked the permissions of /etc/MailScanner/bayes and they are 
exactly like my other two production hosts. I've --restore'd from a 
bayes backup (from another relay) but I'm still seeing occasional log 
entries with no BAYES score.

a --lint run shows nothing out of the ordinary. The only slightly iffy 
log that I've seen is when doing a --force-expire I see this:

dbg: bayes: can't use estimation method for expiry, unexpected
result, calculating optimal atime delta

but googling for this suggests it is quite common.

I looked for spamassassin timeouts but I dont have any past 1/20 (assume 
it retries up to 20 times) and these dont correspond chronologically 
with the bayes misses. Also, this is not the busiest of the three 
relays. The busiest shows no such problem.

any help appreciated.

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From glenn.steen at gmail.com  Mon May 19 15:57:38 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon May 19 15:57:47 2008
Subject: occasional bayes failure
In-Reply-To: <4831929B.3010506@nerc.ac.uk>
References: <4831929B.3010506@nerc.ac.uk>
Message-ID: <223f97700805190757t34a2046ai6aafdcb2b67c9572@mail.gmail.com>

2008/5/19 Greg Matthews <gmatt@nerc.ac.uk>:
> On one of my production relays I'm seeing occasional messages come through
> that seem to miss Bayes scanning. What could be the cause of this? The vast
> majority of low and high scoring spam shows a BAYES score but occasionally
> not:
>
> May 19 15:30:24 mailr-w MailScanner[28305]: Message m4JEUIY6031013 from
> 210.35.74.3 (customer.support@britannia.co.uk) to ceh.ac.uk is spam,
> SpamAssassin (cached, score=11.974, required 5, autolearn=spam,
> BOTNET_CLIENT 0.20, BOTNET_CLIENTWORDS 0.20, BOTNET_IPINHOSTNAME 0.30,
> BOTNET_SOHO -0.40, DCC_CHECK 1.70, FORGED_MUA_OUTLOOK 3.12,
> FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00, HTML_MESSAGE 0.00,
> MIME_HTML_ONLY 1.46, MISSING_HEADERS 1.29, MSGID_FROM_MTA_HEADER 0.80,
> MSOE_MID_WRONG_CASE 0.82, RDNS_DYNAMIC 0.10, SPF_SOFTFAIL 0.60,
> URIBL_PH_SURBL 1.79)
>
> I've checked the permissions of /etc/MailScanner/bayes and they are exactly
> like my other two production hosts. I've --restore'd from a bayes backup
> (from another relay) but I'm still seeing occasional log entries with no
> BAYES score.
>
> a --lint run shows nothing out of the ordinary. The only slightly iffy log
> that I've seen is when doing a --force-expire I see this:
>
> dbg: bayes: can't use estimation method for expiry, unexpected
> result, calculating optimal atime delta
>
> but googling for this suggests it is quite common.
>
> I looked for spamassassin timeouts but I dont have any past 1/20 (assume it
> retries up to 20 times) and these dont correspond chronologically with the
> bayes misses. Also, this is not the busiest of the three relays. The busiest
> shows no such problem.
>
> any help appreciated.
>
> GREG
Are all the relevant ones using cached results? If so, SA is never run
on them... That is, after all, the whole point of the SA result
cache:-).
Not sure if that could have something to do with it. Perhaps worth
checking though.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From gmatt at nerc.ac.uk  Mon May 19 16:45:12 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Mon May 19 16:45:46 2008
Subject: occasional bayes failure
In-Reply-To: <223f97700805190757t34a2046ai6aafdcb2b67c9572@mail.gmail.com>
References: <4831929B.3010506@nerc.ac.uk>
	<223f97700805190757t34a2046ai6aafdcb2b67c9572@mail.gmail.com>
Message-ID: <4831A088.2020108@nerc.ac.uk>

Glenn Steen wrote:
> Are all the relevant ones using cached results? If so, SA is never run
> on them... That is, after all, the whole point of the SA result
> cache:-).
> Not sure if that could have something to do with it. Perhaps worth
> checking though.

uh... weirder...

actually since fixing the Bayes table, the only ones without a Bayes 
score are indeed cached (good call). However... on the other two relays, 
cached hits are /still/ showing a Bayes score, here is an example:

May 19 16:29:08 mailr-k MailScanner[7257]: Message m4JFT1Jb009726 from 
218.37.8.84 (signs7@4hisgloryquartet.com) to nerc.ac.uk is spam, 
SpamAssassin (cached, score=23.389, required 5, autolearn=spam, BAYES_50 
0.00, BOTNET 1.00, DCC_CHECK 1.70, DIGEST_MULTIPLE 0.00, 
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, 
RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, 
RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_SORBS_WEB 0.62, RDNS_NONE 0.10, 
SARE_OEM_A_1 2.00, SARE_OEM_A_2 1.50, STOX_REPLY_TYPE 0.00, 
TVD_FINGER_02 2.13, URIBL_AB_SURBL 1.86, URIBL_BLACK 1.96, 
URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_RHS_DOB 1.08, 
URIBL_SC_SURBL 0.47)

so which is right?

Or perhaps the ones that hit the cache which dont have a Bayes score 
were cached when bayes was still broken... I'll zap the cache and see 
what happens.

thanks Glenn

GREG

> 
> Cheers


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From jaearick at colby.edu  Mon May 19 18:47:35 2008
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Mon May 19 18:48:22 2008
Subject: rpm vs tar install locations
Message-ID: <alpine.LRH.1.10.0805191333060.32101@rh-colby0.colby.edu>

Gang,

I'm looking at moving my MailScanner system from a physical
Solaris 10 box to a virtual (vmware) Redhat system.  Any
advice and gotchas would be helpful.

I've got to ask.  I got my Redhat box set up, took a snapshot
of the base system, then ran the rpm install (saved output via
the script command), rolled back to the snapshot, and then did
a tar install (also saved output).  Why do the rpm's go into
/usr, while the tarfile goes into /opt?  Frankly, I like it in
/opt a whole lot better...

Jeff Earickson
Colby College
From peter at farrows.org  Mon May 19 18:59:13 2008
From: peter at farrows.org (Peter Farrow)
Date: Mon May 19 18:59:33 2008
Subject: All quiet?
In-Reply-To: <EMEW-k4IDhce216b56a1dfe39d314e153b145685f7d-5F9EB2B0731E5B4D88FC20780DFD161029CAAB@DE-SEXB01RZ.intern.seceidos.de>
References: <EMEW-k4ICdg7facb0f48c192e090428125736c9ce09-4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<EMEW-k4IDhce216b56a1dfe39d314e153b145685f7d-5F9EB2B0731E5B4D88FC20780DFD161029CAAB@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <4831BFF1.8040309@farrows.org>

Koopmann, Jan-Peter wrote:
>
> I was just woundering about the same thing. But since I can see your 
> message, there should not be a problem. J
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by the *Inexcom* <http://www.inexcom.co.uk/> system 
> scanner,
> and is believed to be clean.
> Advanced heuristic mail scanning server [-]. 
I am still getting them ok...

not many though, but enough to reassure me...

P.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080519/16216697/attachment.html
From glenn.steen at gmail.com  Mon May 19 19:22:10 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon May 19 19:22:20 2008
Subject: occasional bayes failure
In-Reply-To: <4831A088.2020108@nerc.ac.uk>
References: <4831929B.3010506@nerc.ac.uk>
	<223f97700805190757t34a2046ai6aafdcb2b67c9572@mail.gmail.com>
	<4831A088.2020108@nerc.ac.uk>
Message-ID: <223f97700805191122i22aea544se70219d960d3b15c@mail.gmail.com>

2008/5/19 Greg Matthews <gmatt@nerc.ac.uk>:
> Glenn Steen wrote:
>>
>> Are all the relevant ones using cached results? If so, SA is never run
>> on them... That is, after all, the whole point of the SA result
>> cache:-).
>> Not sure if that could have something to do with it. Perhaps worth
>> checking though.
>
> uh... weirder...
>
> actually since fixing the Bayes table, the only ones without a Bayes score
> are indeed cached (good call). However... on the other two relays, cached
> hits are /still/ showing a Bayes score, here is an example:
>
> May 19 16:29:08 mailr-k MailScanner[7257]: Message m4JFT1Jb009726 from
> 218.37.8.84 (signs7@4hisgloryquartet.com) to nerc.ac.uk is spam,
> SpamAssassin (cached, score=23.389, required 5, autolearn=spam, BAYES_50
> 0.00, BOTNET 1.00, DCC_CHECK 1.70, DIGEST_MULTIPLE 0.00,
> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
> RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_BL_SPAMCOP_NET
> 1.96, RCVD_IN_SORBS_WEB 0.62, RDNS_NONE 0.10, SARE_OEM_A_1 2.00,
> SARE_OEM_A_2 1.50, STOX_REPLY_TYPE 0.00, TVD_FINGER_02 2.13, URIBL_AB_SURBL
> 1.86, URIBL_BLACK 1.96, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50,
> URIBL_RHS_DOB 1.08, URIBL_SC_SURBL 0.47)
>
> so which is right?
>
> Or perhaps the ones that hit the cache which dont have a Bayes score were
> cached when bayes was still broken... I'll zap the cache and see what
> happens.
Yep, this is what I'm thinking. Easy solution... remove the SA cache
DB... Perhaps do it like "service MailScanner stop; rm
/path/so/SpamAssassin.cache.db;service MailScanner Start" (don't
remember neither name nor path:-)... Don't remeber if that is needed,
but ... better safe thansorry:)
MS will recreate it.

> thanks Glenn
Glad to help.

> GREG
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Mon May 19 19:35:01 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Mon May 19 19:35:11 2008
Subject: rpm vs tar install locations
In-Reply-To: <alpine.LRH.1.10.0805191333060.32101@rh-colby0.colby.edu>
References: <alpine.LRH.1.10.0805191333060.32101@rh-colby0.colby.edu>
Message-ID: <223f97700805191135v50b0231rda8f71e0a6654151@mail.gmail.com>

2008/5/19 Jeff A. Earickson <jaearick@colby.edu>:
> Gang,
>
> I'm looking at moving my MailScanner system from a physical
> Solaris 10 box to a virtual (vmware) Redhat system.  Any
> advice and gotchas would be helpful.
Ooooh, we can give you gotcha's ... no doubt about that:-):-)

> I've got to ask.  I got my Redhat box set up, took a snapshot
> of the base system, then ran the rpm install (saved output via
> the script command), rolled back to the snapshot, and then did
> a tar install (also saved output).  Why do the rpm's go into
> /usr, while the tarfile goes into /opt?  Frankly, I like it in
> /opt a whole lot better...
There are a few answers like "Because [RPM|FSSTD|LSB|...] decrees it",
but the basic thought behind all those would be that any "system level
RPM" should put things in predictable places... Usually system level
tools would go into /usr/sbin or /sbin (though the "s" stands for
"statically linked"...not "system tools":-). The tarball put things in
an alternative place, where it is supposed to ... /opt (which stand
for "optional", although many things put there aren't especially
optional:-) is meant for things that aren't part of the distro
packaging scheme, but aren't really locally developed (as you all
know, /usr/local used to be the dumping grounds of such packages).
I'm too rusty a Solaris user to rightly remember, but I think it has a
similar "structure" to things...:)
I'm sure you'll get a few diverging/converging answers to this effect,
but ... that is basically it:).

> Jeff Earickson
> Colby College

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mikes at hartwellcorp.com  Mon May 19 21:46:12 2008
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Mon May 19 21:46:53 2008
Subject: Can you run MailWatch on a different server?
Message-ID: <3BF93070B3D1B047BA7ABF612958950D02CF6258@hcex.hartwellcorp.com>

Is it possible to run MailWatch on a different server than the system
running MailScanner?
From peter at farrows.org  Mon May 19 22:18:38 2008
From: peter at farrows.org (Peter Farrow)
Date: Mon May 19 22:19:01 2008
Subject: Can you run MailWatch on a different server?
In-Reply-To: <3BF93070B3D1B047BA7ABF612958950D02CF6258@hcex.hartwellcorp.com>
References: <3BF93070B3D1B047BA7ABF612958950D02CF6258@hcex.hartwellcorp.com>
Message-ID: <4831EEAE.1080808@farrows.org>

Michael St. Laurent wrote:
> Is it possible to run MailWatch on a different server than the system
> running MailScanner?
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   

Yes you can, you can also run a centralised database, and enable RPC 
style calls so that items quanrantined on remote servers can be 
effectively released from the central server.  I edited the Mailwatch 
code to do this, because if you enable the centralised database 
settings, it removes the ability to do this.

I run a central database server with Mailwatch on it for multiple 
scanners...

P.


-- 
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk

From paul at blacknight.com  Mon May 19 23:42:50 2008
From: paul at blacknight.com (Paul Kelly :: Blacknight)
Date: Mon May 19 23:43:01 2008
Subject: Can you run MailWatch on a different server?
In-Reply-To: <4831EEAE.1080808@farrows.org>
Message-ID: <D175CB0A04FE634587DA0987F3C423101D1CEB19CE@iddawg.blacknight.local>

>
> Yes you can, you can also run a centralised database, and
> enable RPC style calls so that items quanrantined on remote
> servers can be effectively released from the central server.
> I edited the Mailwatch code to do this, because if you enable
> the centralised database settings, it removes the ability to do this.
>
> I run a central database server with Mailwatch on it for
> multiple scanners...
>
> P.


We've done something similar. But we wrote a complete management front and back end for admins and customers alike. It uses MailWatch code in the logging bit but the rest is our own.

DB management is extremely important as you can fill several million rows a day so design of the DB and the hardware it's on are important.

Paul
From Alan.Charlton at caseware.com  Tue May 20 02:24:53 2008
From: Alan.Charlton at caseware.com (Alan Charlton)
Date: Tue May 20 02:25:17 2008
Subject: Variables that can be used in inline.warning.txt and .html reports
Message-ID: <5864E8A48D189F4999A1D1BAE3730516828AEB@queen.caseware.cwi.local>

We've been trying to use some variables in the inline.warning.txt/html
files that don't seem to work.  Specifically $datenumber and $to.  

We'd like to be able to provide our users with a link to release 'bad
content' or even 'virus' messages that they know are legitimate, similar
to what's in the recipient.spam.report.txt:  

http://$hostname/cgi-bin/release-msg.cgi?datenumber=$datenumber&id=$id&t
o=$to

I know it's a little risky, but we're a software development company and
we often get attachments that get caught, and our users tend to be
reasonably intelligent and cautious... and too impatient to submit a
ticket to IT every time a file is caught.

Also for proper backup and archiving we'd like all legitimate emails to
reach the end users' mailboxes...

For more details on what we're trying to do check out:
http://www.global-domination.org/forum/viewtopic.php?t=968

My searches for a solution turned up the following thread:
http://lists.mailscanner.info/pipermail/mailscanner/2007-September/07803
0.html

...Which seems to imply that these variables need to be specifically
added to work in a given report.

Is there any way we can add the variables ourselves?  Or do we need to
request that they be added in a new release?

Thanks,
Alan
From gmatt at nerc.ac.uk  Tue May 20 09:07:05 2008
From: gmatt at nerc.ac.uk (Greg Matthews)
Date: Tue May 20 09:07:37 2008
Subject: rpm vs tar install locations
In-Reply-To: <alpine.LRH.1.10.0805191333060.32101@rh-colby0.colby.edu>
References: <alpine.LRH.1.10.0805191333060.32101@rh-colby0.colby.edu>
Message-ID: <483286A9.6010206@nerc.ac.uk>

Jeff A. Earickson wrote:
> I've got to ask.  I got my Redhat box set up, took a snapshot
> of the base system, then ran the rpm install (saved output via
> the script command), rolled back to the snapshot, and then did

hmmm... I looked into taking snapshots and attempting to roll back using 
LVM - I never found an easy way to do it. Are you using LVM or EVMS? How 
did you do the roll back?

GREG

> a tar install (also saved output).  Why do the rpm's go into
> /usr, while the tarfile goes into /opt?  Frankly, I like it in
> /opt a whole lot better...
> 
> Jeff Earickson
> Colby College


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

From hvdkooij at vanderkooij.org  Tue May 20 10:36:08 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue May 20 10:36:18 2008
Subject: Adding ASN info
Message-ID: <48329B88.1020902@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Has anyone done any work on adding ASN info to a message in the way this
procmail filter does it? I would prefer to do this in postfix but a
custom call in MailScanner before SA is called upon would do as well.

http://linuxmafia.com/~karsten/Download/procmail-asn-header

It sounds like a fun idea to let the ASN info become part of the
Bayesian selection. And we might add a decision to block all messages
from certain countries. All I ever got from Nigeria are messages with
wacky deals.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIMpuFBvzDRVjxmYERAkCcAJ4yD/ibJG00qjw4TBC+QSKv5eYocQCgraBn
Bt9kpjFTkCtfTSODA6wS6OU=
=Mt+V
-----END PGP SIGNATURE-----
From paul at blacknight.com  Tue May 20 11:07:51 2008
From: paul at blacknight.com (Paul Kelly :: Blacknight)
Date: Tue May 20 11:08:01 2008
Subject: Adding ASN info
In-Reply-To: <48329B88.1020902@vanderkooij.org>
Message-ID: <D175CB0A04FE634587DA0987F3C423101D1D6997F2@iddawg.blacknight.local>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Has anyone done any work on adding ASN info to a message in
> the way this procmail filter does it? I would prefer to do
> this in postfix but a custom call in MailScanner before SA is
> called upon would do as well.
>
> http://linuxmafia.com/~karsten/Download/procmail-asn-header
>
> It sounds like a fun idea to let the ASN info become part of
> the Bayesian selection. And we might add a decision to block
> all messages from certain countries. All I ever got from
> Nigeria are messages with wacky deals.
>

If you use it in conjunction with MailWatch and log the ASN per e-mail over time you can decide to block ASNs at your networks edge. This would simply give the 2 fingers to spammers and the networks that allow them to operate.

I can't see it taking off though :-), but would be nice all the same.

Paul
From steve.freegard at fsl.com  Tue May 20 12:08:36 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Tue May 20 12:08:47 2008
Subject: Adding ASN info
In-Reply-To: <48329B88.1020902@vanderkooij.org>
References: <48329B88.1020902@vanderkooij.org>
Message-ID: <4832B134.4060507@fsl.com>

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> Has anyone done any work on adding ASN info to a message in the way this
> procmail filter does it? I would prefer to do this in postfix but a
> custom call in MailScanner before SA is called upon would do as well.
> 
> http://linuxmafia.com/~karsten/Download/procmail-asn-header
> 
> It sounds like a fun idea to let the ASN info become part of the
> Bayesian selection. And we might add a decision to block all messages
> from certain countries. All I ever got from Nigeria are messages with
> wacky deals.
> 

SpamAssassin can do this natively if you want to Bayes to consider the ASN:

http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html


 From MailWatch v2:

sub ip_to_asn {
  my $ip = shift;
  my $revip = join(".", reverse split(/\./,$ip));

  use Net::DNS;
  my $res = Net::DNS::Resolver->new;
  my $query = $res->search("$revip.asn.routeviews.org","TXT");

  if($query) {
   my @answer = $query->answer;
   my $asn = $answer[0]{char_str_list}[0];
   return $asn;
  }
  return '4294967295';
}

You could hack this into MailScanner's Message.pm then in 'sub new{' 
after the variables are initialized add:

$global::MS->{mta}->AddHeader($this, 'X-MailScanner-ASN:', 
ip_to_asn($this->{clientip}));

And that would do the equivalent to your procmail script.

However - I wouldn't recommend either way as routeviews.org has been 
known to slow and/or offline at times and it will adversely affect your 
scanning and delivery times (I disabled this function in MWv2 for this 
reason).

If you really need this and have RAM to spare, then rsync the zone file 
and serve it locally (BIND format only however; it's not possible to use 
rbldnsd).

Cheers,
Steve.
From Alistair.Carmichael at virginmedia.co.uk  Tue May 20 13:35:33 2008
From: Alistair.Carmichael at virginmedia.co.uk (Carmichael, Alistair)
Date: Tue May 20 13:37:28 2008
Subject: Adding ASN info
Message-ID: <BD61E4F2409B9E4AB4E83745278E23AE2FEC78@WB2-XMB-P0001.systems.private>

A thought although not directly based on ASN but it would be possible to
reject certain client's connection based on country of origin using the
postfix MTA with mysql support. You could have one table housing the
geoip database and another with country codes and actions against that,
add something like: 
mysql://etc/postfix/countrycheck.cf
to postfix in the smtpd_client_restrictions and use a slightly more
complex query which could look like:
SELECT action FROM geoip_country LEFT JOIN countryblock ON
geoip_country.iso_country_code=countryblock.code WHERE begin_num <
INET_ATON('<IP ADDR>') AND end_num > INET_ATON('<IP ADDR>')
Of course in this example my second table is called countryblock and has
columns "code" and "action"
This isn't a system I by any means use on my mail servers but I do use a
similar system to stop spam bots signing up to a web forum I look after
using a similar technique.


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steve
Freegard
Sent: 20 May 2008 12:09
To: MailScanner discussion
Subject: Re: Adding ASN info

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> Has anyone done any work on adding ASN info to a message in the way
this
> procmail filter does it? I would prefer to do this in postfix but a
> custom call in MailScanner before SA is called upon would do as well.
> 
> http://linuxmafia.com/~karsten/Download/procmail-asn-header
> 
> It sounds like a fun idea to let the ASN info become part of the
> Bayesian selection. And we might add a decision to block all messages
> from certain countries. All I ever got from Nigeria are messages with
> wacky deals.
> 

SpamAssassin can do this natively if you want to Bayes to consider the
ASN:

http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_A
SN.html


 From MailWatch v2:

sub ip_to_asn {
  my $ip = shift;
  my $revip = join(".", reverse split(/\./,$ip));

  use Net::DNS;
  my $res = Net::DNS::Resolver->new;
  my $query = $res->search("$revip.asn.routeviews.org","TXT");

  if($query) {
   my @answer = $query->answer;
   my $asn = $answer[0]{char_str_list}[0];
   return $asn;
  }
  return '4294967295';
}

You could hack this into MailScanner's Message.pm then in 'sub new{' 
after the variables are initialized add:

$global::MS->{mta}->AddHeader($this, 'X-MailScanner-ASN:', 
ip_to_asn($this->{clientip}));

And that would do the equivalent to your procmail script.

However - I wouldn't recommend either way as routeviews.org has been 
known to slow and/or offline at times and it will adversely affect your 
scanning and delivery times (I disabled this function in MWv2 for this 
reason).

If you really need this and have RAM to spare, then rsync the zone file 
and serve it locally (BIND format only however; it's not possible to use

rbldnsd).

Cheers,
Steve.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 


------------------------------------------------------------------------------
Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237


==============================================================================

From hvdkooij at vanderkooij.org  Tue May 20 14:44:52 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue May 20 14:45:02 2008
Subject: Adding ASN info
In-Reply-To: <4832B134.4060507@fsl.com>
References: <48329B88.1020902@vanderkooij.org> <4832B134.4060507@fsl.com>
Message-ID: <4832D5D4.6010108@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Freegard wrote:
| Hugo van der Kooij wrote:

|> Has anyone done any work on adding ASN info to a message in the way this
|> procmail filter does it? I would prefer to do this in postfix but a
|> custom call in MailScanner before SA is called upon would do as well.
|>
|> http://linuxmafia.com/~karsten/Download/procmail-asn-header
|>
|> It sounds like a fun idea to let the ASN info become part of the
|> Bayesian selection. And we might add a decision to block all messages
|> from certain countries. All I ever got from Nigeria are messages with
|> wacky deals.
|
| SpamAssassin can do this natively if you want to Bayes to consider the
ASN:
|
|
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html


So adding the 3 lines indicated to
/etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
the ASN info?

One of the side effects of getting something to kill the pain in my
spine is that it makes it a bit harder to think logical. But it beats
the pain so I can work out that problem that locks up my spinal column.
So I have to accept the side effects this week.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIMtXTBvzDRVjxmYERAhfyAJ0WfDnjA9QIu8qqc/77cX3qGGvS1ACgsfzY
yTGKOUYJFPogIz7w5jL9CkI=
=glMX
-----END PGP SIGNATURE-----
From richard.siddall at elirion.net  Tue May 20 16:35:51 2008
From: richard.siddall at elirion.net (Richard Siddall)
Date: Tue May 20 16:36:08 2008
Subject: reducing MailScanner memory footprint, was: ClamAV 0.93 released
In-Reply-To: <481736B3.7030705@fsl.com>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>
	<481736B3.7030705@fsl.com>
Message-ID: <4832EFD7.5060208@elirion.net>

Steve Freegard wrote:
> If you have plenty memory to spare and MailScanner child start-up time 
> is not an issue, then use Mail::ClamAV otherwise in all other cases use 
> clamd as it uses considerably less RAM without any performance penalty 
> as it uses threads as it seems that the signature database is shared 
> amongst the scanner threads.
> 

Interesting discussion.  If both clamd and spamd can share data (virus
signatures and rulesets) between threads, if that ability could be made
available via Mail::ClamAV and the SpamAssassin libraries, then Julian
might be able to build it into MailScanner and shrink the memory
footprint (assuming it doesn't require too much restructuring of
MailScanner itself).

Regards,

	Richard.

From MailScanner at ecs.soton.ac.uk  Tue May 20 19:00:48 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 20 19:01:03 2008
Subject: All quiet?
In-Reply-To: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
Message-ID: <483311D0.2090601@ecs.soton.ac.uk>

I've been absent from the list for a bit. I'm in hospital at the mo 
having loads of tests done, so I'm taking a couple of weeks off from the 
list while they do that.

Managed to hack together an internet connection at the hospital, despite 
them blocking all non-web ports and running a Websense box looking for 
HTTP traffic on everything else. Fortunately, like good little 
sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
I've now got SMTP running over 443, and full unrestricted web access 
tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
a squid at work :-)

Jules.

Jason Ede wrote:
> Is there a problem on this as I've had nothing from the list since 
> saturday, or has everyone just had a weekend off?
>  
> Jason

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dave.list at pixelhammer.com  Tue May 20 19:41:36 2008
From: dave.list at pixelhammer.com (DAve)
Date: Tue May 20 19:41:54 2008
Subject: All quiet?
In-Reply-To: <483311D0.2090601@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<483311D0.2090601@ecs.soton.ac.uk>
Message-ID: <48331B60.5030103@pixelhammer.com>

Julian Field wrote:
> I've been absent from the list for a bit. I'm in hospital at the mo 
> having loads of tests done, so I'm taking a couple of weeks off from the 
> list while they do that.
> 
> Managed to hack together an internet connection at the hospital, despite 
> them blocking all non-web ports and running a Websense box looking for 
> HTTP traffic on everything else. Fortunately, like good little 
> sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
> I've now got SMTP running over 443, and full unrestricted web access 
> tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
> a squid at work :-)

I'm glad you are on our side ;^)

-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From ard at pergamentum.com  Tue May 20 20:05:53 2008
From: ard at pergamentum.com (Alisdair Davey)
Date: Tue May 20 20:06:26 2008
Subject: All quiet?
In-Reply-To: <48331B60.5030103@pixelhammer.com>
Message-ID: <200805201905.m4KJ5rk3007819@www4.pergamentum.com>

> > Managed to hack together an internet connection at the hospital, despite 
> > them blocking all non-web ports and running a Websense box looking for 
> > HTTP traffic on everything else. Fortunately, like good little 
> > sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
> > I've now got SMTP running over 443, and full unrestricted web access 
> > tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
> > a squid at work :-)
> 
> I'm glad you are on our side ;^)

So I start work at this new place doing my day job (you know average rocket
science stuff) and a junior sysadmin (you know the kind, the new breed that
doesn't wear sandals with odd colored socks) stops by and we talk about
setting up my machine and I ask about using external mail servers (as you
do) and he goes proudly 'Oh no, we block port 25 to everything except our
local mail server.' Ok 'no problem', says I cheerily 'I'll just use port 26
instead.' Stutters...'I don't think mail work like that'. Says I 'actually
you can run a mailserver on any port you like, just don't expect the world
to find you if you don't run one on port 25. I use both 25 and 26 so my
clients who are behind brain dead ISPs can use a real mailserver (TM).' and
I do a telnet to port 26 on my machine to show him. *cough* *splutter*
(maybe some apoplexy too :) 'Oh I didn't know you can do that. Maybe we
should block port 26 too.' 'Well you can', I said wondering why they aren't
running a DENY ALL then ALLOW only what you need kinda firewall but I
figured that bit of philosophy might be a bit too much for him,'but you do
allow outgoing ssh don't you?' 'Yes of course' ... and I point you back to
Julian's most excellent comment above. Maybe I'll buy junior one blue and
one red sock for christmas...
Cheers
Alisdair

-- 
Alisdair Davey                                    ard@pergamentum.com 
Pergamentum Solutions
From ssilva at sgvwater.com  Tue May 20 20:45:31 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 20 20:45:50 2008
Subject: All quiet?
In-Reply-To: <483311D0.2090601@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<483311D0.2090601@ecs.soton.ac.uk>
Message-ID: <g0v9or$9l5$1@ger.gmane.org>

on 5-20-2008 11:00 AM Julian Field spake the following:
> I've been absent from the list for a bit. I'm in hospital at the mo 
> having loads of tests done, so I'm taking a couple of weeks off from the 
> list while they do that.
> 
> Managed to hack together an internet connection at the hospital, despite 
> them blocking all non-web ports and running a Websense box looking for 
> HTTP traffic on everything else. Fortunately, like good little 
> sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
> I've now got SMTP running over 443, and full unrestricted web access 
> tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
> a squid at work :-)
> 
> Jules.
> 
Amazing what a man will go through to "not" rest when he should!  ;-P
Hope everything comes out alright!


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080520/d3a2a93b/signature.bin
From campbell at cnpapers.com  Tue May 20 20:51:09 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May 20 20:51:32 2008
Subject: All quiet?
In-Reply-To: <g0v9or$9l5$1@ger.gmane.org>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>
	<g0v9or$9l5$1@ger.gmane.org>
Message-ID: <48332BAD.1080606@cnpapers.com>


Scott Silva wrote:
>
> Hope everything comes out alright!
>
>
Is there surgery involved? :-)

Steve Campbell
>
>

From MailScanner at ecs.soton.ac.uk  Tue May 20 21:27:52 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 20 21:28:08 2008
Subject: All quiet?
In-Reply-To: <48332BAD.1080606@cnpapers.com>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>	<g0v9or$9l5$1@ger.gmane.org>
	<48332BAD.1080606@cnpapers.com>
Message-ID: <48333448.9070107@ecs.soton.ac.uk>


Steve Campbell wrote:
>
>
> Scott Silva wrote:
>>
>> Hope everything comes out alright!
>>
>>
> Is there surgery involved? :-)
That's what the assessment is for. They are considering everything from 
doing nothing, to replacing my entire intestines (small bowel) and 
portal vein and liver. I only have about 20% of my liver left, my 
kidneys have moved up into the space when the liver should be, and my 
portal vein system doesn't exist at all.

Look up "liver" on wikipedia and there are 2 pictures at the top of the 
article, the lower one is the interesting one. The main bit of the liver 
on the left of the picture is pretty much absent in me, I've only got 
the little top bit in the middle of the picture.

So one possibility is to replace the entire liver, portal vein and small 
bowel (all 26 feet of it) with someone else's. So if you're going to 
drive dangerously, please wear leathers and take a donor card with you, 
some of us can use what's left :-) :-)

We'll see over the next few weeks what they decide they want to do. I'll 
let you know once I have a decision.

Best regards,
Jules.

>
> Steve Campbell
>>
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From dyioulos at firstbhph.com  Tue May 20 21:39:29 2008
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Tue May 20 21:39:50 2008
Subject: All quiet?
In-Reply-To: <48333448.9070107@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<48332BAD.1080606@cnpapers.com> <48333448.9070107@ecs.soton.ac.uk>
Message-ID: <200805201639.29546.dyioulos@firstbhph.com>

On Tuesday 20 May 2008 4:27 pm, Julian Field wrote:
> Steve Campbell wrote:
> > Scott Silva wrote:
> >> Hope everything comes out alright!
> >
> > Is there surgery involved? :-)
>
> That's what the assessment is for. They are considering everything from
> doing nothing, to replacing my entire intestines (small bowel) and
> portal vein and liver. I only have about 20% of my liver left, my
> kidneys have moved up into the space when the liver should be, and my
> portal vein system doesn't exist at all.
>
> Look up "liver" on wikipedia and there are 2 pictures at the top of the
> article, the lower one is the interesting one. The main bit of the liver
> on the left of the picture is pretty much absent in me, I've only got
> the little top bit in the middle of the picture.
>
> So one possibility is to replace the entire liver, portal vein and small
> bowel (all 26 feet of it) with someone else's. So if you're going to
> drive dangerously, please wear leathers and take a donor card with you,
> some of us can use what's left :-) :-)
>
> We'll see over the next few weeks what they decide they want to do. I'll
> let you know once I have a decision.
>
> Best regards,
> Jules.
>
> > Steve Campbell
>
> Jules
>
> --

Jules,

I'm surprised you haven't hacked the testing equipment and just gone ahead and 
done the tests yourself.

Needless to say, we're pullin' for ya.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From x72m35 at gmail.com  Wed May 21 06:27:49 2008
From: x72m35 at gmail.com (Lasantha Marian)
Date: Wed May 21 06:25:28 2008
Subject: All quiet?
In-Reply-To: <48333448.9070107@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>	<g0v9or$9l5$1@ger.gmane.org>	<48332BAD.1080606@cnpapers.com>
	<48333448.9070107@ecs.soton.ac.uk>
Message-ID: <4833B2D5.60104@gmail.com>

Julian,

Wish every test will come out good for your health.

Please take time to rest well and look after your health.

Lasantha.

*----- Original Message -----*
*Subject:* All quiet?
*Date:* Wed, 21/May/2008 1:57:52 AM +0550
*From:* Julian Field <MailScanner@ecs.soton.ac.uk>
*To:* MailScanner discussion <mailscanner@lists.mailscanner.info>
>
>
> Steve Campbell wrote:
>>
>>
>> Scott Silva wrote:
>>>
>>> Hope everything comes out alright!
>>>
>>>
>> Is there surgery involved? :-)
> That's what the assessment is for. They are considering everything 
> from doing nothing, to replacing my entire intestines (small bowel) 
> and portal vein and liver. I only have about 20% of my liver left, my 
> kidneys have moved up into the space when the liver should be, and my 
> portal vein system doesn't exist at all.
>
> Look up "liver" on wikipedia and there are 2 pictures at the top of 
> the article, the lower one is the interesting one. The main bit of the 
> liver on the left of the picture is pretty much absent in me, I've 
> only got the little top bit in the middle of the picture.
>
> So one possibility is to replace the entire liver, portal vein and 
> small bowel (all 26 feet of it) with someone else's. So if you're 
> going to drive dangerously, please wear leathers and take a donor card 
> with you, some of us can use what's left :-) :-)
>
> We'll see over the next few weeks what they decide they want to do. 
> I'll let you know once I have a decision.
>
> Best regards,
> Jules.
>
>>
>> Steve Campbell
>>>
>>>
>>
>
> Jules
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/922039df/attachment.html
From edward at tdcs.com.au  Wed May 21 06:56:02 2008
From: edward at tdcs.com.au (Edward Dekkers)
Date: Wed May 21 06:57:00 2008
Subject: All quiet?
In-Reply-To: <483311D0.2090601@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<483311D0.2090601@ecs.soton.ac.uk>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAADn/UOuSyIpItG4RF59TYZpilgAAEAAAANSJyaZANsVLoLxJ/urNC5kBAAAAAA==@tdcs.com.au>

> I've been absent from the list for a bit. I'm in hospital at the mo
> having loads of tests done, so I'm taking a couple of weeks off from
> the
> list while they do that.
> 
> Managed to hack together an internet connection at the hospital,
> despite
> them blocking all non-web ports and running a Websense box looking for
> HTTP traffic on everything else. Fortunately, like good little
> sys-admins, they left 22 open for their own benefit. Oh, what a mistake
> :-)
> I've now got SMTP running over 443, and full unrestricted web access
> tunneled over SSH on 22. Amazing what you can do with an SMTP server
> and
> a squid at work :-)

I guess "taking a couple of weeks off" means something different for you
than it does for me obviously.

Oh well, if you've got all the access you need anyway, and you're not doing
anything (not what you're supposed to anyway), I guess I'll see a new
version of MailScanner with some unbelievable new features in the next few
days. 

:)

But seriously - All the best Jules. Hope all goes well.

Ed.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From glenn.steen at gmail.com  Wed May 21 09:02:10 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed May 21 09:02:20 2008
Subject: All quiet?
In-Reply-To: <48333448.9070107@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>
	<483311D0.2090601@ecs.soton.ac.uk> <g0v9or$9l5$1@ger.gmane.org>
	<48332BAD.1080606@cnpapers.com> <48333448.9070107@ecs.soton.ac.uk>
Message-ID: <223f97700805210102w5369a1c8k6e15aef3aee21acb@mail.gmail.com>

2008/5/20 Julian Field <MailScanner@ecs.soton.ac.uk>:
>
>
> Steve Campbell wrote:
>>
>>
>> Scott Silva wrote:
>>>
>>> Hope everything comes out alright!
>>>
>>>
>> Is there surgery involved? :-)
>
> That's what the assessment is for. They are considering everything from
> doing nothing, to replacing my entire intestines (small bowel) and portal
> vein and liver. I only have about 20% of my liver left, my kidneys have
> moved up into the space when the liver should be, and my portal vein system
> doesn't exist at all.
>
> Look up "liver" on wikipedia and there are 2 pictures at the top of the
> article, the lower one is the interesting one. The main bit of the liver on
> the left of the picture is pretty much absent in me, I've only got the
> little top bit in the middle of the picture.
>
> So one possibility is to replace the entire liver, portal vein and small
> bowel (all 26 feet of it) with someone else's. So if you're going to drive
> dangerously, please wear leathers and take a donor card with you, some of us
> can use what's left :-) :-)
>
> We'll see over the next few weeks what they decide they want to do. I'll let
> you know once I have a decision.

Good luck Jules!

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From joost at waversveld.nl  Wed May 21 10:33:51 2008
From: joost at waversveld.nl (Joost Waversveld)
Date: Wed May 21 10:34:02 2008
Subject: All quiet?
In-Reply-To: <48333448.9070107@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>	<g0v9or$9l5$1@ger.gmane.org>	<48332BAD.1080606@cnpapers.com>
	<48333448.9070107@ecs.soton.ac.uk>
Message-ID: <4833EC7F.8010507@waversveld.nl>

Just wanted to wish you all the best Julian.

Take some rest when you need it.

Best regards,
Joost Waversveld

Julian Field wrote:
>
>
> Steve Campbell wrote:
>>
>>
>> Scott Silva wrote:
>>>
>>> Hope everything comes out alright!
>>>
>>>
>> Is there surgery involved? :-)
> That's what the assessment is for. They are considering everything 
> from doing nothing, to replacing my entire intestines (small bowel) 
> and portal vein and liver. I only have about 20% of my liver left, my 
> kidneys have moved up into the space when the liver should be, and my 
> portal vein system doesn't exist at all.
>
> Look up "liver" on wikipedia and there are 2 pictures at the top of 
> the article, the lower one is the interesting one. The main bit of the 
> liver on the left of the picture is pretty much absent in me, I've 
> only got the little top bit in the middle of the picture.
>
> So one possibility is to replace the entire liver, portal vein and 
> small bowel (all 26 feet of it) with someone else's. So if you're 
> going to drive dangerously, please wear leathers and take a donor card 
> with you, some of us can use what's left :-) :-)
>
> We'll see over the next few weeks what they decide they want to do. 
> I'll let you know once I have a decision.
>
> Best regards,
> Jules.
>
>>
>> Steve Campbell
>>>
>>>
>>
>
> Jules
>
From x72m35 at gmail.com  Wed May 21 11:09:22 2008
From: x72m35 at gmail.com (Lasantha Marian)
Date: Wed May 21 11:07:02 2008
Subject: Watermark header addition in Exim does not work
In-Reply-To: <482E8423.9090506@gmail.com>
References: <482C4F7D.8050708@gmail.com> <482D370D.9060305@gmail.com>
	<482E8423.9090506@gmail.com>
Message-ID: <4833F4D2.5060706@gmail.com>

Skipped content of type multipart/alternative-------------- next part --------------
272a273,274
>   $this->{addmshmac} = 0;
>   $this->{mshmac} = "";
334c336,337
<       $global::MS->{mta}->AppendHeader($this, $mshmacheader, "$expiry\@$hash");
---
>       $this->{addmshmac} = 1;
>       $this->{mshmac} = "$expiry\@$hash";
1875a1879,1887
>   
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->ReplaceHeader($this, $mshmacheader, $mshmac);
>   }
> 
4843a4856,4864
> 
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->ReplaceHeader($this, $mshmacheader, $mshmac);
>   }
> 
5259a5281,5289
> 
>   # Add watermark header if chosen to do so.
>   if ($this->{addmshmac}) {
>     my $mshmacheader = MailScanner::Config::Value('mshmacheader', $this);
>     my $mshmac = $this->{mshmac};
> 
>     $global::MS->{mta}->ReplaceHeader($this, $mshmacheader, $mshmac);
>   }
> 
From MailScanner at ecs.soton.ac.uk  Wed May 21 11:10:08 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 21 11:10:28 2008
Subject: All quiet?
In-Reply-To: <4833EC7F.8010507@waversveld.nl>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>	<g0v9or$9l5$1@ger.gmane.org>	<48332BAD.1080606@cnpapers.com>	<48333448.9070107@ecs.soton.ac.uk>
	<4833EC7F.8010507@waversveld.nl>
Message-ID: <4833F500.3000000@ecs.soton.ac.uk>

Thank you all for your very kind comments! They are much appreciated.

I haven't done any coding in the entire time I've been here, that's one 
of the longest periods off I've had in years! :-)

And don't worry, I'm getting lots of rest, lying in bed all day emailing 
and texting friends at home. I'm giving your random teenager a good run 
for their money, I sent 30 texts yesterday, and have seen nearly 150 
emails since I've been here.
I like to stay in touch :-)

Best regards,
Jules.

Joost Waversveld wrote:
> Just wanted to wish you all the best Julian.
>
> Take some rest when you need it.
>
> Best regards,
> Joost Waversveld
>
> Julian Field wrote:
>>
>>
>> Steve Campbell wrote:
>>>
>>>
>>> Scott Silva wrote:
>>>>
>>>> Hope everything comes out alright!
>>>>
>>>>
>>> Is there surgery involved? :-)
>> That's what the assessment is for. They are considering everything 
>> from doing nothing, to replacing my entire intestines (small bowel) 
>> and portal vein and liver. I only have about 20% of my liver left, my 
>> kidneys have moved up into the space when the liver should be, and my 
>> portal vein system doesn't exist at all.
>>
>> Look up "liver" on wikipedia and there are 2 pictures at the top of 
>> the article, the lower one is the interesting one. The main bit of 
>> the liver on the left of the picture is pretty much absent in me, 
>> I've only got the little top bit in the middle of the picture.
>>
>> So one possibility is to replace the entire liver, portal vein and 
>> small bowel (all 26 feet of it) with someone else's. So if you're 
>> going to drive dangerously, please wear leathers and take a donor 
>> card with you, some of us can use what's left :-) :-)
>>
>> We'll see over the next few weeks what they decide they want to do. 
>> I'll let you know once I have a decision.
>>
>> Best regards,
>> Jules.
>>
>>>
>>> Steve Campbell
>>>>
>>>>
>>>
>>
>> Jules
>>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From paul at blacknight.com  Wed May 21 11:23:42 2008
From: paul at blacknight.com (Paul Kelly :: Blacknight)
Date: Wed May 21 11:23:53 2008
Subject: All quiet?
In-Reply-To: <4833F500.3000000@ecs.soton.ac.uk>
Message-ID: <D175CB0A04FE634587DA0987F3C423101D22C5CB71@iddawg.blacknight.local>


>
> Thank you all for your very kind comments! They are much appreciated.
>
> I haven't done any coding in the entire time I've been here,
> that's one
> of the longest periods off I've had in years! :-)
>
> And don't worry, I'm getting lots of rest, lying in bed all
> day emailing
> and texting friends at home. I'm giving your random teenager
> a good run
> for their money, I sent 30 texts yesterday, and have seen nearly 150
> emails since I've been here.
> I like to stay in touch :-)

Good man. We'll keep everything going while you're there. Will hand it all back when you get out of Hospital, new bowels and all :)

If you need anything, let us know.

Paul


>
> Best regards,
> Jules.
>
> Joost Waversveld wrote:
> > Just wanted to wish you all the best Julian.
> >
> > Take some rest when you need it.
> >
> > Best regards,
> > Joost Waversveld
> >
> > Julian Field wrote:
> >>
> >>
> >> Steve Campbell wrote:
> >>>
> >>>
> >>> Scott Silva wrote:
> >>>>
> >>>> Hope everything comes out alright!
> >>>>
> >>>>
> >>> Is there surgery involved? :-)
> >> That's what the assessment is for. They are considering everything
> >> from doing nothing, to replacing my entire intestines (small bowel)
> >> and portal vein and liver. I only have about 20% of my
> liver left, my
> >> kidneys have moved up into the space when the liver should
> be, and my
> >> portal vein system doesn't exist at all.
> >>
> >> Look up "liver" on wikipedia and there are 2 pictures at the top of
> >> the article, the lower one is the interesting one. The main bit of
> >> the liver on the left of the picture is pretty much absent in me,
> >> I've only got the little top bit in the middle of the picture.
> >>
> >> So one possibility is to replace the entire liver, portal vein and
> >> small bowel (all 26 feet of it) with someone else's. So if you're
> >> going to drive dangerously, please wear leathers and take a donor
> >> card with you, some of us can use what's left :-) :-)
> >>
> >> We'll see over the next few weeks what they decide they want to do.
> >> I'll let you know once I have a decision.
> >>
> >> Best regards,
> >> Jules.
> >>
> >>>
> >>> Steve Campbell
> >>>>
> >>>>
> >>>
> >>
> >> Jules
> >>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From jan-peter at koopmann.eu  Wed May 21 11:30:41 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Wed May 21 11:31:07 2008
Subject: All quiet?
In-Reply-To: <EMEW-k4KCGr5ed34336f123f1c8eeee200154bb8ce7-4833F500.3000000@ecs.soton.ac.uk>
References: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE13@server02.bhl.local>	<483311D0.2090601@ecs.soton.ac.uk>	<g0v9or$9l5$1@ger.gmane.org>	<48332BAD.1080606@cnpapers.com>	<48333448.9070107@ecs.soton.ac.uk><4833EC7F.8010507@waversveld.nl>
	<EMEW-k4KCGr5ed34336f123f1c8eeee200154bb8ce7-4833F500.3000000@ecs.soton.ac.uk>
Message-ID: <EMEW-k4KCUxfa51d0a570ba592c75233eaf28d62b62-5F9EB2B0731E5B4D88FC20780DFD161029CC90@DE-SEXB01RZ.intern.seceidos.de>

> I haven't done any coding in the entire time I've been here, that's one 
> of the longest periods off I've had in years! :-)

Thank god! This might finally give me time to catch up and prepare the latest FreeBSD port... :-)


All the best from me as well!
From Amelein at dantumadeel.nl  Wed May 21 13:01:20 2008
From: Amelein at dantumadeel.nl (Amelein@dantumadeel.nl)
Date: Wed May 21 13:01:54 2008
Subject: china spam
Message-ID: <48342B30.BDBC.008E.3@Dantumadeel.nl>

We're steadily getting more spam from china relayed through legit hotmail and yahoo servers which is slipping through MailScanner(example header below).
Is there any way to combat these ? Just blacklisting anything with an ip from country X would work too although I don't know what to use to do this.

-
Arjan

X-Greylist: domain auto-whitelisted by SQLgrey-1.6.8
Received: from blu0-omc3-s1.blu0.hotmail.com (blu0-omc3-s1.blu0.hotmail.com [65.55.116.76])
     by MailScan.Dantumadeel.nl (Postfix) with ESMTP id B668F12105D5
     for <me>; Wed, 21 May 2008 13:25:37 +0200 (CEST)
Received: from BLU146-W34 ([65.55.116.72]) by blu0-omc3-s1.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
      Wed, 21 May 2008 04:25:36 -0700
Message-ID: <BLU146-W348A1B24B0EF09E2D5C095B5C70@phx.gbl>
Content-Type: multipart/alternative;
     boundary="_e8e2484f-f7ba-4ffe-b8f4-ecc7c9bf3d1a_"
X-Originating-IP: [123.4.35.152]
From: Michael Wright <cerimic@hotmail.com>
Subject: OBPSHOP
Date: Wed, 21 May 2008 07:25:36 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 21 May 2008 11:25:36.0359 (UTC) FILETIME=[63E3BF70:01C8BB35]
To: undisclosed-recipients:;


**************************************************************************

De inhoud van deze e-mail is uitsluitend bestemd voor de geadresseerde(n).
Wanneer de e-mail ten onrechte bij u terecht is gekomen, wordt u verzocht
contact op te nemen met de afzender.
Gebruik van de inhoud van deze e-mail zonder toestemming van de afzender
is niet toegestaan en onrechtmatig.
Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend.
De gemeente Dantumadeel sluit iedere aansprakelijkheid uit die kan
voortvloeien uit de inhoud van deze e-mail.

DENK AAN ONS MILIEU VOORDAT U BESLUIT OM DEZE E-MAIL TE PRINTEN!
**************************************************************************

From telecaadmin at gmail.com  Wed May 21 13:10:46 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Wed May 21 13:12:04 2008
Subject: china spam
In-Reply-To: <48342B30.BDBC.008E.3@Dantumadeel.nl>
References: <48342B30.BDBC.008E.3@Dantumadeel.nl>
Message-ID: <48341146.9070701@gmail.com>

> We're steadily getting more spam from china relayed through legit
> hotmail and yahoo servers which is slipping through
> MailScanner(example header below). Is there any way to combat these ?
> Just blacklisting anything with an ip from country X would work too
> although I don't know what to use to do this.

Same here. As the "email" is rather short, MailScanner doesn't pick up
anything. I don't think there is much room for classification - the mail 
is rather short, with a varying link.

Do you run DCC/Pyzor and friends?


For now, report those accounts with Yahoo:

http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse.html

I did with all the spam I've got. Within 1 day the accounts get deleted.

Cheers.

From Amelein at dantumadeel.nl  Wed May 21 13:23:05 2008
From: Amelein at dantumadeel.nl (Amelein@dantumadeel.nl)
Date: Wed May 21 13:23:37 2008
Subject: Betr.: Re: china spam
In-Reply-To: <48341146.9070701@gmail.com>
References: <48342B30.BDBC.008E.3@Dantumadeel.nl> <48341146.9070701@gmail.com>
Message-ID: <48343049.BDBC.008E.3@Dantumadeel.nl>


> Same here. As the "email" is rather short, MailScanner doesn't pick up
> anything. I don't think there is much room for classification - the mail 
> is rather short, with a varying link.
> 
> Do you run DCC/Pyzor and friends?
> 
> 
> For now, report those accounts with Yahoo:
> 
> http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse.html 
> 
> I did with all the spam I've got. Within 1 day the accounts get deleted.
> 
> Cheers.


DCC/Pyzor/Razor2

The only thing its picking up right now is: 
-3.60	BAYES_00	Bayesian spam probability is 0 to 1%
2.70	DEAR_FRIEND	Dear Friend? That's not very dear!
0.00	HTML_MESSAGE	HTML included in message

-
Arjan


**************************************************************************

De inhoud van deze e-mail is uitsluitend bestemd voor de geadresseerde(n).
Wanneer de e-mail ten onrechte bij u terecht is gekomen, wordt u verzocht
contact op te nemen met de afzender.
Gebruik van de inhoud van deze e-mail zonder toestemming van de afzender
is niet toegestaan en onrechtmatig.
Aan de inhoud van deze e-mail kunnen geen rechten worden ontleend.
De gemeente Dantumadeel sluit iedere aansprakelijkheid uit die kan
voortvloeien uit de inhoud van deze e-mail.

DENK AAN ONS MILIEU VOORDAT U BESLUIT OM DEZE E-MAIL TE PRINTEN!
**************************************************************************

From ram at netcore.co.in  Wed May 21 13:38:52 2008
From: ram at netcore.co.in (ram)
Date: Wed May 21 13:39:10 2008
Subject: SA ClamAVPlugin or clamavmodule , which is better
Message-ID: <1211373532.23490.132.camel@localhost.localdomain>

I am currently using clamav as clamavmodule in virusscanners  in MS 

Is it better to use SA plugin
http://wiki.apache.org/spamassassin/ClamAVPlugin


Thanks
Ram


From paul.hutchings at mira.co.uk  Wed May 21 13:56:44 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Wed May 21 13:56:56 2008
Subject: HTML Footers and Outlook/Word 2003?
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>

I'm not sure if this is an Outlook/Word issue or something to do with my
html signature code or how MailScanner appends signatures, so I'll start
here.

 
One of our customers has reported the following:

 
It looked like I've gone mad again, but I've just done a quick test, and
the footer is apparently randomly appearing back into old messages after
deleting all the text.  The footer doesn't appear in the message body,
but after sending, it's back again. If I re-open the message, and do a
"reply all" (like this one), then the footer disappears again (as
below).  Can you let me know how you or your server embeds the footer?

 
Have a go with (Outlook 2003, SP3. Using Word from Office 2003 as the
e-mail editor):

- Open an existing MIRA e-mail that has a distribution list that you
want to re-use.

- Do "reply all".

- Change the subject, type the message, plus attachments, etc.

- Delete all the original text (including the footer).

- Press "send".

 
- Open the e-mail from sent items, and the footer comes back!

- Do "reply all" using the sent item, and the footer does not appear in
the message body.

 
This email should have the signature appended if anyone wants to check
how a mesage is formatted as it leaves us.

 
Any ideas on who/what/where the problem lies?

 
Cheers,

Paul

 
Paul Hutchings

Network Administrator, MIRA Ltd.

Tel: 44 (0)24 7635 5378

Fax: 44 (0)24 7635 8378

mailto:paul.hutchings@mira.co.uk <mailto:paul.hutchings@mira.co.uk> 

 
-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/a2e72590/attachment.html
From hvdkooij at vanderkooij.org  Wed May 21 14:22:44 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 14:22:53 2008
Subject: china spam
In-Reply-To: <48342B30.BDBC.008E.3@Dantumadeel.nl>
References: <48342B30.BDBC.008E.3@Dantumadeel.nl>
Message-ID: <48342224.4050506@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Amelein@dantumadeel.nl wrote:
| We're steadily getting more spam from china relayed through legit
hotmail and yahoo servers which is slipping through MailScanner(example
header below).
| Is there any way to combat these ? Just blacklisting anything with an
ip from country X would work too although I don't know what to use to do
this.

.....

| X-Originating-IP: [123.4.35.152]

This might be a usefull line. You might blacklist hotmail email where
the source IP adres lies in certain countries.

To the best of my knowledge several web based email servers use this or
a very similar header.

Combined with the chat I had about ASN detection we might write a custom
function to tacke this.

Another header that might help you a bit:

| To: undisclosed-recipients:;

Personally I let postfix reject messages with this header. It may sound
harsh but it kills a lot of nonsense messages.

Hugo.

PS: Your disclaimer is not legal.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINCIiBvzDRVjxmYERAg6pAJ4rjLR4JADHwT8wwWoGiuHU6HRN3ACfVxtQ
NuEK0Agf+gSkjwvfroO6VyQ=
=Lfmi
-----END PGP SIGNATURE-----
From lars+lister.mailscanner at adventuras.no  Wed May 21 14:29:07 2008
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Wed May 21 14:29:19 2008
Subject: Adding ASN info
In-Reply-To: <4832D5D4.6010108@vanderkooij.org>
References: <48329B88.1020902@vanderkooij.org> <4832B134.4060507@fsl.com>
	<4832D5D4.6010108@vanderkooij.org>
Message-ID: <483423A3.2080005@adventuras.no>

Hugo van der Kooij skrev:
> Steve Freegard wrote:
> | Hugo van der Kooij wrote:
>
> |> Has anyone done any work on adding ASN info to a message in the way 
> this
> |> procmail filter does it? I would prefer to do this in postfix but a
> |> custom call in MailScanner before SA is called upon would do as well.
> |>
> |> http://linuxmafia.com/~karsten/Download/procmail-asn-header
> |>
> |> It sounds like a fun idea to let the ASN info become part of the
> |> Bayesian selection. And we might add a decision to block all messages
> |> from certain countries. All I ever got from Nigeria are messages with
> |> wacky deals.
> |
> | SpamAssassin can do this natively if you want to Bayes to consider the
> ASN:
> |
> |
> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html 
>
>
>
> So adding the 3 lines indicated to
> /etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
> the ASN info?
>
> One of the side effects of getting something to kill the pain in my
> spine is that it makes it a bit harder to think logical. But it beats
> the pain so I can work out that problem that locks up my spinal column.
> So I have to accept the side effects this week.
>
> Hugo.

No success here.
The ASN-plugin in spamassassin adds a header: X-Spam-ASN
It does work for me with spamassassin -D but not in mailscanner.
Should this work in mailscanner to add a header with a spamassassin-plugin?

Regards and best wishes of recovery,
Lars

From hvdkooij at vanderkooij.org  Wed May 21 14:31:33 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 14:31:42 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
Message-ID: <48342435.9050305@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Hutchings wrote:
| I?m not sure if this is an Outlook/Word issue or something to do with my
| html signature code or how MailScanner appends signatures, so I?ll start
| here.

Have you had one look at the messages your MTA is sending out? The HTML
is ackward at best.

There must be 50 ways to leave Microsoft. You just have shown reason
number 501.

But the obvious way is to start a packet capture and capture the
outgoing messages before and after MailScanner and see what has changed
exactly.

But the fact that something reappears before it even is send to
MailScanner pretty much rules out any change it was changed by MailScanner.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINCQzBvzDRVjxmYERAkxIAJ4oM/xE0A1C+eELMOnvPEpSLY3i/ACdFGBU
B5HwG/33iHdkTcqO8G3zRjI=
=jo9Z
-----END PGP SIGNATURE-----
From paul.hutchings at mira.co.uk  Wed May 21 15:21:11 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Wed May 21 15:21:23 2008
Subject: HTML Footers and Outlook/Word 2003?
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
	<48342435.9050305@vanderkooij.org>
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB066F@mail03.mira.co.uk>

Thanks for the reply.  Perhaps I explained poorly.

We send the emails out and our MailScanner adds a signature.

This one customer receives email from us and his Outlook is doing what he has described (I've not witnessed this and I've not had any comment from any other customer in the year or so we've added sigs).

It's awkward for me to replicate, but I would like to just confirm that MailScanner isn't formatting the original message in some strange way - the email the customer receives would be no different to my original post to this list as it all passes through the same mail server.

Cheers,
Paul

Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:paul.hutchings@mira.co.uk

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo van der Kooij
Sent: 21 May 2008 14:32
To: MailScanner discussion
Subject: Re: HTML Footers and Outlook/Word 2003?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Hutchings wrote:
| I?m not sure if this is an Outlook/Word issue or something to do with my
| html signature code or how MailScanner appends signatures, so I?ll start
| here.

Have you had one look at the messages your MTA is sending out? The HTML
is ackward at best.

There must be 50 ways to leave Microsoft. You just have shown reason
number 501.

But the obvious way is to start a packet capture and capture the
outgoing messages before and after MailScanner and see what has changed
exactly.

But the fact that something reappears before it even is send to
MailScanner pretty much rules out any change it was changed by MailScanner.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINCQzBvzDRVjxmYERAkxIAJ4oM/xE0A1C+eELMOnvPEpSLY3i/ACdFGBU
B5HwG/33iHdkTcqO8G3zRjI=
=jo9Z
-----END PGP SIGNATURE-----
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From glenn.steen at gmail.com  Wed May 21 15:52:45 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Wed May 21 15:52:54 2008
Subject: SA ClamAVPlugin or clamavmodule , which is better
In-Reply-To: <1211373532.23490.132.camel@localhost.localdomain>
References: <1211373532.23490.132.camel@localhost.localdomain>
Message-ID: <223f97700805210752j2d88b1ebw955eff8e4657e3bd@mail.gmail.com>

2008/5/21 ram <ram@netcore.co.in>:
> I am currently using clamav as clamavmodule in virusscanners  in MS
>
> Is it better to use SA plugin
> http://wiki.apache.org/spamassassin/ClamAVPlugin
>
"Better" would depend on a few things, I guess... Do you use a lot of
extra spam signatures in ClamAV? In that case, it *might* be proper to
use it for scoring in SA. But I wouldn't do it:-).
>From a performance standpoint, best is to use clamd.

> Thanks
> Ram
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ms-list at alexb.ch  Wed May 21 16:39:58 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Wed May 21 16:40:09 2008
Subject: Adding ASN info
In-Reply-To: <483423A3.2080005@adventuras.no>
References: <48329B88.1020902@vanderkooij.org>
	<4832B134.4060507@fsl.com>	<4832D5D4.6010108@vanderkooij.org>
	<483423A3.2080005@adventuras.no>
Message-ID: <4834424E.6030204@alexb.ch>

On 5/21/2008 3:29 PM, Lars Kristiansen wrote:
> Hugo van der Kooij skrev:
>> Steve Freegard wrote:
>> | Hugo van der Kooij wrote:
>>
>> |> Has anyone done any work on adding ASN info to a message in the way 
>> this
>> |> procmail filter does it? I would prefer to do this in postfix but a
>> |> custom call in MailScanner before SA is called upon would do as well.
>> |>
>> |> http://linuxmafia.com/~karsten/Download/procmail-asn-header
>> |>
>> |> It sounds like a fun idea to let the ASN info become part of the
>> |> Bayesian selection. And we might add a decision to block all messages
>> |> from certain countries. All I ever got from Nigeria are messages with
>> |> wacky deals.
>> |
>> | SpamAssassin can do this natively if you want to Bayes to consider the
>> ASN:
>> |
>> |
>> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html 
>>
>>
>>
>> So adding the 3 lines indicated to
>> /etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
>> the ASN info?
>>
>> One of the side effects of getting something to kill the pain in my
>> spine is that it makes it a bit harder to think logical. But it beats
>> the pain so I can work out that problem that locks up my spinal column.
>> So I have to accept the side effects this week.
>>
>> Hugo.
> 
> No success here.
> The ASN-plugin in spamassassin adds a header: X-Spam-ASN
> It does work for me with spamassassin -D but not in mailscanner.
> Should this work in mailscanner to add a header with a spamassassin-plugin?

If you add the add_header directive and use SA to run regex against it, 
it works, "virually", but MS won't write it in the msg because MS 
doesn't know about these directives (and probably never will)

Take in account that if you're boxes are hi traffic, this will slow down 
your processing.

Alex

From MailScanner at ecs.soton.ac.uk  Wed May 21 16:53:58 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 21 16:54:20 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
Message-ID: <48344596.4040802@ecs.soton.ac.uk>

That's possible.
MailScanner adds the signature in the MIME tree "epilogue", which is 
after all other elements of the MIME tree of the message. This makes it 
display in the right place in email programs. However, there is a small 
chance that something b***dead like Word could keep the epilogue in 
place even after it deletes the message body. It should delete the 
epilogue too, just like everyone else does.

I can't easily change where the epilogue goes, as the technique I have 
used works very reliably everywhere else and in other situations. I 
don't want to fix what mostly ain't broken.

Jules.

Paul Hutchings wrote:
>
> I?m not sure if this is an Outlook/Word issue or something to do with 
> my html signature code or how MailScanner appends signatures, so I?ll 
> start here.
>
> One of our customers has reported the following:
>
> It looked like I?ve gone mad again, but I?ve just done a quick test, 
> and the footer is apparently randomly appearing back into old messages 
> after deleting all the text. The footer doesn?t appear in the message 
> body, but after sending, it?s back again. If I re-open the message, 
> and do a ?reply all? (like this one), then the footer disappears again 
> (as below). Can you let me know how you or your server embeds the footer?
>
> Have a go with (Outlook 2003, SP3. Using Word from Office 2003 as the 
> e-mail editor):
>
> - Open an existing MIRA e-mail that has a distribution list that you 
> want to re-use.
>
> - Do ?reply all?.
>
> - Change the subject, type the message, plus attachments, etc.
>
> - Delete all the original text (including the footer).
>
> - Press ?send?.
>
> - Open the e-mail from sent items, and the footer comes back!
>
> - Do ?reply all? using the sent item, and the footer does not appear 
> in the message body.
>
> This email should have the signature appended if anyone wants to check 
> how a mesage is formatted as it leaves us.
>
> Any ideas on who/what/where the problem lies?
>
> Cheers,
>
> Paul
>
> Paul Hutchings
>
> Network Administrator, MIRA Ltd.
>
> Tel: 44 (0)24 7635 5378
>
> Fax: 44 (0)24 7635 8378
>
> mailto:paul.hutchings@mira.co.uk
>
> ------------------------------------------------------------------------
> *MIRA Ltd*
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.
> Registered in England and Wales No. 402570
> VAT Registration GB 114 5409 96
>
> The contents of this e-mail are confidential and are solely for the 
> use of the intended recipient.
> If you receive this e-mail in error, please delete it and notify us 
> either by e-mail, telephone or fax.
> You should not copy, forward or otherwise disclose the content of the 
> e-mail as this is prohibited.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Wed May 21 16:55:15 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 21 16:55:34 2008
Subject: Adding ASN info
In-Reply-To: <4834424E.6030204@alexb.ch>
References: <48329B88.1020902@vanderkooij.org>	<4832B134.4060507@fsl.com>	<4832D5D4.6010108@vanderkooij.org>	<483423A3.2080005@adventuras.no>
	<4834424E.6030204@alexb.ch>
Message-ID: <483445E3.30006@ecs.soton.ac.uk>


Alex Broens wrote:
> On 5/21/2008 3:29 PM, Lars Kristiansen wrote:
>> Hugo van der Kooij skrev:
>>> Steve Freegard wrote:
>>> | Hugo van der Kooij wrote:
>>>
>>> |> Has anyone done any work on adding ASN info to a message in the 
>>> way this
>>> |> procmail filter does it? I would prefer to do this in postfix but a
>>> |> custom call in MailScanner before SA is called upon would do as 
>>> well.
>>> |>
>>> |> http://linuxmafia.com/~karsten/Download/procmail-asn-header
>>> |>
>>> |> It sounds like a fun idea to let the ASN info become part of the
>>> |> Bayesian selection. And we might add a decision to block all 
>>> messages
>>> |> from certain countries. All I ever got from Nigeria are messages 
>>> with
>>> |> wacky deals.
>>> |
>>> | SpamAssassin can do this natively if you want to Bayes to consider 
>>> the
>>> ASN:
>>> |
>>> |
>>> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html 
>>>
>>>
>>>
>>> So adding the 3 lines indicated to
>>> /etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
>>> the ASN info?
>>>
>>> One of the side effects of getting something to kill the pain in my
>>> spine is that it makes it a bit harder to think logical. But it beats
>>> the pain so I can work out that problem that locks up my spinal column.
>>> So I have to accept the side effects this week.
>>>
>>> Hugo.
>>
>> No success here.
>> The ASN-plugin in spamassassin adds a header: X-Spam-ASN
>> It does work for me with spamassassin -D but not in mailscanner.
>> Should this work in mailscanner to add a header with a 
>> spamassassin-plugin?
>
> If you add the add_header directive and use SA to run regex against 
> it, it works, "virually", but MS won't write it in the msg because MS 
> doesn't know about these directives (and probably never will)
>
> Take in account that if you're boxes are hi traffic, this will slow 
> down your processing.
It takes quite a bit of time to look it up, and adds *Very* little 
helpful information in working out the spaminess of the message. So I 
have no plans to add support for it as yet another special case.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ms-list at alexb.ch  Wed May 21 17:08:28 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Wed May 21 17:08:41 2008
Subject: Adding ASN info
In-Reply-To: <483445E3.30006@ecs.soton.ac.uk>
References: <48329B88.1020902@vanderkooij.org>	<4832B134.4060507@fsl.com>	<4832D5D4.6010108@vanderkooij.org>	<483423A3.2080005@adventuras.no>	<4834424E.6030204@alexb.ch>
	<483445E3.30006@ecs.soton.ac.uk>
Message-ID: <483448FC.50304@alexb.ch>

On 5/21/2008 5:55 PM, Julian Field wrote:
> 
> 
> Alex Broens wrote:
>> On 5/21/2008 3:29 PM, Lars Kristiansen wrote:
>>> Hugo van der Kooij skrev:
>>>> Steve Freegard wrote:
>>>> | Hugo van der Kooij wrote:
>>>>
>>>> |> Has anyone done any work on adding ASN info to a message in the 
>>>> way this
>>>> |> procmail filter does it? I would prefer to do this in postfix but a
>>>> |> custom call in MailScanner before SA is called upon would do as 
>>>> well.
>>>> |>
>>>> |> http://linuxmafia.com/~karsten/Download/procmail-asn-header
>>>> |>
>>>> |> It sounds like a fun idea to let the ASN info become part of the
>>>> |> Bayesian selection. And we might add a decision to block all 
>>>> messages
>>>> |> from certain countries. All I ever got from Nigeria are messages 
>>>> with
>>>> |> wacky deals.
>>>> |
>>>> | SpamAssassin can do this natively if you want to Bayes to consider 
>>>> the
>>>> ASN:
>>>> |
>>>> |
>>>> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html 
>>>>
>>>>
>>>>
>>>> So adding the 3 lines indicated to
>>>> /etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
>>>> the ASN info?
>>>>
>>>> One of the side effects of getting something to kill the pain in my
>>>> spine is that it makes it a bit harder to think logical. But it beats
>>>> the pain so I can work out that problem that locks up my spinal column.
>>>> So I have to accept the side effects this week.
>>>>
>>>> Hugo.
>>>
>>> No success here.
>>> The ASN-plugin in spamassassin adds a header: X-Spam-ASN
>>> It does work for me with spamassassin -D but not in mailscanner.
>>> Should this work in mailscanner to add a header with a 
>>> spamassassin-plugin?
>>
>> If you add the add_header directive and use SA to run regex against 
>> it, it works, "virually", but MS won't write it in the msg because MS 
>> doesn't know about these directives (and probably never will)
>>
>> Take in account that if you're boxes are hi traffic, this will slow 
>> down your processing.
> It takes quite a bit of time to look it up, and adds *Very* little 
> helpful information in working out the spaminess of the message. So I 
> have no plans to add support for it as yet another special case.
> 

Jules

the add_headers are of great use and can be used,  the fact that they're 
not written makes it harder to catch patterns but they get hit if applied.

for example, adding :
add_header all Relays-External _RELAYSEXTERNAL_
add_header all Relays-Untrusted _RELAYSUNTRUSTED_

to local.cf triggers a bunch of rules.

many times you'll see the hits but wonder where they come from... and 
that's what we miss if MS doesn't write them.

Not a real Prio, but it would be a *very_nice_to_have*

but what's more important, relax and let the Docs do the magic on your 
body...

take care

Alex

From ssilva at sgvwater.com  Wed May 21 17:37:18 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 21 17:37:48 2008
Subject: china spam
In-Reply-To: <48342224.4050506@vanderkooij.org>
References: <48342B30.BDBC.008E.3@Dantumadeel.nl>
	<48342224.4050506@vanderkooij.org>
Message-ID: <g11j3u$bi6$1@ger.gmane.org>

on 5-21-2008 6:22 AM Hugo van der Kooij spake the following:
> Amelein@dantumadeel.nl wrote:
> | We're steadily getting more spam from china relayed through legit
> hotmail and yahoo servers which is slipping through MailScanner(example
> header below).
> | Is there any way to combat these ? Just blacklisting anything with an
> ip from country X would work too although I don't know what to use to do
> this.
> 
> .....
> 
> | X-Originating-IP: [123.4.35.152]
> 
> This might be a usefull line. You might blacklist hotmail email where
> the source IP adres lies in certain countries.
> 
> To the best of my knowledge several web based email servers use this or
> a very similar header.
> 
> Combined with the chat I had about ASN detection we might write a custom
> function to tacke this.
> 
> Another header that might help you a bit:
> 
> | To: undisclosed-recipients:;
> 
> Personally I let postfix reject messages with this header. It may sound
> harsh but it kills a lot of nonsense messages.
> 
> Hugo.
> 
> PS: Your disclaimer is not legal.
> 
But at least it is environmentally friendly!  ;-P


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/7e394e77/signature.bin
From paul.hutchings at mira.co.uk  Wed May 21 17:46:51 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Wed May 21 17:47:03 2008
Subject: HTML Footers and Outlook/Word 2003?
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
	<48344596.4040802@ecs.soton.ac.uk>
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>

Thanks Julian, tbh I wouldn't ask/expect you to change anything unless
something was fundamentally broken, and in this instance it sounds like
it isn't and it's just a combination of factors, Word being a major one
of them.

My main concern was that I was doing something dumb - just for
confirmation here's the output of my html .sig file:

<hr>
<font face=tahoma,arial size=2>
<b>MIRA Ltd</b><br>
Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
Registered in England and Wales No. 402570<br>
VAT Registration  GB 114 5409 96<br>
<br>
The contents of this e-mail are confidential and are solely for the use
of the intended recipient.<br>
If you receive this e-mail in error, please delete it and notify us
either by e-mail, telephone or fax.<br>
You should not copy, forward or otherwise disclose the content of the
e-mail as this is prohibited.<br>

Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:paul.hutchings@mira.co.uk

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 21 May 2008 16:54
To: MailScanner discussion
Subject: Re: HTML Footers and Outlook/Word 2003?

That's possible.
MailScanner adds the signature in the MIME tree "epilogue", which is 
after all other elements of the MIME tree of the message. This makes it 
display in the right place in email programs. However, there is a small 
chance that something b***dead like Word could keep the epilogue in 
place even after it deletes the message body. It should delete the 
epilogue too, just like everyone else does.

I can't easily change where the epilogue goes, as the technique I have 
used works very reliably everywhere else and in other situations. I 
don't want to fix what mostly ain't broken.

Jules.

Paul Hutchings wrote:
>
> I'm not sure if this is an Outlook/Word issue or something to do with 
> my html signature code or how MailScanner appends signatures, so I'll 
> start here.
>
> One of our customers has reported the following:
>
> It looked like I've gone mad again, but I've just done a quick test, 
> and the footer is apparently randomly appearing back into old messages

> after deleting all the text. The footer doesn't appear in the message 
> body, but after sending, it's back again. If I re-open the message, 
> and do a "reply all" (like this one), then the footer disappears again

> (as below). Can you let me know how you or your server embeds the
footer?
>
> Have a go with (Outlook 2003, SP3. Using Word from Office 2003 as the 
> e-mail editor):
>
> - Open an existing MIRA e-mail that has a distribution list that you 
> want to re-use.
>
> - Do "reply all".
>
> - Change the subject, type the message, plus attachments, etc.
>
> - Delete all the original text (including the footer).
>
> - Press "send".
>
> - Open the e-mail from sent items, and the footer comes back!
>
> - Do "reply all" using the sent item, and the footer does not appear 
> in the message body.
>
> This email should have the signature appended if anyone wants to check

> how a mesage is formatted as it leaves us.
>
> Any ideas on who/what/where the problem lies?
>
> Cheers,
>
> Paul
>
> Paul Hutchings
>
> Network Administrator, MIRA Ltd.
>
> Tel: 44 (0)24 7635 5378
>
> Fax: 44 (0)24 7635 8378
>
> mailto:paul.hutchings@mira.co.uk
>
>
------------------------------------------------------------------------
> *MIRA Ltd*
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.
> Registered in England and Wales No. 402570
> VAT Registration GB 114 5409 96
>
> The contents of this e-mail are confidential and are solely for the 
> use of the intended recipient.
> If you receive this e-mail in error, please delete it and notify us 
> either by e-mail, telephone or fax.
> You should not copy, forward or otherwise disclose the content of the 
> e-mail as this is prohibited.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From admin at lctn.org  Wed May 21 17:39:02 2008
From: admin at lctn.org (Raymond Norton)
Date: Wed May 21 17:47:52 2008
Subject: no spam score on may messages
In-Reply-To: <11961147.21381211387812800.JavaMail.root@mail.lctn.org>
Message-ID: <7896994.21401211387942581.JavaMail.root@mail.lctn.org>

I recently upgraded Mailscanner, and spamassassin. I am getting a high amount of non-spam messages now, with many messages missing spam scores all together. Any idea what's broke? 

One message I believe should have been spam only shows the following: 

cached 	not 	
out 	timed 
With no score of any sort?? 


Other messages are scored appropriately, with some being spam, whitelisted, etc... 

-- 
Raymond Norton 
LCTN 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/5e3fd4e8/attachment.html
From ssilva at sgvwater.com  Wed May 21 17:49:10 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 21 17:49:32 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB066F@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48342435.9050305@vanderkooij.org>
	<FF689DC51C3C1640BE668A0E31182AD004DB066F@mail03.mira.co.uk>
Message-ID: <g11jq7$hi6$1@ger.gmane.org>

on 5-21-2008 7:21 AM Paul Hutchings spake the following:
> Thanks for the reply.  Perhaps I explained poorly.
> 
> We send the emails out and our MailScanner adds a signature.
> 
> This one customer receives email from us and his Outlook is doing what he has described (I've not witnessed this and I've not had any comment from any other customer in the year or so we've added sigs).
> 
> It's awkward for me to replicate, but I would like to just confirm that MailScanner isn't formatting the original message in some strange way - the email the customer receives would be no different to my original post to this list as it all passes through the same mail server.
> 
> Cheers,
> Paul
The e-mail looked fine to me. A text sig in the text portion of the e-mail, 
and a html sig in the html formatted section. As Hugo said, Outlook has one 
ugly and awkward html formatting engine, especially if you use word for the 
mail editor, but it is usually readable in any other html client.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/ac0e7cb5/signature.bin
From ssilva at sgvwater.com  Wed May 21 18:03:11 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 21 18:03:30 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48344596.4040802@ecs.soton.ac.uk>
	<FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
Message-ID: <g11kkg$j6e$1@ger.gmane.org>

on 5-21-2008 9:46 AM Paul Hutchings spake the following:
> Thanks Julian, tbh I wouldn't ask/expect you to change anything unless
> something was fundamentally broken, and in this instance it sounds like
> it isn't and it's just a combination of factors, Word being a major one
> of them.
> 
> My main concern was that I was doing something dumb - just for
> confirmation here's the output of my html .sig file:
> 
> <hr>
> <font face=tahoma,arial size=2>
> <b>MIRA Ltd</b><br>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
> Registered in England and Wales No. 402570<br>
> VAT Registration  GB 114 5409 96<br>
> <br>
> The contents of this e-mail are confidential and are solely for the use
> of the intended recipient.<br>
> If you receive this e-mail in error, please delete it and notify us
> either by e-mail, telephone or fax.<br>
> You should not copy, forward or otherwise disclose the content of the
> e-mail as this is prohibited.<br>
> 
> Paul Hutchings
> Network Administrator, MIRA Ltd.
> Tel: 44 (0)24 7635 5378
> Fax: 44 (0)24 7635 8378
> mailto:paul.hutchings@mira.co.uk
> 
I would add something like <p>-- <br> at the top line just to be courteous to 
clients MUA's that will strip signatures on replies. But that is a personal 
preference. It gets tiring to read through 25 copies of every ones disclaimers 
and signatures to read some of the longer e-mail conversations I see.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/f9418631/signature.bin
From hvdkooij at vanderkooij.org  Wed May 21 18:04:40 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 18:04:49 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48344596.4040802@ecs.soton.ac.uk>
	<FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
Message-ID: <48345628.1010901@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Hutchings wrote:

| My main concern was that I was doing something dumb - just for
| confirmation here's the output of my html .sig file:
|
| <hr>

I would suggest to close that tag by itself. So make it:
<hr />

| <font face=tahoma,arial size=2>

That is not a valid HTML tag.

| <b>MIRA Ltd</b><br>

<br />

....

I suggest you hand off the HTML code to a parser on the W3C site to
clean it up. The fact that there are plenty of errors may add to the
confusion.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINFYnBvzDRVjxmYERAqVzAKCr+jLrYhR+NxMOvO13cNba5u2nhACgmJA0
hbQdIhRDKvBD2cwlG5UU3CI=
=PUke
-----END PGP SIGNATURE-----
From ssilva at sgvwater.com  Wed May 21 18:13:54 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 21 18:14:10 2008
Subject: no spam score on may messages
In-Reply-To: <7896994.21401211387942581.JavaMail.root@mail.lctn.org>
References: <11961147.21381211387812800.JavaMail.root@mail.lctn.org>
	<7896994.21401211387942581.JavaMail.root@mail.lctn.org>
Message-ID: <g11l8j$mn7$1@ger.gmane.org>

on 5-21-2008 9:39 AM Raymond Norton spake the following:
> I recently upgraded Mailscanner, and spamassassin. I am getting a high 
> amount of non-spam messages now, with many messages missing spam scores 
> all together. Any idea what's broke?
> 
> One message I believe should have been spam only shows the following:
> 
> cached	not	 
> out	timed
> 
> 
> With no score of any sort??
> 
> 
> Other messages are scored appropriately, with some being spam, 
> whitelisted, etc...
> 
> -- 
> Raymond Norton
> LCTN
> 
Spamassassin is timing out, so the message is getting passed through.
Have you tried the usuall like spamassassin -D --lint and MailScanner --lint ?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/8d222d6c/signature.bin
From lars+lister.mailscanner at adventuras.no  Wed May 21 18:19:36 2008
From: lars+lister.mailscanner at adventuras.no (Lars Kristiansen)
Date: Wed May 21 18:19:47 2008
Subject: Adding ASN info
In-Reply-To: <483448FC.50304@alexb.ch>
References: <48329B88.1020902@vanderkooij.org>	<4832B134.4060507@fsl.com>	<4832D5D4.6010108@vanderkooij.org>	<483423A3.2080005@adventuras.no>	<4834424E.6030204@alexb.ch>	<483445E3.30006@ecs.soton.ac.uk>
	<483448FC.50304@alexb.ch>
Message-ID: <483459A8.7040401@adventuras.no>

Alex Broens skrev:
> On 5/21/2008 5:55 PM, Julian Field wrote:
>>
>>
>> Alex Broens wrote:
>>> On 5/21/2008 3:29 PM, Lars Kristiansen wrote:
>>>> Hugo van der Kooij skrev:
>>>>> Steve Freegard wrote:
>>>>> | Hugo van der Kooij wrote:
>>>>>
>>>>> |> Has anyone done any work on adding ASN info to a message in the 
>>>>> way this
>>>>> |> procmail filter does it? I would prefer to do this in postfix 
>>>>> but a
>>>>> |> custom call in MailScanner before SA is called upon would do as 
>>>>> well.
>>>>> |>
>>>>> |> http://linuxmafia.com/~karsten/Download/procmail-asn-header
>>>>> |>
>>>>> |> It sounds like a fun idea to let the ASN info become part of the
>>>>> |> Bayesian selection. And we might add a decision to block all 
>>>>> messages
>>>>> |> from certain countries. All I ever got from Nigeria are 
>>>>> messages with
>>>>> |> wacky deals.
>>>>> |
>>>>> | SpamAssassin can do this natively if you want to Bayes to 
>>>>> consider the
>>>>> ASN:
>>>>> |
>>>>> |
>>>>> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.html 
>>>>>
>>>>>
>>>>>
>>>>> So adding the 3 lines indicated to
>>>>> /etc/MailScanner/spam.assassin.prefs.conf should be sufficient to add
>>>>> the ASN info?
>>>>>
>>>>> One of the side effects of getting something to kill the pain in my
>>>>> spine is that it makes it a bit harder to think logical. But it beats
>>>>> the pain so I can work out that problem that locks up my spinal 
>>>>> column.
>>>>> So I have to accept the side effects this week.
>>>>>
>>>>> Hugo.
>>>>
>>>> No success here.
>>>> The ASN-plugin in spamassassin adds a header: X-Spam-ASN
>>>> It does work for me with spamassassin -D but not in mailscanner.
>>>> Should this work in mailscanner to add a header with a 
>>>> spamassassin-plugin?
>>>
>>> If you add the add_header directive and use SA to run regex against 
>>> it, it works, "virually", but MS won't write it in the msg because 
>>> MS doesn't know about these directives (and probably never will)
>>>
>>> Take in account that if you're boxes are hi traffic, this will slow 
>>> down your processing.
>> It takes quite a bit of time to look it up, and adds *Very* little 
>> helpful information in working out the spaminess of the message. So I 
>> have no plans to add support for it as yet another special case.
>>
>
> Jules
>
> the add_headers are of great use and can be used,  the fact that 
> they're not written makes it harder to catch patterns but they get hit 
> if applied.
>
> for example, adding :
> add_header all Relays-External _RELAYSEXTERNAL_
> add_header all Relays-Untrusted _RELAYSUNTRUSTED_
>
> to local.cf triggers a bunch of rules.
>
> many times you'll see the hits but wonder where they come from... and 
> that's what we miss if MS doesn't write them.
>
> Not a real Prio, but it would be a *very_nice_to_have*
>
> but what's more important, relax and let the Docs do the magic on your 
> body...
>
> take care
>
> Alex
>

Thanks for the explanations. Some of it looks clearer now.

Thumbs up for the magic!
Lars

From gerard at seibercom.net  Wed May 21 18:43:08 2008
From: gerard at seibercom.net (Gerard)
Date: Wed May 21 18:43:39 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <48342435.9050305@vanderkooij.org>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
	<48342435.9050305@vanderkooij.org>
Message-ID: <20080521134308.5a67d261@scorpio>

On Wed, 21 May 2008 15:31:33 +0200
Hugo van der Kooij <hvdkooij@vanderkooij.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Paul Hutchings wrote:
> | I?m not sure if this is an Outlook/Word issue or something to do
> with my | html signature code or how MailScanner appends signatures,
> so I?ll start | here.
> 
> Have you had one look at the messages your MTA is sending out? The
> HTML is ackward at best.
> 
> There must be 50 ways to leave Microsoft. You just have shown reason
> number 501.
> 
> But the obvious way is to start a packet capture and capture the
> outgoing messages before and after MailScanner and see what has
> changed exactly.
> 
> But the fact that something reappears before it even is send to
> MailScanner pretty much rules out any change it was changed by
> MailScanner.

Actually, I have no trouble at all understanding the HTML code. It
might appear awkward because it is sent in:

Content-Transfer-Encoding: quoted-printable

format. Sending it in 8-bit format would probably clear up that
problem.

The version of Outlook used is 5 years old. Maybe it is about
time the user considered updating to the latest version. I know that
there have been several fundamental changes in the formatting of email
-- particularly in the use style sheets.

I was wondering though, is it really necessary for the OP to use HTML
formatting at all. Few email clients actually ever properly display
HTML formatted mail. If possible, staying with pure ASCII text based
email is a better way to go, IMHO.


-- 
?Gerard?
gerard@seibercom.net

Everything is worth precisely as much as a belch, the difference being
that a belch is more satisfying.

	Ingmar Bergman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/60783dcf/signature.bin
From paul.hutchings at mira.co.uk  Wed May 21 18:45:31 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Wed May 21 18:45:40 2008
Subject: HTML Footers and Outlook/Word 2003?
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48344596.4040802@ecs.soton.ac.uk><FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
	<48345628.1010901@vanderkooij.org>
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>

Thanks, I'm afraid I'm not an HTML person so it was knocked up in an
HTML editor that obviously looked right but wasn't (weird how 5 editors
can knock out 5 different sets of HTML for something that looks so
simple!).

I've passed it through the html parser and unless someone can give me a
reason not to use it, this is what it spits out:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org">
<title></title>
</head>
<body>
<hr>
<font face="tahoma,arial" size="2"><b>MIRA Ltd</b><br>
Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
Registered in England and Wales No. 402570<br>
VAT Registration GB 114 5409 96<br>
<br>
The contents of this e-mail are confidential and are solely for the
use of the intended recipient.<br>
If you receive this e-mail in error, please delete it and notify us
either by e-mail, telephone or fax.<br>
You should not copy, forward or otherwise disclose the content of
the e-mail as this is prohibited.<br></font>
</body>
</html>

Cheers,
Paul

Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:paul.hutchings@mira.co.uk


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Hugo
van der Kooij
Sent: 21 May 2008 18:05
To: MailScanner discussion
Subject: Re: HTML Footers and Outlook/Word 2003?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Hutchings wrote:

| My main concern was that I was doing something dumb - just for
| confirmation here's the output of my html .sig file:
|
| <hr>

I would suggest to close that tag by itself. So make it:
<hr />

| <font face=tahoma,arial size=2>

That is not a valid HTML tag.

| <b>MIRA Ltd</b><br>

<br />

....

I suggest you hand off the HTML code to a parser on the W3C site to
clean it up. The fact that there are plenty of errors may add to the
confusion.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINFYnBvzDRVjxmYERAqVzAKCr+jLrYhR+NxMOvO13cNba5u2nhACgmJA0
hbQdIhRDKvBD2cwlG5UU3CI=
=PUke
-----END PGP SIGNATURE-----
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From hvdkooij at vanderkooij.org  Wed May 21 18:54:00 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 18:54:09 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <20080521134308.5a67d261@scorpio>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48342435.9050305@vanderkooij.org>
	<20080521134308.5a67d261@scorpio>
Message-ID: <483461B8.9090900@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerard wrote:
| On Wed, 21 May 2008 15:31:33 +0200
| Hugo van der Kooij <hvdkooij@vanderkooij.org> wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Paul Hutchings wrote:
|> | I?m not sure if this is an Outlook/Word issue or something to do
|> with my | html signature code or how MailScanner appends signatures,
|> so I?ll start | here.
|>
|> Have you had one look at the messages your MTA is sending out? The
|> HTML is ackward at best.
|>
|> There must be 50 ways to leave Microsoft. You just have shown reason
|> number 501.
|>
|> But the obvious way is to start a packet capture and capture the
|> outgoing messages before and after MailScanner and see what has
|> changed exactly.
|>
|> But the fact that something reappears before it even is send to
|> MailScanner pretty much rules out any change it was changed by
|> MailScanner.
|
| Actually, I have no trouble at all understanding the HTML code. It
| might appear awkward because it is sent in:
|
| Content-Transfer-Encoding: quoted-printable
|
| format. Sending it in 8-bit format would probably clear up that
| problem.

That is not the issue. If you feed the output to a W3C parser it will
tell you all about all the errors. Wether or not you think you can read
it is not that relevant.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINGG2BvzDRVjxmYERAvS8AJoDJpGOlZZXBMmQXjx8ybTikb37fwCeIn4S
nsi+BWjUIacXgNyJEFczYVA=
=7jYF
-----END PGP SIGNATURE-----
From admin at lctn.org  Wed May 21 19:01:49 2008
From: admin at lctn.org (Raymond Norton)
Date: Wed May 21 19:05:00 2008
Subject: no spam score on may messages
In-Reply-To: <g11l8j$mn7$1@ger.gmane.org>
Message-ID: <11423010.21461211392909314.JavaMail.root@mail.lctn.org>

> Spamassassin is timing out, so the message is getting passed through. Have you tried the usuall like spamassassin -D --lint >and MailScanner --lint ? 


OK.. Found an issue with the incoming directory (recreated it), and an issue with the envelope header in /etc/MailScanner/spam.assassin.prefs.conf. Now things are working much better, but I am seeing some spam messages scored like this: 

cached 	not 	

	score=-9 	
3 	required 	
spam 	autolearn=not 	
-9.00 	BAYES_00 	Bayesian spam probability is 0 to 1% 
That's a huge pass. Does it mean Bayes is not working correctly, or do I need to adjust some rules? 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/0f77b581/attachment.html
From hvdkooij at vanderkooij.org  Wed May 21 19:13:57 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 19:14:06 2008
Subject: no spam score on may messages
In-Reply-To: <11423010.21461211392909314.JavaMail.root@mail.lctn.org>
References: <11423010.21461211392909314.JavaMail.root@mail.lctn.org>
Message-ID: <48346665.8060602@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Raymond Norton wrote:
|  > Spamassassin is timing out, so the message is getting passed through.
| Have you tried the usuall like spamassassin -D --lint >and MailScanner
| --lint ?
|
|
|
| OK.. Found an issue with the incoming directory (recreated it), and an
| issue with the envelope header in
| /etc/MailScanner/spam.assassin.prefs.conf. Now things are working much
| better, but I am seeing some spam messages scored like this:
|
| cached	not	
|
| 	score=-9	
| 3	required	
| spam	autolearn=not	
| -9.00	BAYES_00	Bayesian spam probability is 0 to 1%

First off. The output of mailwatch is not the best way to quote the
results. The output is rather ackward.

Then there is the value you have assigned to a bayesian score of 0. That
is rather high.

My guess is that you have a very poor bayesian database that does not
match your traffic. WWhich is not unlekely if it was not properly trained.

I suggest you educate it by feeding it SPAM and HAM messages.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINGZjBvzDRVjxmYERAmBQAJsH8p0mGv9O/mJGKvOYmP24yA/j7wCfW5r2
brqK/Y93GXjf82XfnZ+wIpU=
=bx2D
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk  Wed May 21 19:38:27 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 21 19:38:50 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48344596.4040802@ecs.soton.ac.uk><FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>	<48345628.1010901@vanderkooij.org>
	<FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
Message-ID: <48346C23.1010106@ecs.soton.ac.uk>


Paul Hutchings wrote:
> Thanks, I'm afraid I'm not an HTML person so it was knocked up in an
> HTML editor that obviously looked right but wasn't (weird how 5 editors
> can knock out 5 different sets of HTML for something that looks so
> simple!).
>
> I've passed it through the html parser and unless someone can give me a
> reason not to use it, this is what it spits out:
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta name="generator" content=
> "HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org">
> <title></title>
> </head>
> <body>
> <hr>
>   
That should be <hr />
> <font face="tahoma,arial" size="2"><b>MIRA Ltd</b><br>
>   
All those <br> tags should be <br />. I don't think this is a very good 
HTML tidier :-(
It is spitting out incorrect HTML.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From gerard at seibercom.net  Wed May 21 19:48:56 2008
From: gerard at seibercom.net (Gerard)
Date: Wed May 21 19:49:54 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
	<48344596.4040802@ecs.soton.ac.uk>
	<FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>
	<48345628.1010901@vanderkooij.org>
	<FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
Message-ID: <20080521144856.0f7fc375@scorpio>

On Wed, 21 May 2008 18:45:31 +0100
"Paul Hutchings" <paul.hutchings@mira.co.uk> wrote:

> Thanks, I'm afraid I'm not an HTML person so it was knocked up in an
> HTML editor that obviously looked right but wasn't (weird how 5
> editors can knock out 5 different sets of HTML for something that
> looks so simple!).
> 
> I've passed it through the html parser and unless someone can give me
> a reason not to use it, this is what it spits out:
> 
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta name="generator" content=
> "HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org">
> <title></title>
> </head>
> <body>
> <hr>
> <font face="tahoma,arial" size="2"><b>MIRA Ltd</b><br>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
> Registered in England and Wales No. 402570<br>
> VAT Registration GB 114 5409 96<br>
> <br>
> The contents of this e-mail are confidential and are solely for the
> use of the intended recipient.<br>
> If you receive this e-mail in error, please delete it and notify us
> either by e-mail, telephone or fax.<br>
> You should not copy, forward or otherwise disclose the content of
> the e-mail as this is prohibited.<br></font>
> </body>
> </html>

The only problem is that it does not contain a character encoding.
Passing it through an HTML parser should reveal that.

I have rewritten the above so that it will pass as "Transitional". I
also rewrote it to pass as "Strict" The code for "transitional" follows:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta name="generator"
          content=
          "HTML Tidy for Linux/x86 (vers 11 February 2007), see
www.w3.org"> <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1">
    <title></title>
  </head>
  <body>
    <hr>
    <p>
      <font face="tahoma,arial"
         size="2"><b>MIRA Ltd</b><br>
      Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
      Registered in England and Wales No. 402570<br>
      VAT Registration GB 114 5409 96<br>
      <br>
      The contents of this e-mail are confidential and are solely for
the use of the intended recipient.<br>
      If you receive this e-mail in error, please delete it and notify
us either by e-mail, telephone or fax.<br>
      You should not copy, forward or otherwise disclose the content of
the e-mail as this is prohibited.<br></font>
    </p>
  </body>
</html>

You can use the following to pass "Strict" HTML coding requirements. I
would suggest that you use this one:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
  <head>
    <title>
      Signature
    </title>
    <meta name="generator"
          content="HTML-Kit">
    <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1">
  </head>
  <body>
    <hr>
    <p style="font: Tahoma, Arial; font-size: 1em">
      <span style="font-weight: 800">MIRA Ltd</span><br>
      Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
      Registered in England and Wales No. 402570<br>
      VAT Registration GB 114 5409 96<br>
      <br>
      The contents of this e-mail are confidential and are solely for
the use of the intended recipient.<br>
      If you receive this e-mail in error, please delete it and notify
us either by e-mail, telephone or fax.<br>
      You should not copy, forward or otherwise disclose the content of
the e-mail as this is prohibited.<br>
    </p>
  </body>
</html>

Good luck!


-- 
?Gerard?
gerard@seibercom.net

We must remember the First Amendment which
protects any shrill jackass no matter how self-seeking.

	F. G. Withington
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/7b7c2fb5/signature.bin
From gerard at seibercom.net  Wed May 21 19:53:22 2008
From: gerard at seibercom.net (Gerard)
Date: Wed May 21 19:53:42 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <483461B8.9090900@vanderkooij.org>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>
	<48342435.9050305@vanderkooij.org>
	<20080521134308.5a67d261@scorpio>
	<483461B8.9090900@vanderkooij.org>
Message-ID: <20080521145322.44e4d0d2@scorpio>

On Wed, 21 May 2008 19:54:00 +0200
Hugo van der Kooij <hvdkooij@vanderkooij.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Gerard wrote:
> | On Wed, 21 May 2008 15:31:33 +0200
> | Hugo van der Kooij <hvdkooij@vanderkooij.org> wrote:
> |
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Paul Hutchings wrote:
> |> | I?m not sure if this is an Outlook/Word issue or something to do
> |> with my | html signature code or how MailScanner appends
> signatures, |> so I?ll start | here.
> |>
> |> Have you had one look at the messages your MTA is sending out? The
> |> HTML is ackward at best.
> |>
> |> There must be 50 ways to leave Microsoft. You just have shown
> reason |> number 501.
> |>
> |> But the obvious way is to start a packet capture and capture the
> |> outgoing messages before and after MailScanner and see what has
> |> changed exactly.
> |>
> |> But the fact that something reappears before it even is send to
> |> MailScanner pretty much rules out any change it was changed by
> |> MailScanner.
> |
> | Actually, I have no trouble at all understanding the HTML code. It
> | might appear awkward because it is sent in:
> |
> | Content-Transfer-Encoding: quoted-printable
> |
> | format. Sending it in 8-bit format would probably clear up that
> | problem.
> 
> That is not the issue. If you feed the output to a W3C parser it will
> tell you all about all the errors. Wether or not you think you can
> read it is not that relevant.
> 
> Hugo.

The only error is that if does not contain a character encoding. It
passes as 'tentative Transitional 4.01'. Simply add a character encoding
and it passes without a problem. I believe you are confusing this with
"Strict 4.01" encoding.


-- 
?Gerard?
gerard@seibercom.net

In the Spring, I have counted 136 different kinds of weather inside of
24 hours.

	Mark Twain, on New England weather
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/74159f1f/signature.bin
From tjones at isthmus.com  Wed May 21 20:02:34 2008
From: tjones at isthmus.com (Thom Jones)
Date: Wed May 21 20:03:50 2008
Subject: DSBL.org down
Message-ID: <200805211402.34483.tjones@isthmus.com>

Just an FYI since I didn't see anyone mention this yet:

If you have DSBL in your MailScanner.conf file for an RBL, you may want to 
take it out of there.  I guess it is a hardware problem.

Per the spamassassin list and http://www.dnsbl.com:
----------------------------------------------------
Tuesday, May 20, 2008
DSBL Current Status: DOWN

DSBL, the Distributed Sender Blackhole List, seems to have gone missing. The 
list appears to have been in operation since at least May, 2002.

The website at www.dsbl.org is not currently responding. Their mail server 
specified in their MX record is non-responsive, and any DNS mirrors still 
responding seem to be hosting an out-of-date copy of the blacklist's zone 
data.
-----------------------------------------------------------------

-- 
Thom Jones
http://www.thedailypage.com

A)bort, R)etry, I)nfluence with large hammer.
From ssilva at sgvwater.com  Wed May 21 20:20:26 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 21 20:20:48 2008
Subject: DSBL.org down
In-Reply-To: <200805211402.34483.tjones@isthmus.com>
References: <200805211402.34483.tjones@isthmus.com>
Message-ID: <g11slr$jfv$1@ger.gmane.org>

on 5-21-2008 12:02 PM Thom Jones spake the following:
> Just an FYI since I didn't see anyone mention this yet:
> 
> If you have DSBL in your MailScanner.conf file for an RBL, you may want to 
> take it out of there.  I guess it is a hardware problem.
> 
> Per the spamassassin list and http://www.dnsbl.com:
> ----------------------------------------------------
> Tuesday, May 20, 2008
> DSBL Current Status: DOWN
> 
> DSBL, the Distributed Sender Blackhole List, seems to have gone missing. The 
> list appears to have been in operation since at least May, 2002.
> 
> The website at www.dsbl.org is not currently responding. Their mail server 
> specified in their MX record is non-responsive, and any DNS mirrors still 
> responding seem to be hosting an out-of-date copy of the blacklist's zone 
> data.
> -----------------------------------------------------------------
> 
I get a temporary new webpage with info. Their server seems to have gone to 
the great e-waste pile in the sky, and they are currently building a new one.

Still a good idea to remove it until it is back online (if it comes back online).

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080521/5e6250f7/signature.bin
From hvdkooij at vanderkooij.org  Wed May 21 22:10:12 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Wed May 21 22:10:21 2008
Subject: HTML Footers and Outlook/Word 2003?
In-Reply-To: <48346C23.1010106@ecs.soton.ac.uk>
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk>	<48344596.4040802@ecs.soton.ac.uk><FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk>	<48345628.1010901@vanderkooij.org>	<FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
	<48346C23.1010106@ecs.soton.ac.uk>
Message-ID: <48348FB4.3020507@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julian Field wrote:
|
|
| Paul Hutchings wrote:
|> Thanks, I'm afraid I'm not an HTML person so it was knocked up in an
|> HTML editor that obviously looked right but wasn't (weird how 5 editors
|> can knock out 5 different sets of HTML for something that looks so
|> simple!).
|>
|> I've passed it through the html parser and unless someone can give me a
|> reason not to use it, this is what it spits out:
|>
|> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|> <html>
|> <head>
|> <meta name="generator" content=
|> "HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org">
|> <title></title>
|> </head>
|> <body>
|> <hr>
|>
| That should be <hr />
|> <font face="tahoma,arial" size="2"><b>MIRA Ltd</b><br>
|>
| All those <br> tags should be <br />. I don't think this is a very good
| HTML tidier :-(
| It is spitting out incorrect HTML.

Closing tags are not required for HTML 4.0 transactional. But they are
acceptable with html 4.0 and required for all versions of xhtml. So if
you start coding things by hand it would be best to learn to close all tags.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINI+yBvzDRVjxmYERAtGlAKCEE8SPL3vnDp+4UqrLnr3VaLVZ0ACfYb/Y
4k3cxoA77JGLc2q97e9ofww=
=BVV4
-----END PGP SIGNATURE-----
From zeman at JULI.CZ  Thu May 22 10:21:37 2008
From: zeman at JULI.CZ (Petr Zeman)
Date: Thu May 22 10:22:01 2008
Subject: please help .. we are under fire !
Message-ID: <48353B21.2000903@juli.cz>

Hello,

we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
is spam 500 is usable. From tommorow we are under fire :-). Anybody 
nasty use our domain name (juli.cz) to send thousands spam e-mails. From 
yesterday we obtained over 100 000 non-delivery reports to fake address 
"tli@juli.cz" and her variants.

What can i do now? I only set "To: *tli@juli.cz yes" to 
spam.blacklist.rules. Is much better now, but this is not solution.

I will be appreciative, for some ideas.

Thanks

Petr Zeman
JULI Motorenwerk, s.r.o.
organizace a informatika
zeman@juli.cz
From list-mailscanner at linguaphone.com  Thu May 22 10:47:50 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Thu May 22 11:14:25 2008
Subject: please help .. we are under fire !
In-Reply-To: <48353B21.2000903@juli.cz>
References: <48353B21.2000903@juli.cz>
Message-ID: <1211449670.12566.21.camel@gblades-suse.linguaphone-intranet.co.uk>

You shouldnt be accepting mail to non existant users.

On Thu, 2008-05-22 at 10:21, Petr Zeman wrote:
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to fake address 
> "tli@juli.cz" and her variants.
> 
> What can i do now? I only set "To: *tli@juli.cz yes" to 
> spam.blacklist.rules. Is much better now, but this is not solution.
> 
> I will be appreciative, for some ideas.
> 
> Thanks
> 
> Petr Zeman
> JULI Motorenwerk, s.r.o.
> organizace a informatika
zeman@juli.cz

From list-mailscanner at linguaphone.com  Thu May 22 11:25:19 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Thu May 22 11:25:32 2008
Subject: please help .. we are under fire !
In-Reply-To: <48353B21.2000903@juli.cz>
References: <48353B21.2000903@juli.cz>
Message-ID: <1211451919.12568.25.camel@gblades-suse.linguaphone-intranet.co.uk>

You could also use mailscanners whitelist feature to block ndr mails
where the original mail did not come from your server.
The spamassassin vbounce plugin does a similar thing.

On Thu, 2008-05-22 at 10:21, Petr Zeman wrote:
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to fake address 
> "tli@juli.cz" and her variants.
> 
> What can i do now? I only set "To: *tli@juli.cz yes" to 
> spam.blacklist.rules. Is much better now, but this is not solution.
> 
> I will be appreciative, for some ideas.
> 
> Thanks
> 
> Petr Zeman
> JULI Motorenwerk, s.r.o.
> organizace a informatika
zeman@juli.cz

From paul.hutchings at mira.co.uk  Thu May 22 11:25:48 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Thu May 22 11:25:58 2008
Subject: HTML Footers and Outlook/Word 2003?
References: <FF689DC51C3C1640BE668A0E31182AD004DB066D@mail03.mira.co.uk><48344596.4040802@ecs.soton.ac.uk><FF689DC51C3C1640BE668A0E31182AD004DB0672@mail03.mira.co.uk><48345628.1010901@vanderkooij.org><FF689DC51C3C1640BE668A0E31182AD004DB0673@mail03.mira.co.uk>
	<20080521144856.0f7fc375@scorpio>
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB0697@mail03.mira.co.uk>

Thanks very much for that - appreciate it and will have a test later out of hours.

I'm still of the opinion that whilst it may have been a bit dodgy, the html code wasn't what is/was causing this chaps problem and it's some combination of Word/Outlook/Internet Explorer coupled with a specific set of actions, but I appreciate the feedback off everyone.

Cheers,
Paul

Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378
Fax: 44 (0)24 7635 8378
mailto:paul.hutchings@mira.co.uk

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
Sent: 21 May 2008 19:49
To: mailscanner@lists.mailscanner.info
Subject: Re: HTML Footers and Outlook/Word 2003?

On Wed, 21 May 2008 18:45:31 +0100
"Paul Hutchings" <paul.hutchings@mira.co.uk> wrote:

> Thanks, I'm afraid I'm not an HTML person so it was knocked up in an
> HTML editor that obviously looked right but wasn't (weird how 5
> editors can knock out 5 different sets of HTML for something that
> looks so simple!).
> 
> I've passed it through the html parser and unless someone can give me
> a reason not to use it, this is what it spits out:
> 
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta name="generator" content=
> "HTML Tidy for Linux/x86 (vers 11 February 2007), see www.w3.org">
> <title></title>
> </head>
> <body>
> <hr>
> <font face="tahoma,arial" size="2"><b>MIRA Ltd</b><br>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
> Registered in England and Wales No. 402570<br>
> VAT Registration GB 114 5409 96<br>
> <br>
> The contents of this e-mail are confidential and are solely for the
> use of the intended recipient.<br>
> If you receive this e-mail in error, please delete it and notify us
> either by e-mail, telephone or fax.<br>
> You should not copy, forward or otherwise disclose the content of
> the e-mail as this is prohibited.<br></font>
> </body>
> </html>

The only problem is that it does not contain a character encoding.
Passing it through an HTML parser should reveal that.

I have rewritten the above so that it will pass as "Transitional". I
also rewrote it to pass as "Strict" The code for "transitional" follows:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta name="generator"
          content=
          "HTML Tidy for Linux/x86 (vers 11 February 2007), see
www.w3.org"> <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1">
    <title></title>
  </head>
  <body>
    <hr>
    <p>
      <font face="tahoma,arial"
         size="2"><b>MIRA Ltd</b><br>
      Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
      Registered in England and Wales No. 402570<br>
      VAT Registration GB 114 5409 96<br>
      <br>
      The contents of this e-mail are confidential and are solely for
the use of the intended recipient.<br>
      If you receive this e-mail in error, please delete it and notify
us either by e-mail, telephone or fax.<br>
      You should not copy, forward or otherwise disclose the content of
the e-mail as this is prohibited.<br></font>
    </p>
  </body>
</html>

You can use the following to pass "Strict" HTML coding requirements. I
would suggest that you use this one:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
  <head>
    <title>
      Signature
    </title>
    <meta name="generator"
          content="HTML-Kit">
    <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1">
  </head>
  <body>
    <hr>
    <p style="font: Tahoma, Arial; font-size: 1em">
      <span style="font-weight: 800">MIRA Ltd</span><br>
      Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.<br>
      Registered in England and Wales No. 402570<br>
      VAT Registration GB 114 5409 96<br>
      <br>
      The contents of this e-mail are confidential and are solely for
the use of the intended recipient.<br>
      If you receive this e-mail in error, please delete it and notify
us either by e-mail, telephone or fax.<br>
      You should not copy, forward or otherwise disclose the content of
the e-mail as this is prohibited.<br>
    </p>
  </body>
</html>

Good luck!


-- 
?Gerard?
gerard@seibercom.net

We must remember the First Amendment which
protects any shrill jackass no matter how self-seeking.

	F. G. Withington

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From k.joch at kmjeuro.com  Thu May 22 11:30:44 2008
From: k.joch at kmjeuro.com (Karl M. Joch)
Date: Thu May 22 11:31:04 2008
Subject: AW: please help .. we are under fire !
In-Reply-To: <48353B21.2000903@juli.cz>
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAACAAAAAAAAAAspEdiQClHka4Llap+3oKKAAAAACpBAAAAFIJABAAAAAwTxVcRkFvR7vRnCyUXuTlAQAAAAA=@kmjeuro.com>

Install smfsav milter for sendmail and dont accept mail to *@domain.
Enabling Watermarking in Mailscanner helps alot too. 

-- 
Best regards / Mit freundlichen Gruessen,

Karl M. Joch

CTS Consulting & Trade Service GmbH
A-5020 Salzburg, Fuerstallergasse 36

http://www.ctseuro.com
Tel: +43-662-621559-0
Fax: +43-662-621559-22
FWD: 716621 (VOIP)
E164.ORG: 8829900273500 (VOIP)

Unsere Services:
http://www.ctseuro.com - IT Netzwerk und Sicherheitstechnik
http://www.ctsnotdienst.com - PC Notdienst, Reparatur und Service


> -----Urspr?ngliche Nachricht-----
> Von: mailscanner-bounces@lists.mailscanner.info 
> [mailto:mailscanner-bounces@lists.mailscanner.info] Im 
> Auftrag von Petr Zeman
> Gesendet: Donnerstag, 22. Mai 2008 11:22
> An: MailScanner discussion
> Betreff: please help .. we are under fire !
> 
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an 
> e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails 
> daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam 
> e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to 
> fake address 
> "tli@juli.cz" and her variants.
> 
> What can i do now? I only set "To: *tli@juli.cz yes" to 
> spam.blacklist.rules. Is much better now, but this is not solution.
> 
> I will be appreciative, for some ideas.
> 
> Thanks
> 
> Petr Zeman
> JULI Motorenwerk, s.r.o.
> organizace a informatika
> zeman@juli.cz
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 

From paul at blacknight.com  Thu May 22 11:33:49 2008
From: paul at blacknight.com (Paul Kelly :: Blacknight)
Date: Thu May 22 11:33:58 2008
Subject: please help .. we are under fire !
In-Reply-To: <48353B21.2000903@juli.cz>
Message-ID: <D175CB0A04FE634587DA0987F3C423101D2343730B@iddawg.blacknight.local>

Publish SPF records, this'll stop bounces from the big ISPs.

Paul

Paul Kelly
Technical Director
Blacknight Internet Solutions ltd
Hosting, Colocation, Dedicated servers
IP Transit Services
Tel: +353 (0) 59 9183072
Lo-call: 1850 929 929
DDI: +353 (0) 59 9183091

e-mail: paul@blacknight.ie
web: http://www.blacknight.ie

Blacknight Internet Solutions Ltd,
Unit 12A,Barrowside Business Park,
Sleaty Road,
Graiguecullen,
Carlow,
Ireland

Company No.: 370845


> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Petr Zeman
> Sent: 22 May 2008 09:22
> To: MailScanner discussion
> Subject: please help .. we are under fire !
>
> Hello,
>
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway
> for aprox. 100 local users. Normally we have 3 000 e-mails
> daily - 2500
> is spam 500 is usable. From tommorow we are under fire :-). Anybody
> nasty use our domain name (juli.cz) to send thousands spam
> e-mails. From
> yesterday we obtained over 100 000 non-delivery reports to
> fake address
> "tli@juli.cz" and her variants.
>
> What can i do now? I only set "To: *tli@juli.cz yes" to
> spam.blacklist.rules. Is much better now, but this is not solution.
>
> I will be appreciative, for some ideas.
>
> Thanks
>
> Petr Zeman
> JULI Motorenwerk, s.r.o.
> organizace a informatika
> zeman@juli.cz
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From steve.freegard at fsl.com  Thu May 22 12:22:09 2008
From: steve.freegard at fsl.com (Steve Freegard)
Date: Thu May 22 12:22:21 2008
Subject: please help .. we are under fire !
In-Reply-To: <48353B21.2000903@juli.cz>
References: <48353B21.2000903@juli.cz>
Message-ID: <48355761.3020505@fsl.com>

Hi Petr,

Petr Zeman wrote:
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway 
> for aprox. 100 local users. Normally we have 3 000 e-mails daily - 2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam e-mails. From 
> yesterday we obtained over 100 000 non-delivery reports to fake address 
> "tli@juli.cz" and her variants.

> I will be appreciative, for some ideas.

I would echo others comments to use one of the milters to reject invalid 
recipients at SMTP time and to publish SPF records.

If you're seeing a lot of traffic to specific addresses e.g. 
'tli@juli.cz', then my recommendation would be to immediately put the 
following into /etc/mail/access:

To:tli@juli.cz		REJECT

Then run 'make -C/etc/mail'.  This will cause Sendmail to immediately 
reject any mail to this address and should considerably reduce the load 
on MailScanner and give you time to investigate and implement a milter.

Hope this helps.

Kind regards,
Steve.

From systemadmin02 at kni.in  Thu May 22 12:34:57 2008
From: systemadmin02 at kni.in (Vishal Yadav)
Date: Thu May 22 12:37:05 2008
Subject: MailScanner Customization with Postfix
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>

Hello!

 
I have been trying to get in touch for last couple of days in Mail Scanner
customization but unfortunately  no one is giving me the satisfactory
answer, I'm writing this Mail on behalf of Mail Scanner issues.

 
Issues are looks to me complicated but I know you can resolve them as I have
seen your replies on Mail Scanner discussion.

 
Here are the log which I got from the Mail Server log. Please find them..

 
The Below logs are from the Testing Mail Server. Server is not live.

If I use the Server to send the mail via MUTT.

May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0 from=<root>

May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21 May
2008 10:29:10 +0530 (IST) from local; from=<root@kni.in> to=<dean@kni.in>

May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
message-id=<20080521045910.GA4935@kni.in>

May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages, 508
bytes

May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning: Starting

May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
786AB39C058

May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1 messages

May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: from=<root@kni.in>,
size=710, nrcpt=1 (queue active)

May 21 10:29:15 kni postfix/local[4934]: 786AB39C058: to=<dean@kni.in>,
relay=local, delay=5, status=sent (delivered to mailbox)

May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed

 
If I use the Outlook to send the Mail to local user.

 
May 21 10:28:02 kni postfix/smtpd[4929]: connect from unknown[192.168.0.140]

May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
client=unknown[192.168.0.140]

May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053: message-id=<!
<mailto:!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv
9ZZbWVWQIkBAAAAAA==@kni.in>
&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQI
kBAAAAAA==@kni.in>

May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: from=<dean@kni.in>,
size=4977, nrcpt=2 (queue active)

May 21 10:28:02 kni postfix/local[4934]: 3C52839C053: to=<root@kni.in>,
relay=local, delay=0, status=sent (delivered to mailbox)

May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
relay=local, delay=0, status=sent (delivered to mailbox)

May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed

May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
unknown[192.168.0.140]

 
I would need your technical skills to resolve this as my outlook users when
they send mail either locally/remotely the Mail scanner didn't invoke.

 
Thanks & Regards,

 
Sr. System Admin

Knowlege Network India Pvt. Ltd.

Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,

Gurgaon INDIA -122002.

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080522/38eadae2/attachment.html
From list-mailscanner at linguaphone.com  Thu May 22 12:48:53 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Thu May 22 12:49:09 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>
Message-ID: <1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>

It looks like postfix isnt putting the mail in the hold queue.

See http://www.mailscanner.info/postfix.html and in particular steps 5
and 6.

On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
> Hello!
> 
>  
> 
> I have been trying to get in touch for last couple of days in Mail
> Scanner customization but unfortunately  no one is giving me the
> satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
> issues.
> 
>  
> 
> Issues are looks to me complicated but I know you can resolve them as
> I have seen your replies on Mail Scanner discussion.
> 
>  
> 
> Here are the log which I got from the Mail Server log. Please find
> them?.
> 
>  
> 
> The Below logs are from the Testing Mail Server. Server is not live.
> 
> If I use the Server to send the mail via MUTT.
> 
> May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
> from=<root>
> 
> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
> Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
> May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
> to=<dean@kni.in>
> 
> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
> message-id=<20080521045910.GA4935@kni.in>
> 
> May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
> 508 bytes
> 
> May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
> Starting
> 
> May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
> 786AB39C058
> 
> May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
> messages
> 
> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
> from=<root@kni.in>, size=710, nrcpt=1 (queue active)
> 
> May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
> to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
> mailbox)
> 
> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
> 
>  
> 
> If I use the Outlook to send the Mail to local user.
> 
>  
> 
> May 21 10:28:02 kni postfix/smtpd[4929]: connect from
> unknown[192.168.0.140]
> 
> May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
> client=unknown[192.168.0.140]
> 
> May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
> message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
> 
> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
> from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
> 
> May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
> to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
> mailbox)
> 
> May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
> relay=local, delay=0, status=sent (delivered to mailbox)
> 
> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
> 
> May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
> unknown[192.168.0.140]
> 
>  
> 
>  
> 
> I would need your technical skills to resolve this as my outlook users
> when they send mail either locally/remotely the Mail scanner didn?t
> invoke.
> 
>  
> 
>  
> 
> Thanks & Regards,
> 
>  
> 
> Sr. System Admin
> 
> Knowlege Network India Pvt. Ltd.
> 
> Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,
> 
> Gurgaon INDIA -122002.
> 
>  
> 
>  
> 
> 
> 
> ______________________________________________________________________
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From systemadmin02 at kni.in  Thu May 22 13:08:24 2008
From: systemadmin02 at kni.in (Vishal Yadav)
Date: Thu May 22 13:10:35 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>
	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>

Thanks for the reply!

I have cross checked both the files, entries are corrected as written in mentioned link.

What to do in this case???

Thanks & Regards,
Vishal Yadav


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
Sent: Thursday, May 22, 2008 5:19 PM
To: MailScanner discussion
Subject: Re: MailScanner Customization with Postfix

It looks like postfix isnt putting the mail in the hold queue.

See http://www.mailscanner.info/postfix.html and in particular steps 5
and 6.

On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
> Hello!
> 
>  
> 
> I have been trying to get in touch for last couple of days in Mail
> Scanner customization but unfortunately  no one is giving me the
> satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
> issues.
> 
>  
> 
> Issues are looks to me complicated but I know you can resolve them as
> I have seen your replies on Mail Scanner discussion.
> 
>  
> 
> Here are the log which I got from the Mail Server log. Please find
> them?.
> 
>  
> 
> The Below logs are from the Testing Mail Server. Server is not live.
> 
> If I use the Server to send the mail via MUTT.
> 
> May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
> from=<root>
> 
> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
> Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
> May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
> to=<dean@kni.in>
> 
> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
> message-id=<20080521045910.GA4935@kni.in>
> 
> May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
> 508 bytes
> 
> May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
> Starting
> 
> May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
> 786AB39C058
> 
> May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
> messages
> 
> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
> from=<root@kni.in>, size=710, nrcpt=1 (queue active)
> 
> May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
> to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
> mailbox)
> 
> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
> 
>  
> 
> If I use the Outlook to send the Mail to local user.
> 
>  
> 
> May 21 10:28:02 kni postfix/smtpd[4929]: connect from
> unknown[192.168.0.140]
> 
> May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
> client=unknown[192.168.0.140]
> 
> May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
> message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
> 
> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
> from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
> 
> May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
> to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
> mailbox)
> 
> May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
> relay=local, delay=0, status=sent (delivered to mailbox)
> 
> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
> 
> May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
> unknown[192.168.0.140]
> 
>  
> 
>  
> 
> I would need your technical skills to resolve this as my outlook users
> when they send mail either locally/remotely the Mail scanner didn?t
> invoke.
> 
>  
> 
>  
> 
> Thanks & Regards,
> 
>  
> 
> Sr. System Admin
> 
> Knowlege Network India Pvt. Ltd.
> 
> Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,
> 
> Gurgaon INDIA -122002.
> 
>  
> 
>  
> 
> 
> 
> ______________________________________________________________________
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From ja at conviator.com  Thu May 22 13:20:03 2008
From: ja at conviator.com (Jan Agermose)
Date: Thu May 22 13:20:15 2008
Subject: please help .. we are under fire !
In-Reply-To: <1211451919.12568.25.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <48353B21.2000903@juli.cz>
	<1211451919.12568.25.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <CD6321314686A64C90A1F5870AAD3D52B51999@MAIL031.mail.lan>

hi

Could you explain this: " You could also use mailscanners whitelist
feature to block ndr mails
where the original mail did not come from your server"

How to do it? 

regards
Jan


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
Sent: 22. maj 2008 12:25
To: MailScanner discussion
Subject: Re: please help .. we are under fire !

You could also use mailscanners whitelist feature to block ndr mails
where the original mail did not come from your server.
The spamassassin vbounce plugin does a similar thing.

On Thu, 2008-05-22 at 10:21, Petr Zeman wrote:
> Hello,
> 
> we using MailScanner+Sendmail+SpamAssassin+Clamav as an e-mail gateway

> for aprox. 100 local users. Normally we have 3 000 e-mails daily -
2500 
> is spam 500 is usable. From tommorow we are under fire :-). Anybody 
> nasty use our domain name (juli.cz) to send thousands spam e-mails.
From 
> yesterday we obtained over 100 000 non-delivery reports to fake
address 
> "tli@juli.cz" and her variants.
> 
> What can i do now? I only set "To: *tli@juli.cz yes" to 
> spam.blacklist.rules. Is much better now, but this is not solution.
> 
> I will be appreciative, for some ideas.
> 
> Thanks
> 
> Petr Zeman
> JULI Motorenwerk, s.r.o.
> organizace a informatika
zeman@juli.cz

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From dominian at slackadelic.com  Thu May 22 13:41:27 2008
From: dominian at slackadelic.com (Matt Hayes)
Date: Thu May 22 13:41:52 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
Message-ID: <483569F7.60602@slackadelic.com>

Vishal Yadav wrote:
> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written in mentioned link.
> 
> What to do in this case???
> 
> Thanks & Regards,
> Vishal Yadav
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
> Sent: Thursday, May 22, 2008 5:19 PM
> To: MailScanner discussion
> Subject: Re: MailScanner Customization with Postfix
> 
> It looks like postfix isnt putting the mail in the hold queue.
> 
> See http://www.mailscanner.info/postfix.html and in particular steps 5
> and 6.
> 
> On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
>> Hello!
>>
>>  
>>
>> I have been trying to get in touch for last couple of days in Mail
>> Scanner customization but unfortunately  no one is giving me the
>> satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
>> issues.
>>
>>  
>>
>> Issues are looks to me complicated but I know you can resolve them as
>> I have seen your replies on Mail Scanner discussion.
>>
>>  
>>
>> Here are the log which I got from the Mail Server log. Please find
>> them?.
>>
>>  
>>
>> The Below logs are from the Testing Mail Server. Server is not live.
>>
>> If I use the Server to send the mail via MUTT.
>>
>> May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
>> from=<root>
>>
>> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
>> Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
>> May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
>> to=<dean@kni.in>
>>
>> May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
>> message-id=<20080521045910.GA4935@kni.in>
>>
>> May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
>> 508 bytes
>>
>> May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
>> Starting
>>
>> May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
>> 786AB39C058
>>
>> May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
>> messages
>>
>> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
>> from=<root@kni.in>, size=710, nrcpt=1 (queue active)
>>
>> May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
>> to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
>> mailbox)
>>
>> May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
>>
>>  
>>
>> If I use the Outlook to send the Mail to local user.
>>
>>  
>>
>> May 21 10:28:02 kni postfix/smtpd[4929]: connect from
>> unknown[192.168.0.140]
>>
>> May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
>> client=unknown[192.168.0.140]
>>
>> May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
>> message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
>>
>> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
>> from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
>>
>> May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
>> to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
>> mailbox)
>>
>> May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
>> relay=local, delay=0, status=sent (delivered to mailbox)
>>
>> May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
>>
>> May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
>> unknown[192.168.0.140]
>>
>>  
>>
>>  
>>
>> I would need your technical skills to resolve this as my outlook users
>> when they send mail either locally/remotely the Mail scanner didn?t
>> invoke.
>>
>>  
>>
>>  
>>


You made the changes in header_checks to put the messages in the HOLD queue?


/^Received:/ HOLD     to be specific.

-Matt
From gerard at seibercom.net  Thu May 22 14:01:53 2008
From: gerard at seibercom.net (Gerard)
Date: Thu May 22 14:02:21 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>
	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
Message-ID: <20080522090153.446576f2@scorpio>

On Thu, 22 May 2008 17:38:24 +0530
"Vishal Yadav" <systemadmin02@kni.in> wrote:

[snip]

> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written
> in mentioned link.
> 
> What to do in this case???

For starters, you could stop "Top Posting". This thread is becoming
virtually undecipherable. If you don't know what that means, Google for
it.

You may need assistance from the Postfix group. However, they are
unlikely to be very receptive once you explain that you are employing
Mailscanner. Why don't you supply the unaltered output of 'postconf -n'
so that it can be checked out for any obvious errors. I am assuming
that after you made the changes to Postfix, you did restart it. Also,
it you did mention it, I failed to catch it, so please list the
versions of Postfix; Mailscanner and your OS. It might prove useful.

-- 
?Gerard?
gerard@seibercom.net

Chism's Law of Completion:
	The amount of time required to complete a government project is
	precisely equal to the length of time already spent on it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080522/16029a0c/signature.bin
From jan-peter at koopmann.eu  Thu May 22 14:21:18 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Thu May 22 14:21:43 2008
Subject: please help .. we are under fire !
In-Reply-To: <EMEW-k4LEMg438a682fcc8a6e7ab84040b5cbd78f24-CD6321314686A64C90A1F5870AAD3D52B51999@MAIL031.mail.lan>
References: <48353B21.2000903@juli.cz><1211451919.12568.25.camel@gblades-suse.linguaphone-intranet.co.uk>
	<EMEW-k4LEMg438a682fcc8a6e7ab84040b5cbd78f24-CD6321314686A64C90A1F5870AAD3D52B51999@MAIL031.mail.lan>
Message-ID: <EMEW-k4LFLW144d96a8078234fc3d91e9ebbc46efe5-5F9EB2B0731E5B4D88FC20780DFD161029CD20@DE-SEXB01RZ.intern.seceidos.de>

> Could you explain this: " You could also use mailscanners whitelist
> feature to block ndr mails
> where the original mail did not come from your server"

I think he meant watermark feature not whitelist feature.


From jplorier at montecarlotv.com.uy  Thu May 22 14:36:39 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Thu May 22 14:42:04 2008
Subject: please help .. we are under fire !
In-Reply-To: <200805221101.m4MB0TMZ019311@safir.blacknight.ie>
Message-ID: <LA5D6806ECAD644c1B46C35D9ACDB4767.1211463698.mail2.CANAL4@MHS>

Hi Petr,

I'm having much the same problem from time to time and I've been advised 
in this list to use milter-null to watermark your mails. Basically, you 
need to use this milter in both the outgoing server and the gateway so 
if you receive a bounce from a server and it doesn't include your 
watermark, then you didn't send the original mail and then the mail is 
discarded.
I haven't implemented yet, but it seems not hard to be done.
Regards,

Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444

From alex at nkpanama.com  Thu May 22 15:37:14 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Thu May 22 15:38:12 2008
Subject: please help .. we are under fire !
In-Reply-To: <200805221101.m4MB0TMZ019311@safir.blacknight.ie>
Message-ID: <200805221438.m4MEc06s031027@safir.blacknight.ie>

Works like a charm here. Milter-null is good in a lot of ways; it  
appeases those who consider sender address verification backscatter  
(for some very compelling reasons), it doesn't really "break" RFC's,  
and it doesn't add a lot of overhead in my experience.

On May 22, 2008, at 8:36 AM, Juan Pablo Lorier wrote:

> I haven't implemented yet, but it seems not hard to be done.
> Regards,
>
> Ing. Juan Pablo Lorier
> Monte Carlo TV SA
> Montevideo, Uruguay
> +(598)2 9244444

From admin at lctn.org  Thu May 22 17:10:19 2008
From: admin at lctn.org (Raymond Norton)
Date: Thu May 22 17:13:52 2008
Subject: blacklisting not working
Message-ID: <5734283.26601211472619821.JavaMail.root@mail.lctn.org>

I have this network blacklisted (72.14.204.236) (using mysql), but it keeps coming through. I have tried a few different variations to block the whole 172.14 network, but its not working. The spammer also puts a # sign in every subject. What would be the best way to blacklist them? 


-- 
Raymond Norton 
LCTN 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080522/6a2a2f5d/attachment.html
From dave.list at pixelhammer.com  Thu May 22 17:29:49 2008
From: dave.list at pixelhammer.com (DAve)
Date: Thu May 22 17:30:04 2008
Subject: reducing MailScanner memory footprint, was: ClamAV 0.93 released
In-Reply-To: <4832EFD7.5060208@elirion.net>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>	<481736B3.7030705@fsl.com>
	<4832EFD7.5060208@elirion.net>
Message-ID: <48359F7D.1010109@pixelhammer.com>

Richard Siddall wrote:
> Steve Freegard wrote:
>> If you have plenty memory to spare and MailScanner child start-up time 
>> is not an issue, then use Mail::ClamAV otherwise in all other cases 
>> use clamd as it uses considerably less RAM without any performance 
>> penalty as it uses threads as it seems that the signature database is 
>> shared amongst the scanner threads.
>>
> 
> Interesting discussion.  If both clamd and spamd can share data (virus
> signatures and rulesets) between threads, if that ability could be made
> available via Mail::ClamAV and the SpamAssassin libraries, then Julian
> might be able to build it into MailScanner and shrink the memory
> footprint (assuming it doesn't require too much restructuring of
> MailScanner itself).
> 

Previously I was posting under "Re: New MS install is slow to an 
extreme". However this seems on topic for this thread. clamavmodule 
certainly does appear to have problems. We went through much 
troubleshooting and careful, deliberate, monitored, changes to isolate 
the issues causing our slowdown. Thankfully I have a very understanding 
employer and a client support staff that runs great interference for me.

While we, I, made the newb mistake of upgrading everything including OS 
in one fell swoop the main issue has been identified. Last night we 
shutdown clamavmodule and started up clamd. A picture is worth a 
thousand words.

http://pixelhammer.com/thumb_130.png

DAve

-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From richard.siddall at elirion.net  Thu May 22 17:42:17 2008
From: richard.siddall at elirion.net (Richard Siddall)
Date: Thu May 22 17:42:41 2008
Subject: New MS install is slow to an extreme, was: reducing MailScanner
 memory footprint, was: ClamAV 0.93 released
In-Reply-To: <48359F7D.1010109@pixelhammer.com>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>	<481736B3.7030705@fsl.com>	<4832EFD7.5060208@elirion.net>
	<48359F7D.1010109@pixelhammer.com>
Message-ID: <4835A269.90407@elirion.net>

DAve wrote:
> While we, I, made the newb mistake of upgrading everything including OS 
> in one fell swoop the main issue has been identified. Last night we 
> shutdown clamavmodule and started up clamd. A picture is worth a 
> thousand words.
> 
> http://pixelhammer.com/thumb_130.png
> 

Wow, big difference.  I can't think why using the daemon would be faster 
than using a linked in library other than that the higher memory 
footprint with clamavmodule might be pushing you over a limit and the 
server was swapping.  Presumably there was no indication of that.

Regards,

	Richard.
From richard.siddall at elirion.net  Thu May 22 17:45:05 2008
From: richard.siddall at elirion.net (Richard Siddall)
Date: Thu May 22 17:45:30 2008
Subject: acceptance testing software, was: reducing MailScanner memory
 footprint, was: ClamAV 0.93 released
In-Reply-To: <48359F7D.1010109@pixelhammer.com>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>	<481736B3.7030705@fsl.com>	<4832EFD7.5060208@elirion.net>
	<48359F7D.1010109@pixelhammer.com>
Message-ID: <4835A311.3070503@elirion.net>

DAve wrote:
> While we, I, made the newb mistake of upgrading everything including OS 
> in one fell swoop the main issue has been identified. Last night we 
> shutdown clamavmodule and started up clamd. A picture is worth a 
> thousand words.
> 

DAve indirectly raises an important point here.  Can anyone recommend 
some easy-to-install, open-source, acceptance testing software we could 
use in the lab to check an MTA/MailScanner/anti virus/SpamAssassin setup 
before updating the live servers?

Regards,

	Richard.
From mkettler at evi-inc.com  Thu May 22 18:23:48 2008
From: mkettler at evi-inc.com (Matt Kettler)
Date: Thu May 22 18:24:10 2008
Subject: blacklisting not working
In-Reply-To: <5734283.26601211472619821.JavaMail.root@mail.lctn.org>
References: <5734283.26601211472619821.JavaMail.root@mail.lctn.org>
Message-ID: <4835AC24.6010706@evi-inc.com>

Raymond Norton wrote:
> I have this network blacklisted (72.14.204.236) (using mysql), but it 
> keeps coming through. I have tried a few different variations to block 
> the whole 172.14 network, but its not working. The spammer also puts a # 
> sign in every subject. What would be the best way to blacklist them?

The best way? Assuming your server is the front-end MX for your domain, and not 
downstream of a forwarder, configure your MTA to 550 it durring the SMTP session 
prior to the start of the DATA phase. In sendmail, you'd do it with a REJECT 
entry in /etc/mail/access.


From hvdkooij at vanderkooij.org  Thu May 22 18:51:03 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 22 18:51:13 2008
Subject: acceptance testing software, was: reducing MailScanner memory
 footprint, was: ClamAV 0.93 released
In-Reply-To: <4835A311.3070503@elirion.net>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>	<481736B3.7030705@fsl.com>	<4832EFD7.5060208@elirion.net>	<48359F7D.1010109@pixelhammer.com>
	<4835A311.3070503@elirion.net>
Message-ID: <4835B287.9070307@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Siddall wrote:
| DAve wrote:
|> While we, I, made the newb mistake of upgrading everything including
|> OS in one fell swoop the main issue has been identified. Last night we
|> shutdown clamavmodule and started up clamd. A picture is worth a
|> thousand words.
|>
|
| DAve indirectly raises an important point here.  Can anyone recommend
| some easy-to-install, open-source, acceptance testing software we could
| use in the lab to check an MTA/MailScanner/anti virus/SpamAssassin setup
| before updating the live servers?

Collect at random a 1000 messages. Write a script and send them of as
fast as you can on one side and see how long it takes to handle them.

Then loop this and see how well things hold out.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINbKGBvzDRVjxmYERAogdAKCK/vl1tlcBQLOxMcQ4iCSExKUF6QCZAcRD
PSUfK1zbfcSy3hzZc3oGRRE=
=XJ3J
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Thu May 22 18:59:17 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 22 18:59:31 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
Message-ID: <4835B475.50706@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vishal Yadav wrote:

| I have cross checked both the files, entries are corrected as written
in mentioned link.
|
| What to do in this case???

Your testing setup is flawed. The way outlook delivers the mail does not
result in a Received: header for postfix to detect. So the message is
rightly not put on hold.

Just for fun use wireshark to capture the full SMTP conversation in both
cases and see the tiny differences.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFINbR0BvzDRVjxmYERAq7+AKCSVyw1SqD7lotKCOxDPsBoi0Vg0wCffVIV
vcXn+gAK/wmIBdrvFubnxAw=
=sCXI
-----END PGP SIGNATURE-----
From philip at zeiglers.net  Thu May 22 19:15:21 2008
From: philip at zeiglers.net (Philip Zeigler)
Date: Thu May 22 19:16:51 2008
Subject: DomainKeys help with MailScanner
Message-ID: <4835B839.1040506@zeiglers.net>

I am trying to implement DomainKeys signing with dk-milter and sendmail 
on a CentOS5 box.  I have followed several howtos to get this up and 
running but I am always gettting a signature bad failure when I send 
messages to the various test autosponders.

Has anyone gotten this working with MailScannner?  Is MailScanner 
rewriting the message and causing the signatures to be invalid?  I don't 
really know where to troubleshoot this any further.

Thanks,

Philip Zeigler
From dave.list at pixelhammer.com  Thu May 22 19:41:35 2008
From: dave.list at pixelhammer.com (DAve)
Date: Thu May 22 19:41:52 2008
Subject: New MS install is slow to an extreme, was: reducing MailScanner
 memory footprint, was: ClamAV 0.93 released
In-Reply-To: <4835A269.90407@elirion.net>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar>	<EMEW-k3RKVu49d78c124fa8f1d70d30832eb3dbb6f1-48160C77.5070602@USherbrooke.ca>	<EMEW-k3S9Ch446d5793bb7f6262bdba17b6989c3145-5F9EB2B0731E5B4D88FC20780DFD16101E9C1B@DE-SEXB01RZ.intern.seceidos.de>	<481711C3.5020204@USherbrooke.ca>	<481736B3.7030705@fsl.com>	<4832EFD7.5060208@elirion.net>	<48359F7D.1010109@pixelhammer.com>
	<4835A269.90407@elirion.net>
Message-ID: <4835BE5F.6090805@pixelhammer.com>

Richard Siddall wrote:
> DAve wrote:
>> While we, I, made the newb mistake of upgrading everything including 
>> OS in one fell swoop the main issue has been identified. Last night we 
>> shutdown clamavmodule and started up clamd. A picture is worth a 
>> thousand words.
>>
>> http://pixelhammer.com/thumb_130.png
>>
> 
> Wow, big difference.  I can't think why using the daemon would be faster 
> than using a linked in library other than that the higher memory 
> footprint with clamavmodule might be pushing you over a limit and the 
> server was swapping.  Presumably there was no indication of that.
> 

No swapping. Using clamavmodule raised each MS child over 100mb each. 
Using clamd each MS child runs at only 60k. MS was reporting Virus 
processing speeds with clamavmodule in the 1200 to 5000 bytes per second 
range, with clamd we are seeing 66,000 bytes per second.

Kernel tuning, disk tuning, Sendmail tuning, all helped to some extent, 
but clamd made an amazing change. We are handling 30% more mail now than 
a year ago and with considerable less load reported.

We will see if today's performance continues.

DAve

-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From lists at designmedia.com  Thu May 22 21:35:39 2008
From: lists at designmedia.com (Henry Kwan)
Date: Thu May 22 21:36:08 2008
Subject: Locktype: posix vs. flock
Message-ID: <loom.20080522T202905-764@post.gmane.org>


Hi,

I've been experimenting with MailScanner and either sendmail or postfix as the
MTA.  I notice that MailScanner uses "flock" locktype with postfix and "posix"
with sendmail.  I also saw in the spam.assassin.prefs.conf file that it said
that "flock", while non-NFS-safe, was more efficient.

Should I tell MailScanner to use "flock" instead of "posix" with sendmail since
I don't have any NFS mounted volumes?

I'm running sendmail-8.13.8-2.

Thanks.


From alex at nkpanama.com  Thu May 22 21:49:20 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Thu May 22 21:49:54 2008
Subject: DomainKeys help with MailScanner
Message-ID: <200805222049.m4MKnjHs017002@safir.blacknight.ie>


On May 22, 2008, at 1:15 PM, Philip Zeigler wrote:

> I am trying to implement DomainKeys signing with dk-milter and  
> sendmail on a CentOS5 box.  I have followed several howtos to get  
> this up and running but I am always gettting a signature bad failure  
> when I send messages to the various test autosponders.
>
> Has anyone gotten this working with MailScannner?  Is MailScanner  
> rewriting the message and causing the signatures to be invalid?  I  
> don't really know where to troubleshoot this any further.
>
>
I think "you can't get there from here" unless you do some serious  
kung fu action on your setup. MailScanner "touches" the e-mail, so the  
signature will *always* be wrong. The only way I see it working is if  
MailScanner hands off the e-mail to another server (or other separate  
sendmail process) that DKIM-signs the outgoing e-mails.

From rcooper at dwford.com  Thu May 22 22:03:42 2008
From: rcooper at dwford.com (Rick Cooper)
Date: Thu May 22 22:04:11 2008
Subject: DomainKeys help with MailScanner
In-Reply-To: <4835B839.1040506@zeiglers.net>
References: <4835B839.1040506@zeiglers.net>
Message-ID: <28BD539CA1D449F0925190D3C18516A9@SAHOMELT>

 
 > -----Original Message-----
 > From: mailscanner-bounces@lists.mailscanner.info 
 > [mailto:mailscanner-bounces@lists.mailscanner.info] On 
 > Behalf Of Philip Zeigler
 > Sent: Thursday, May 22, 2008 2:15 PM
 > To: MailScanner discussion
 > Subject: DomainKeys help with MailScanner
 > 
 > I am trying to implement DomainKeys signing with dk-milter 
 > and sendmail 
 > on a CentOS5 box.  I have followed several howtos to get this up and 
 > running but I am always gettting a signature bad failure when I send 
 > messages to the various test autosponders.
 > 
 > Has anyone gotten this working with MailScannner?  Is MailScanner 
 > rewriting the message and causing the signatures to be 
 > invalid?  I don't 
 > really know where to troubleshoot this any further.
 > 
 > Thanks,
 > 
 > Philip Zeigler
 > -- 

I have no issues with Exim and MailScanner as far as the signature BUT, you
must sign after MailScanner handles it, *the very last thing before
delivery*. You also have to check incoming before MailScanner handles it. I
don't know about sendmail but with exim this is done in the smtp delivery
transport

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From MailScanner at ecs.soton.ac.uk  Thu May 22 22:26:39 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 22 22:26:59 2008
Subject: Locktype: posix vs. flock
In-Reply-To: <loom.20080522T202905-764@post.gmane.org>
References: <loom.20080522T202905-764@post.gmane.org>
Message-ID: <4835E50F.3090108@ecs.soton.ac.uk>


Henry Kwan wrote:
> Hi,
>
> I've been experimenting with MailScanner and either sendmail or postfix as the
> MTA.  I notice that MailScanner uses "flock" locktype with postfix and "posix"
> with sendmail.  I also saw in the spam.assassin.prefs.conf file that it said
> that "flock", while non-NFS-safe, was more efficient.
>
> Should I tell MailScanner to use "flock" instead of "posix" with sendmail since
> I don't have any NFS mounted volumes?
>
> I'm running sendmail-8.13.8-2.
>   
No, you shouldn't. MailScanner's lock type must match that used by 
sendmail, or else they will tread on each other's toes. This is very 
bad. Just leave the setting blank in MailScanner.conf and it will do the 
right thing for you.

SpamAssassin's locking it totally separate, and is just used by 
SpamAssassin and nothing else. You should use flock for SpamAssassin, 
which I believe you will find I have already set for you in 
spam.assassin.prefs.conf.

Jules
> Thanks.
>
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ssilva at sgvwater.com  Thu May 22 22:26:38 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 22 22:27:01 2008
Subject: Locktype: posix vs. flock
In-Reply-To: <loom.20080522T202905-764@post.gmane.org>
References: <loom.20080522T202905-764@post.gmane.org>
Message-ID: <g14oef$l1b$1@ger.gmane.org>

on 5-22-2008 1:35 PM Henry Kwan spake the following:
> Hi,
> 
> I've been experimenting with MailScanner and either sendmail or postfix as the
> MTA.  I notice that MailScanner uses "flock" locktype with postfix and "posix"
> with sendmail.  I also saw in the spam.assassin.prefs.conf file that it said
> that "flock", while non-NFS-safe, was more efficient.
> 
> Should I tell MailScanner to use "flock" instead of "posix" with sendmail since
> I don't have any NFS mounted volumes?
> 
> I'm running sendmail-8.13.8-2.
> 
> Thanks.
> 
> 
It is usually flock up to 8.12, posix after that.

It is not a NFS issue, but the fact that sendmail at/after 8.13 usually 
doesn't have flock compiled in.
The simple method is this. Run this command;
sendmail -d0.1 -d0.4 -bt </dev/null |grep FLOCK
if you get a result, sendmail has flock support, if not then use posix.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080522/6b92a594/signature-0001.bin
From lists at designmedia.com  Thu May 22 23:11:01 2008
From: lists at designmedia.com (Henry Kwan)
Date: Thu May 22 23:11:25 2008
Subject: Locktype: posix vs. flock
References: <loom.20080522T202905-764@post.gmane.org>
	<4835E50F.3090108@ecs.soton.ac.uk>
Message-ID: <loom.20080522T220901-241@post.gmane.org>


Julian Field <MailScanner <at> ecs.soton.ac.uk> writes:
> Henry Kwan wrote:
> > Should I tell MailScanner to use "flock" instead of "posix" with sendmail
> > since I don't have any NFS mounted volumes?
> >
> > I'm running sendmail-8.13.8-2.
> >   
> No, you shouldn't. MailScanner's lock type must match that used by 
> sendmail, or else they will tread on each other's toes. This is very 
> bad. Just leave the setting blank in MailScanner.conf and it will do the 
> right thing for you.

Ah,

Ok.  I'll leave the defaults alone then.

Thanks for the clarification.


From ssilva at sgvwater.com  Thu May 22 23:29:25 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 22 23:29:42 2008
Subject: Locktype: posix vs. flock
In-Reply-To: <4835E50F.3090108@ecs.soton.ac.uk>
References: <loom.20080522T202905-764@post.gmane.org>
	<4835E50F.3090108@ecs.soton.ac.uk>
Message-ID: <g14s46$vum$1@ger.gmane.org>

<snip>
> No, you shouldn't. MailScanner's lock type must match that used by 
> sendmail, or else they will tread on each other's toes. This is very 
> bad. Just leave the setting blank in MailScanner.conf and it will do the 
> right thing for you.

Does that function simply look at the sendmail version, or try to determine 
the compile-time options? Just curious, as I have been setting it explicitly 
to be safe.

> 


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080522/4c67fcbb/signature.bin
From paul at welshfamily.com  Fri May 23 00:33:52 2008
From: paul at welshfamily.com (Paul Welsh)
Date: Fri May 23 00:34:44 2008
Subject: OT: greylistd
Message-ID: <483602E0.6010109@welshfamily.com>

Hi all

I'm trying to get greylistd working on my Exim based mail server. 
However, when I try starting it I get:

Could not bind/listen to socket /var/run/greylistd/socket: (98, 'Address 
already in use')

Any ideas?

Anyone used alternatives?
I have spent a lot of time looking for a greylisting app. Curiously, 
there don't seem many around and there are even fewer that are 
maintained and fewer still with reasonable documentation.

For what it's worth here are the hits that google comes up with when I 
search on various ones I've come across:

sendmail
milter-greylist 44,600
smf-grey 3,790
relaydelay 3,310
milter-gris 1,020
graymilter 350

exim
greylistd 37,400
emserver 5,890
greylstd 1,790

postfix
postgrey 212,000
sqlgrey 90,600

Cheers

Paul
From r.berber at computer.org  Fri May 23 01:29:56 2008
From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=)
Date: Fri May 23 01:30:17 2008
Subject: OT: greylistd
In-Reply-To: <483602E0.6010109@welshfamily.com>
References: <483602E0.6010109@welshfamily.com>
Message-ID: <g15363$ifq$1@ger.gmane.org>

Paul Welsh wrote:

> I'm trying to get greylistd working on my Exim based mail server. 
> However, when I try starting it I get:
> 
> Could not bind/listen to socket /var/run/greylistd/socket: (98, 'Address 
> already in use')

Nuke the file (if it exists), then start the daemon.  One thing that 
seems wrong, the default socket is /var/run/greylstd/greylstd.sock, not 
the one you show.

Not much documentation with this one but it works fine with exim.  The 
missing doc should describe the optional parameters :

-d database-file (default: /var/lib/greylstd/greylstd.db)
-f foreground
-h help? I think this one doesn't work
-p pid-file-name (default: /var/run/greylstd/greylstd.pid)
-s socket-file-name (default: /var/run/greylstd/greylstd.sock)
-v verbose

Missing is :
- Create /var/run/greylstd/ with proper permissions;
- Create the empty database, using
      sqlite3 /var/lib/greylstd/greylstd.db < db.sqlite
- Manage your white-list, default settings, black-list; I do this 
manually, for instance:

$ sqlite3 /var/lib/greylstd/greylstd.db
SQLite version 3.3.17
Enter ".help" for instructions
sqlite> .dump greyconf 
         BEGIN TRANSACTION;
CREATE TABLE greyconf (
     id INTEGER PRIMARY KEY,
     recipient TEXT NOT NULL DEFAULT '',
     minwait INTEGER DEFAULT NULL,
     maxwait INTEGER DEFAULT NULL,
     maxvalid INTEGER DEFAULT NULL,
     UNIQUE (recipient)
);
INSERT INTO "greyconf" VALUES(1,'',300,86400,2678400);
COMMIT;
sqlite> .dump whitelist
BEGIN TRANSACTION;
CREATE TABLE whitelist (
     id INTEGER PRIMARY KEY,
     recipient TEXT NOT NULL DEFAULT '',
     sender TEXT NOT NULL DEFAULT '',
     remoteip TEXT NOT NULL DEFAULT ''
);
INSERT INTO "whitelist" VALUES(1,'','@you-got-the-idea.com','');
sqlite> .exit

There's no black-list, what I use is tcp-wrappers (exim compiled with 
support for it and /etc/hosts.deny).

Hope this helps.
-- 
Ren? Berber

From devin.lists at gmail.com  Fri May 23 02:27:07 2008
From: devin.lists at gmail.com (Devin Henderson)
Date: Fri May 23 02:27:18 2008
Subject: Do not scan outgoing messages for spam
Message-ID: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>

Hi all. Im running the latest version of MailScanner on top of
sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
outgoing messages for spam because some of my users' outgoing mail is
being marked as spam. How can I accomplish this?

Also, I would like to recommend a new feature for future versions of
MailScanner where scanning of outgoing and incoming messages can be
enabled or disabled. i.e.:

Scan Outgoing Messages = No
Scan Incoming Messages = Yes

Thanks. Looking forward to any help you guys can give me on this.
Devin
From list-mailscanner at linguaphone.com  Thu May 22 13:19:57 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Fri May 23 02:31:03 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>
	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>
	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
Message-ID: <1211458797.12574.34.camel@gblades-suse.linguaphone-intranet.co.uk>

I would restart postfix just to make sure all the changes have taken
effect. If you still have the same problem post back here with the
output of the 'postconf -n' command.

On Thu, 2008-05-22 at 13:08, Vishal Yadav wrote:
> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written in mentioned link.
> 
> What to do in this case???
> 
> Thanks & Regards,
> Vishal Yadav
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
> Sent: Thursday, May 22, 2008 5:19 PM
> To: MailScanner discussion
> Subject: Re: MailScanner Customization with Postfix
> 
> It looks like postfix isnt putting the mail in the hold queue.
> 
> See http://www.mailscanner.info/postfix.html and in particular steps 5
> and 6.
> 
> On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
> > Hello!
> > 
> >  
> > 
> > I have been trying to get in touch for last couple of days in Mail
> > Scanner customization but unfortunately  no one is giving me the
> > satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
> > issues.
> > 
> >  
> > 
> > Issues are looks to me complicated but I know you can resolve them as
> > I have seen your replies on Mail Scanner discussion.
> > 
> >  
> > 
> > Here are the log which I got from the Mail Server log. Please find
> > them?.
> > 
> >  
> > 
> > The Below logs are from the Testing Mail Server. Server is not live.
> > 
> > If I use the Server to send the mail via MUTT.
> > 
> > May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
> > from=<root>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
> > Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
> > May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
> > to=<dean@kni.in>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
> > message-id=<20080521045910.GA4935@kni.in>
> > 
> > May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
> > 508 bytes
> > 
> > May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
> > Starting
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
> > 786AB39C058
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
> > messages
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
> > from=<root@kni.in>, size=710, nrcpt=1 (queue active)
> > 
> > May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
> > to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
> > 
> >  
> > 
> > If I use the Outlook to send the Mail to local user.
> > 
> >  
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: connect from
> > unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
> > client=unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
> > message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
> > from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
> > 
> > May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
> > to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
> > relay=local, delay=0, status=sent (delivered to mailbox)
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
> > 
> > May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
> > unknown[192.168.0.140]
> > 
> >  
> > 
> >  
> > 
> > I would need your technical skills to resolve this as my outlook users
> > when they send mail either locally/remotely the Mail scanner didn?t
> > invoke.
> > 
> >  
> > 
> >  
> > 
> > Thanks & Regards,
> > 
> >  
> > 
> > Sr. System Admin
> > 
> > Knowlege Network India Pvt. Ltd.
> > 
> > Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,
> > 
> > Gurgaon INDIA -122002.
> > 
> >  
> > 
> >  
> > 
> > 
> > 
> > ______________________________________________________________________
> > -- 
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

From systemadmin02 at kni.in  Fri May 23 04:39:48 2008
From: systemadmin02 at kni.in (Vishal Yadav)
Date: Fri May 23 04:41:56 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <1211458797.12574.34.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
	<1211458797.12574.34.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADS28DB9cXFKqzF1aKiM/kMBAAAAAA==@kni.in>

Please find the attached details output of the postconf -p command.

"alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, $mydomain
mydomain = kni.in
myhostname = kni.in
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relayhost = smtp.kni.in
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpw
smtp_sasl_security_options = 
unknown_local_recipient_reject_code = 550"

Regards,
Vishal Yadav


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
Sent: Thursday, May 22, 2008 5:50 PM
To: MailScanner discussion
Subject: RE: MailScanner Customization with Postfix

I would restart postfix just to make sure all the changes have taken
effect. If you still have the same problem post back here with the
output of the 'postconf -n' command.

On Thu, 2008-05-22 at 13:08, Vishal Yadav wrote:
> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written in mentioned link.
> 
> What to do in this case???
> 
> Thanks & Regards,
> Vishal Yadav
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
> Sent: Thursday, May 22, 2008 5:19 PM
> To: MailScanner discussion
> Subject: Re: MailScanner Customization with Postfix
> 
> It looks like postfix isnt putting the mail in the hold queue.
> 
> See http://www.mailscanner.info/postfix.html and in particular steps 5
> and 6.
> 
> On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
> > Hello!
> > 
> >  
> > 
> > I have been trying to get in touch for last couple of days in Mail
> > Scanner customization but unfortunately  no one is giving me the
> > satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
> > issues.
> > 
> >  
> > 
> > Issues are looks to me complicated but I know you can resolve them as
> > I have seen your replies on Mail Scanner discussion.
> > 
> >  
> > 
> > Here are the log which I got from the Mail Server log. Please find
> > them?.
> > 
> >  
> > 
> > The Below logs are from the Testing Mail Server. Server is not live.
> > 
> > If I use the Server to send the mail via MUTT.
> > 
> > May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
> > from=<root>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
> > Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
> > May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
> > to=<dean@kni.in>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
> > message-id=<20080521045910.GA4935@kni.in>
> > 
> > May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
> > 508 bytes
> > 
> > May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
> > Starting
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
> > 786AB39C058
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
> > messages
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
> > from=<root@kni.in>, size=710, nrcpt=1 (queue active)
> > 
> > May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
> > to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
> > 
> >  
> > 
> > If I use the Outlook to send the Mail to local user.
> > 
> >  
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: connect from
> > unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
> > client=unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
> > message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
> > from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
> > 
> > May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
> > to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
> > relay=local, delay=0, status=sent (delivered to mailbox)
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
> > 
> > May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
> > unknown[192.168.0.140]
> > 
> >  
> > 
> >  
> > 
> > I would need your technical skills to resolve this as my outlook users
> > when they send mail either locally/remotely the Mail scanner didn?t
> > invoke.
> > 
> >  
> > 
> >  
> > 
> > Thanks & Regards,
> > 
> >  
> > 
> > Sr. System Admin
> > 
> > Knowlege Network India Pvt. Ltd.
> > 
> > Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,
> > 
> > Gurgaon INDIA -122002.
> > 
> >  
> > 
> >  
> > 
> > 
> > 
> > ______________________________________________________________________
> > -- 
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From systemadmin02 at kni.in  Fri May 23 04:49:03 2008
From: systemadmin02 at kni.in (Vishal Yadav)
Date: Fri May 23 04:51:08 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <20080522090153.446576f2@scorpio>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
	<20080522090153.446576f2@scorpio>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAI7mxYBDXRtEpKpibaWWfUsBAAAAAA==@kni.in>

The version of Postfix === 2.2.10
The version of Mail Scanner === 4.69.9-3
The Version of OS === Red hat ES 4.0

"vishal Yadav"


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gerard
Sent: Thursday, May 22, 2008 6:32 PM
To: mailscanner@lists.mailscanner.info
Subject: Re: MailScanner Customization with Postfix

On Thu, 22 May 2008 17:38:24 +0530
"Vishal Yadav" <systemadmin02@kni.in> wrote:

[snip]

> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written 
> in mentioned link.
> 
> What to do in this case???

For starters, you could stop "Top Posting". This thread is becoming virtually undecipherable. If you don't know what that means, Google for it.

You may need assistance from the Postfix group. However, they are unlikely to be very receptive once you explain that you are employing Mailscanner. Why don't you supply the unaltered output of 'postconf -n'
so that it can be checked out for any obvious errors. I am assuming that after you made the changes to Postfix, you did restart it. Also, it you did mention it, I failed to catch it, so please list the versions of Postfix; Mailscanner and your OS. It might prove useful.

--
?Gerard?
gerard@seibercom.net

Chism's Law of Completion:
	The amount of time required to complete a government project is
	precisely equal to the length of time already spent on it.

From shuttlebox at gmail.com  Fri May 23 08:11:12 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 23 08:11:21 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
Message-ID: <625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>

On Fri, May 23, 2008 at 3:27 AM, Devin Henderson <devin.lists@gmail.com> wrote:
> Hi all. Im running the latest version of MailScanner on top of
> sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
> outgoing messages for spam because some of my users' outgoing mail is
> being marked as spam. How can I accomplish this?
>
> Also, I would like to recommend a new feature for future versions of
> MailScanner where scanning of outgoing and incoming messages can be
> enabled or disabled. i.e.:
>
> Scan Outgoing Messages = No
> Scan Incoming Messages = Yes

Those options are not necessary, just make a simple ruleset with the
ip:s of your own servers.

-- 
/peter
From systemadmin02 at kni.in  Fri May 23 08:11:18 2008
From: systemadmin02 at kni.in (Vishal Yadav)
Date: Fri May 23 08:13:26 2008
Subject: MailScanner Customization with Postfix
In-Reply-To: <1211458797.12574.34.camel@gblades-suse.linguaphone-intranet.co.uk>
References: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAACh0kCFMbaBEmjg6/IR7eOwBAAAAAA==@kni.in>	<1211456932.12574.30.camel@gblades-suse.linguaphone-intranet.co.uk>	<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAADPA79RQMfpJn5qJR4mkOt0BAAAAAA==@kni.in>
	<1211458797.12574.34.camel@gblades-suse.linguaphone-intranet.co.uk>
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAHt6qDpm0vlBlsqggrEgWpUBAAAAAA==@kni.in>

"Previously the server was running the Send mail MTA, due to some SPAM issue as the mails were delivering to the SPAM folders to the other end, we changes the rely host to the ISP via virtual Mapping to the Mail Exchanger then we migrated the send mail to the postfix MTA. "

Could it be the reason of SMTPS not getting called by the POSTFIX MTA???

Regards,
Vishal Yadav


-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
Sent: Thursday, May 22, 2008 5:50 PM
To: MailScanner discussion
Subject: RE: MailScanner Customization with Postfix

I would restart postfix just to make sure all the changes have taken
effect. If you still have the same problem post back here with the
output of the 'postconf -n' command.

On Thu, 2008-05-22 at 13:08, Vishal Yadav wrote:
> Thanks for the reply!
> 
> I have cross checked both the files, entries are corrected as written in mentioned link.
> 
> What to do in this case???
> 
> Thanks & Regards,
> Vishal Yadav
> 
> 
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Gareth
> Sent: Thursday, May 22, 2008 5:19 PM
> To: MailScanner discussion
> Subject: Re: MailScanner Customization with Postfix
> 
> It looks like postfix isnt putting the mail in the hold queue.
> 
> See http://www.mailscanner.info/postfix.html and in particular steps 5
> and 6.
> 
> On Thu, 2008-05-22 at 12:34, Vishal Yadav wrote:
> > Hello!
> > 
> >  
> > 
> > I have been trying to get in touch for last couple of days in Mail
> > Scanner customization but unfortunately  no one is giving me the
> > satisfactory answer, I?m writing this Mail on behalf of Mail Scanner
> > issues.
> > 
> >  
> > 
> > Issues are looks to me complicated but I know you can resolve them as
> > I have seen your replies on Mail Scanner discussion.
> > 
> >  
> > 
> > Here are the log which I got from the Mail Server log. Please find
> > them?.
> > 
> >  
> > 
> > The Below logs are from the Testing Mail Server. Server is not live.
> > 
> > If I use the Server to send the mail via MUTT.
> > 
> > May 21 10:29:10 kni postfix/pickup[3475]: 2752739C054: uid=0
> > from=<root>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054: hold: header
> > Received: by kni.in (Postfix, from userid 0)??id 2752739C054; Wed, 21
> > May 2008 10:29:10 +0530 (IST) from local; from=<root@kni.in>
> > to=<dean@kni.in>
> > 
> > May 21 10:29:10 kni postfix/cleanup[4932]: 2752739C054:
> > message-id=<20080521045910.GA4935@kni.in>
> > 
> > May 21 10:29:11 kni MailScanner[4872]: New Batch: Scanning 1 messages,
> > 508 bytes
> > 
> > May 21 10:29:11 kni MailScanner[4872]: Virus and Content Scanning:
> > Starting
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Requeue: 2752739C054.2A1B2 to
> > 786AB39C058
> > 
> > May 21 10:29:15 kni MailScanner[4872]: Uninfected: Delivered 1
> > messages
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058:
> > from=<root@kni.in>, size=710, nrcpt=1 (queue active)
> > 
> > May 21 10:29:15 kni postfix/local[4934]: 786AB39C058:
> > to=<dean@kni.in>, relay=local, delay=5, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:29:15 kni postfix/qmgr[3476]: 786AB39C058: removed
> > 
> >  
> > 
> > If I use the Outlook to send the Mail to local user.
> > 
> >  
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: connect from
> > unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/smtpd[4929]: 3C52839C053:
> > client=unknown[192.168.0.140]
> > 
> > May 21 10:28:02 kni postfix/cleanup[4932]: 3C52839C053:
> > message-id=<!&!AAAAAAAAAAAYAAAAAAAAAPdFmQcR3sVHlK4m/EoulYPCgAAAEAAAAM9iBRdUm79Kv9ZZbWVWQIkBAAAAAA==@kni.in>
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053:
> > from=<dean@kni.in>, size=4977, nrcpt=2 (queue active)
> > 
> > May 21 10:28:02 kni postfix/local[4934]: 3C52839C053:
> > to=<root@kni.in>, relay=local, delay=0, status=sent (delivered to
> > mailbox)
> > 
> > May 21 10:28:02 kni postfix/local[4933]: 3C52839C053: to=<oll@kni.in>,
> > relay=local, delay=0, status=sent (delivered to mailbox)
> > 
> > May 21 10:28:02 kni postfix/qmgr[3476]: 3C52839C053: removed
> > 
> > May 21 10:28:05 kni postfix/smtpd[4929]: disconnect from
> > unknown[192.168.0.140]
> > 
> >  
> > 
> >  
> > 
> > I would need your technical skills to resolve this as my outlook users
> > when they send mail either locally/remotely the Mail scanner didn?t
> > invoke.
> > 
> >  
> > 
> >  
> > 
> > Thanks & Regards,
> > 
> >  
> > 
> > Sr. System Admin
> > 
> > Knowlege Network India Pvt. Ltd.
> > 
> > Pal Tower, Above IDBI Bank, MG Road, Sikender Pur,
> > 
> > Gurgaon INDIA -122002.
> > 
> >  
> > 
> >  
> > 
> > 
> > 
> > ______________________________________________________________________
> > -- 
> > MailScanner mailing list
> > mailscanner@lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off the website! 
> 
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

From mikael at syska.dk  Fri May 23 08:37:52 2008
From: mikael at syska.dk (Mikael Syska)
Date: Fri May 23 08:38:26 2008
Subject: Watermarking, what does it actually consist of ...
Message-ID: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>

Hi,

I'm looking at Transport Agent and Event Sinks for Exchange 2007 and 2003 ....

I'm considering it because it would then maybe be posible to put the
watermarking into mails coming from our Exchange serveres, so we dont
have to use the MailScanner smtp and waste lots of bandwdth on that,
as we have multiple domains in many location ... and only one
MailScanner setup.

What is the watermark contructed of, I know it contains the some kind
of MD5 hash of the watermarking "secret" and some kind of timestamp
...

If there are someone out there, which knows how its constructed so I
maybe could make this possible, my users and I would be very happy :-)

If more information is needed ... please do tell.

best regards
Mikael Syska
From spamlists at coders.co.uk  Fri May 23 08:50:18 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Fri May 23 08:51:44 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
Message-ID: <4836773A.7070504@coders.co.uk>

Mikael Syska wrote:
>
> What is the watermark contructed of, I know it contains the some kind
> of MD5 hash of the watermarking "secret" and some kind of timestamp
> ...
>
>   
Hi Mikael


return Digest::MD5::md5_base64(join("\$\%", $expiry, $email, $date, 
$secret, $msgid));

so you end up with the base64 md5 of

"12346678$%sender@domain.com$%12345678$%S3cret$%<Message-Id-Header>"


The only problem I see is converting the date in to a unix time stamp...

matt
From Kit at simplysites.co.uk  Fri May 23 09:14:39 2008
From: Kit at simplysites.co.uk (Kit Wong)
Date: Fri May 23 09:14:59 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>
Message-ID: <E1ED0763361A9B48AB1DD224120DFBC40A8AEE@simplyserver.SimplySites.local>


On Fri, May 23, 2008 at 3:27 AM, Devin Henderson <devin.lists@gmail.com>
wrote:
> Hi all. Im running the latest version of MailScanner on top of
> sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
> outgoing messages for spam because some of my users' outgoing mail is
> being marked as spam. How can I accomplish this?
>
> Also, I would like to recommend a new feature for future versions of
> MailScanner where scanning of outgoing and incoming messages can be
> enabled or disabled. i.e.:
>
> Scan Outgoing Messages = No
> Scan Incoming Messages = Yes

Those options are not necessary, just make a simple ruleset with the
ip:s of your own servers.

-- 
/peter
--------------------------------------------------
I would agree with Devin. I have been trying to do this also. The only
way I have been told is to manually add ip addresses into
spam.whitelist.rules file and content.scanning.rules file.
I have clients that have ever changing ip addresses so it is very
annoying going through the logs and adding them in everyday.

I would very much like that feature. May be somehow importing the pop
before smtp db file's ip address list?

Kit
From martinh at solidstatelogic.com  Fri May 23 09:16:07 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Fri May 23 09:16:17 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>
Message-ID: <75cd58d5e214944daac855fb2622207a@solidstatelogic.com>


Correct, how do you know what is 'in' and 'out'.

Readup on rulsets.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> Sent: 23 May 2008 08:11
> To: MailScanner discussion
> Subject: Re: Do not scan outgoing messages for spam
>
> On Fri, May 23, 2008 at 3:27 AM, Devin Henderson <devin.lists@gmail.com>
> wrote:
> > Hi all. Im running the latest version of MailScanner on top of
> > sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
> > outgoing messages for spam because some of my users' outgoing mail is
> > being marked as spam. How can I accomplish this?
> >
> > Also, I would like to recommend a new feature for future versions of
> > MailScanner where scanning of outgoing and incoming messages can be
> > enabled or disabled. i.e.:
> >
> > Scan Outgoing Messages = No
> > Scan Incoming Messages = Yes
>
> Those options are not necessary, just make a simple ruleset with the
> ip:s of your own servers.
>
> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From shuttlebox at gmail.com  Fri May 23 09:27:09 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 23 09:27:18 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <E1ED0763361A9B48AB1DD224120DFBC40A8AEE@simplyserver.SimplySites.local>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>
	<E1ED0763361A9B48AB1DD224120DFBC40A8AEE@simplyserver.SimplySites.local>
Message-ID: <625385e30805230127s2c13d175wfee727db73c219b5@mail.gmail.com>

On Fri, May 23, 2008 at 10:14 AM, Kit Wong <Kit@simplysites.co.uk> wrote:
> I would agree with Devin. I have been trying to do this also. The only
> way I have been told is to manually add ip addresses into
> spam.whitelist.rules file and content.scanning.rules file.
> I have clients that have ever changing ip addresses so it is very
> annoying going through the logs and adding them in everyday.
>
> I would very much like that feature. May be somehow importing the pop
> before smtp db file's ip address list?

I use a ruleset for the option Spam Checks, example:

# Spam Checks
# foo.se
From:   1.2.3.4    no
# bar.se
From:   1.2.3.5   no
# local
From:   127.0.0.1       no
FromOrTo:       default         yes

Most people have Exchange or something further in and those IP
addresses are known. I assume you're talking about POP3 users
connecting directly to your MailScanner server but they still must be
in a known net range so you can specify that with a ruleset using e.g.
CIDR notation. Read the README and EXAMPLES files in the rules
directory.

It's not like the mail server knows the (logical) direction of mail
anyway so you must still define what Outgoing and Incoming means to
you.

-- 
/peter
From Kit at simplysites.co.uk  Fri May 23 09:31:17 2008
From: Kit at simplysites.co.uk (Kit Wong)
Date: Fri May 23 09:31:35 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <75cd58d5e214944daac855fb2622207a@solidstatelogic.com>
References: <625385e30805230011o706f484arc8546daa82355304@mail.gmail.com>
	<75cd58d5e214944daac855fb2622207a@solidstatelogic.com>
Message-ID: <E1ED0763361A9B48AB1DD224120DFBC40A8AEF@simplyserver.SimplySites.local>

The only way is to use ip from popauth.db file (assuming you use pop
before smtp)? I can't do it, may be someone here have a hack?

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: 23 May 2008 09:16
To: MailScanner discussion
Subject: RE: Do not scan outgoing messages for spam


Correct, how do you know what is 'in' and 'out'.

Readup on rulsets.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of shuttlebox
> Sent: 23 May 2008 08:11
> To: MailScanner discussion
> Subject: Re: Do not scan outgoing messages for spam
>
> On Fri, May 23, 2008 at 3:27 AM, Devin Henderson
<devin.lists@gmail.com>
> wrote:
> > Hi all. Im running the latest version of MailScanner on top of
> > sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning
any
> > outgoing messages for spam because some of my users' outgoing mail
is
> > being marked as spam. How can I accomplish this?
> >
> > Also, I would like to recommend a new feature for future versions of
> > MailScanner where scanning of outgoing and incoming messages can be
> > enabled or disabled. i.e.:
> >
> > Scan Outgoing Messages = No
> > Scan Incoming Messages = Yes
>
> Those options are not necessary, just make a simple ruleset with the
> ip:s of your own servers.
>
> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
Scanned by MailScanner.


No virus found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 269.24.0/1461 - Release Date:
5/22/2008 4:44 PM
From MailScanner at ecs.soton.ac.uk  Fri May 23 09:33:45 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 23 09:34:08 2008
Subject: Locktype: posix vs. flock
In-Reply-To: <g14s46$vum$1@ger.gmane.org>
References: <loom.20080522T202905-764@post.gmane.org>	<4835E50F.3090108@ecs.soton.ac.uk>
	<g14s46$vum$1@ger.gmane.org>
Message-ID: <48368169.4080408@ecs.soton.ac.uk>


Scott Silva wrote:
> <snip>
>> No, you shouldn't. MailScanner's lock type must match that used by 
>> sendmail, or else they will tread on each other's toes. This is very 
>> bad. Just leave the setting blank in MailScanner.conf and it will do 
>> the right thing for you.
>
> Does that function simply look at the sendmail version, or try to 
> determine the compile-time options? Just curious, as I have been 
> setting it explicitly to be safe.
Unfortunately not. It is not possible to determine the locking type 
being used by sendmail just by running it. It can have flock support in 
use, but still not show it in any debug output. Linux is the trivial 
case, many other Unices are harder.

So it just works from the MTA you are using, it doesn't check version 
numbers or anything as that doesn't actually help. It is the right 
setting for most people, most of the time.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From Kit at simplysites.co.uk  Fri May 23 09:40:11 2008
From: Kit at simplysites.co.uk (Kit Wong)
Date: Fri May 23 09:40:30 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <625385e30805230127s2c13d175wfee727db73c219b5@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com><625385e30805230011o706f484arc8546daa82355304@mail.gmail.com><E1ED0763361A9B48AB1DD224120DFBC40A8AEE@simplyserver.SimplySites.local>
	<625385e30805230127s2c13d175wfee727db73c219b5@mail.gmail.com>
Message-ID: <E1ED0763361A9B48AB1DD224120DFBC40A8AF0@simplyserver.SimplySites.local>


On Fri, May 23, 2008 at 10:14 AM, Kit Wong <Kit@simplysites.co.uk>
wrote:
> I would agree with Devin. I have been trying to do this also. The only
> way I have been told is to manually add ip addresses into
> spam.whitelist.rules file and content.scanning.rules file.
> I have clients that have ever changing ip addresses so it is very
> annoying going through the logs and adding them in everyday.
>
> I would very much like that feature. May be somehow importing the pop
> before smtp db file's ip address list?

I use a ruleset for the option Spam Checks, example:

# Spam Checks
# foo.se
From:   1.2.3.4    no
# bar.se
From:   1.2.3.5   no
# local
From:   127.0.0.1       no
FromOrTo:       default         yes

Most people have Exchange or something further in and those IP
addresses are known. I assume you're talking about POP3 users
connecting directly to your MailScanner server but they still must be
in a known net range so you can specify that with a ruleset using e.g.
CIDR notation. Read the README and EXAMPLES files in the rules
directory.

It's not like the mail server knows the (logical) direction of mail
anyway so you must still define what Outgoing and Incoming means to
you.

-- 
/peter
-- 

-------------------------------------------------------------------
Moving along with this subject wouldn't it be good to also not scan
emails that are tagged by Watermarking? It seems it still does on my
setup and details seems to indicate that its only for one mailscanner to
another mailscanner...unless I am misunderstanding this feature

Kit
From t.d.lee at durham.ac.uk  Fri May 23 10:04:08 2008
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri May 23 10:06:03 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
Message-ID: <Pine.GSO.4.58.0805230946420.28623@arachne.dur.ac.uk>

On Thu, 22 May 2008, Devin Henderson wrote:

> Hi all. Im running the latest version of MailScanner on top of
> sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
> outgoing messages for spam because some of my users' outgoing mail is
> being marked as spam. How can I accomplish this?
>
> Also, I would like to recommend a new feature for future versions of
> MailScanner where scanning of outgoing and incoming messages can be
> enabled or disabled. i.e.:
>
> Scan Outgoing Messages = No
> Scan Incoming Messages = Yes
>
> Thanks. Looking forward to any help you guys can give me on this.

We tend to think of these things as about "how to protect ourselves".  But
there is also the issue of "how to help others".

Think briefly of viruses, rather than spam.  Presumably we all run
virus-scanning inbound, to protect ourselves from outside infections
coming in.  But I would also sincerely hope that we also run anti-virus
outbound to protect others, in case of a local infection (these things do
happen) leaking out.

So why not also with spam?  If a local account is compromised (can we
absolutely guarantee against it?) then the local site (yours, mine)
could start generating outbound spam.

So running anti-spam outbound is a "Good Thing".

And in helping others by doing outbound spam-checking the local site also
helps itself.  If a local compromise does happen, then the local site can
end up on anti-spam blacklists, getting our outbound email treated as spam
by its recipients.  Do we really want that?


You also say "some of my users' outgoing mail is being marked as spam".(*)
In that case, irrespective of anything else, it would be worth
investigating that and at least trying to understand it; it suggests your
local spam settings might need attention.


(*) How good to see the plural possessive apostrophe correctly placed!

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From prandal at herefordshire.gov.uk  Fri May 23 10:21:44 2008
From: prandal at herefordshire.gov.uk (Randal, Phil)
Date: Fri May 23 10:21:59 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <Pine.GSO.4.58.0805230946420.28623@arachne.dur.ac.uk>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<Pine.GSO.4.58.0805230946420.28623@arachne.dur.ac.uk>
Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03C1A936@HC-MBX02.herefordshire.gov.uk>

There's also this rather obvious issue:

If your server is identifying some of your outgoing mail as spam, then
you can rest assured that out there in the real world there will be a
bunch of mail filters on recipients' servers which will be reacting the
same way.

So merely "not scanning outgoing" isn't going to solve the real problem,
which is the apparent spaminess of those emails.

Cheers,

Phil


--
Phil Randal
Networks Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of David
Lee
Sent: 23 May 2008 10:04
To: MailScanner discussion
Subject: Re: Do not scan outgoing messages for spam

On Thu, 22 May 2008, Devin Henderson wrote:

> Hi all. Im running the latest version of MailScanner on top of 
> sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any 
> outgoing messages for spam because some of my users' outgoing mail is 
> being marked as spam. How can I accomplish this?
>
> Also, I would like to recommend a new feature for future versions of 
> MailScanner where scanning of outgoing and incoming messages can be 
> enabled or disabled. i.e.:
>
> Scan Outgoing Messages = No
> Scan Incoming Messages = Yes
>
> Thanks. Looking forward to any help you guys can give me on this.

We tend to think of these things as about "how to protect ourselves".
But there is also the issue of "how to help others".

Think briefly of viruses, rather than spam.  Presumably we all run
virus-scanning inbound, to protect ourselves from outside infections
coming in.  But I would also sincerely hope that we also run anti-virus
outbound to protect others, in case of a local infection (these things
do
happen) leaking out.

So why not also with spam?  If a local account is compromised (can we
absolutely guarantee against it?) then the local site (yours, mine)
could start generating outbound spam.

So running anti-spam outbound is a "Good Thing".

And in helping others by doing outbound spam-checking the local site
also helps itself.  If a local compromise does happen, then the local
site can end up on anti-spam blacklists, getting our outbound email
treated as spam by its recipients.  Do we really want that?


You also say "some of my users' outgoing mail is being marked as
spam".(*) In that case, irrespective of anything else, it would be worth
investigating that and at least trying to understand it; it suggests
your local spam settings might need attention.


(*) How good to see the plural possessive apostrophe correctly placed!

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From support-lists at petdoctors.co.uk  Fri May 23 11:26:50 2008
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Fri May 23 11:27:10 2008
Subject: HTML Templates stripped on internal mail
Message-ID: <DA22F460DA9641A6AF382F9BA98EB2EB@SUPPORT01V>

Putting aside the debate about 'pretty' email...
 
We have noticed that HTML-formatted emails sent to external email addresses
are received as intended, but mails sent to internal addresses get stripped
back to plain ASCII text.
 
What's worth tweaking?
 
(MailScanner 4.69.9)
 
Thanks
 
Nigel Kendrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080523/7188c364/attachment.html
From mikael at syska.dk  Fri May 23 12:19:20 2008
From: mikael at syska.dk (Mikael Syska)
Date: Fri May 23 12:19:30 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <4836773A.7070504@coders.co.uk>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
	<4836773A.7070504@coders.co.uk>
Message-ID: <6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>

Hi,

Thanks for the answer ...
On Fri, May 23, 2008 at 9:50 AM, Matt Hampton <spamlists@coders.co.uk> wrote:
> Mikael Syska wrote:
>>
>> What is the watermark contructed of, I know it contains the some kind
>> of MD5 hash of the watermarking "secret" and some kind of timestamp
>> ...
>>
>>
>
> Hi Mikael
>
>
>
> return Digest::MD5::md5_base64(join("\$\%", $expiry, $email, $date, $secret,
> $msgid));
>
> so you end up with the base64 md5 of
>
> "12346678$%sender@domain.com$%12345678$%S3cret$%<Message-Id-Header>"
>
>
> The only problem I see is converting the date in to a unix time stamp...

Well, maybe ... dont know yet.

So .... just to make things clear ... its a MD5 hash ... converted to
base64 ... and when it comes back into MailScanner again it
recalculates the hash ... with the info from the mail ... and then
compares the two string hashes ?
Or am I totally lost here .. ?

> matt
> --

best regards
Mikael Syska
From t.d.lee at durham.ac.uk  Fri May 23 12:21:32 2008
From: t.d.lee at durham.ac.uk (David Lee)
Date: Fri May 23 12:23:11 2008
Subject: ClamAV 0.93 released
In-Reply-To: <48160C77.5070602@USherbrooke.ca>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>
	<48039AA2.9050905@ecs.soton.ac.uk>
	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>
	<48051021.5010909@ecs.soton.ac.uk>
	<1208464860.2962.75.camel@morticia.pert.com.ar>
	<48160C77.5070602@USherbrooke.ca>
Message-ID: <Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>

On Mon, 28 Apr 2008, Denis Beauchemin wrote:

> Leonardo Helman a ?crit :
> > Hi I'm using clamavmodule
> >
> >
> > I've made a patch for the Mail::ClamAV to compile (later I'll send it
> > to the Mail::ClamAV mantainer)
> >
> Hello,
>
> Anything new on the official Mail::ClamAV module? I just looked and
> version 0.21 still supports maxratio which have been removed from Clam
> 0.93...
>
> Since there are known exploits for 0.92 I am beginning to feel the urge
> to upgrade to 0.93...

Scott Beck has released version 0.22 of Mail::ClamAV in the last few days.

Could I suggest that some of us with test facilities and with a little
technical experience try the various combinations of the older and newer
versions of ClamAV and Mail::ClamAV and verify which combinations work and
fail?

 1. Old+old:  We know that the combined earlier versions work.

 2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
    ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
    someone provide details of what this breakage is?  Is there a quick
    recipe to reproduce the problem that ClamAV 0.93 had introduced?

 3. New + new: Julian's Clam+SA package would ultimately be new+new.  Can
    we verify that this fixes any previously verified breakage?  Also that
    it does not seem to introduce any new problems.

 4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use
    other sources (not Julian's package).  Can we check what happens with
    if someone were to upgrade their Mail::ClamAV module but leave the
    main ClamAV software back on 0.92?  (Probably not too important, but
    it would be a nice data point to complete the set...)

Given Julian's sadly enforced absence from work, I'm sure he would
appreciate it if we can do this tabulation for him.


-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
From spamlists at coders.co.uk  Fri May 23 12:42:34 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Fri May 23 12:43:41 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>	<4836773A.7070504@coders.co.uk>
	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>
Message-ID: <4836ADAA.1010302@coders.co.uk>


>> The only problem I see is converting the date in to a unix time stamp...
>>     
>
> Well, maybe ... dont know yet.
>
> So .... just to make things clear ... its a MD5 hash ... converted to
> base64 ... and when it comes back into MailScanner again it
> recalculates the hash ... with the info from the mail ... and then
> compares the two string hashes ?
> Or am I totally lost here .. ?
>
>   
Yes exactly right - the Date is calculated from the Date field *NOT* the 
system date. 

The header is actually

X-MailScanner-Watermark: 1213961026.89637@zP9SzydkvnIBOgx58U4azQ


where the number before the @ is the expiry of the token.

matt
From kc5goi at gmail.com  Fri May 23 12:45:26 2008
From: kc5goi at gmail.com (Guy Story KC5GOI)
Date: Fri May 23 12:45:39 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
Message-ID: <4836AE56.2040704@kc5goi.net>

Devin Henderson wrote:
> Hi all. Im running the latest version of MailScanner on top of
> sendmail and SpamAssassin on CentOS 5.1. I want to avoid scanning any
> outgoing messages for spam because some of my users' outgoing mail is
> being marked as spam. How can I accomplish this?
>
> Also, I would like to recommend a new feature for future versions of
> MailScanner where scanning of outgoing and incoming messages can be
> enabled or disabled. i.e.:
>
> Scan Outgoing Messages = No
> Scan Incoming Messages = Yes
>
> Thanks. Looking forward to any help you guys can give me on this.
> Devin
>   
In the rules directory is a file for whitelisting.  You can put your 
desired IP address(s), IP address range, domain name,etc in there.

I have to agree that this is a bad idea.  If Spamassassin is tagging 
outbound as spam, others will tag it as well.

Guy
From shuttlebox at gmail.com  Fri May 23 12:54:31 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 23 12:54:40 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <4836AE56.2040704@kc5goi.net>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<4836AE56.2040704@kc5goi.net>
Message-ID: <625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>

On Fri, May 23, 2008 at 1:45 PM, Guy Story KC5GOI <kc5goi@gmail.com> wrote:
> In the rules directory is a file for whitelisting.  You can put your desired
> IP address(s), IP address range, domain name,etc in there.
>
> I have to agree that this is a bad idea.  If Spamassassin is tagging
> outbound as spam, others will tag it as well.

Yes, that's a bad idea as it doesn't lighten your load either. Applied
to Spam Checks it does.

-- 
/peter
From rcooper at dwford.com  Fri May 23 13:12:49 2008
From: rcooper at dwford.com (Rick Cooper)
Date: Fri May 23 13:13:14 2008
Subject: ClamAV 0.93 released
In-Reply-To: <Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk><48039AA2.9050905@ecs.soton.ac.uk><5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com><48051021.5010909@ecs.soton.ac.uk><1208464860.2962.75.camel@morticia.pert.com.ar><48160C77.5070602@USherbrooke.ca>
	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
Message-ID: <14BC51B1B1E04672AFFE98929A031F4D@SAHOMELT>

 
 > -----Original Message-----
 > From: mailscanner-bounces@lists.mailscanner.info 
 > [mailto:mailscanner-bounces@lists.mailscanner.info] On 
 > Behalf Of David Lee
 > Sent: Friday, May 23, 2008 7:22 AM
 > To: MailScanner discussion
 > Subject: Re: ClamAV 0.93 released
 > 
 > On Mon, 28 Apr 2008, Denis Beauchemin wrote:
 > 
 > > Leonardo Helman a ?crit :
 > > > Hi I'm using clamavmodule
 > > >
 > > >
 > > > I've made a patch for the Mail::ClamAV to compile (later 
 > I'll send it
 > > > to the Mail::ClamAV mantainer)
 > > >
 > > Hello,
 > >
 > > Anything new on the official Mail::ClamAV module? I just looked and
 > > version 0.21 still supports maxratio which have been 
 > removed from Clam
 > > 0.93...
 > >
 > > Since there are known exploits for 0.92 I am beginning to 
 > feel the urge
 > > to upgrade to 0.93...
 > 
 > Scott Beck has released version 0.22 of Mail::ClamAV in the 
 > last few days.
 > 
 > Could I suggest that some of us with test facilities and 
 > with a little
 > technical experience try the various combinations of the 
 > older and newer
 > versions of ClamAV and Mail::ClamAV and verify which 
 > combinations work and
 > fail?


There won't be much to test on the new release. As of 0.93 the clam source
dropped several items and replaced (most) with new. The latest Mail::ClamAV
will depend on the new vars when it pulls libclamav so it's not going to
work below version 0.93. This is the reason it must be updated everytime the
clam developers change the internals in a non-backward friendly way (which
is about every time)

Rick

 > 
 >  1. Old+old:  We know that the combined earlier versions work.
 > 
 >  2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
 >     ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
 >     someone provide details of what this breakage is?  Is 
 > there a quick
 >     recipe to reproduce the problem that ClamAV 0.93 had introduced?
 > 
 >  3. New + new: Julian's Clam+SA package would ultimately be 
 > new+new.  Can
 >     we verify that this fixes any previously verified 
 > breakage?  Also that
 >     it does not seem to introduce any new problems.
 > 
 >  4. Old ClamAV + new Mail::ClamAV: There are inevitably 
 > sites which use
 >     other sources (not Julian's package).  Can we check what 
 > happens with
 >     if someone were to upgrade their Mail::ClamAV module but 
 > leave the
 >     main ClamAV software back on 0.92?  (Probably not too 
 > important, but
 >     it would be a nice data point to complete the set...)
 > 
 > Given Julian's sadly enforced absence from work, I'm sure he would
 > appreciate it if we can do this tabulation for him.
 > 
 > 
 > -- 
 > 
 > :  David Lee                                I.T. Service          :
 > :  Senior Systems Programmer                Computer Centre       :
 > :  UNIX Team Leader                         Durham University     :
 > :                                           South Road            :
 > :  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
 > :  Phone: +44 191 334 2752                  U.K.                  :
 > --
 > MailScanner mailing list
 > mailscanner@lists.mailscanner.info
 > http://lists.mailscanner.info/mailman/listinfo/mailscanner
 > 
 > Before posting, read http://wiki.mailscanner.info/posting
 > 
 > Support MailScanner development - buy the book off the website!
 > 
 > --
 > This message has been scanned for viruses and
 > dangerous content by MailScanner, and is
 > believed to be clean.
 > 
 > 


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


From mikael at syska.dk  Fri May 23 14:29:53 2008
From: mikael at syska.dk (Mikael Syska)
Date: Fri May 23 14:30:05 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <4836ADAA.1010302@coders.co.uk>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
	<4836773A.7070504@coders.co.uk>
	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>
	<4836ADAA.1010302@coders.co.uk>
Message-ID: <6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>

Hi,

On Fri, May 23, 2008 at 1:42 PM, Matt Hampton <spamlists@coders.co.uk> wrote:
>
>>> The only problem I see is converting the date in to a unix time stamp...
>>>
>>
>> Well, maybe ... dont know yet.
>>
>> So .... just to make things clear ... its a MD5 hash ... converted to
>> base64 ... and when it comes back into MailScanner again it
>> recalculates the hash ... with the info from the mail ... and then
>> compares the two string hashes ?
>> Or am I totally lost here .. ?
>>
>>
>
> Yes exactly right - the Date is calculated from the Date field *NOT* the
> system date.
> The header is actually
>
> X-MailScanner-Watermark: 1213961026.89637@zP9SzydkvnIBOgx58U4azQ
>
>
> where the number before the @ is the expiry of the token.
>


return Digest::MD5::md5_base64(join("\$\%", $expiry, $email, $date,
$secret,$msgid));

$expiry == is what ... days from the MailScanner.Conf converted to ???
and is this also added to the hash ... ???
$email == From mail taken from the header. But converted to a Unix timestamp
$secret == From the MailScanner.Conf file
$date == also taken from the email header.
$msgid == also taken from the haeder.


so ... its joined with the $% ( the \ is escaping right ? )

like "expiry$%email$%date(timestamp)$%sescret$%msgid" and the hash is
taken from that ?

So what are the Expiry token ... ?

Sorry about these all these maybe stupid questions ... but I want to
do it right the first time ... so I'm 100% sure its the right way when
I'm trying to make the Watermark myself ... in a winblows system :-p

// ouT, Mikael Syska
From spamlists at coders.co.uk  Fri May 23 14:52:08 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Fri May 23 14:52:52 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>	<4836773A.7070504@coders.co.uk>	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>	<4836ADAA.1010302@coders.co.uk>
	<6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>
Message-ID: <4836CC08.1010906@coders.co.uk>

Mikael Syska wrote:
> $expiry == is what ... days from the MailScanner.Conf converted to ???
> and is this also added to the hash ... ???
> $email == From mail taken from the header. But converted to a Unix timestamp
> $secret == From the MailScanner.Conf file
> $date == also taken from the email header.
> $msgid == also taken from the haeder.
>
>   
$expiry=unix timestamp of when the watermark expires
$email= is the from email address (lower case) in the smtp transaction

The rest is spot on.
> so ... its joined with the $% ( the \ is escaping right ? )
>
> like "expiry$%email$%date(timestamp)$%sescret$%msgid" and the hash is
> taken from that ?
>
> So what are the Expiry token ... ?
>   
The expiry token is so that the code can throw away expired tokens 
without having to calculate the hash.
> Sorry about these all these maybe stupid questions ... but I want to
> do it right the first time ... so I'm 100% sure its the right way when
> I'm trying to make the Watermark myself ... in a winblows system :-p
>
>   
That's OK - I wrote the code orignally so I know how it works so when 
explaining it I make assumptions that you know about it!

matt
From paul at welshfamily.com  Fri May 23 15:09:37 2008
From: paul at welshfamily.com (Paul Welsh)
Date: Fri May 23 15:11:50 2008
Subject: OT: greylistd
Message-ID: <6D6D5D4F42D1420181EC6C7FD28950AF@bct.local>

Ren? Berber wrote:

> One thing that
> seems wrong, the default socket is /var/run/greylstd/greylstd.sock

Aha!  You are talking about greylstd not greylistd!

I looked at greylstd but could only find a Debian apt install for it.  I'm 
running Centos 4.

Also, the Google hits put me off - greylistd 37,400 vs greylstd 1,790 - so I 
figured it wasn't very popular.

If you could give me some more clues on installation under Centos 4 then 
I'll give it a go.

How long has it been around?

Cheers

Paul 

From ms-list at alexb.ch  Fri May 23 15:18:35 2008
From: ms-list at alexb.ch (Alex Broens)
Date: Fri May 23 15:18:52 2008
Subject: ClamAV 0.93 released
In-Reply-To: <Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>
	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
Message-ID: <4836D23B.8070109@alexb.ch>

On 5/23/2008 1:21 PM, David Lee wrote:
> On Mon, 28 Apr 2008, Denis Beauchemin wrote:
> 
>> Leonardo Helman a ?crit :
>>> Hi I'm using clamavmodule
>>>
>>>
>>> I've made a patch for the Mail::ClamAV to compile (later I'll send it
>>> to the Mail::ClamAV mantainer)
>>>
>> Hello,
>>
>> Anything new on the official Mail::ClamAV module? I just looked and
>> version 0.21 still supports maxratio which have been removed from Clam
>> 0.93...
>>
>> Since there are known exploits for 0.92 I am beginning to feel the urge
>> to upgrade to 0.93...
> 
> Scott Beck has released version 0.22 of Mail::ClamAV in the last few days.
> 
> Could I suggest that some of us with test facilities and with a little
> technical experience try the various combinations of the older and newer
> versions of ClamAV and Mail::ClamAV and verify which combinations work and
> fail?
> 
>  1. Old+old:  We know that the combined earlier versions work.
> 
>  2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
>     ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
>     someone provide details of what this breakage is?  Is there a quick
>     recipe to reproduce the problem that ClamAV 0.93 had introduced?
> 
>  3. New + new: Julian's Clam+SA package would ultimately be new+new.  Can
>     we verify that this fixes any previously verified breakage?  Also that
>     it does not seem to introduce any new problems.
> 
>  4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use
>     other sources (not Julian's package).  Can we check what happens with
>     if someone were to upgrade their Mail::ClamAV module but leave the
>     main ClamAV software back on 0.92?  (Probably not too important, but
>     it would be a nice data point to complete the set...)
> 
> Given Julian's sadly enforced absence from work, I'm sure he would
> appreciate it if we can do this tabulation for him.

Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old 
versions of MS


From ghorvath at novell.com  Fri May 23 15:59:33 2008
From: ghorvath at novell.com (Gellert Horvath)
Date: Fri May 23 15:59:46 2008
Subject: attachments embedded in mail
Message-ID: <4836E9E50200000B004EB3E4@vpn.id2.novell.com>

Hi!

I have a similar issue, but worse. In some case when users send mail to many users (20 ore more. cant tell exatly), and
attaching an .doc file, then message gets corrupted, and the recepient cant read it. The attachment is in the message
body as a binary file. Re sending the mail reproduce the error.

I am looking for the error source since months but cant isolate or reproduce the problem with other recepients. We use
GroupWise and the MS is the smtp gateway to the internet.

Can anybody tell me, if this is a GroupWise , MailScanner or SpamAssassin related error?

TIA, Gell?rt

> --=__Part00297472.119__=
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> Content-Description: HTML
>
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
> <META content=3D"MSHTML 6.00.2900.3268" name=3DGENERATOR></HEAD>
> <BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
> <DIV>&nbsp;</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Horn L=C3=A1szl=C3=B3</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Nemzeti K=C3=B6zleked=C3=A9si 
> Hat=C3=B3s=C3=A1g,<BR>K=C3=B6z=C3=A9p-ma=
> gyarorsz=C3=A1gi Region=C3=A1lis Igazgat=C3=B3s=C3=A1g,<BR>Pest Megyei 
> Kire=
> ndelts=C3=A9g,<BR>K=C3=B6z=C3=BAti J=C3=A1rm=C5=B1 
> Oszt=C3=A1ly<BR>C=C3=ADm=
> : 1141 Budapest, Kom=C3=B3csy u. 17-19.<BR>Lev=C3=A9lc=C3=ADm: 1576 
> Budapes=
> t 141, Pf. 25.<BR>Telefon: +36 (1) 460-2210<BR>Fax: +36 (1) 460-2284</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Ez az e-mail kiz=C3=A1r=C3=B3lag a c=C3=ADmzettnek sz=C3=B3l =C3=A9s 
> b=
> izalmas inform=C3=A1ci=C3=B3kat tartalmaz. Amennyiben =C3=96n(=C3=B6k) nem 
> =
> a c=C3=ADmzett f=C3=A9l, a k=C3=BCldem=C3=A9ny b=C3=A1rmilyen c=C3=A9l=C3=
> =BA felhaszn=C3=A1l=C3=A1sa nem megengedett, ide=C3=A9rtve a 
> m=C3=A1sol=C3=
> =A1st =C3=A9s tov=C3=A1bb=C3=ADt=C3=A1st is. Ha a k=C3=BCldem=C3=A9ny 
> t=C3=
> =A9ved=C3=A9sb=C5=91l ker=C3=BClt =C3=96n(=C3=B6k)h=C3=B6z, 
> k=C3=A9rj=C3=BC=
> k jelezz=C3=A9k a felad=C3=B3nak.</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>This e-mail message contains confidential information and should only 
> =
> be read by the addressee. If you are not the addressee - to whom it is 
> addr=
> essed - you are not allowed to use this consignment, nor copy or forward 
> it=
> . If you have received this e-mail message in error, please notify the 
> send=
> er. <BR></DIV></BODY><br />--=20
> <br />This message has been scanned for viruses and
> <br />dangerous content by
> <a href=3D"http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
> <br />believed to be clean.
> </HTML>
>
> --=__Part00297472.119__=--
>
> --=__Part00297472.118__=
> Content-Type: application/msword; 
> name="=?UTF-8?Q?2239=20k=C3=B6rlev=C3=A9?=
> =?UTF-8?Q?l=5Fnyilv=C3=A1ntart=C3=A1s=20megsz=C3=BCntet=C3=A9se=204-2-1?=
> =?UTF-8?Q?=20-=202008-04-29.doc?="
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment; filename="=?UTF-8?Q?2239=20k=C3=B6rlev?=
> =?UTF-8?Q?=C3=A9l=5Fnyilv=C3=A1ntart=C3=A1s=20megsz=C3=BCntet=C3=A9se=20?=
> =?UTF-8?Q?4-2-1=20-=202008-04-29.doc?="
>
> 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAAC
> AAAApwAAAAAAAAAAEAAAqQAAAAEAAAD+////AAAAAKUAAACmAAAA////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ////////////////////////////////////////////////////////////
> ///////////////////////spcEABUAOBAAA+BK/AAAAAAAAEAAAAAAABgAA
> QhsAAA4AYmpiau5G7kYAAAAAAAAAAAAAAAAAAAAAAAAOBBYAoh4AAIwsAACM
> LAAANQMAAAAAAABrAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w8AAAAAAAAA
> AAD//w8AAAAAAAAAAAD//w8AAAAAAAAAAAA> AAAAAAAAAAAAAFYDAAAAAAAAmgoAAAAAAACaCgAAAAAAAJoKAABoAAAAAgsA
> ABQAAAAWCwAAHAAAAFYDAAAAAAAAYREAAC4BAAA+CwAAAAAAAD4LAAAAAAAA
> PgsAAAAAAAA+CwAAAAAAAD4LAAAAAAAAeg0AAAAAAAB6DQAAAAAAAHoNAAAA
> AAAA1BAAAAIAAADWEAAAAAAAANYQAAAAAAAA1hAAAAAAAADWEAAAAAAAANYQ

....

> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
>
> --=__Part00297472.118__=--
>
>
> 
From jonas at vrt.dk  Fri May 23 16:07:16 2008
From: jonas at vrt.dk (Jonas)
Date: Fri May 23 16:09:38 2008
Subject: Mailscanner watermarks and compatibility with other systems
Message-ID: <09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>

Hi list
 
I've looked into the watermarking features of MS to see if i coudl try and combat the backscatter we are attacked by.
 
My problem though, is i can not make all the clients send through mailscanner, nor am I interested in making them send through MS from an infrastructural oppinion.
 
So my question is: Do anybody know any watermarking system that is compatible with Microsoft exchange?
 
More or less all the mail we scan have end users on exchange servers, so i need some sort of event-sink (exchange plugin) or similar that can stamp outgoing mail on the exchange servers and then i can check for that watermark in MS.
 
Obviously the algorythms needs to be compatible and the same key need to be applied on the systems.
 
But this would make it MUCH easier to deploy watermarking for us.
 
So i'm wondering if im alone in this issue, or if somebody else have the same needs? Or even a solution.
 
Hope to hear from somebody :)
 
Best regards
 
Jonas A. Larsen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080523/64cb1831/attachment.html
From jan-peter at koopmann.eu  Fri May 23 17:46:12 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Fri May 23 17:46:37 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
Message-ID: <EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>

So all users are using Exchange and send mail through Exchange? That
usually is the harder part.

 
But you do not want Exchange to send outgoing mail through MailScanner?
That usually is the easier part.

 
I am a bit confused. But depending on the MTA you can solve it there
(milter-ahead?) or use commercial software like BarricadeMX to do the
watermarking without the MailScanner "overhead". 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080523/eb4b5d3c/attachment.html
From itdept at fractalweb.com  Fri May 23 18:41:43 2008
From: itdept at fractalweb.com (Chris Yuzik)
Date: Fri May 23 18:42:09 2008
Subject: in-sanesecurity
Message-ID: <483701D7.90804@fractalweb.com>

Hi Everyone,

We're running MailScanner with ClamAV and got nailed again by an overly 
broad sanesecurity definition that started hitting on almost every 
second message going through our server. The rule is 
"Email.ScamL.Gen340.Sanesecurity.07051404".

I have unfortunately had to disable sanesecurity altogether for now, and 
am having to release almost 500 legit email messages from the quarantine.

Anyone else having issues with this one?

Cheers,
Chris
From jonas at vrt.dk  Fri May 23 18:48:49 2008
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Fri May 23 18:48:56 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <02d201c8bcfd$419c9df0$c4d5d9d0$@dk>

Mmmm not sure which part you are confused about? We do not send outgoing
mail through our Mailscanner cluster (and do not want to)

 
Our exchange servers send outgoing mail directly to the receiving smtp
server. There for Im not sure how milter-ahead or BarricadeMX has relevance?

 
Im looking for something for exchange to support watermarking natively in
exchange, as I wrote, a plugin or similar that makes exchange possible to
watermark stamp outgoing mail with watermarks MS can process.

 
Hope that clears it up.

 
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann,
Jan-Peter
Sent: 23. maj 2008 18:46
To: MailScanner discussion
Subject: RE: Mailscanner watermarks and compatibility with other systems

 
So all users are using Exchange and send mail through Exchange? That usually
is the harder part.

 
But you do not want Exchange to send outgoing mail through MailScanner? That
usually is the easier part.

 
I am a bit confused. But depending on the MTA you can solve it there
(milter-ahead?) or use commercial software like BarricadeMX to do the
watermarking without the MailScanner "overhead". 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080523/d0ed46fe/attachment.html
From jan-peter at koopmann.eu  Fri May 23 18:50:53 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Fri May 23 18:51:18 2008
Subject: in-sanesecurity
In-Reply-To: <EMEW-k4MJjZ223b0f8ed6763ae3d4639735e3c879ff-483701D7.90804@fractalweb.com>
References: <EMEW-k4MJjZ223b0f8ed6763ae3d4639735e3c879ff-483701D7.90804@fractalweb.com>
Message-ID: <EMEW-k4MJp93a6847c07db741e75e01c4be52a07e26-5F9EB2B0731E5B4D88FC20780DFD161029CDD5@DE-SEXB01RZ.intern.seceidos.de>

All seems ok here. However the hourly rsync failed with a temporary name
resolution error. So maybe I just have not received the problematic
signature yet.
From r.berber at computer.org  Fri May 23 18:54:02 2008
From: r.berber at computer.org (=?ISO-8859-1?Q?Ren=E9_Berber?=)
Date: Fri May 23 18:54:29 2008
Subject: OT: greylistd
In-Reply-To: <6D6D5D4F42D1420181EC6C7FD28950AF@bct.local>
References: <6D6D5D4F42D1420181EC6C7FD28950AF@bct.local>
Message-ID: <g170bn$i6i$1@ger.gmane.org>

Paul Welsh wrote:

> Ren? Berber wrote:
> 
>> One thing that
>> seems wrong, the default socket is /var/run/greylstd/greylstd.sock
> 
> Aha!  You are talking about greylstd not greylistd!

Oops, you're right!  Two different beasts.

> I looked at greylstd but could only find a Debian apt install for it.  I'm 
> running Centos 4.

I installed from source.  But there are Debian and Ubuntu packages.

> Also, the Google hits put me off - greylistd 37,400 vs greylstd 1,790 - so I 
> figured it wasn't very popular.
> 
> If you could give me some more clues on installation under Centos 4 then 
> I'll give it a go.
> 
> How long has it been around?

Judging from http://greylstd.cmeerw.org/ and the code I have, the 
current version is 2 years old.  I been using it for a year, probably 
more, not one problem, the only part that need attention are the Hotmail 
/ Google / Yahoo and similar that retry from a different IP, you white 
list the whole domain.

It's just one source code file in C, python fans hate this but C is 
leaner and faster.  The real documentation is in the site above.
-- 
Ren? Berber

From Denis.Beauchemin at USherbrooke.ca  Fri May 23 19:02:09 2008
From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin)
Date: Fri May 23 19:02:30 2008
Subject: in-sanesecurity
In-Reply-To: <483701D7.90804@fractalweb.com>
References: <483701D7.90804@fractalweb.com>
Message-ID: <483706A1.5080004@USherbrooke.ca>

Chris Yuzik a ?crit :
> Hi Everyone,
>
> We're running MailScanner with ClamAV and got nailed again by an 
> overly broad sanesecurity definition that started hitting on almost 
> every second message going through our server. The rule is 
> "Email.ScamL.Gen340.Sanesecurity.07051404".
>
> I have unfortunately had to disable sanesecurity altogether for now, 
> and am having to release almost 500 legit email messages from the 
> quarantine.
>
> Anyone else having issues with this one?
>
> Cheers,
> Chris
None received here so far... and I have the def in scam.ndb.

Denis

-- 
   _
  ?v?   Denis Beauchemin, analyste
 /(_)\  Universit? de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045


From lists at tippingmar.com  Fri May 23 19:56:33 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Fri May 23 19:56:51 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
Message-ID: <48371361.7070106@tippingmar.com>

Jonas A. Larsen wrote:
>
> Mmmm not sure which part you are confused about? We do not send 
> outgoing mail through our Mailscanner cluster (and do not want to)
>
>  
>
> Our exchange servers send outgoing mail directly to the receiving smtp 
> server. There for Im not sure how milter-ahead or BarricadeMX has 
> relevance?
>
>  
>
> Im looking for something for exchange to support watermarking natively 
> in exchange, as I wrote, a plugin or similar that makes exchange 
> possible to watermark stamp outgoing mail with watermarks MS can process.
>
>  
>
> Hope that clears it up.
>

Are you using the spamassassin Vbounce plugin?  It serves a similar 
function as the watermarking.  In your case you would list your outgoing 
exchange servers in the

whitelist_bounce_relays

http://wiki.apache.org/spamassassin/VBounceRuleset

If you don't want to redirect the incoming bounces to a folder, as 
described in the wiki article, you can instead add points to them in 
spamassassin with something like

score BOUNCE_MESSAGE 5

Mark

From devin.lists at gmail.com  Fri May 23 20:21:25 2008
From: devin.lists at gmail.com (Devin Henderson)
Date: Fri May 23 20:21:37 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<4836AE56.2040704@kc5goi.net>
	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>
Message-ID: <b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>

To everyone:

Thanks for your ideas and information on this. A couple things I
wanted to mention:

There really is no "spaminess" to the outgoing mail that is being
marked as spam. We are a large irrigation equipment distributor and
engineering firm and unless words like sprinkler, valve, pipe and
quote are considered spammy there is no "spaminess" here (unless one
of my users has selected tons of legitimate irrigation emails and
marked them as Spam through sa-learn). I suspect one of the reasons
this is happening is because I have my spam score variables very low
because of the inability in the past of my spam filter to successfully
catch all of the spam we get (we've got a one dictionary word domain,
maybe that is one cause for so much spam). Currently my Required
SpamAssassin Score is 2 and my High SpamAssasin Score is 5. Since
adding spamhaus blacklists to my config this has improved and I think
it may be time to raise the spam score levels up to a more standard
level but I'm still receiving some mail that to *me* appears to be
very obvious spam but either receives a score of 1 or has no score and
is simply marked 'Found to be clean' and X-Spam-Status: No.

I have about 100 users and these are guys who could be in any of our 5
offices, in their truck in any number of other states, some who work
from home in other states, and even users who frequent Mexico for
engineering jobs. My point is, keeping up with these IP ranges is out
of the question. I have added all of my known users' email addresses
to my scan.messages.rules ruleset for now but even this is a fairly
shoddy solution because I have to manually add addresses to this file
when new users are created, something that others besides myself do to
the system from time to time.

If there are any more thoughts on the issue or recommendations for my
setup I would really appreciate it.

Thanks again,
Devin


On Fri, May 23, 2008 at 5:54 AM, shuttlebox <shuttlebox@gmail.com> wrote:
> On Fri, May 23, 2008 at 1:45 PM, Guy Story KC5GOI <kc5goi@gmail.com> wrote:
>> In the rules directory is a file for whitelisting.  You can put your desired
>> IP address(s), IP address range, domain name,etc in there.
>>
>> I have to agree that this is a bad idea.  If Spamassassin is tagging
>> outbound as spam, others will tag it as well.
>
> Yes, that's a bad idea as it doesn't lighten your load either. Applied
> to Spam Checks it does.
>
> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From devin.lists at gmail.com  Fri May 23 20:28:43 2008
From: devin.lists at gmail.com (Devin Henderson)
Date: Fri May 23 20:28:52 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<4836AE56.2040704@kc5goi.net>
	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>
	<b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>
Message-ID: <b601e5520805231228i7b345cgf2c370aa7912d9d8@mail.gmail.com>

Sorry, just a couple more things:

@ David Lee:
I completely agree with you. Mail scanning systems should be in place
and configured in order to help *everyone* as a whole. Having said
that, the priority for me, in my job, is to keep my users' legitimate
emails flowing freely and I want to do everything I can to accomplish
that.

Also, I've been using scan.messages.rules to stop spam scanning on
outgoing users' messages but I am just realizing that I should instead
be using spam.whitelist.rules because I want these messages to avoid
being marked as spam but I still want them checked for viruses. Let me
know if my logic is flawed here. For now I will be moving my outgoing
address rules to spam.whitelist.rules.

Thanks,
Devin


On Fri, May 23, 2008 at 1:21 PM, Devin Henderson <devin.lists@gmail.com> wrote:
> To everyone:
>
> Thanks for your ideas and information on this. A couple things I
> wanted to mention:
>
> There really is no "spaminess" to the outgoing mail that is being
> marked as spam. We are a large irrigation equipment distributor and
> engineering firm and unless words like sprinkler, valve, pipe and
> quote are considered spammy there is no "spaminess" here (unless one
> of my users has selected tons of legitimate irrigation emails and
> marked them as Spam through sa-learn). I suspect one of the reasons
> this is happening is because I have my spam score variables very low
> because of the inability in the past of my spam filter to successfully
> catch all of the spam we get (we've got a one dictionary word domain,
> maybe that is one cause for so much spam). Currently my Required
> SpamAssassin Score is 2 and my High SpamAssasin Score is 5. Since
> adding spamhaus blacklists to my config this has improved and I think
> it may be time to raise the spam score levels up to a more standard
> level but I'm still receiving some mail that to *me* appears to be
> very obvious spam but either receives a score of 1 or has no score and
> is simply marked 'Found to be clean' and X-Spam-Status: No.
>
> I have about 100 users and these are guys who could be in any of our 5
> offices, in their truck in any number of other states, some who work
> from home in other states, and even users who frequent Mexico for
> engineering jobs. My point is, keeping up with these IP ranges is out
> of the question. I have added all of my known users' email addresses
> to my scan.messages.rules ruleset for now but even this is a fairly
> shoddy solution because I have to manually add addresses to this file
> when new users are created, something that others besides myself do to
> the system from time to time.
>
> If there are any more thoughts on the issue or recommendations for my
> setup I would really appreciate it.
>
> Thanks again,
> Devin
>
>
> On Fri, May 23, 2008 at 5:54 AM, shuttlebox <shuttlebox@gmail.com> wrote:
>> On Fri, May 23, 2008 at 1:45 PM, Guy Story KC5GOI <kc5goi@gmail.com> wrote:
>>> In the rules directory is a file for whitelisting.  You can put your desired
>>> IP address(s), IP address range, domain name,etc in there.
>>>
>>> I have to agree that this is a bad idea.  If Spamassassin is tagging
>>> outbound as spam, others will tag it as well.
>>
>> Yes, that's a bad idea as it doesn't lighten your load either. Applied
>> to Spam Checks it does.
>>
>> --
>> /peter
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>
From jonas at vrt.dk  Fri May 23 20:29:30 2008
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Fri May 23 20:29:37 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <48371361.7070106@tippingmar.com>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
	<48371361.7070106@tippingmar.com>
Message-ID: <02e901c8bd0b$52757b20$f7607160$@dk>

>Are you using the spamassassin Vbounce plugin?  It serves a similar
>function as the watermarking.  In your case you would list your outgoing
>exchange servers in the
>
>whitelist_bounce_relays
>
>http://wiki.apache.org/spamassassin/VBounceRuleset
>
>If you don't want to redirect the incoming bounces to a folder, as
>described in the wiki article, you can instead add points to them in
>spamassassin with something like
>
>score BOUNCE_MESSAGE 5
>
>Mark
>


Hi Mark

Good suggestion, but yes I am already using the VBounce plugin to combat
backscatter.

The VBounce ruleset helps, but not enough, I'd say it fires on about 7/10
backscatter mails. And I have adjusted the scores so they are blocked.

But there are lots it does not fire on, I often see quota exceeded in other
languages than English, and vacation messages etc that are not caught by
VBounce.

And you can imagine that if a user gets 500 bouncebacks from a spamattack
using his e-mail address, if even 1/10 aren't blocked by VBounce then he
finds himself with 50 useless mails in his inbox.

I saw in another thread that Mikael Syska said something about implementing
the watermarking code from MS in windows, I can only hope he may be working
on some sort of addin for exchange?

Because as I see it that would be precisely what I need, and the only real
way to combat backscatter, if I can't or aren't willing to let all the
exchange serers send through our mailscanner installation.

Best regards

Jonas A. Larsen

From ssilva at sgvwater.com  Fri May 23 22:37:06 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 23 22:37:07 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
Message-ID: <g17ddc$r9g$1@ger.gmane.org>

on 5-23-2008 10:48 AM Jonas A. Larsen spake the following:
> Mmmm not sure which part you are confused about? We do not send outgoing 
> mail through our Mailscanner cluster (and do not want to)
> 
>  
> 
> Our exchange servers send outgoing mail directly to the receiving smtp 
> server. There for Im not sure how milter-ahead or BarricadeMX has relevance?
> 
>  
> 
> Im looking for something for exchange to support watermarking natively 
> in exchange, as I wrote, a plugin or similar that makes exchange 
> possible to watermark stamp outgoing mail with watermarks MS can process.
> 
>  
> 
> Hope that clears it up.
> 
>  
You unwillingness to relay your outgoing mail through mailscanner will 
probably limit your choices.
If you must do it your way, you might have to write something yourself. 
Unix/linux and windows are different in enough ways to make it very difficult.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080523/d08fd73a/signature-0001.bin
From glenn.steen at gmail.com  Sat May 24 00:22:49 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat May 24 00:22:58 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <g17ddc$r9g$1@ger.gmane.org>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk> <g17ddc$r9g$1@ger.gmane.org>
Message-ID: <223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>

2008/5/23 Scott Silva <ssilva@sgvwater.com>:
> on 5-23-2008 10:48 AM Jonas A. Larsen spake the following:
>>
>> Mmmm not sure which part you are confused about? We do not send outgoing
>> mail through our Mailscanner cluster (and do not want to)
>>
>>
>> Our exchange servers send outgoing mail directly to the receiving smtp
>> server. There for Im not sure how milter-ahead or BarricadeMX has relevance?
>>
>>
>> Im looking for something for exchange to support watermarking natively in
>> exchange, as I wrote, a plugin or similar that makes exchange possible to
>> watermark stamp outgoing mail with watermarks MS can process.
>>
>>
>> Hope that clears it up.
>>
>>
>
> You unwillingness to relay your outgoing mail through mailscanner will
> probably limit your choices.
> If you must do it your way, you might have to write something yourself.
> Unix/linux and windows are different in enough ways to make it very
> difficult.
>
CC to that. I'm pretty certain there's nothing "ready to use", and
that you'll need type something up yourself to use directly in your
exchange server(s).

I think what J-P alluded to is simply that *if* the unwillingness to
relay through MS is due to concerns of it adversely affecting your
"sending performance" or something similar, you can use BarricadeMX
(that has a very "light footprint", and will be virtually transparent,
performance-wise) to obtain the same functionality.
Further he (as I read it at least) point to the fact that getting
everyone to use a unified relay (or set of relays) is usually a much
more ... intricate problem to solve, than configuring your MS cluster
so that the handling of outgoing mail is as "light" as you want it to
be. If you still don't want to let MS handle the load, then setting a
BarricadeMX in front of your MS cluster _and_ set all your senders to
relay through it for outgoing would be a very simple to do.

In my view, it is irresponsible to not at least AV-scan outgoing mail,
and further ... not wise at all to let M-Sexchange talk directly to
the net, regardless if it is "only" outgoing. Just my opinion, of
course:-). Perhaps you've solved that part of it in exchange already,
perhaps not... impossible to tell for sure with what you've told
us:-).

Perhaps I/we would understand your reluctance to relay through your MS
cluster more, if you told us a bit about your reasoning there...?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mikael at syska.dk  Sat May 24 00:40:47 2008
From: mikael at syska.dk (Mikael Syska)
Date: Sat May 24 00:41:03 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <4836CC08.1010906@coders.co.uk>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
	<4836773A.7070504@coders.co.uk>
	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>
	<4836ADAA.1010302@coders.co.uk>
	<6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>
	<4836CC08.1010906@coders.co.uk>
Message-ID: <6beca9db0805231640o1395643m5211255f6506a1ce@mail.gmail.com>

Hi,

I will look into in in the near future ... and that was tonight.

Just look and I guess i'm a little supprised allready ... if there are
any notes about it ( I'm not the biggest Perl programmer )

I converted the following to:
Friday, May 30th 2008, 08:05:51 converted to 1212134751 (GMT)
Which is not the same as in the mail ....

There seem to to a little diff ( 3 seconds, is this the scan time ? )
is expiry in that field just timestamp from the system ... since if
off by a few seconds ?

And what are the . ( dot ) denoting ? spilt between expiry and ?

The rest after the @ i guess is the md5 base64 string ?

.NET code ...
DateTime dt1 = new DateTime(1970, 1, 1, 0,0,0,0);
DateTime dt2 = new DateTime(2008, 5, 23, 10 - 2, 5, 51).AddDays(7);
TimeSpan ts = dt2 - dt1; // TimeSpan holds the TotalSeconds alias Unix Timestamp

does there seem to be any thing wrong here when trying to calc the
Expiry ? ( since it dont match the one in the mail )

This is my mail headers:
Return-Path: <root@mailtrap.dk>
X-Original-To: syska@mailtrap.dk
Delivered-To: syska@mailtrap.dk
Received: by spamtest.xxx.dk (Postfix, from userid 0)
     id CB4BF4A6456; Fri, 23 May 2008 10:05:51 +0200 (CEST)
To: syska@mailtrap.dk
Subject: test ... 123 med watermarking
Message-Id: <20080523080551.CB4BF4A6456@spamtest.xxx.dk>
Date: Fri, 23 May 2008 10:05:51 +0200 (CEST)
From: root@mailtrap.dk (Charlie Root)
MIME-Version: 1.0
X-MailTrapper-MailScanner-Watermark: 1212134754.65295@D1c/v4KnCSBJFymhGtSIPg
X-MailTrapper-MailScanner-Information: Please contact the ISP for more
information
X-MailScanner-ID: CB4BF4A6456.62A4F
X-MailTrapper-MailScanner: Found to be clean
X-MailTrapper-MailScanner-From: root@mailtrap.dk
X-Spam-Status: No

On Fri, May 23, 2008 at 3:52 PM, Matt Hampton <spamlists@coders.co.uk> wrote:
> Mikael Syska wrote:
>>
>> $expiry == is what ... days from the MailScanner.Conf converted to ???
>> and is this also added to the hash ... ???
>> $email == From mail taken from the header. But converted to a Unix
>> timestamp
>> $secret == From the MailScanner.Conf file
>> $date == also taken from the email header.
>> $msgid == also taken from the haeder.
>>
>>
>
> $expiry=unix timestamp of when the watermark expires
> $email= is the from email address (lower case) in the smtp transaction
>
> The rest is spot on.

Nice, its friday, and my brain aint totally cooked.

>>
>> so ... its joined with the $% ( the \ is escaping right ? )
>>
>> like "expiry$%email$%date(timestamp)$%sescret$%msgid" and the hash is
>> taken from that ?
>>
>> So what are the Expiry token ... ?
>>
>
> The expiry token is so that the code can throw away expired tokens without
> having to calculate the hash.

ohhh, saves some time :-)
>>
>> Sorry about these all these maybe stupid questions ... but I want to
>> do it right the first time ... so I'm 100% sure its the right way when
>> I'm trying to make the Watermark myself ... in a winblows system :-p
>>
>>
>
> That's OK - I wrote the code orignally so I know how it works so when
> explaining it I make assumptions that you know about it!

hehe ... :-) Every thing is also easier to know, when yourself is the
creator of it.

best regards
Mikael Syska
From jonas at vrt.dk  Sat May 24 01:13:21 2008
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Sat May 24 01:13:29 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
	<g17ddc$r9g$1@ger.gmane.org>
	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
Message-ID: <031b01c8bd32$f9855b20$ec901160$@dk>

>> You unwillingness to relay your outgoing mail through mailscanner will
>> probably limit your choices.
>> If you must do it your way, you might have to write something
>yourself.
>> Unix/linux and windows are different in enough ways to make it very
>> difficult.
>>
>CC to that. I'm pretty certain there's nothing "ready to use", and
>that you'll need type something up yourself to use directly in your
>exchange server(s).
>
>I think what J-P alluded to is simply that *if* the unwillingness to
>relay through MS is due to concerns of it adversely affecting your
>"sending performance" or something similar, you can use BarricadeMX
>(that has a very "light footprint", and will be virtually transparent,
>performance-wise) to obtain the same functionality.
>Further he (as I read it at least) point to the fact that getting
>everyone to use a unified relay (or set of relays) is usually a much
>more ... intricate problem to solve, than configuring your MS cluster
>so that the handling of outgoing mail is as "light" as you want it to
>be. If you still don't want to let MS handle the load, then setting a
>BarricadeMX in front of your MS cluster _and_ set all your senders to
>relay through it for outgoing would be a very simple to do.
>
>In my view, it is irresponsible to not at least AV-scan outgoing mail,
>and further ... not wise at all to let M-Sexchange talk directly to
>the net, regardless if it is "only" outgoing. Just my opinion, of
>course:-). Perhaps you've solved that part of it in exchange already,
>perhaps not... impossible to tell for sure with what you've told
>us:-).
>
>Perhaps I/we would understand your reluctance to relay through your MS
>cluster more, if you told us a bit about your reasoning there...?
>
 Well the special thing about us is, we scan incoming mail for lots of
servers/domains we do not control. So it's quite simple, I cannot make
servers I do not control send through my MS cluster nor any other solution
(barricade etc), even if I wanted to.

But if you follow the thread "Watermarking, what does it actually consist of
..." it looks like Mikael Syska is implementing precisely what I was
describing earlier.

So with some luck we can get him to publish his exchange addin when he's
done if he manages to make it work :)

Best regards
Jonas A. Larsen

From jonas at vrt.dk  Sat May 24 01:16:23 2008
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Sat May 24 01:16:30 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <6beca9db0805231640o1395643m5211255f6506a1ce@mail.gmail.com>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>	<4836773A.7070504@coders.co.uk>	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>	<4836ADAA.1010302@coders.co.uk>	<6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>	<4836CC08.1010906@coders.co.uk>
	<6beca9db0805231640o1395643m5211255f6506a1ce@mail.gmail.com>
Message-ID: <031c01c8bd33$662b3ab0$3281b010$@dk>

Hi Mikael

Not sure if you noticed but i actually started up a new thread today or well
yesterday I guess (its getting late) about precisely the same topic that
you're dealing with. Namely how to stamp outgoing mail with the same type of
watermark that MS uses natively in exchange.

SO what are the odds of you sharing your code? :)

Maybe I could help you test it if that makes things easier for you? I can
install it on both exchange 2003 and 2007.

Also I do have some limited scripting skills so if you run out of ideas I'd
be more than happy to try and help out.

Anyway let us know how it progresses :)

Best regards

Jonas A. Larsen


From mikael at syska.dk  Sat May 24 01:36:00 2008
From: mikael at syska.dk (Mikael Syska)
Date: Sat May 24 01:36:15 2008
Subject: Watermarking, what does it actually consist of ...
In-Reply-To: <031c01c8bd33$662b3ab0$3281b010$@dk>
References: <6beca9db0805230037l799876f8m859303d27b5faf2e@mail.gmail.com>
	<4836773A.7070504@coders.co.uk>
	<6beca9db0805230419m1948e1c9qb5171514541ee08f@mail.gmail.com>
	<4836ADAA.1010302@coders.co.uk>
	<6beca9db0805230629n426dc37fnb5b8a778be108024@mail.gmail.com>
	<4836CC08.1010906@coders.co.uk>
	<6beca9db0805231640o1395643m5211255f6506a1ce@mail.gmail.com>
	<031c01c8bd33$662b3ab0$3281b010$@dk>
Message-ID: <6beca9db0805231736h1663b80dx73116b71b7311861@mail.gmail.com>

Hi Jonas,

I have seem you thread, glad to seem that we arent the only ones
looking for something like this.

I will happily share it .... but as I know by now ... things are done
in 2 diff ways on Exchange 2003 vs 2007 ( Events sink vs Transport
agents )

Transport agent can be written in .NET ... while event sinks seem to
be stuck with vbscript ... so ... I dont think 2003 will be supported.

I will post more info when I get something done ....

best regards
Mikael Syska

On Sat, May 24, 2008 at 2:16 AM, Jonas A. Larsen <jonas@vrt.dk> wrote:
> Hi Mikael
>
> Not sure if you noticed but i actually started up a new thread today or well
> yesterday I guess (its getting late) about precisely the same topic that
> you're dealing with. Namely how to stamp outgoing mail with the same type of
> watermark that MS uses natively in exchange.
>
> SO what are the odds of you sharing your code? :)
>
> Maybe I could help you test it if that makes things easier for you? I can
> install it on both exchange 2003 and 2007.
>
> Also I do have some limited scripting skills so if you run out of ideas I'd
> be more than happy to try and help out.
>
> Anyway let us know how it progresses :)
>
> Best regards
>
> Jonas A. Larsen
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From bfebrian.mailscanner at gedubrak.com  Sat May 24 06:29:31 2008
From: bfebrian.mailscanner at gedubrak.com (Budi Febrianto)
Date: Sat May 24 06:29:50 2008
Subject: voot: email attachments from outlook user
Message-ID: <4837A7BB.4050200@gedubrak.com>

Dear all,

Sorry for this voot thread, but in these list are so many mail experts 
that maybe able to help me.
I'm using lotus domino server as mail server, where clients using either 
lotus notes client and outlook 2003.
In outlook, user able to attach another emails as attachment. Is it ok 
when they sent the emails to another outlook users.
the problem is, when they sent the email to notes users, somehow the 
lotus notes client (or domino server) convert the email attachment as 
the body part. So with a glance, the notes user will not know that the 
email actually attached.
I already post this question into lotus domino forum, but there is no 
answer yet.

Is this email attachment in outlook actually eml file?
Because when I tried to forward the email to my gmail account, it will 
show as 'noname'.

The plan is, I'll be using mailscanner as my hub server, where all 
emails will be relayed, even for local one, primarily for virus checking.
Can mailscanner/sendmail detect this kind of attachment, and convert or 
rename it as eml file? Lotus notes will not try to convert the eml file.

I'm using MailScanner 4.65.3 with Sendmail 8.13.8-2.el5.

Thanks in Advance.


From jan-peter at koopmann.eu  Sat May 24 10:54:53 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Sat May 24 10:55:21 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4N1YIfae566f81cb5d097b90daeab96533025-223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk><EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de><02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
	<g17ddc$r9g$1@ger.gmane.org>
	<EMEW-k4N1YIfae566f81cb5d097b90daeab96533025-223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
Message-ID: <EMEW-k4NByBeb73c5355e5ffc7e98f20c9d1d711574-5F9EB2B0731E5B4D88FC20780DFD161029CDF4@DE-SEXB01RZ.intern.seceidos.de>

>CC to that. I'm pretty certain there's nothing "ready to use", and
>that you'll need type something up yourself to use directly in your
>exchange server(s).

Never heard of something. Agreed.

>I think what J-P alluded to is simply that *if* the unwillingness to
>relay through MS is due to concerns of it adversely affecting your
>"sending performance" or something similar, you can use BarricadeMX
>(that has a very "light footprint", and will be virtually transparent,
>performance-wise) to obtain the same functionality.

Same and more. But yes, that was my thought.

> Further he (as I read it at least) point to the fact that getting
> everyone to use a unified relay (or set of relays) is usually a much
> more ... intricate problem to solve, than configuring your MS cluster
> so that the handling of outgoing mail is as "light" as you want it to
> be. If you still don't want to let MS handle the load, then setting a
> BarricadeMX in front of your MS cluster _and_ set all your senders to
> relay through it for outgoing would be a very simple to do.

Clap.

> In my view, it is irresponsible to not at least AV-scan outgoing mail,
> and further ... not wise at all to let M-Sexchange talk directly to
> the net, regardless if it is "only" outgoing. Just my opinion, of
>course:-). Perhaps you've solved that part of it in exchange already,
> perhaps not... impossible to tell for sure with what you've told
> us:-).

> Perhaps I/we would understand your reluctance to relay through your MS
> cluster more, if you told us a bit about your reasoning there...?

Could not have put it better. Glen: Can I simply drop you some keywords
in the future and have you write the thoughts down? :-) Works like a
charm!

Regards,
  JP
From jan-peter at koopmann.eu  Sat May 24 12:06:07 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Sat May 24 12:06:33 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4N2HXd567e08b0ab215e4d7aa7f4e168aa834-031b01c8bd32$f9855b20$ec901160$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk><g17ddc$r9g$1@ger.gmane.org><223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
	<EMEW-k4N2HXd567e08b0ab215e4d7aa7f4e168aa834-031b01c8bd32$f9855b20$ec901160$@dk>
Message-ID: <EMEW-k4ND6O566fe10360e579637a529722cc3b809b-5F9EB2B0731E5B4D88FC20780DFD161029CDF9@DE-SEXB01RZ.intern.seceidos.de>

>Well the special thing about us is, we scan incoming mail for lots of
>servers/domains we do not control. So it's quite simple, I cannot make
>servers I do not control send through my MS cluster nor any other
solution
>(barricade etc), even if I wanted to.

Now we are getting there. You are not talking about the servers you do
not control though are you? You are talking about an Exchange box that
you _do_ control and force to send through your MailScanner
installation. And - even though I never used MailScanner watermarking
myself - the docs seem to suggest that you can use rulesets for
Watermarking thus only mark the mails coming from your server and only
check for watermarks on messages going _to_ your server. With the
information you gave us until now I still fail to see why you need a
special solution on the Exchange box. This could all be done with
MailScanner. 

> But if you follow the thread "Watermarking, what does it actually
consist of
> ..." it looks like Mikael Syska is implementing precisely what I was
> scribing earlier.

> So with some luck we can get him to publish his exchange addin when
he's
> done if he manages to make it work :)

Thanks for him going through all the trouble. However: In your case it
looks a bit like reinventing the wheel to me. You could have it working
right now and already have everything installed. Just define some
rulesets (minimum two, maybe more) in your MailScanner installation,
enable watermarks and be happy.

Or did I miss something obvious?

BTW: The MailScanner watermarking relies on a custom message header.
What is the general experience with this? Is this header part of all
replies? Or at least most DSNs or NDRs? I know that another algorithm is
using the message ID to watermark messages (patent pending so don't just
use their algorithm *g*) and this makes sense to me since the Message-ID
should be referred in all DSNs, NDRs and probably even all replies. But
a custom header?

Regards,
  JP
From theodrake at comcast.net  Sat May 24 14:49:54 2008
From: theodrake at comcast.net (Ed Bruce)
Date: Sat May 24 14:50:41 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <031b01c8bd32$f9855b20$ec901160$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>	<g17ddc$r9g$1@ger.gmane.org>	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
	<031b01c8bd32$f9855b20$ec901160$@dk>
Message-ID: <48381D02.70204@comcast.net>

Jonas A. Larsen wrote:
>  Well the special thing about us is, we scan incoming mail for lots of
> servers/domains we do not control. So it's quite simple, I cannot make
> servers I do not control send through my MS cluster nor any other solution
> (barricade etc), even if I wanted to.
>
>   
Understood, but if you can't make them relay through MS how can you make 
them use a plugin on their Exchange server?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080524/9c223b25/attachment.html
From MailScanner at ecs.soton.ac.uk  Sat May 24 23:33:44 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat May 24 23:34:02 2008
Subject: ClamAV 0.93 released
In-Reply-To: <4836D23B.8070109@alexb.ch>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>
	<4836D23B.8070109@alexb.ch>
Message-ID: <483897C8.9050304@ecs.soton.ac.uk>

I have just published a new beta of MailScanner including support for 
Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin 
package. These two should work successfully as a pair, and I would 
appreciate testers.

Thanks!
Jules.

P.S. It's nice to be out in the big wide world again, I didn't go 
outside the building for a week, now I just need to get my sleep cycle 
back to normal. I am too used to sleeping in a hospital bed, and to 
being awake at 6am (I normally was in the shower by 6:30am in hospital).

The latest news seems to be that they may pass my case back to the liver 
transplant team, and not do a small bowel transplant after all. But 
possibilities currently include everything up to, and including, 
replacing my stomach, duodenum, jejunum, ilium (small intestines, all 26 
feet of it), liver, pancreas and all the blood vessels that join them 
all together. So just about anything is possible right now. Within the 
next month or two, I should hear what (if any) other tests they want to 
do, but my case will be discussed at a national level and they all have 
to agree what is best for me to have done. That could possibly take a 
few months, so I don't expect any quick news. I managed a very nice chat 
with a guy from their chronic pain team, and he had several new ideas 
for painkillers that the people in Southampton had never considered, 
which was very useful. Southampton's attitude seems to be that if a 
couple of Paracetomol (Tylenol) don't handle it, then they don't really 
know much about what to do :-) It's not quite as bad as that, but you 
get my drift :-) The Cambridge team at Addenbrookes actually appreciate 
the problem of your body becoming used to opiates and that you build up 
a tolerance to them, and had some ideas for new drugs which I have only 
rarely been exposed to before, such as Oramorph and Fentanyl.

That's about the latest news, I'll keep you posted.

Cheers,
Jules.

P.S. It's my list, and I'll top-post if I want to ;-)


Alex Broens wrote:
> On 5/23/2008 1:21 PM, David Lee wrote:
>> On Mon, 28 Apr 2008, Denis Beauchemin wrote:
>>
>>> Leonardo Helman a ?crit :
>>>> Hi I'm using clamavmodule
>>>>
>>>>
>>>> I've made a patch for the Mail::ClamAV to compile (later I'll send it
>>>> to the Mail::ClamAV mantainer)
>>>>
>>> Hello,
>>>
>>> Anything new on the official Mail::ClamAV module? I just looked and
>>> version 0.21 still supports maxratio which have been removed from Clam
>>> 0.93...
>>>
>>> Since there are known exploits for 0.92 I am beginning to feel the urge
>>> to upgrade to 0.93...
>>
>> Scott Beck has released version 0.22 of Mail::ClamAV in the last few 
>> days.
>>
>> Could I suggest that some of us with test facilities and with a little
>> technical experience try the various combinations of the older and newer
>> versions of ClamAV and Mail::ClamAV and verify which combinations 
>> work and
>> fail?
>>
>>  1. Old+old:  We know that the combined earlier versions work.
>>
>>  2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
>>     ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
>>     someone provide details of what this breakage is?  Is there a quick
>>     recipe to reproduce the problem that ClamAV 0.93 had introduced?
>>
>>  3. New + new: Julian's Clam+SA package would ultimately be new+new.  
>> Can
>>     we verify that this fixes any previously verified breakage?  Also 
>> that
>>     it does not seem to introduce any new problems.
>>
>>  4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use
>>     other sources (not Julian's package).  Can we check what happens 
>> with
>>     if someone were to upgrade their Mail::ClamAV module but leave the
>>     main ClamAV software back on 0.92?  (Probably not too important, but
>>     it would be a nice data point to complete the set...)
>>
>> Given Julian's sadly enforced absence from work, I'm sure he would
>> appreciate it if we can do this tabulation for him.
>
> Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old 
> versions of MS
>
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From hvdkooij at vanderkooij.org  Sun May 25 10:04:03 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun May 25 10:04:12 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>	<4836AE56.2040704@kc5goi.net>	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>
	<b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>
Message-ID: <48392B83.3000104@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Devin Henderson wrote:
| To everyone:
|
| Thanks for your ideas and information on this. A couple things I
| wanted to mention:
|
| There really is no "spaminess" to the outgoing mail that is being
| marked as spam. We are a large irrigation equipment distributor and
| engineering firm and unless words like sprinkler, valve, pipe and
| quote are considered spammy there is no "spaminess" here (unless one
| of my users has selected tons of legitimate irrigation emails and
| marked them as Spam through sa-learn). I suspect one of the reasons
| this is happening is because I have my spam score variables very low
| because of the inability in the past of my spam filter to successfully
| catch all of the spam we get (we've got a one dictionary word domain,
| maybe that is one cause for so much spam). Currently my Required
| SpamAssassin Score is 2 and my High SpamAssasin Score is 5. Since
| adding spamhaus blacklists to my config this has improved and I think
| it may be time to raise the spam score levels up to a more standard
| level but I'm still receiving some mail that to *me* appears to be
| very obvious spam but either receives a score of 1 or has no score and
| is simply marked 'Found to be clean' and X-Spam-Status: No.

The obvious answer is that you have not trained your bayesian database
for your network. That is something you MUST do if you want to detect
spam correctly.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIOSuBBvzDRVjxmYERAjPiAKCF2PiD6u19JTBnCWARZjsF6LvN0QCgqTgQ
+DRL8PgRpXnPmvAkmZ+tXsA=
=e2oV
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Sun May 25 10:30:25 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun May 25 10:30:34 2008
Subject: attachments embedded in mail
In-Reply-To: <4836E9E50200000B004EB3E4@vpn.id2.novell.com>
References: <4836E9E50200000B004EB3E4@vpn.id2.novell.com>
Message-ID: <483931B1.3090601@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gellert Horvath wrote:

| I have a similar issue, but worse. In some case when users send mail
to many users (20 ore more. cant tell exatly), and
| attaching an .doc file, then message gets corrupted, and the recepient
cant read it. The attachment is in the message
| body as a binary file. Re sending the mail reproduce the error.
|
| I am looking for the error source since months but cant isolate or
reproduce the problem with other recepients. We use
| GroupWise and the MS is the smtp gateway to the internet.
|
| Can anybody tell me, if this is a GroupWise , MailScanner or
SpamAssassin related error?

Weel If you can reproduce it by resending the message then you can
troubleshoot it.

Just capture all network traffic while you reproduce the issue and you
can see what changes MailScanner is making to the message and wether or
not it is caused by MailScanner.

But I can tell that your message is not correct as far as HTML is concerned:

. If you have received this e-mail message in error, please notify the
| send=
| er. <BR></DIV></BODY><br />--=20
| <br />This message has been scanned for viruses and
| <br />dangerous content by
| <a href=3D"http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
| <br />believed to be clean.
| </HTML>

You are putting text between the </body> and </html> tags. And there
should be no text there. I suggest you do NOT add this text to your
messages.

Then there is the issue of UTF encoding things. It may result in long
lines which may in the end bee too long and violate the line limit of
the SMTP protocol. If that happens then all bets are off and you may end
up with ackward results or bounced messages.

Some of these lines are pretty long:

| Content-Type: application/msword;
| name="=?UTF-8?Q?2239=20k=C3=B6rlev=C3=A9?=
| =?UTF-8?Q?l=5Fnyilv=C3=A1ntart=C3=A1s=20megsz=C3=BCntet=C3=A9se=204-2-1?=
| =?UTF-8?Q?=20-=202008-04-29.doc?="
| Content-Transfer-Encoding: base64
| Content-Disposition: attachment; filename="=?UTF-8?Q?2239=20k=C3=B6rlev?=
| =?UTF-8?Q?=C3=A9l=5Fnyilv=C3=A1ntart=C3=A1s=20megsz=C3=BCntet=C3=A9se=20?=
| =?UTF-8?Q?4-2-1=20-=202008-04-29.doc?="

It may have nothing to with the number of recipients at all but just
with the file name and how it is being translated when send through SMTP.

Perhaps your client will see conflicting details about the recipients in
your address book and try to send of the named with a specific encoding
only in certain cases.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIOTGvBvzDRVjxmYERAllTAKCs+DZ+6iutwSnWgI1tefyChYgayQCfTj1I
rqe7muoVW+NmBiixUWh2Ito=
=0qbw
-----END PGP SIGNATURE-----
From holger-lists at noefer.org  Sun May 25 11:02:30 2008
From: holger-lists at noefer.org (=?ISO-8859-15?Q?Hoger_N=F6fer?=)
Date: Sun May 25 11:01:42 2008
Subject: blackhole.securitysage.com seems to blacklist the hole world
Message-ID: <48393936.7060505@noefer.org>

Hi all,

if someone has included blackhole.securitysage.com, it seems
that since today between 4.30 am and 5.30 am (GMT+1) the service started
to blacklist the whole world.
Every blacklist query results in 205.178.189.131

SpamAssassion canceled the support for blackhole.securitysage.com
some month before.

Can someone confirm the behaviour of blackhole.securitysage.com?

Best regards,
Holger
From hvdkooij at vanderkooij.org  Sun May 25 12:47:23 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sun May 25 12:47:33 2008
Subject: blackhole.securitysage.com seems to blacklist the hole world
In-Reply-To: <48393936.7060505@noefer.org>
References: <48393936.7060505@noefer.org>
Message-ID: <483951CB.5090908@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hoger N?fer wrote:
| Hi all,
|
| if someone has included blackhole.securitysage.com, it seems
| that since today between 4.30 am and 5.30 am (GMT+1) the service started
| to blacklist the whole world.
| Every blacklist query results in 205.178.189.131
|
| SpamAssassion canceled the support for blackhole.securitysage.com
| some month before.
|
| Can someone confirm the behaviour of blackhole.securitysage.com?

Check out their poor track record for the last years. Considere them to
as much alive as dodo's and dino's.

See also:
http://wiki.openrbl.org/wiki/Blackhole.securitysage.com

Feel free to use them at your own peril. But their RBL is not responding
at all:

;; QUESTION SECTION:
;66.5.151.194.blackhole.securitysage.com. IN A

;; AUTHORITY SECTION:
securitysage.com.       1800    IN      SOA     ns1.mydyndns.org.
zone-admin.dyndns.com. 2007100509 10800 1800 604800 180

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIOVHGBvzDRVjxmYERAtdQAJ48dugKUJcitRW9cCXd3A8xt4SWQgCginsh
ksUn3aBJX74Gh0gb+eO8txg=
=HWqI
-----END PGP SIGNATURE-----
From jonas at vrt.dk  Sun May 25 21:45:06 2008
From: jonas at vrt.dk (Jonas A. Larsen)
Date: Sun May 25 21:45:15 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <48381D02.70204@comcast.net>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>	<g17ddc$r9g$1@ger.gmane.org>	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>	<031b01c8bd32$f9855b20$ec901160$@dk>
	<48381D02.70204@comcast.net>
Message-ID: <004701c8bea8$372f2980$a58d7c80$@dk>

This is in response to both Jan-Peter and Ed Bruce:

 
I know it doesn't make that much sense, but in fact I was referring to the
servers which we do not control (since the majority of mail belong to these
domains/servers)

 
Their reasoning is, that if they send through a 3rd party system they have
less control of the flow (which I guess is true) while if they just use an
add-on for exchange they can still have full control over everything, and
still get the benefits from watermarking.

 
Anyway I already talked to Mikael Syska and his work appears to be
progressing pretty fast, so hopefully there will be some useable code soon
which I can help test.

 
And once/if it works and its stable, the MailScanner community will have yet
another tool at their disposal which makes it MUCH easier for
exchange/MailScanner admins to combat the backscatter pest, without changing
their infrastructure the slightest.

 
Obviously some will say ". just send outgoing through MailScanner or similar
system" but for some of us that's simply isn't the smartest/best way to go
about fighting backscatter. So for us the event sink/transport agent method
is brilliant and right on the spot.

 
I hope we end up with some code that work, because if nothing else I think
everybody can agree that having watermark compatibility between
mta's/MailScanner gives you the possibility of more flexibility in how you
choose to design you mail infrastructure.

 
Oh well enough ranting J

 
Hope everybody has a nice Monday

 
Cheers

 
Jonas A. Larsen

 
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ed Bruce
Sent: 24. maj 2008 15:50
To: MailScanner discussion
Subject: Re: Mailscanner watermarks and compatibility with other systems

 
Jonas A. Larsen wrote: 

 Well the special thing about us is, we scan incoming mail for lots of
servers/domains we do not control. So it's quite simple, I cannot make
servers I do not control send through my MS cluster nor any other solution
(barricade etc), even if I wanted to.
 
  
Understood, but if you can't make them relay through MS how can you make
them use a plugin on their Exchange server?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080525/79981942/attachment.html
From mikael at syska.dk  Sun May 25 23:39:03 2008
From: mikael at syska.dk (Mikael Syska)
Date: Sun May 25 23:39:22 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <004701c8bea8$372f2980$a58d7c80$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk> <g17ddc$r9g$1@ger.gmane.org>
	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
	<031b01c8bd32$f9855b20$ec901160$@dk> <48381D02.70204@comcast.net>
	<004701c8bea8$372f2980$a58d7c80$@dk>
Message-ID: <6beca9db0805251539s42bc841fseb75eb56a8109d52@mail.gmail.com>

Hi,

On Sun, May 25, 2008 at 10:45 PM, Jonas A. Larsen <jonas@vrt.dk> wrote:
> This is in response to both Jan-Peter and Ed Bruce:
>
> Their reasoning is, that if they send through a 3rd party system they have
> less control of the flow (which I guess is true) while if they just use an
> add-on for exchange they can still have full control over everything, and
> still get the benefits from watermarking.

Our biggest concern is the bandwidth consumed if they should send all
there mail though our gateway, which in my opinion is waste ... thats
why we need it, as we control all servers.

>
> Anyway I already talked to Mikael Syska and his work appears to be
> progressing pretty fast, so hopefully there will be some useable code soon
> which I can help test.

Yes, its going the right way ... but I will have plenty of other stuff
to do in the coming week, so I dont know how much progress will be
done htere.

mvh
Mikael Syska
From tech1 at computer-care.com.au  Mon May 26 04:01:36 2008
From: tech1 at computer-care.com.au (Glen Prestidge)
Date: Mon May 26 03:59:46 2008
Subject: Constant issus! -- any help would be great!
Message-ID: <20080526025924.3012265@mail.compwest.com.au>

Hi all

 
I am having huge issues at the moment I don't know whether this is just me !

 
I have several servers out there in the world all running freebsd either 4x
, 6x and 7x. all have combination of mailscanner, clamav and spamassasin
installed 

 
This server I am trying to fix is having these problems below 

 
May 26 10:14:51 jjfw MailScanner[46682]: Using SpamAssassin results cache 

May 26 10:14:51 jjfw MailScanner[46682]: Connected to SpamAssassin cache
database 

May 26 10:14:51 jjfw MailScanner[46682]: Enabling SpamAssassin
auto-whitelist functionality... 

May 26 10:14:55 jjfw MailScanner[46683]: MailScanner E-Mail Virus Scanner
version 4.67.6 starting... 

May 26 10:14:56 jjfw MailScanner[46683]: Read 748 hostnames from the
phishing whitelist 

May 26 10:14:56 jjfw MailScanner[46683]: Could not read phishing blacklist
file  

May 26 10:14:56 jjfw MailScanner[46683]: User's home directory
/var/spool/postfix is not writable 

May 26 10:14:56 jjfw MailScanner[46683]: You need to set the "SpamAssassin
User State Dir" to a directory that the "Run As User" can write to 

May 26 10:14:56 jjfw MailScanner[46683]: SpamAssassin temporary working
directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp

 
This happens every single time a update is done in the software. I had these
issues at home and rebuilt my server how ever being this is a server in
major corporation I just can't come in there and reinstall it. 

 
This has only happened this morning, I don't have the server doing automatic
software updates I do them manually. I just had a phone call saying that no
mail is getting tagged or there not getting any at all. 

 
This server was updated back in March I believe because of the ORBL problem
which I later discovered I can just comment out of file so I didn't need to
upgrade it then believe is the output of the /var/spool/postfix I am not to
go with the file permissions so I am not sure if these are correct

 
cwroot@jjfw[10:26am]/var/spool/postfix-103# ll

total 28

drwx------   2 postfix  wheel     512 May 26 10:13 active/

drwx------   2 postfix  wheel     512 May 26 02:03 bounce/

drwx------   2 postfix  wheel     512 Jul 10  2006 corrupt/

drwx------  18 postfix  wheel     512 Dec  8  2006 defer/

drwx------  18 postfix  wheel     512 Dec  8  2006 deferred/

drwx------   2 postfix  wheel     512 Jul 10  2006 flush/

drwx------   2 postfix  wheel     512 May 22 22:02 hold/

drwx------   2 postfix  wheel     512 May 26 10:13 incoming/

drwx-wx---   2 postfix  maildrop  512 May 26 03:02 maildrop/

drwxr-xr-x   2 root     wheel     512 Dec  4  2006 pid/

drwx------   2 postfix  wheel     512 Apr  1 10:58 private/

drwx--x---   2 postfix  maildrop  512 Apr  1 10:58 public/

drwx------   2 postfix  wheel     512 Jul 10  2006 saved/

drwx------   2 postfix  wheel     512 May  7 14:52 trace/

 
drwxr-xr-x  16 root   wheel     512 Jul 10  2006 postfix/

 
any help would be appreciated 

 
Glen 

 
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/b309284a/attachment.html
From hvdkooij at vanderkooij.org  Mon May 26 06:31:22 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon May 26 06:31:31 2008
Subject: Constant issus! -- any help would be great!
In-Reply-To: <20080526025924.3012265@mail.compwest.com.au>
References: <20080526025924.3012265@mail.compwest.com.au>
Message-ID: <483A4B2A.8090404@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glen Prestidge wrote:
| Hi all
|
|
|
| I am having huge issues at the moment I don?t know whether this is
just me !
|
|
|
| I have several servers out there in the world all running freebsd either
| 4x , 6x and 7x. all have combination of mailscanner, clamav and
| spamassasin installed
|
|
|
| This server I am trying to fix is having these problems below
|
|
|
| May 26 10:14:51 jjfw MailScanner[46682]: Using SpamAssassin results cache
|
| May 26 10:14:51 jjfw MailScanner[46682]: Connected to SpamAssassin cache
| database
|
| May 26 10:14:51 jjfw MailScanner[46682]: Enabling SpamAssassin
| auto-whitelist functionality...
|
| May 26 10:14:55 jjfw MailScanner[46683]: MailScanner E-Mail Virus
| Scanner version 4.67.6 starting...
|
| May 26 10:14:56 jjfw MailScanner[46683]: Read 748 hostnames from the
| phishing whitelist
|
| May 26 10:14:56 jjfw MailScanner[46683]: *Could not read phishing
| blacklist file*
|
| May 26 10:14:56 jjfw MailScanner[46683]: *User's home directory
| /var/spool/postfix is not writable *

Which seems to be true according to output later on because root is the
owner of this directory and not the postfix user.

So chown the directory for the postfix user and you should have this fixed.

| May 26 10:14:56 jjfw MailScanner[46683]: *You need to set the
| "SpamAssassin User State Dir" to a directory that the "Run As User" can
| write to*

The funny thing with errors is that they actually might contain the
instructions to fix things as well. If you think this is not the cause
then show us the output of `ls -la /var/spool`.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIOksoBvzDRVjxmYERAuqCAKCMPrW0s1TeBwJEAQvtnFXGGSkBDACeLIQq
UiRB0kvjywZPTFXoweLxRBM=
=fiRD
-----END PGP SIGNATURE-----
From telecaadmin at gmail.com  Mon May 26 09:28:53 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Mon May 26 09:30:26 2008
Subject: HTML Templates stripped on internal mail
In-Reply-To: <DA22F460DA9641A6AF382F9BA98EB2EB@SUPPORT01V>
References: <DA22F460DA9641A6AF382F9BA98EB2EB@SUPPORT01V>
Message-ID: <483A74C5.5010601@gmail.com>

> We have noticed that HTML-formatted emails sent to external email 
> addresses are received as intended, but mails sent to internal addresses 
> get stripped back to plain ASCII text.

Take a look at those options in MailScanner.conf:

Convert Dangerous HTML To Text = no
Convert HTML To Text = no


Cheers,
Ronny
From telecaadmin at gmail.com  Mon May 26 09:38:28 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Mon May 26 09:40:03 2008
Subject: OT: greylistd
In-Reply-To: <483602E0.6010109@welshfamily.com>
References: <483602E0.6010109@welshfamily.com>
Message-ID: <483A7704.3060803@gmail.com>

> Could not bind/listen to socket /var/run/greylistd/socket: (98, 'Address 
> already in use')

This usually comes from the fact that there already is a file 
"/var/run/greylistd/socket". Remove it before starting the daemon.
If you do it via a startup script you must also rm the file before 
starting the daemon.

> Anyone used alternatives?

Not with Exim. I'm very satisfied with postfix + postgrey. Postgrey 
might be able to work with Exim, though.

Cheers,
Ronny

From jan-peter at koopmann.eu  Mon May 26 10:14:23 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Mon May 26 10:14:52 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>	<g17ddc$r9g$1@ger.gmane.org>	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>	<031b01c8bd32$f9855b20$ec901160$@dk><48381D02.70204@comcast.net>
	<EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk>
Message-ID: <EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de>

> Obviously some will say "... just send outgoing through MailScanner or
similar system" but for some of us that's simply isn't the smartest/best
way to go about fighting backscatter. So for us the event sink/transport
agent method is brilliant and right on the spot.

 
Well obviously you have good reasons for doing what you are doing.
However one problem persists: If you discard all the backscatter at the
Exchange level it means you already accepted all the crap on your
gateway, scanned it for spam and viruses and then transport it to your
customer. Once you face a really big backscatter attack you will see
that this is a big problem. Moreover: Please make sure your Exchange
plugin does not simply reject the mail. This would be brilliant in case
Exchange received the mail in the first place but that is not the case
in your scenario. If you accept the mail and then later on Exchange
chooses to reject the mail, you might in turn create backscatter
yourself.

 
Regards,

  JP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/9ab9bbae/attachment.html
From jonas at vrt.dk  Mon May 26 10:29:27 2008
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Mon May 26 10:29:38 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>	<g17ddc$r9g$1@ger.gmane.org>	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>	<031b01c8bd32$f9855b20$ec901160$@dk><48381D02.70204@comcast.net>	<EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk>
	<EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <000f01c8bf12$fe1429f0$fa3c7dd0$@dk>

Hi JP

 
I think you misunderstand, we do not want to filter at the exchange server,
we only want to tag outgoing mail. So if we stamp outgoing mail on the
exchange server, the mailscanner servers can reject backscatter by checking
for valid watermarks. The backscatter never reaches the exchange servers in
that case.

 
So we will leave all the filtering to the MS installation, we just enhanve
the options for filtering out mail by giving MS more things to check for. Ie
the watermark.

 
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Koopmann,
Jan-Peter
Sent: 26. maj 2008 11:14
To: MailScanner discussion
Subject: RE: Mailscanner watermarks and compatibility with other systems

 
> Obviously some will say ". just send outgoing through MailScanner or
similar system" but for some of us that's simply isn't the smartest/best way
to go about fighting backscatter. So for us the event sink/transport agent
method is brilliant and right on the spot.

 
Well obviously you have good reasons for doing what you are doing. However
one problem persists: If you discard all the backscatter at the Exchange
level it means you already accepted all the crap on your gateway, scanned it
for spam and viruses and then transport it to your customer. Once you face a
really big backscatter attack you will see that this is a big problem.
Moreover: Please make sure your Exchange plugin does not simply reject the
mail. This would be brilliant in case Exchange received the mail in the
first place but that is not the case in your scenario. If you accept the
mail and then later on Exchange chooses to reject the mail, you might in
turn create backscatter yourself.

 
Regards,

  JP

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/1ce3be59/attachment.html
From devin.lists at gmail.com  Mon May 26 10:42:12 2008
From: devin.lists at gmail.com (Devin Henderson)
Date: Mon May 26 10:42:24 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <48392B83.3000104@vanderkooij.org>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>
	<4836AE56.2040704@kc5goi.net>
	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>
	<b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>
	<48392B83.3000104@vanderkooij.org>
Message-ID: <b601e5520805260242x1cb6446bgd0a4b519c30bb625@mail.gmail.com>

Hugo,

I'm not sure exactly what you mean by "train your bayesian database
for your network". I use a squirrelmail plugin for marking spam and
ham with sa-learn. What else do I need to do to train spamassassin for
my network ?

Devin


On Sun, May 25, 2008 at 3:04 AM, Hugo van der Kooij
<hvdkooij@vanderkooij.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Devin Henderson wrote:
> | To everyone:
> |
> | Thanks for your ideas and information on this. A couple things I
> | wanted to mention:
> |
> | There really is no "spaminess" to the outgoing mail that is being
> | marked as spam. We are a large irrigation equipment distributor and
> | engineering firm and unless words like sprinkler, valve, pipe and
> | quote are considered spammy there is no "spaminess" here (unless one
> | of my users has selected tons of legitimate irrigation emails and
> | marked them as Spam through sa-learn). I suspect one of the reasons
> | this is happening is because I have my spam score variables very low
> | because of the inability in the past of my spam filter to successfully
> | catch all of the spam we get (we've got a one dictionary word domain,
> | maybe that is one cause for so much spam). Currently my Required
> | SpamAssassin Score is 2 and my High SpamAssasin Score is 5. Since
> | adding spamhaus blacklists to my config this has improved and I think
> | it may be time to raise the spam score levels up to a more standard
> | level but I'm still receiving some mail that to *me* appears to be
> | very obvious spam but either receives a score of 1 or has no score and
> | is simply marked 'Found to be clean' and X-Spam-Status: No.
>
> The obvious answer is that you have not trained your bayesian database
> for your network. That is something you MUST do if you want to detect
> spam correctly.
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>        A: Yes.
>        >Q: Are you sure?
>        >>A: Because it reverses the logical flow of conversation.
>        >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIOSuBBvzDRVjxmYERAjPiAKCF2PiD6u19JTBnCWARZjsF6LvN0QCgqTgQ
> +DRL8PgRpXnPmvAkmZ+tXsA=
> =e2oV
> -----END PGP SIGNATURE-----
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From mikael at syska.dk  Mon May 26 12:17:16 2008
From: mikael at syska.dk (Mikael Syska)
Date: Mon May 26 12:17:31 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <000f01c8bf12$fe1429f0$fa3c7dd0$@dk>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>
	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>
	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk> <g17ddc$r9g$1@ger.gmane.org>
	<223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com>
	<031b01c8bd32$f9855b20$ec901160$@dk> <48381D02.70204@comcast.net>
	<EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk>
	<EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de>
	<000f01c8bf12$fe1429f0$fa3c7dd0$@dk>
Message-ID: <6beca9db0805260417t5050d64br6b814ab04c51143d@mail.gmail.com>

Hi,

On Mon, May 26, 2008 at 11:29 AM, Jonas Akrouh Larsen <jonas@vrt.dk> wrote:
> Hi JP
>
>
>
> I think you misunderstand, we do not want to filter at the exchange server,
> we only want to tag outgoing mail. So if we stamp outgoing mail on the
> exchange server, the mailscanner servers can reject backscatter by checking
> for valid watermarks. The backscatter never reaches the exchange servers in
> that case.

So you got a local database of all valid email adresses on each domain
at the MS installation? if so I want to know how you implemented this,
as you are saying that you do not control all systems ? Do you sync
the exchange user db ?
We have disabled all NDR's, cause we dont what to be a backscatter
source, so if you have a good way of implementing the above with
Exchange, i'm listening.

>
> So we will leave all the filtering to the MS installation, we just enhanve
> the options for filtering out mail by giving MS more things to check for. Ie
> the watermark.

Thats what I'm trying to do ... :-)

// ouT, Mikael Syska
From jan-peter at koopmann.eu  Mon May 26 12:37:03 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Mon May 26 12:37:34 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4PDNs505e3db83fccb1ff0709c783b93c2533-6beca9db0805260417t5050d64br6b814ab04c51143d@mail.gmail.com>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk><EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de><02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
	<g17ddc$r9g$1@ger.gmane.org><223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com><031b01c8bd32$f9855b20$ec901160$@dk>
	<48381D02.70204@comcast.net><EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk><EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de><000f01c8bf12$fe1429f0$fa3c7dd0$@dk>
	<EMEW-k4PDNs505e3db83fccb1ff0709c783b93c2533-6beca9db0805260417t5050d64br6b814ab04c51143d@mail.gmail.com>
Message-ID: <EMEW-k4PDbP1a405146bfc22a69c0e626be7778cc05-5F9EB2B0731E5B4D88FC20780DFD161029CE36@DE-SEXB01RZ.intern.seceidos.de>

> So you got a local database of all valid email adresses on each domain
> at the MS installation? if so I want to know how you implemented this,
> as you are saying that you do not control all systems ? Do you sync
> the exchange user db ?

With Exchange 2003 and a decent MTA in front there is no need for that.
Teach Exchange to only accept valid e-mail addresses (no problem with
Exchange 2003, easy task with addon tools for exchange 2000 and maybe
5.5). Then use whatever does recipient-callouts (exim has this builtin,
postfix too AFAIK, there are milters for sendmail that do this).
Finished.

Regards,
  JP 
From jonas at vrt.dk  Mon May 26 13:24:02 2008
From: jonas at vrt.dk (Jonas Akrouh Larsen)
Date: Mon May 26 13:24:13 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <EMEW-k4PDbP1a405146bfc22a69c0e626be7778cc05-5F9EB2B0731E5B4D88FC20780DFD161029CE36@DE-SEXB01RZ.intern.seceidos.de>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk><EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de><02d201c8bcfd$419c9df0$c4d5d9d0$@dk>	<g17ddc$r9g$1@ger.gmane.org><223f97700805231622ucafdb84l269adc677558ade3@mail.gmail.com><031b01c8bd32$f9855b20$ec901160$@dk>	<48381D02.70204@comcast.net><EMEW-k4OMql18406575ff8aea593a1e3235de289c22-004701c8bea8$372f2980$a58d7c80$@dk><EMEW-k4PBEged09e1f556d67d6066c2891b7782ca65-5F9EB2B0731E5B4D88FC20780DFD161029CE22@DE-SEXB01RZ.intern.seceidos.de><000f01c8bf12$fe1429f0$fa3c7dd0$@dk>	<EMEW-k4PDNs505e3db83fccb1ff0709c783b93c2533-6beca9db0805260417t5050d64br6b814ab04c51143d@mail.gmail.com>
	<EMEW-k4PDbP1a405146bfc22a69c0e626be7778cc05-5F9EB2B0731E5B4D88FC20780DFD161029CE36@DE-SEXB01RZ.intern.seceidos.de>
Message-ID: <004a01c8bf2b$61b4ffd0$251eff70$@dk>

Yep

We are doing as JP writes, you enable the recipient fitler in exchange,
making exchange reject any invalid/unknown recipient. And make exim (or
whatever mta ur using) do recipient callout, meaning it connects to the
backend exchange and checks (via smtp) if the user exists.

It works great, and you do not have to import any userlists or open for ldap
or anything similar.

So that's definitely what you want :)

Cheers
Jonas

> So you got a local database of all valid email adresses on each domain
> at the MS installation? if so I want to know how you implemented this,
> as you are saying that you do not control all systems ? Do you sync
> the exchange user db ?

With Exchange 2003 and a decent MTA in front there is no need for that.
Teach Exchange to only accept valid e-mail addresses (no problem with
Exchange 2003, easy task with addon tools for exchange 2000 and maybe
5.5). Then use whatever does recipient-callouts (exim has this builtin,
postfix too AFAIK, there are milters for sendmail that do this).
Finished.

Regards,
  JP 


From Robert.Meurlin at se.fujitsu.com  Mon May 26 14:17:16 2008
From: Robert.Meurlin at se.fujitsu.com (Meurlin Robert)
Date: Mon May 26 14:18:12 2008
Subject: MailScanner dont send or recieve when MailWatch database is down
Message-ID: <797363C57EE0884786F428AAABCD469201490D52@sea0120sex2.nordic.x>

Hello,
 
we had an incident over the weekend were our MailWatch table maillog
krasched (it was about 12 gb size of maillog)
so i hade to rebuild the index and so on. Now everything is working fine
but that's becouse the maillog database is up and running.
 
Anyway by the time it krasched no email from our two mail server
(sendmail/mailscanner/clamav)) couldnt send or retrive email, i havent
change anything in mailscanner.conf and can't find any dependencies that
it needs to have a maillog database that is up and running.
 
Does anyone have a tip were to change this?
 
Thanks.
 
Rob.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/c5ab2e13/attachment.html
From jplorier at montecarlotv.com.uy  Mon May 26 15:43:14 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Mon May 26 15:49:08 2008
Subject: OT:NOD32 antivirus
In-Reply-To: <200805261101.m4QB0LgW009808@safir.blacknight.ie>
Message-ID: <LF8CCCD237A8843659F338129C27D7889.1211813312.mail2.CANAL4@MHS>

Hi,

I'm about to migrate from clam to nod32 but I'm not sure if I can use 
the generic server scanner or have to buy the mail server version. The 
difference is big since the mail server version charges for every mail 
account.
If anyone uses nod32, can tell me which version do you use?
Thanks


Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444
From ssilva at sgvwater.com  Mon May 26 18:28:06 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon May 26 18:27:29 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805260242x1cb6446bgd0a4b519c30bb625@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>	<4836AE56.2040704@kc5goi.net>	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>	<b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>	<48392B83.3000104@vanderkooij.org>
	<b601e5520805260242x1cb6446bgd0a4b519c30bb625@mail.gmail.com>
Message-ID: <g1ertd$ej1$1@ger.gmane.org>

on 5-26-2008 2:42 AM Devin Henderson spake the following:
> Hugo,
> 
> I'm not sure exactly what you mean by "train your bayesian database
> for your network". I use a squirrelmail plugin for marking spam and
> ham with sa-learn. What else do I need to do to train spamassassin for
> my network ?
> 
> Devin
Is there any way you could use smtpauth for your roaming users?
There are ways to set your outside users to the submission port and use 
smtpauth and they can avoid spam scanning on their outgoing mail. I think it 
is in the wiki, but maybe we can guide you if not.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/4f170097/signature.bin
From hvdkooij at vanderkooij.org  Mon May 26 19:30:35 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Mon May 26 19:30:43 2008
Subject: Do not scan outgoing messages for spam
In-Reply-To: <b601e5520805260242x1cb6446bgd0a4b519c30bb625@mail.gmail.com>
References: <b601e5520805221827g259fed11oe3866db4200fe6c5@mail.gmail.com>	<4836AE56.2040704@kc5goi.net>	<625385e30805230454p36c1a1fbpf6b85f0ccde36eea@mail.gmail.com>	<b601e5520805231221h45f5f446o464107d899ae9c33@mail.gmail.com>	<48392B83.3000104@vanderkooij.org>
	<b601e5520805260242x1cb6446bgd0a4b519c30bb625@mail.gmail.com>
Message-ID: <483B01CB.40907@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Devin Henderson wrote:
| Hugo,
|
| I'm not sure exactly what you mean by "train your bayesian database
| for your network". I use a squirrelmail plugin for marking spam and
| ham with sa-learn. What else do I need to do to train spamassassin for
| my network ?

Well if that works then that is what I mean. But it is still my
impression that your database is not properly trained. I would not be
surprised if you train one database and then use another effectively.

Can you show the statistics for the bayesian databse used by MS/SA? And
do your regular messages show up as 0% or near 0% propability?

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIOwHCBvzDRVjxmYERAusnAKCUcenKKLGRS4Rp8M862dcgk6v6uACfbLS6
M7HRAdo+T7lGtvMbcriPEuU=
=P4a8
-----END PGP SIGNATURE-----
From ssilva at sgvwater.com  Mon May 26 22:34:38 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Mon May 26 22:35:22 2008
Subject: blackhole.securitysage.com seems to blacklist the hole world
In-Reply-To: <48393936.7060505@noefer.org>
References: <48393936.7060505@noefer.org>
Message-ID: <g1fae0$4he$1@ger.gmane.org>

on 5-25-2008 3:02 AM ? spake the following:
> Hi all,
> 
> if someone has included blackhole.securitysage.com, it seems
> that since today between 4.30 am and 5.30 am (GMT+1) the service started
> to blacklist the whole world.
> Every blacklist query results in 205.178.189.131
> 
> SpamAssassion canceled the support for blackhole.securitysage.com
> some month before.
> 
> Can someone confirm the behaviour of blackhole.securitysage.com?
> 
> Best regards,
> Holger
http://www.dnsbl.com/2007/10/status-of-blackholesecuritysagecom-down.html


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080526/f4c1dfcf/signature.bin
From Jeff.Mills at versacold.com.au  Mon May 26 23:55:18 2008
From: Jeff.Mills at versacold.com.au (Jeff Mills)
Date: Mon May 26 23:55:31 2008
Subject: Constant issus! -- any help would be great!
In-Reply-To: <20080526025924.3012265@mail.compwest.com.au>
Message-ID: <A80817E3C206A84788EBD17BB171F0F90207A6BD@EXCHANGE.AU.POCOLD.POCL>

	 
>	This server I am trying to fix is having these problems below 
>
>	May 26 10:14:51 jjfw MailScanner[46682]: Using SpamAssassin
results cache 
>	May 26 10:14:51 jjfw MailScanner[46682]: Connected to
SpamAssassin cache database 
>	May 26 10:14:51 jjfw MailScanner[46682]: Enabling SpamAssassin
auto-whitelist functionality... 
>	May 26 10:14:55 jjfw MailScanner[46683]: MailScanner E-Mail
Virus Scanner version 4.67.6 starting... 
>	May 26 10:14:56 jjfw MailScanner[46683]: Read 748 hostnames from
the phishing whitelist 
>	May 26 10:14:56 jjfw MailScanner[46683]: Could not read phishing
blacklist file  
>	May 26 10:14:56 jjfw MailScanner[46683]: User's home directory
/var/spool/postfix is not writable 
>	May 26 10:14:56 jjfw MailScanner[46683]: You need to set the
"SpamAssassin User State Dir" to a directory that the "Run As User" can
write to 
>	May 26 10:14:56 jjfw MailScanner[46683]: SpamAssassin temporary
working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
> This happens every single time a update is done in the software. I had
these issues at home and rebuilt my server how ever being this is a
server in major corporation I just can't come in there and reinstall it.


You have the problem when postfix is upgraded, because postfix does not
want /var/spool/postfix written by any other user. During the install
process, the postfix directory has its permissions reset by the
installer.
On my system, MailScanner is running as the postfix user.
The error message also tells you where to look.
Have you set SpamAssassin User State Dir?
If not, set it to a directory that your mailscanner user has write
access to, otherwise it will use /var/spool/postfix, and you will keep
having problems every time postfix is reinstalled or upgraded.

From support-lists at petdoctors.co.uk  Tue May 27 10:28:48 2008
From: support-lists at petdoctors.co.uk (Nigel Kendrick)
Date: Tue May 27 10:28:50 2008
Subject: HTML Templates stripped on internal mail
In-Reply-To: <483A74C5.5010601@gmail.com>
References: <DA22F460DA9641A6AF382F9BA98EB2EB@SUPPORT01V>
	<483A74C5.5010601@gmail.com>
Message-ID: <36D1EA39356A46D7A4162326D98AACE7@SUPPORT01V>

 
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Ronny T.
Lampert
Sent: Monday, May 26, 2008 9:29 AM
To: MailScanner discussion
Subject: Re: HTML Templates stripped on internal mail

> We have noticed that HTML-formatted emails sent to external email 
> addresses are received as intended, but mails sent to internal addresses 
> get stripped back to plain ASCII text.

Take a look at those options in MailScanner.conf:

Convert Dangerous HTML To Text = no
Convert HTML To Text = no


Cheers,
Ronny


Hi Ronny,

Thanks for the reply. Those were the first things I checked and they are
both set to 'no'.

Nigel

From adrik at salesmanager.nl  Tue May 27 11:21:39 2008
From: adrik at salesmanager.nl (Adri Koppes)
Date: Tue May 27 11:21:47 2008
Subject: NOD32 antivirus
Message-ID: <CE801F9B7EC9514483E599C74702777D152A7C@ntserver4.salesmanager.nl>

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Juan
Pablo Lorier
Sent: maandag 26 mei 2008 16:43
To: mailscanner@lists.mailscanner.info
Subject: OT:NOD32 antivirus

Hi,

I'm about to migrate from clam to nod32 but I'm not sure if I can use 
the generic server scanner or have to buy the mail server version. The 
difference is big since the mail server version charges for every mail 
account.
If anyone uses nod32, can tell me which version do you use?
Thanks

MailScanner uses just the command scanner. No need to buy the mailserver
version with the milter.

Adri.
 
From mailwatch.kp at gmail.com  Tue May 27 11:59:34 2008
From: mailwatch.kp at gmail.com (vinayan KP)
Date: Tue May 27 11:59:49 2008
Subject: Help with spamassassin+mailscanner
Message-ID: <6a7195cc0805270359y58235470u1a8f1cb4f732a269@mail.gmail.com>

Dear all,
I am just a beginner to postfix,spamassassin,Mailscanner and
mailwatch.  I recently installed a mail server with the following and
is working fine except for one problem that mailscanner+spamassassin
combination is not detecting mails with SA Score lower than the
Required Spamassassin score ( I use 3) as spam though they are
definitely spam. The mailscanner+spamassassin combination tags mails
with SA score greater than the Required Spamassassin score as spam.

postfix.2.3.2-28
Spamassassin.3.1.6-15
MailScanner 4.58.9

I have been reading different posts on mailscanner and about
spamassassin to understand why low scoring mails are not detected as
spam by mailscanner+spamassassin.

The following are the things I could find out .

1.  The headers of mails does not contain "autolearn=spam" in the mail
header and rest of the fields are there. (See below)

X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09,
HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00,
HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12,
INFO_TLD 1.27)

2.  the /root/.spamassassin folder does not contain any bayes related database.

3.  I could not see anything in /var/log/mail which says mailscanner
is checking the Spam Lists.

***********************************************
When I tried to test the spamassassin configuration with "spamassassin
-D --lint", I am getting "[4882] warn: lint: 1 issues detected, please
rerun with debug enabled for more information"

Please see the result below. :

---------------------------------------------------------------------------------------------
mail:/etc/MailScanner # spamassassin -D --lint

[4882] dbg: logger: adding facilities: all
[4882] dbg: logger: logging level is DBG
[4882] dbg: generic: SpamAssassin version 3.1.6
[4882] dbg: config: score set 0 chosen.
[4882] dbg: util: running in taint mode? yes
[4882] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[4882] dbg: util: PATH included '/sbin', keeping
[4882] dbg: util: PATH included '/usr/sbin', keeping
[4882] dbg: util: PATH included '/usr/local/sbin', keeping
[4882] dbg: util: PATH included '/opt/gnome/sbin', keeping
[4882] dbg: util: PATH included '/root/bin', keeping
[4882] dbg: util: PATH included '/usr/local/bin', keeping
[4882] dbg: util: PATH included '/usr/bin', keeping
[4882] dbg: util: PATH included '/usr/X11R6/bin', keeping
[4882] dbg: util: PATH included '/bin', keeping
[4882] dbg: util: PATH included '/usr/games', keeping
[4882] dbg: util: PATH included '/opt/gnome/bin', keeping
[4882] dbg: util: PATH included '/opt/kde3/bin', keeping
[4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
[4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping
[4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
[4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
[4882] dbg: util: final PATH set to:
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
[4882] dbg: message: ---- MIME PARSER START ----
[4882] dbg: message: main message type: text/plain
[4882] dbg: message: parsing normal part
[4882] dbg: message: added part, type: text/plain
[4882] dbg: message: ---- MIME PARSER END ----
[4882] dbg: dns: is Net::DNS::Resolver available? yes
[4882] dbg: dns: Net::DNS version: 0.59
[4882] dbg: diag: perl platform: 5.008008 linux
[4882] dbg: diag: module installed: Digest::SHA1, version 2.11
[4882] dbg: diag: module installed: HTML::Parser, version 3.55
[4882] dbg: diag: module installed: MIME::Base64, version 3.07
[4882] dbg: diag: module installed: DB_File, version 1.814
[4882] dbg: diag: module installed: Net::DNS, version 0.59
[4882] dbg: diag: module installed: Net::SMTP, version 2.29
[4882] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[4882] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)
[4882] dbg: diag: module not installed: Net::Ident ('require' failed)
[4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[4882] dbg: diag: module installed: Time::HiRes, version 1.86
[4882] dbg: diag: module installed: DBI, version 1.52
[4882] dbg: diag: module installed: Getopt::Long, version 2.35
[4882] dbg: diag: module installed: LWP::UserAgent, version 2.033
[4882] dbg: diag: module installed: HTTP::Date, version 1.47
[4882] dbg: diag: module installed: Archive::Tar, version 1.30
[4882] dbg: diag: module installed: IO::Zlib, version 1.04
[4882] dbg: ignore: using a test message to lint rules
[4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[4882] dbg: config: read file /etc/mail/spamassassin/init.pre
[4882] dbg: config: read file /etc/mail/spamassassin/v310.pre
[4882] dbg: config: read file /etc/mail/spamassassin/v312.pre
[4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[4882] dbg: config: using "/usr/share/spamassassin" for default rules dir
[4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
[4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[4882] dbg: config: read file /etc/mail/spamassassin/local.cf
[4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[4882] dbg: pyzor: local tests only, disabling Pyzor
[4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[4882] dbg: razor2: local tests only, skipping Razor
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[4882] dbg: reporter: local tests only, disabling SpamCop
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8)
[4882] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c)
[4882] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844)
[4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[4882] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac)
[4882] dbg: config: adding redirector regex:
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[4882] dbg: config: adding redirector regex:
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[4882] dbg: config: adding redirector regex:
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[4882] dbg: config: adding redirector regex:
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[4882] dbg: config: adding redirector regex:
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[4882] dbg: config: adding redirector regex:
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[4882] dbg: config: adding redirector regex:
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[4882] dbg: config: adding redirector regex:
m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[4882] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[4882] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
[4882] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[4882] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
[4882] warn: config: SpamAssassin failed to parse line,
"/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
/usr/bin/pyzor
[4882] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements
'finish_parsing_end'
[4882] dbg: replacetags: replacing tags
[4882] dbg: replacetags: done replacing tags
[4882] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[4882] dbg: config: score set 0 chosen.
[4882] dbg: message: ---- MIME PARSER START ----
[4882] dbg: message: main message type: text/plain
[4882] dbg: message: parsing normal part
[4882] dbg: message: added part, type: text/plain
[4882] dbg: message: ---- MIME PARSER END ----
[4882] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[4882] dbg: dns: is DNS available? 0
[4882] dbg: metadata: X-Spam-Relays-Trusted:
[4882] dbg: metadata: X-Spam-Relays-Untrusted:
[4882] dbg: metadata: X-Spam-Relays-Internal:
[4882] dbg: metadata: X-Spam-Relays-External:
[4882] dbg: message: no encoding detected
[4882] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
'parsed_metadata'
[4882] dbg: rules: local tests only, ignoring RBL eval
[4882] dbg: check: running tests for priority: 0
[4882] dbg: rules: running header regexp tests; score so far=0
[4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"1211883990"
[4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<1211883990@lint_rules>
[4882] dbg: rules: "
[4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@lint_rules>"
[4882] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org
[4882] dbg: eval: all '*To' addrs:
[4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[4882] dbg: rules: running body-text per-line regexp tests; score so far=-0.001
[4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[4882] dbg: uri: running uri tests; score so far=-0.001
[4882] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[4882] dbg: bayes: not scoring message, returning undef
[4882] dbg: bayes: opportunistic call attempt failed, DB not readable
[4882] dbg: rules: running raw-body-text per-line regexp tests; score
so far=-0.001
[4882] dbg: rules: running full-text regexp tests; score so far=-0.001
[4882] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
'check_tick'
[4882] dbg: check: running tests for priority: 500
[4882] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
'check_post_dnsbl'
[4882] dbg: rules: running meta tests; score so far=-0.001
[4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
'DCC_CHECK'
[4882] dbg: rules: running header regexp tests; score so far=1.866
[4882] dbg: rules: running body-text per-line regexp tests; score so far=1.866
[4882] dbg: uri: running uri tests; score so far=1.866
[4882] dbg: rules: running raw-body-text per-line regexp tests; score
so far=1.866
[4882] dbg: rules: running full-text regexp tests; score so far=1.866
[4882] dbg: check: running tests for priority: 1000
[4882] dbg: rules: running meta tests; score so far=1.866
[4882] dbg: rules: running header regexp tests; score so far=1.866
[4882] dbg: rules: running body-text per-line regexp tests; score so far=1.866
[4882] dbg: uri: running uri tests; score so far=1.866
[4882] dbg: rules: running raw-body-text per-line regexp tests; score
so far=1.866
[4882] dbg: rules: running full-text regexp tests; score so far=1.866
[4882] dbg: check: is spam? score=1.866 required=5
[4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[4882] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
[4882] warn: lint: 1 issues detected, please rerun with debug enabled
for more information

------------------------------------------------------------------------------------------------------------------------------------------------------

Is the warning because of

[4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
[4882] warn: config: SpamAssassin failed to parse line,
"/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
/usr/bin/pyzor

and can I ignore it?? ( I dont have pyzor installed. Is it a must to
have pyzor installed??)

*******************************************************************************************************************


When I tried sa-learn --dump magic -D, I got the following error :

ERROR: Bayes dump returned an error, please re-run with -D for more information


-----------------------------------------------------------------------------------------
mail:/etc/mail/spamassassin # sa-learn --dump magic -D
[2675] dbg: logger: adding facilities: all
[2675] dbg: logger: logging level is DBG
[2675] dbg: generic: SpamAssassin version 3.1.6
[2675] dbg: config: score set 0 chosen.
[2675] dbg: util: running in taint mode? yes
[2675] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[2675] dbg: util: PATH included '/sbin', keeping
[2675] dbg: util: PATH included '/usr/sbin', keeping
[2675] dbg: util: PATH included '/usr/local/sbin', keeping
[2675] dbg: util: PATH included '/opt/gnome/sbin', keeping
[2675] dbg: util: PATH included '/root/bin', keeping
[2675] dbg: util: PATH included '/usr/local/bin', keeping
[2675] dbg: util: PATH included '/usr/bin', keeping
[2675] dbg: util: PATH included '/usr/X11R6/bin', keeping
[2675] dbg: util: PATH included '/bin', keeping
[2675] dbg: util: PATH included '/usr/games', keeping
[2675] dbg: util: PATH included '/opt/gnome/bin', keeping
[2675] dbg: util: PATH included '/opt/kde3/bin', keeping
[2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
[2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping
[2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
[2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
[2675] dbg: util: final PATH set to:
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
[2675] dbg: message: ---- MIME PARSER START ----
[2675] dbg: message: main message type: text/plain
[2675] dbg: message: parsing normal part
[2675] dbg: message: added part, type: text/plain
[2675] dbg: message: ---- MIME PARSER END ----
[2675] dbg: dns: is Net::DNS::Resolver available? yes
[2675] dbg: dns: Net::DNS version: 0.59
[2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[2675] dbg: config: read file /etc/mail/spamassassin/init.pre
[2675] dbg: config: read file /etc/mail/spamassassin/v310.pre
[2675] dbg: config: read file /etc/mail/spamassassin/v312.pre
[2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[2675] dbg: config: using "/usr/share/spamassassin" for default rules dir
[2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
[2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[2675] dbg: config: read file /etc/mail/spamassassin/local.cf
[2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[2675] dbg: pyzor: network tests on, attempting Pyzor
[2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[2675] dbg: razor2: razor2 is not available
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[2675] dbg: reporter: network tests on, attempting SpamCop
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0)
[2675] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14)
[2675] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8)
[2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[2675] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8)
[2675] dbg: config: adding redirector regex:
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[2675] dbg: config: adding redirector regex:
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[2675] dbg: config: adding redirector regex:
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[2675] dbg: config: adding redirector regex:
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[2675] dbg: config: adding redirector regex:
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[2675] dbg: config: adding redirector regex:
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[2675] dbg: config: adding redirector regex:
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[2675] dbg: config: adding redirector regex:
m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[2675] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[2675] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
[2675] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[2675] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
[2675] info: config: SpamAssassin failed to parse line,
"/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
/usr/bin/pyzor
[2675] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements
'finish_parsing_end'
[2675] dbg: replacetags: replacing tags
[2675] dbg: replacetags: done replacing tags
[2675] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
[2675] dbg: config: score set 1 chosen.
[2675] dbg: bayes: no dbs present, cannot tie DB R/O:
/root/.spamassassin/bayes_toks
ERROR: Bayes dump returned an error, please re-run with -D for more information
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

-->   Am I getting this error because there are no bayes related files
in the /root/.spamassassin directory?? (its empty now)

-->  If yes, should I use the following command to create them??

              # sa-learn --showdots --spam
/home/<username>/Maildir/cur       (this is my inbox)


               # sa-learn --showdots --ham /home/Maildir/.spam/cur
            (this is where i filter all my {spam?} tagged mails)


---> After this if i restart spamassassin, will
spamassassin+mailscanner start doing the bayes autolearn and check the
lists specified in Spam Lists option of the mailscanner?  If not, what
should I do to get my spamassassin+mailscanner start doing the bayes
autolearn and check the lists specified in Spam Lists option of the
mailscanner?


Hope someone would be kind enough to help me.

Expecting an early reply

sincerely yours
From micoots at yahoo.com  Tue May 27 13:00:05 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Tue May 27 13:00:20 2008
Subject: Switched from clamavmodule to clamd
Message-ID: <389788.10282.qm@web33307.mail.mud.yahoo.com>

Hi,

I've just switched from clamavmodule to clamd on one
of my mail servers (trying it before moving the rest).
The delay between the time it takes to patch
Mail::ClamAV is unfortunately too long so decided to
switch finally.

I've gone through and followed this wiki item:

http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:clamav:switch_to_rpm_clamd&s=clamd

which basically detailed the process for me.

I'm just hoping someone can verify the changes so I'm
comfortable with the way it's working (MailScanner
lint was ok).

I use the clamav, clamav-db and clamd from Dag Wieers'
repo.

In the MailScanner.conf:

Virus Scanners = clamd
ClamAVmodule Maximum Compression Ratio = 1000
Clamd Port = 3310
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/lock/subsys/clamd

In the /etc/clamd.conf file:

ScanMail no

# With this option enabled ClamAV will try to detect
phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes

# Scan URLs found in mails for phishing attempts using
heuristics.
# Default: yes
#PhishingScanURLs yes

# Perform HTML normalisation and decryption of MS
Script Encoder code.
# Default: yes
#ScanHTML yes

Do I need to turn off the defaults above as
MailScanner handles these or just leave things as is?

Also, does MailScanner handle the clam definition
updates automatically? or do I need to enable a
freshclam run? or cron freshclam?

Thanks.

Michael.


      Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/mail
From telecaadmin at gmail.com  Tue May 27 13:18:31 2008
From: telecaadmin at gmail.com (Ronny T. Lampert)
Date: Tue May 27 13:20:09 2008
Subject: Switched from clamavmodule to clamd
In-Reply-To: <389788.10282.qm@web33307.mail.mud.yahoo.com>
References: <389788.10282.qm@web33307.mail.mud.yahoo.com>
Message-ID: <483BFC17.5010204@gmail.com>

> In the MailScanner.conf:
> 
> Virus Scanners = clamd
> ClamAVmodule Maximum Compression Ratio = 1000
> Clamd Port = 3310
> Clamd Socket = /tmp/clamd.socket
> Clamd Lock File = /var/lock/subsys/clamd

You might have to adjust (obviously) the Socket and the Lock File.
You get those from the clamd.conf file.

> In the /etc/clamd.conf file:
> 
> ScanMail no
> 
> # With this option enabled ClamAV will try to detect
> phishing attempts by using
> # signatures.
> # Default: yes
> #PhishingSignatures yes
> 
> # Scan URLs found in mails for phishing attempts using
> heuristics.
> # Default: yes
> #PhishingScanURLs yes
> 
> # Perform HTML normalisation and decryption of MS
> Script Encoder code.
> # Default: yes
> #ScanHTML yes
> 
> Do I need to turn off the defaults above as
> MailScanner handles these or just leave things as is?

This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
MailScanner. You don't want to get overzealous or else too many false 
positives creep up.
Depending on your setup you might have to adjust the

User clamav

setting in clamd.conf because the clamav user per default is NOT able to 
read the queue files for postfix (I run MailScanner as the postfix user).
Using "root" is a quick workaround, but dangerous (obviously).

Also you want to set the following to match your CPUs

clamd.conf:

MaxThreads 16


and in MailScanner.conf:

Clamd Use Threads = yes


> Also, does MailScanner handle the clam definition
> updates automatically? or do I need to enable a
> freshclam run? or cron freshclam?

freshclam can be set (and usually is by default in /etc/freshclam.conf, 
see option NotifyClamd) to notify clamd to reload the definitions.
So, yes.

Cheers,
Ronny


From paul at welshfamily.com  Tue May 27 13:26:23 2008
From: paul at welshfamily.com (Paul Welsh)
Date: Tue May 27 13:26:40 2008
Subject: OT: "Nolisting"
Message-ID: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>

Hi all
 
I have read that one way of blocking spam is to use a lowest priority MX
record that points to a host that doesn't respond to SMTP requests.  I've
seen this idea coined as "nolisting".
 
The idea is to block the many spammers who target the lowest priority MX,
eg, the one with priority 90 rather than 10 as a way of trying to circumvent
anti-spam measures.  If the MX with the lowest priority doesn't respond then
the spammer doesn't try the higher priority MX but just moves on to the next
victim.
 
Any thoughts on this idea?

Personally, I can see how it would block a percentage of spam but whether
that percentage is high enough to make it a worthwhile idea is open to
question.

Regards

Paul


________________________________________________
Message sent using UebiMiau 2.7.9


From alan at essex.ac.uk  Tue May 27 13:37:16 2008
From: alan at essex.ac.uk (Stanier, Alan M)
Date: Tue May 27 13:37:27 2008
Subject: "Nolisting"
In-Reply-To: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
Message-ID: <DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>

The last time I checked, it was blocking 84% of our spam.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul
Welsh
Sent: 27 May 2008 13:26
To: mailscanner@lists.mailscanner.info
Subject: OT: "Nolisting"

Hi all
 
I have read that one way of blocking spam is to use a lowest priority MX
record that points to a host that doesn't respond to SMTP requests.
I've seen this idea coined as "nolisting".
 
The idea is to block the many spammers who target the lowest priority
MX, eg, the one with priority 90 rather than 10 as a way of trying to
circumvent anti-spam measures.  If the MX with the lowest priority
doesn't respond then the spammer doesn't try the higher priority MX but
just moves on to the next victim.
 
Any thoughts on this idea?

Personally, I can see how it would block a percentage of spam but
whether that percentage is high enough to make it a worthwhile idea is
open to question.

Regards

Paul


________________________________________________
Message sent using UebiMiau 2.7.9


--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From campbell at cnpapers.com  Tue May 27 13:37:08 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May 27 13:37:42 2008
Subject: ClamAV 0.93 released
In-Reply-To: <483897C8.9050304@ecs.soton.ac.uk>
References: <7EF0EE5CB3B263488C8C18823239BEBA03771594@HC-MBX02.herefordshire.gov.uk>	<48039AA2.9050905@ecs.soton.ac.uk>	<5A3FEF92FC07F34B9EE30C0D1395716498E6E4@monarchs.dokkenengineering.com>	<48051021.5010909@ecs.soton.ac.uk>	<1208464860.2962.75.camel@morticia.pert.com.ar>	<48160C77.5070602@USherbrooke.ca>	<Pine.GSO.4.58.0805231155250.28623@arachne.dur.ac.uk>	<4836D23B.8070109@alexb.ch>
	<483897C8.9050304@ecs.soton.ac.uk>
Message-ID: <483C0074.1000508@cnpapers.com>


Julian Field wrote:
> I have just published a new beta of MailScanner including support for 
> Mail::ClamAV 0.22, which is now provided in my ClamAV+SpamAssassin 
> package. These two should work successfully as a pair, and I would 
> appreciate testers.
>
> Thanks!
> Jules.
>
> P.S. It's nice to be out in the big wide world again, I didn't go 
> outside the building for a week, now I just need to get my sleep cycle 
> back to normal. I am too used to sleeping in a hospital bed, and to 
> being awake at 6am (I normally was in the shower by 6:30am in hospital).
>
> The latest news seems to be that they may pass my case back to the 
> liver transplant team, and not do a small bowel transplant after all. 
> But possibilities currently include everything up to, and including, 
> replacing my stomach, duodenum, jejunum, ilium (small intestines, all 
> 26 feet of it), liver, pancreas and all the blood vessels that join 
> them all together. So just about anything is possible right now. 
> Within the next month or two, I should hear what (if any) other tests 
> they want to do, but my case will be discussed at a national level and 
> they all have to agree what is best for me to have done. That could 
> possibly take a few months, so I don't expect any quick news. I 
> managed a very nice chat with a guy from their chronic pain team, and 
> he had several new ideas for painkillers that the people in 
> Southampton had never considered, which was very useful. Southampton's 
> attitude seems to be that if a couple of Paracetomol (Tylenol) don't 
> handle it, then they don't really know much about what to do :-) It's 
> not quite as bad as that, but you get my drift :-) The Cambridge team 
> at Addenbrookes actually appreciate the problem of your body becoming 
> used to opiates and that you build up a tolerance to them, and had 
> some ideas for new drugs which I have only rarely been exposed to 
> before, such as Oramorph and Fentanyl.
>
> That's about the latest news, I'll keep you posted.
>
> Cheers,
> Jules.
>
> P.S. It's my list, and I'll top-post if I want to ;-)
>
>
> Alex Broens wrote:
>> On 5/23/2008 1:21 PM, David Lee wrote:
>>> On Mon, 28 Apr 2008, Denis Beauchemin wrote:
>>>
>>>> Leonardo Helman a ?crit :
>>>>> Hi I'm using clamavmodule
>>>>>
>>>>>
>>>>> I've made a patch for the Mail::ClamAV to compile (later I'll send it
>>>>> to the Mail::ClamAV mantainer)
>>>>>
>>>> Hello,
>>>>
>>>> Anything new on the official Mail::ClamAV module? I just looked and
>>>> version 0.21 still supports maxratio which have been removed from Clam
>>>> 0.93...
>>>>
>>>> Since there are known exploits for 0.92 I am beginning to feel the 
>>>> urge
>>>> to upgrade to 0.93...
>>>
>>> Scott Beck has released version 0.22 of Mail::ClamAV in the last few 
>>> days.
>>>
>>> Could I suggest that some of us with test facilities and with a little
>>> technical experience try the various combinations of the older and 
>>> newer
>>> versions of ClamAV and Mail::ClamAV and verify which combinations 
>>> work and
>>> fail?
>>>
>>>  1. Old+old:  We know that the combined earlier versions work.
>>>
>>>  2. New ClamAV + old Mail::ClamAV:  It has been reported that the new
>>>     ClamAV (0.93) breaks with older Mail::ClamAV (0.20/0.21).  Could
>>>     someone provide details of what this breakage is?  Is there a quick
>>>     recipe to reproduce the problem that ClamAV 0.93 had introduced?
>>>
>>>  3. New + new: Julian's Clam+SA package would ultimately be 
>>> new+new.  Can
>>>     we verify that this fixes any previously verified breakage?  
>>> Also that
>>>     it does not seem to introduce any new problems.
>>>
>>>  4. Old ClamAV + new Mail::ClamAV: There are inevitably sites which use
>>>     other sources (not Julian's package).  Can we check what happens 
>>> with
>>>     if someone were to upgrade their Mail::ClamAV module but leave the
>>>     main ClamAV software back on 0.92?  (Probably not too important, 
>>> but
>>>     it would be a nice data point to complete the set...)
>>>
>>> Given Julian's sadly enforced absence from work, I'm sure he would
>>> appreciate it if we can do this tabulation for him.
>>
>> Will try to test new Mail::ClamAV with ClamAV 0.93 and on several old 
>> versions of MS
>>
>>
>>
>
> Jules
>
Julian,

I think I may have mentioned this a while back, maybe not, but my wife 
has a condition the doctors refer to as Central Pain Syndrome which she 
acquired(?) after her stroke. The stroke destroyed most of her pain 
sections of her brain, and instead of a symmetrical paralysis on one 
side of her body, she has  symmetrical pain on the left side of her 
body. It's much like the phantom pains amputees have, though much worse. 
She is experiencing with her doctors something similar to what you 
describe with your pain doctors.

If you wouldn't mind dropping me a line off list once you find anything 
new, I'd certainly be appreciative, as most of her medications are now 
ineffective.

Thanks and hope things get better soon.

Steve Campbell (in West Virginia, USA)

From jaearick at colby.edu  Tue May 27 13:54:53 2008
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue May 27 13:55:14 2008
Subject: "Nolisting"
In-Reply-To: <DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
	<DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>
Message-ID: <alpine.LRH.1.10.0805270854130.12190@rh-colby0.colby.edu>

I do it the other way around.  Our high MX always responds with
"400 try again later" via smtptrapd.

Jeff Earickson
Colby College

On Tue, 27 May 2008, Stanier, Alan M wrote:

> Date: Tue, 27 May 2008 13:37:16 +0100
> From: "Stanier, Alan M" <alan@essex.ac.uk>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: RE: "Nolisting"
> 
> The last time I checked, it was blocking 84% of our spam.
>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul
> Welsh
> Sent: 27 May 2008 13:26
> To: mailscanner@lists.mailscanner.info
> Subject: OT: "Nolisting"
>
> Hi all
>
> I have read that one way of blocking spam is to use a lowest priority MX
> record that points to a host that doesn't respond to SMTP requests.
> I've seen this idea coined as "nolisting".
>
> The idea is to block the many spammers who target the lowest priority
> MX, eg, the one with priority 90 rather than 10 as a way of trying to
> circumvent anti-spam measures.  If the MX with the lowest priority
> doesn't respond then the spammer doesn't try the higher priority MX but
> just moves on to the next victim.
>
> Any thoughts on this idea?
>
> Personally, I can see how it would block a percentage of spam but
> whether that percentage is high enough to make it a worthwhile idea is
> open to question.
>
> Regards
>
> Paul
>
>
> ________________________________________________
> Message sent using UebiMiau 2.7.9
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From list-mailscanner at linguaphone.com  Tue May 27 13:51:55 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Tue May 27 14:17:46 2008
Subject: OT: "Nolisting"
In-Reply-To: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
Message-ID: <1211892715.24865.2.camel@gblades-suse.linguaphone-intranet.co.uk>

Its possible but there are still broken email servers out there which
only ever try sending mail to the first mx entry.

Greylisting is still a far better approach. Its also better in that
regular senders get their mail through a lot faster as it is
automatically accepted the first time. If you used the nolisting
approach all email will be delayed until the 1st connection times out.

On Tue, 2008-05-27 at 13:26, Paul Welsh wrote:
> Hi all
>  
> I have read that one way of blocking spam is to use a lowest priority MX
> record that points to a host that doesn't respond to SMTP requests.  I've
> seen this idea coined as "nolisting".
>  
> The idea is to block the many spammers who target the lowest priority MX,
> eg, the one with priority 90 rather than 10 as a way of trying to circumvent
> anti-spam measures.  If the MX with the lowest priority doesn't respond then
> the spammer doesn't try the higher priority MX but just moves on to the next
> victim.
>  
> Any thoughts on this idea?
> 
> Personally, I can see how it would block a percentage of spam but whether
> that percentage is high enough to make it a worthwhile idea is open to
> question.
> 
> Regards
> 
> Paul
> 
> 
> ________________________________________________
> Message sent using UebiMiau 2.7.9

From alex at nkpanama.com  Tue May 27 14:38:00 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Tue May 27 14:38:39 2008
Subject: OT: "Nolisting"
Message-ID: <200805271338.m4RDcUBG007252@safir.blacknight.ie>

I've seen this done with some domains and working very well. In fact,  
some people will set it up this way:

mydomain.com.	IN	MX	0	somethingthatdoesntrespondtoport25.mydomain.com.
mydomain.com.	IN	MX	10	mail1.mydomain.com.
mydomain.com.	IN	MX	20	mail2.mydomain.com.
mydomain.com.	IN	MX	30	somethingthatdoesntrespondtoport25.mydomain.com..

That way  you're covered on both ends.


On May 27, 2008, at 7:26 AM, Paul Welsh wrote:

> Hi all
>
> I have read that one way of blocking spam is to use a lowest  
> priority MX
> record that points to a host that doesn't respond to SMTP requests.   
> I've
> seen this idea coined as "nolisting".
>
> The idea is to block the many spammers who target the lowest  
> priority MX,
> eg, the one with priority 90 rather than 10 as a way of trying to  
> circumvent
> anti-spam measures.  If the MX with the lowest priority doesn't  
> respond then
> the spammer doesn't try the higher priority MX but just moves on to  
> the next
> victim.
>
> Any thoughts on this idea?
>
> Personally, I can see how it would block a percentage of spam but  
> whether
> that percentage is high enough to make it a worthwhile idea is open to
> question.
>
> Regards
>
> Paul
>
>
> ________________________________________________
> Message sent using UebiMiau 2.7.9
>
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Tue May 27 14:49:01 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Tue May 27 14:49:43 2008
Subject: "Nolisting"
In-Reply-To: <DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
	<DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>
Message-ID: <200805271349.m4RDnYsZ007733@safir.blacknight.ie>

Interesting approach. Do you do anything with the data you  
(potentially) collect?

On May 27, 2008, at 7:54 AM, Jeff A. Earickson wrote:

> I do it the other way around.  Our high MX always responds with
> "400 try again later" via smtptrapd.

From alex at nkpanama.com  Tue May 27 14:50:06 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Tue May 27 14:50:30 2008
Subject: OT: "Nolisting"
In-Reply-To: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
Message-ID: <200805271350.m4RDoL3W007822@safir.blacknight.ie>

You could use that other approach mentioned where you don't "not  
answer", you actually answer with a 400 error. Unfortunately some  
braindead implementations treat 400 error messages as rejects rather  
than delays.

On May 27, 2008, at 7:51 AM, Gareth wrote:

>  you used the nolisting
> approach all email will be delayed until the 1st connection times out.

From paul at welshfamily.com  Tue May 27 14:54:00 2008
From: paul at welshfamily.com (Paul Welsh)
Date: Tue May 27 14:54:22 2008
Subject: OT: "Nolisting"
Message-ID: <adb941252b9768c6620cbe2989a7254d@194.75.249.194>

OK, I got it wrong!  The site http://nolisting.org explains that it's the
Primary MX you use to reject SMTP.  This way, RFC compliant mail servers
will try the secondary - except for the spammers who ONLY target the
secondary, of course!


________________________________________________
Message sent using UebiMiau 2.7.9


From richard.frovarp at sendit.nodak.edu  Tue May 27 15:30:18 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Tue May 27 15:30:29 2008
Subject: OT: "Nolisting"
In-Reply-To: <200805271338.m4RDcUBG007252@safir.blacknight.ie>
References: <200805271338.m4RDcUBG007252@safir.blacknight.ie>
Message-ID: <483C1AFA.2090303@sendit.nodak.edu>

Alex Neuman wrote:
> I've seen this done with some domains and working very well. In fact, 
> some people will set it up this way:
>
> mydomain.com.    IN    MX    0    
> somethingthatdoesntrespondtoport25.mydomain.com.
> mydomain.com.    IN    MX    10    mail1.mydomain.com.
> mydomain.com.    IN    MX    20    mail2.mydomain.com.
> mydomain.com.    IN    MX    30    
> somethingthatdoesntrespondtoport25.mydomain.com..
>
> That way  you're covered on both ends.

We handle internal mail via our primary MX. We use iptables with 
tcp-reset to keep everyone else out. This prevents timeout delays from 
the connecting servers. When we implemented this, we did not see any 
drop in spam. We did notice that since internal mail was not competing 
against spam for resources, the delivery times were much improved.
From alex at nkpanama.com  Tue May 27 15:40:04 2008
From: alex at nkpanama.com (Alex Neuman)
Date: Tue May 27 15:40:38 2008
Subject: OT: "Nolisting"
In-Reply-To: <200805271338.m4RDcUBG007252@safir.blacknight.ie>
References: <200805271338.m4RDcUBG007252@safir.blacknight.ie>
Message-ID: <200805271440.m4REeSHE010558@safir.blacknight.ie>

How about trying to set up a third MX that points to the first?  
Everybody else would still be shut out by the iptables rules. Give  
that a shot! :D

On May 27, 2008, at 9:30 AM, Richard Frovarp wrote:

>
> We handle internal mail via our primary MX. We use iptables with tcp- 
> reset to keep everyone else out. This prevents timeout delays from  
> the connecting servers. When we implemented this, we did not see any  
> drop in spam. We did notice that since internal mail was not  
> competing against spam for resources, the delivery times were much  
> improved.
> -- 

From jaearick at colby.edu  Tue May 27 15:57:19 2008
From: jaearick at colby.edu (Jeff A. Earickson)
Date: Tue May 27 15:58:02 2008
Subject: "Nolisting"
In-Reply-To: <200805271349.m4RDnYsZ007733@safir.blacknight.ie>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
	<DCC3D3335E55CC44B3D36FE2EAB5CD80184330@sernt8.essex.ac.uk>
	<200805271349.m4RDnYsZ007733@safir.blacknight.ie>
Message-ID: <alpine.LRH.1.10.0805271055510.12190@rh-colby0.colby.edu>

I monitor it in my daily reports.  If I have somebody with a large
number of connections, I grep my syslogs on both the decoy and primary
MX to see what they are up to.  If it is an bvious spam engine, then
I block them on my primary MX and let them play with the "try again
later" high MX.

Jeff Earickson
Colby College

On Tue, 27 May 2008, Alex Neuman wrote:

> Date: Tue, 27 May 2008 08:49:01 -0500
> From: Alex Neuman <alex@nkpanama.com>
> Reply-To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> To: MailScanner discussion <mailscanner@lists.mailscanner.info>
> Subject: Re: "Nolisting"
> 
> Interesting approach. Do you do anything with the data you (potentially) 
> collect?
>
> On May 27, 2008, at 7:54 AM, Jeff A. Earickson wrote:
>
>> I do it the other way around.  Our high MX always responds with
>> "400 try again later" via smtptrapd.
>
> -- 
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From jplorier at montecarlotv.com.uy  Tue May 27 15:52:27 2008
From: jplorier at montecarlotv.com.uy (Juan Pablo Lorier)
Date: Tue May 27 15:58:28 2008
Subject: NOD32 antivirus
In-Reply-To: <200805271108.m4RB7MjE000730@safir.blacknight.ie>
Message-ID: <LD5D1F95EBD0A4d0f9EB9B52009111BB1.1211900272.mail2.CANAL4@MHS>

Thanks Adri, that's exactly what I hended.

Ing. Juan Pablo Lorier
Monte Carlo TV SA
Montevideo, Uruguay
+(598)2 9244444

From steve at fsl.com  Tue May 27 15:58:39 2008
From: steve at fsl.com (Stephen Swaney)
Date: Tue May 27 15:58:50 2008
Subject: Switched from clamavmodule to clamd
In-Reply-To: <483BFC17.5010204@gmail.com>
References: <389788.10282.qm@web33307.mail.mud.yahoo.com>
	<483BFC17.5010204@gmail.com>
Message-ID: <483C219F.3020403@fsl.com>

Ronny T. Lampert wrote:
>> In the MailScanner.conf:
>>
>> Virus Scanners = clamd
>> ClamAVmodule Maximum Compression Ratio = 1000
>> Clamd Port = 3310
>> Clamd Socket = /tmp/clamd.socket
>> Clamd Lock File = /var/lock/subsys/clamd
>
> You might have to adjust (obviously) the Socket and the Lock File.
> You get those from the clamd.conf file.
>
>> In the /etc/clamd.conf file:
>>
>> ScanMail no
>>
>> # With this option enabled ClamAV will try to detect
>> phishing attempts by using
>> # signatures.
>> # Default: yes
>> #PhishingSignatures yes
>>
>> # Scan URLs found in mails for phishing attempts using
>> heuristics.
>> # Default: yes
>> #PhishingScanURLs yes
>>
>> # Perform HTML normalisation and decryption of MS
>> Script Encoder code.
>> # Default: yes
>> #ScanHTML yes
>>
>> Do I need to turn off the defaults above as
>> MailScanner handles these or just leave things as is?
>
> This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
> MailScanner. You don't want to get overzealous or else too many false 
> positives creep up.
> Depending on your setup you might have to adjust the
>
> User clamav
>
> setting in clamd.conf because the clamav user per default is NOT able 
> to read the queue files for postfix (I run MailScanner as the postfix 
> user).
> Using "root" is a quick workaround, but dangerous (obviously).
>
> Also you want to set the following to match your CPUs
>
> clamd.conf:
>
> MaxThreads 16
>
>
> and in MailScanner.conf:
>
> Clamd Use Threads = yes
>
>
>> Also, does MailScanner handle the clam definition
>> updates automatically? or do I need to enable a
>> freshclam run? or cron freshclam?
>
> freshclam can be set (and usually is by default in 
> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to reload 
> the definitions.
> So, yes.
>
> Cheers,
> Ronny
>
You also probably want to add a keep-alive script for clamd. It doesn't 
fail often but I have seen it fail.

And you should make sure that the NotifyClamd option is set in 
freshclam.conf.

    # Send the RELOAD command to clamd.
    # Default: no
    NotifyClamd /path/to/clamd.conf

Alternately you may want to disable the freshclam cron updates and run 
freshclam in daemon mode:

    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24

This will check every hour and notify clamd if an update occurs.

Best regards,

Steve

Steve Swaney
steve@fsl.com

www.fsl.com

>
>
>

From ssilva at sgvwater.com  Tue May 27 16:19:16 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 27 16:19:47 2008
Subject: Help with spamassassin+mailscanner
In-Reply-To: <6a7195cc0805270359y58235470u1a8f1cb4f732a269@mail.gmail.com>
References: <6a7195cc0805270359y58235470u1a8f1cb4f732a269@mail.gmail.com>
Message-ID: <g1h8pl$rf5$1@ger.gmane.org>

Comments are inline ...

> Dear all,
> I am just a beginner to postfix,spamassassin,Mailscanner and
> mailwatch.  I recently installed a mail server with the following and
> is working fine except for one problem that mailscanner+spamassassin
> combination is not detecting mails with SA Score lower than the
> Required Spamassassin score ( I use 3) as spam though they are
> definitely spam. The mailscanner+spamassassin combination tags mails
> with SA score greater than the Required Spamassassin score as spam.
> 
> postfix.2.3.2-28
> Spamassassin.3.1.6-15
> MailScanner 4.58.9
All older versions of the software. It might be adding to your problems.
> 
> I have been reading different posts on mailscanner and about
> spamassassin to understand why low scoring mails are not detected as
> spam by mailscanner+spamassassin.
> 
> The following are the things I could find out .
> 
> 1.  The headers of mails does not contain "autolearn=spam" in the mail
> header and rest of the fields are there. (See below)
> 
> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09,
> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00,
> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12,
> INFO_TLD 1.27)
> 
> 2.  the /root/.spamassassin folder does not contain any bayes related database.
When running with postfix, MailScanner runs as postfix and cannot access the 
/root directory. Maybe you missed some steps in the postfix howtos.
http://www.mailscanner.info/postfix.html and
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation
You need the bayes directory somewhere that the postfix user can access.

Maybe Glenn will chime in here.


> 
> 3.  I could not see anything in /var/log/mail which says mailscanner
> is checking the Spam Lists.
> 
> ***********************************************
> When I tried to test the spamassassin configuration with "spamassassin
> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please
> rerun with debug enabled for more information"
> 
> Please see the result below. :
> 
> ---------------------------------------------------------------------------------------------
> mail:/etc/MailScanner # spamassassin -D --lint
> 
> [4882] dbg: logger: adding facilities: all
> [4882] dbg: logger: logging level is DBG
> [4882] dbg: generic: SpamAssassin version 3.1.6
> [4882] dbg: config: score set 0 chosen.
> [4882] dbg: util: running in taint mode? yes
> [4882] dbg: util: taint mode: deleting unsafe environment variables,
> resetting PATH
> [4882] dbg: util: PATH included '/sbin', keeping
> [4882] dbg: util: PATH included '/usr/sbin', keeping
> [4882] dbg: util: PATH included '/usr/local/sbin', keeping
> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping
> [4882] dbg: util: PATH included '/root/bin', keeping
> [4882] dbg: util: PATH included '/usr/local/bin', keeping
> [4882] dbg: util: PATH included '/usr/bin', keeping
> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping
> [4882] dbg: util: PATH included '/bin', keeping
> [4882] dbg: util: PATH included '/usr/games', keeping
> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping
> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping
> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping
> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
> [4882] dbg: util: final PATH set to:
> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
> [4882] dbg: message: ---- MIME PARSER START ----
> [4882] dbg: message: main message type: text/plain
> [4882] dbg: message: parsing normal part
> [4882] dbg: message: added part, type: text/plain
> [4882] dbg: message: ---- MIME PARSER END ----
> [4882] dbg: dns: is Net::DNS::Resolver available? yes
> [4882] dbg: dns: Net::DNS version: 0.59
> [4882] dbg: diag: perl platform: 5.008008 linux
> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11
> [4882] dbg: diag: module installed: HTML::Parser, version 3.55
> [4882] dbg: diag: module installed: MIME::Base64, version 3.07
> [4882] dbg: diag: module installed: DB_File, version 1.814
> [4882] dbg: diag: module installed: Net::DNS, version 0.59
> [4882] dbg: diag: module installed: Net::SMTP, version 2.29
> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
> [4882] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)
> [4882] dbg: diag: module not installed: Net::Ident ('require' failed)
> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
> [4882] dbg: diag: module installed: Time::HiRes, version 1.86
> [4882] dbg: diag: module installed: DBI, version 1.52
> [4882] dbg: diag: module installed: Getopt::Long, version 2.35
> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033
> [4882] dbg: diag: module installed: HTTP::Date, version 1.47
> [4882] dbg: diag: module installed: Archive::Tar, version 1.30
> [4882] dbg: diag: module installed: IO::Zlib, version 1.04
> [4882] dbg: ignore: using a test message to lint rules
> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre
> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre
> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre
> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir
> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf
> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> [4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
> [4882] dbg: pyzor: local tests only, disabling Pyzor
> [4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
> [4882] dbg: razor2: local tests only, skipping Razor
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
> [4882] dbg: reporter: local tests only, disabling SpamCop
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
> [4882] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8)
> [4882] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c)
> [4882] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844)
> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
> [4882] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac)
> [4882] dbg: config: adding redirector regex:
> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
> [4882] dbg: config: adding redirector regex:
> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
> [4882] dbg: config: adding redirector regex:
> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
> [4882] dbg: config: adding redirector regex:
> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
> [4882] dbg: config: adding redirector regex:
> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
> [4882] dbg: config: adding redirector regex:
> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
> [4882] dbg: config: adding redirector regex:
> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
> [4882] dbg: config: adding redirector regex:
> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
> [4882] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
> [4882] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
> [4882] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
> [4882] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
> [4882] warn: config: SpamAssassin failed to parse line,
> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
> /usr/bin/pyzor
> [4882] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements
> 'finish_parsing_end'
> [4882] dbg: replacetags: replacing tags
> [4882] dbg: replacetags: done replacing tags
> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks

Here is your error. Mailscanner running as postfix cannot access /root 
directory. You need to set a bayes path somewhere that postfix has access, and 
then you will need to do some training.

> [4882] dbg: config: score set 0 chosen.
> [4882] dbg: message: ---- MIME PARSER START ----
> [4882] dbg: message: main message type: text/plain
> [4882] dbg: message: parsing normal part
> [4882] dbg: message: added part, type: text/plain
> [4882] dbg: message: ---- MIME PARSER END ----
> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> [4882] dbg: dns: is DNS available? 0
> [4882] dbg: metadata: X-Spam-Relays-Trusted:
> [4882] dbg: metadata: X-Spam-Relays-Untrusted:
> [4882] dbg: metadata: X-Spam-Relays-Internal:
> [4882] dbg: metadata: X-Spam-Relays-External:
> [4882] dbg: message: no encoding detected
> [4882] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
> 'parsed_metadata'
> [4882] dbg: rules: local tests only, ignoring RBL eval
> [4882] dbg: check: running tests for priority: 0
> [4882] dbg: rules: running header regexp tests; score so far=0
> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
> "1211883990"
> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
> "<1211883990@lint_rules>
> [4882] dbg: rules: "
> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
> "@lint_rules>"
> [4882] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org
> [4882] dbg: eval: all '*To' addrs:
> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit
> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
> [4882] dbg: rules: running body-text per-line regexp tests; score so far=-0.001
> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
> [4882] dbg: uri: running uri tests; score so far=-0.001
> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> [4882] dbg: bayes: not scoring message, returning undef
> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable
> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=-0.001
> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001
> [4882] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
> 'check_tick'
> [4882] dbg: check: running tests for priority: 500
> [4882] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
> 'check_post_dnsbl'
> [4882] dbg: rules: running meta tests; score so far=-0.001
> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
> 'DCC_CHECK'
> [4882] dbg: rules: running header regexp tests; score so far=1.866
> [4882] dbg: rules: running body-text per-line regexp tests; score so far=1.866
> [4882] dbg: uri: running uri tests; score so far=1.866
> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=1.866
> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
> [4882] dbg: check: running tests for priority: 1000
> [4882] dbg: rules: running meta tests; score so far=1.866
> [4882] dbg: rules: running header regexp tests; score so far=1.866
> [4882] dbg: rules: running body-text per-line regexp tests; score so far=1.866
> [4882] dbg: uri: running uri tests; score so far=1.866
> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=1.866
> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
> [4882] dbg: check: is spam? score=1.866 required=5
> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
> [4882] dbg: check:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
> [4882] warn: lint: 1 issues detected, please rerun with debug enabled
> for more information
> 
> ------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> Is the warning because of
> 
> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
> [4882] warn: config: SpamAssassin failed to parse line,
> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
> /usr/bin/pyzor
> 
> and can I ignore it?? ( I dont have pyzor installed. Is it a must to
> have pyzor installed??)
Either install pyzor, or disable the plugin line that tries to load it.
Look in all your .pre files in /etc/mail/spamassassin
> 
> *******************************************************************************************************************
> 
> 
> When I tried sa-learn --dump magic -D, I got the following error :
> 
> ERROR: Bayes dump returned an error, please re-run with -D for more information

Again, no bayes db to dump.
> 
> 
> -----------------------------------------------------------------------------------------
> mail:/etc/mail/spamassassin # sa-learn --dump magic -D
> [2675] dbg: logger: adding facilities: all
> [2675] dbg: logger: logging level is DBG
> [2675] dbg: generic: SpamAssassin version 3.1.6
> [2675] dbg: config: score set 0 chosen.
> [2675] dbg: util: running in taint mode? yes
> [2675] dbg: util: taint mode: deleting unsafe environment variables,
> resetting PATH
> [2675] dbg: util: PATH included '/sbin', keeping
> [2675] dbg: util: PATH included '/usr/sbin', keeping
> [2675] dbg: util: PATH included '/usr/local/sbin', keeping
> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping
> [2675] dbg: util: PATH included '/root/bin', keeping
> [2675] dbg: util: PATH included '/usr/local/bin', keeping
> [2675] dbg: util: PATH included '/usr/bin', keeping
> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping
> [2675] dbg: util: PATH included '/bin', keeping
> [2675] dbg: util: PATH included '/usr/games', keeping
> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping
> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping
> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping
> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
> [2675] dbg: util: final PATH set to:
> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
> [2675] dbg: message: ---- MIME PARSER START ----
> [2675] dbg: message: main message type: text/plain
> [2675] dbg: message: parsing normal part
> [2675] dbg: message: added part, type: text/plain
> [2675] dbg: message: ---- MIME PARSER END ----
> [2675] dbg: dns: is Net::DNS::Resolver available? yes
> [2675] dbg: dns: Net::DNS version: 0.59
> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre
> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre
> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre
> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir
> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf
> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf
> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> [2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
> [2675] dbg: pyzor: network tests on, attempting Pyzor
> [2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
> [2675] dbg: razor2: razor2 is not available
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
> [2675] dbg: reporter: network tests on, attempting SpamCop
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
> [2675] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0)
> [2675] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14)
> [2675] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8)
> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
> [2675] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8)
> [2675] dbg: config: adding redirector regex:
> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
> [2675] dbg: config: adding redirector regex:
> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
> [2675] dbg: config: adding redirector regex:
> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
> [2675] dbg: config: adding redirector regex:
> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
> [2675] dbg: config: adding redirector regex:
> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
> [2675] dbg: config: adding redirector regex:
> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
> [2675] dbg: config: adding redirector regex:
> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
> [2675] dbg: config: adding redirector regex:
> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
> [2675] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
> [2675] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
> [2675] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
> [2675] dbg: config: adding redirector regex:
> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
> [2675] info: config: SpamAssassin failed to parse line,
> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
> /usr/bin/pyzor
> [2675] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements
> 'finish_parsing_end'
> [2675] dbg: replacetags: replacing tags
> [2675] dbg: replacetags: done replacing tags
> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> [2675] dbg: config: score set 1 chosen.
> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> ERROR: Bayes dump returned an error, please re-run with -D for more information
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> -->   Am I getting this error because there are no bayes related files
> in the /root/.spamassassin directory?? (its empty now)
> 
> -->  If yes, should I use the following command to create them??
> 
>               # sa-learn --showdots --spam
> /home/<username>/Maildir/cur       (this is my inbox)
> 
> 
>                # sa-learn --showdots --ham /home/Maildir/.spam/cur
>             (this is where i filter all my {spam?} tagged mails)
> 
> 
> ---> After this if i restart spamassassin, will
> spamassassin+mailscanner start doing the bayes autolearn and check the
> lists specified in Spam Lists option of the mailscanner?  If not, what
> should I do to get my spamassassin+mailscanner start doing the bayes
> autolearn and check the lists specified in Spam Lists option of the
> mailscanner?
> 
> 
> Hope someone would be kind enough to help me.
> 
> Expecting an early reply
> 
> sincerely yours


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080527/a93c36ee/signature.bin
From ssilva at sgvwater.com  Tue May 27 16:23:42 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 27 16:24:58 2008
Subject: OT: "Nolisting"
In-Reply-To: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
Message-ID: <g1h91u$rf5$2@ger.gmane.org>

on 5-27-2008 5:26 AM Paul Welsh spake the following:
> Hi all
>  
> I have read that one way of blocking spam is to use a lowest priority MX
> record that points to a host that doesn't respond to SMTP requests.  I've
> seen this idea coined as "nolisting".
>  
> The idea is to block the many spammers who target the lowest priority MX,
> eg, the one with priority 90 rather than 10 as a way of trying to circumvent
> anti-spam measures.  If the MX with the lowest priority doesn't respond then
> the spammer doesn't try the higher priority MX but just moves on to the next
> victim.
>  
> Any thoughts on this idea?
> 
> Personally, I can see how it would block a percentage of spam but whether
> that percentage is high enough to make it a worthwhile idea is open to
> question.
> 
> Regards
> 
> Paul
> 
> 
> ________________________________________________
> Message sent using UebiMiau 2.7.9
> 
> 
There is even a service that will host your tarpit for you.
http://www.fakemx.org/


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080527/fe3500c2/signature.bin
From spamlists at coders.co.uk  Tue May 27 16:40:58 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Tue May 27 16:41:37 2008
Subject: OT: "Nolisting"
In-Reply-To: <g1h91u$rf5$2@ger.gmane.org>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
	<g1h91u$rf5$2@ger.gmane.org>
Message-ID: <483C2B8A.5020507@coders.co.uk>

Scott Silva wrote:
>
> There is even a service that will host your tarpit for you.
> http://www.fakemx.org/
There is also a very active discussion on the SpamAssassin list at the 
moment regarding the very same thing...

http://www.gossamer-threads.com/lists/spamassassin/users/120559
>
>
>

From johnnyb at marlboro.edu  Tue May 27 20:59:50 2008
From: johnnyb at marlboro.edu (John Baker)
Date: Tue May 27 20:57:13 2008
Subject: users who get more than there share of spam
Message-ID: <483C6836.4040906@marlboro.edu>

Hi all,

I wondered if any of the experts on the list had any suggestions for 
this problem.

I have a few users who gave their name to the wrong website and get way 
more than there share of spam.  I've been trying to figure out a way to 
bring those numbers down for them.

Most of the spam coming through to us either doesn't make it past the 
geylist or gets marked  by the Mailscanner process and then sent to a 
junk folder by procmail upon delivery. These folks get hundreds in the 
junk mail folder every day and hundreds per week that slip through the 
process. It makes their mail unmanageable particularly as we are in an 
area where many of them still have to retrieve their mail with a 28k 
dialup connection when they are at home.

At this point it seems as though improving the spam marking process for 
us would involve spending money on external services that we don't have 
to spend and it is working well enough for the average user. Would 
anybody have any suggestions on how to help users who get caught up in 
this sort of thing short of giving them a new address and bouncing 
everything to the old one?

Thanks
-- 
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
From MailScanner at ecs.soton.ac.uk  Tue May 27 21:11:17 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 27 21:11:36 2008
Subject: Switched from clamavmodule to clamd
In-Reply-To: <483C219F.3020403@fsl.com>
References: <389788.10282.qm@web33307.mail.mud.yahoo.com>	<483BFC17.5010204@gmail.com>
	<483C219F.3020403@fsl.com>
Message-ID: <483C6AE5.6050505@ecs.soton.ac.uk>

Ooh, can someone add this to the Wiki please?

Thanks!
Jules.

Stephen Swaney wrote:
> Ronny T. Lampert wrote:
>>> In the MailScanner.conf:
>>>
>>> Virus Scanners = clamd
>>> ClamAVmodule Maximum Compression Ratio = 1000
>>> Clamd Port = 3310
>>> Clamd Socket = /tmp/clamd.socket
>>> Clamd Lock File = /var/lock/subsys/clamd
>>
>> You might have to adjust (obviously) the Socket and the Lock File.
>> You get those from the clamd.conf file.
>>
>>> In the /etc/clamd.conf file:
>>>
>>> ScanMail no
>>>
>>> # With this option enabled ClamAV will try to detect
>>> phishing attempts by using
>>> # signatures.
>>> # Default: yes
>>> #PhishingSignatures yes
>>>
>>> # Scan URLs found in mails for phishing attempts using
>>> heuristics.
>>> # Default: yes
>>> #PhishingScanURLs yes
>>>
>>> # Perform HTML normalisation and decryption of MS
>>> Script Encoder code.
>>> # Default: yes
>>> #ScanHTML yes
>>>
>>> Do I need to turn off the defaults above as
>>> MailScanner handles these or just leave things as is?
>>
>> This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
>> MailScanner. You don't want to get overzealous or else too many false 
>> positives creep up.
>> Depending on your setup you might have to adjust the
>>
>> User clamav
>>
>> setting in clamd.conf because the clamav user per default is NOT able 
>> to read the queue files for postfix (I run MailScanner as the postfix 
>> user).
>> Using "root" is a quick workaround, but dangerous (obviously).
>>
>> Also you want to set the following to match your CPUs
>>
>> clamd.conf:
>>
>> MaxThreads 16
>>
>>
>> and in MailScanner.conf:
>>
>> Clamd Use Threads = yes
>>
>>
>>> Also, does MailScanner handle the clam definition
>>> updates automatically? or do I need to enable a
>>> freshclam run? or cron freshclam?
>>
>> freshclam can be set (and usually is by default in 
>> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to 
>> reload the definitions.
>> So, yes.
>>
>> Cheers,
>> Ronny
>>
> You also probably want to add a keep-alive script for clamd. It 
> doesn't fail often but I have seen it fail.
>
> And you should make sure that the NotifyClamd option is set in 
> freshclam.conf.
>
>    # Send the RELOAD command to clamd.
>    # Default: no
>    NotifyClamd /path/to/clamd.conf
>
> Alternately you may want to disable the freshclam cron updates and run 
> freshclam in daemon mode:
>
>    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24
>
> This will check every hour and notify clamd if an update occurs.
>
> Best regards,
>
> Steve
>
> Steve Swaney
> steve@fsl.com
>
> www.fsl.com
>
>>
>>
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Tue May 27 21:13:30 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 27 21:16:15 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6836.4040906@marlboro.edu>
References: <483C6836.4040906@marlboro.edu>
Message-ID: <483C6B6A.2080706@ecs.soton.ac.uk>

Can you afford a copy of BarricadeMX to run on your mail server in 
addition to MailScanner?

It will pay for itself very quickly in all the hardware that you won't 
need to replace the next time around, as the load on the system will 
drop like a stone. And you can probably throw out half your MX servers 
too, and use the boxes for some other better purpose than processing 
spam. An average site redeploys half their MX servers in other roles 
after installing BarricadeMX on the other half.

That's my best advice for this problem, right now.

Jules.

John Baker wrote:
> Hi all,
>
> I wondered if any of the experts on the list had any suggestions for 
> this problem.
>
> I have a few users who gave their name to the wrong website and get 
> way more than there share of spam.  I've been trying to figure out a 
> way to bring those numbers down for them.
>
> Most of the spam coming through to us either doesn't make it past the 
> geylist or gets marked  by the Mailscanner process and then sent to a 
> junk folder by procmail upon delivery. These folks get hundreds in the 
> junk mail folder every day and hundreds per week that slip through the 
> process. It makes their mail unmanageable particularly as we are in an 
> area where many of them still have to retrieve their mail with a 28k 
> dialup connection when they are at home.
>
> At this point it seems as though improving the spam marking process 
> for us would involve spending money on external services that we don't 
> have to spend and it is working well enough for the average user. 
> Would anybody have any suggestions on how to help users who get caught 
> up in this sort of thing short of giving them a new address and 
> bouncing everything to the old one?
>
> Thanks

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From mkercher at nfsmith.com  Tue May 27 21:22:39 2008
From: mkercher at nfsmith.com (Mike Kercher)
Date: Tue May 27 21:23:08 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6836.4040906@marlboro.edu>
References: <483C6836.4040906@marlboro.edu>
Message-ID: <224FA7E11EA39E45843E11CEBBD3A36FAE3044@HOUPEX01.nfsmith.info>

I've lowered the spam score for users that did this before.  It helps if
you can figure out that magic number for them.

Mike
 

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of John
Baker
Sent: Tuesday, May 27, 2008 3:00 PM
To: mailscanner@lists.mailscanner.info
Subject: users who get more than there share of spam

Hi all,

I wondered if any of the experts on the list had any suggestions for
this problem.

I have a few users who gave their name to the wrong website and get way
more than there share of spam.  I've been trying to figure out a way to
bring those numbers down for them.

Most of the spam coming through to us either doesn't make it past the
geylist or gets marked  by the Mailscanner process and then sent to a
junk folder by procmail upon delivery. These folks get hundreds in the
junk mail folder every day and hundreds per week that slip through the
process. It makes their mail unmanageable particularly as we are in an
area where many of them still have to retrieve their mail with a 28k
dialup connection when they are at home.

At this point it seems as though improving the spam marking process for
us would involve spending money on external services that we don't have
to spend and it is working well enough for the average user. Would
anybody have any suggestions on how to help users who get caught up in
this sort of thing short of giving them a new address and bouncing
everything to the old one?

Thanks
--
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
From uxbod at splatnix.net  Tue May 27 21:59:17 2008
From: uxbod at splatnix.net (--[ UxBoD ]--)
Date: Tue May 27 21:59:36 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6B6A.2080706@ecs.soton.ac.uk>
Message-ID: <14519548.1851211921957830.JavaMail.root@office.splatnix.net>

I would look at BarricadeMX Jules if they replied to me! I appreciate I have asked a few times, as the licensing model is not correct IMHO, but I would like to integrate it with Zimbra.  I know others would like to look at this aswell.

Regards,

-- 
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: uxbod@sip.splatnix.net

----- "Julian Field" <MailScanner@ecs.soton.ac.uk> wrote:

> Can you afford a copy of BarricadeMX to run on your mail server in 
> addition to MailScanner?
> 
> It will pay for itself very quickly in all the hardware that you won't
> 
> need to replace the next time around, as the load on the system will 
> drop like a stone. And you can probably throw out half your MX servers
> 
> too, and use the boxes for some other better purpose than processing 
> spam. An average site redeploys half their MX servers in other roles 
> after installing BarricadeMX on the other half.
> 
> That's my best advice for this problem, right now.
> 
> Jules.
> 
> John Baker wrote:

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From ka at pacific.net  Tue May 27 22:03:03 2008
From: ka at pacific.net (Ken A)
Date: Tue May 27 22:03:03 2008
Subject: OT: "Nolisting"
In-Reply-To: <483C2B8A.5020507@coders.co.uk>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>	<g1h91u$rf5$2@ger.gmane.org>
	<483C2B8A.5020507@coders.co.uk>
Message-ID: <483C7707.8000505@pacific.net>

Matt Hampton wrote:
> Scott Silva wrote:
>>
>> There is even a service that will host your tarpit for you.
>> http://www.fakemx.org/
> There is also a very active discussion on the SpamAssassin list at the 
> moment regarding the very same thing...
> 
> http://www.gossamer-threads.com/lists/spamassassin/users/120559
>>

yep. And see this one too:
http://securepoint.com/lists/html/Qmail/2006-11/msg00145.html

The point being that you can do this, but be careful HOW you do it, 
since some mtas (some qmail servers) will not try the next highest mx if 
you allow the smtp connection to begin on the lowest mx, then issue a 
4xx error.

Ken


>>
>>
> 


-- 
Ken Anderson
Pacific.Net
From steve at fsl.com  Tue May 27 22:09:08 2008
From: steve at fsl.com (Stephen Swaney)
Date: Tue May 27 22:09:19 2008
Subject: users who get more than there share of spam
In-Reply-To: <14519548.1851211921957830.JavaMail.root@office.splatnix.net>
References: <14519548.1851211921957830.JavaMail.root@office.splatnix.net>
Message-ID: <483C7874.9030200@fsl.com>

--[ UxBoD ]-- wrote:
> I would look at BarricadeMX Jules if they replied to me! I appreciate I have asked a few times, as the licensing model is not correct IMHO, but I would like to integrate it with Zimbra.  I know others would like to look at this aswell.
>
> Regards,
>
>   
I apologize. There should be no problem integrating with any MTA. Please 
email me off list and I'll set you you with whatever you need.

Sorry for the delay,

Steve

Steve Swaney
steve@fsl.com
Cell: 202 352.3262
Office:  202 595.7760, ext 601
www.fsl.com
From ssilva at sgvwater.com  Tue May 27 22:10:51 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 27 22:11:16 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6836.4040906@marlboro.edu>
References: <483C6836.4040906@marlboro.edu>
Message-ID: <g1htcu$c24$1@ger.gmane.org>

on 5-27-2008 12:59 PM John Baker spake the following:
> Hi all,
> 
> I wondered if any of the experts on the list had any suggestions for 
> this problem.
> 
> I have a few users who gave their name to the wrong website and get way 
> more than there share of spam.  I've been trying to figure out a way to 
> bring those numbers down for them.
> 
> Most of the spam coming through to us either doesn't make it past the 
> geylist or gets marked  by the Mailscanner process and then sent to a 
> junk folder by procmail upon delivery. These folks get hundreds in the 
> junk mail folder every day and hundreds per week that slip through the 
> process. It makes their mail unmanageable particularly as we are in an 
> area where many of them still have to retrieve their mail with a 28k 
> dialup connection when they are at home.
> 
> At this point it seems as though improving the spam marking process for 
> us would involve spending money on external services that we don't have 
> to spend and it is working well enough for the average user. Would 
> anybody have any suggestions on how to help users who get caught up in 
> this sort of thing short of giving them a new address and bouncing 
> everything to the old one?
> 
> Thanks
What are you using for options to spamassassin?
Any digests like razor or pyzor?
Any other rules like kam or some of the sare rules?
Blacklists?

If you can post links to a couple COMPLETE mail files, either from queue files 
or quarantined, others here will run them through our systems and post the 
results we get.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080527/0c92ba15/signature.bin
From ssilva at sgvwater.com  Tue May 27 22:21:30 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 27 22:21:54 2008
Subject: OT: "Nolisting"
In-Reply-To: <483C7707.8000505@pacific.net>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>	<g1h91u$rf5$2@ger.gmane.org>	<483C2B8A.5020507@coders.co.uk>
	<483C7707.8000505@pacific.net>
Message-ID: <g1hu0q$dlk$1@ger.gmane.org>

on 5-27-2008 2:03 PM Ken A spake the following:
> Matt Hampton wrote:
>> Scott Silva wrote:
>>>
>>> There is even a service that will host your tarpit for you.
>>> http://www.fakemx.org/
>> There is also a very active discussion on the SpamAssassin list at the 
>> moment regarding the very same thing...
>>
>> http://www.gossamer-threads.com/lists/spamassassin/users/120559
>>>
> 
> yep. And see this one too:
> http://securepoint.com/lists/html/Qmail/2006-11/msg00145.html
> 
> The point being that you can do this, but be careful HOW you do it, 
> since some mtas (some qmail servers) will not try the next highest mx if 
> you allow the smtp connection to begin on the lowest mx, then issue a 
> 4xx error.
> 
> Ken
> 
I just resisted a Qmail bash. Another 30 day chip from Qmail Haters Anonymous! 
  ;-P


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080527/ff6ad8d8/signature.bin
From MailScanner at ecs.soton.ac.uk  Tue May 27 21:09:34 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 27 22:29:22 2008
Subject: Switched from clamavmodule to clamd
In-Reply-To: <483C219F.3020403@fsl.com>
References: <389788.10282.qm@web33307.mail.mud.yahoo.com>	<483BFC17.5010204@gmail.com>
	<483C219F.3020403@fsl.com>
Message-ID: <483C6A7E.5050308@ecs.soton.ac.uk>

Ooh, can someone add this to the Wiki please?

Thanks!
Jules.

Stephen Swaney wrote:
> Ronny T. Lampert wrote:
>>> In the MailScanner.conf:
>>>
>>> Virus Scanners = clamd
>>> ClamAVmodule Maximum Compression Ratio = 1000
>>> Clamd Port = 3310
>>> Clamd Socket = /tmp/clamd.socket
>>> Clamd Lock File = /var/lock/subsys/clamd
>>
>> You might have to adjust (obviously) the Socket and the Lock File.
>> You get those from the clamd.conf file.
>>
>>> In the /etc/clamd.conf file:
>>>
>>> ScanMail no
>>>
>>> # With this option enabled ClamAV will try to detect
>>> phishing attempts by using
>>> # signatures.
>>> # Default: yes
>>> #PhishingSignatures yes
>>>
>>> # Scan URLs found in mails for phishing attempts using
>>> heuristics.
>>> # Default: yes
>>> #PhishingScanURLs yes
>>>
>>> # Perform HTML normalisation and decryption of MS
>>> Script Encoder code.
>>> # Default: yes
>>> #ScanHTML yes
>>>
>>> Do I need to turn off the defaults above as
>>> MailScanner handles these or just leave things as is?
>>
>> This should be OK. The fancy stuff (HTML, Phishing etc) is done by 
>> MailScanner. You don't want to get overzealous or else too many false 
>> positives creep up.
>> Depending on your setup you might have to adjust the
>>
>> User clamav
>>
>> setting in clamd.conf because the clamav user per default is NOT able 
>> to read the queue files for postfix (I run MailScanner as the postfix 
>> user).
>> Using "root" is a quick workaround, but dangerous (obviously).
>>
>> Also you want to set the following to match your CPUs
>>
>> clamd.conf:
>>
>> MaxThreads 16
>>
>>
>> and in MailScanner.conf:
>>
>> Clamd Use Threads = yes
>>
>>
>>> Also, does MailScanner handle the clam definition
>>> updates automatically? or do I need to enable a
>>> freshclam run? or cron freshclam?
>>
>> freshclam can be set (and usually is by default in 
>> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to 
>> reload the definitions.
>> So, yes.
>>
>> Cheers,
>> Ronny
>>
> You also probably want to add a keep-alive script for clamd. It 
> doesn't fail often but I have seen it fail.
>
> And you should make sure that the NotifyClamd option is set in 
> freshclam.conf.
>
>    # Send the RELOAD command to clamd.
>    # Default: no
>    NotifyClamd /path/to/clamd.conf
>
> Alternately you may want to disable the freshclam cron updates and run 
> freshclam in daemon mode:
>
>    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24
>
> This will check every hour and notify clamd if an update occurs.
>
> Best regards,
>
> Steve
>
> Steve Swaney
> steve@fsl.com
>
> www.fsl.com
>
>>
>>
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From steve at fsl.com  Tue May 27 22:30:38 2008
From: steve at fsl.com (Stephen Swaney)
Date: Tue May 27 22:30:48 2008
Subject: Mailscanner watermarks and compatibility with other systems
In-Reply-To: <g17ddc$r9g$1@ger.gmane.org>
References: <EMEW-k4MHD222b44601afbd20a7b00f419d9937d86b-09F23668E315FD4597C13D73E5123ADF05A8AE@SCTSBS.sct.dk>	<EMEW-k4MIkR022e725fb928972d8fcf55c3bcc7c071-5F9EB2B0731E5B4D88FC20780DFD161029CDBB@DE-SEXB01RZ.intern.seceidos.de>	<02d201c8bcfd$419c9df0$c4d5d9d0$@dk>
	<g17ddc$r9g$1@ger.gmane.org>
Message-ID: <483C7D7E.6000303@fsl.com>

Scott Silva wrote:
> on 5-23-2008 10:48 AM Jonas A. Larsen spake the following:
>> Mmmm not sure which part you are confused about? We do not send 
>> outgoing mail through our Mailscanner cluster (and do not want to)
>>
>>  
>>
>> Our exchange servers send outgoing mail directly to the receiving 
>> smtp server. There for Im not sure how milter-ahead or BarricadeMX 
>> has relevance?
>>
>>  
>>
>> Im looking for something for exchange to support watermarking 
>> natively in exchange, as I wrote, a plugin or similar that makes 
>> exchange possible to watermark stamp outgoing mail with watermarks MS 
>> can process.
>>
>>  
>>
>> Hope that clears it up.
>>
>>  
> You unwillingness to relay your outgoing mail through mailscanner will 
> probably limit your choices.
> If you must do it your way, you might have to write something 
> yourself. Unix/linux and windows are different in enough ways to make 
> it very difficult.
>
We are about to release BarricadeMX for Microsoft / Exchange servers. 
This will permit an Exchange server (2003 or 2007) to share the 
watermarking secrets with an incoming MailScanner gateway running 
BarricadeMX. This will allow the Exchange server to add the watermarking 
secret to mail sent out directly from the Exchange server.

Since BarricadeMX can be configured to work as a simple solution which 
calls SpamAssassin and ClamAV on mail that is accepted for delivery, 
this can provide simple but effective anti-spam / anti-virus with a web 
interface for Microsoft admins :)

BTW we'll be looking for Beta users for BarricadeMX on Exchange. Please 
email me off list if you are interested. We'll only have a limited 
number of betas so first come, first served.

Best regards,

Steve

Steve Swaney
steve@fsl.com
Cell: 202 352.3262
Office:  202 595.7760, ext 601
www.fsl.com
From gordon at itnt.co.za  Tue May 27 22:31:11 2008
From: gordon at itnt.co.za (Gordon Colyn)
Date: Tue May 27 22:31:28 2008
Subject: Switched from clamavmodule to clamd
References: <389788.10282.qm@web33307.mail.mud.yahoo.com>	<483BFC17.5010204@gmail.com><483C219F.3020403@fsl.com>
	<483C6AE5.6050505@ecs.soton.ac.uk>
Message-ID: <0BF29D6BEA2D44B390975CD682B8220F@gordon>

1 more thing.  I moved to clamd and couldn't get the clamd to scan any 
emails until I found that the /etc/freshclam.conf file must be updated to 
match the path where the signature files are listed.  Once done run 
freshcalm to update to the latest signatures.

Here is an abbreviated setup process of all updates that I did on my servers 
to get clamd working ;

edit /etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav

edit /etc/clamd.conf

AllowSupplementaryGroups true
ArchiveBlockEncrypted true
DatabaseDirectory /usr/local/share/clamav
DetectBrokenExecutables true
FixStaleSocket true
LocalSocket /tmp/clamd
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 10M
LogSyslog true
MaxConnectionQueueLength 30
MaxThreads 50
PidFile /var/run/clamav/clamd.pid
ReadTimeout 300
TemporaryDirectory /tmp
User clamav


edit /etc/MailScanner/MailScanner.conf

Incoming Work User = clamav
Incoming Work Group = clamav

Incoming Work Permissions = 0640

Monitors for ClamAV Updates = /usr/local/share/clamav/*.inc/* 
/usr/local/share/clamav/*.cvd

Virus Scanners = clamd

Clamd Port = 3310
Clamd Socket = /tmp/clamd
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = no

For mailwatch
edit /var/www/html/mailscanner/functions.php

  case 'clamd':
   define(VIRUS_REGEX, '/(.+) was infected: (\S+)/');
   break;

To confirm it is all ok, run MailScanner --lint and look for confirmation of 
the scan finding the test Virus, ie;

MailScanner.conf says "Virus Scanners = clamd"
Found these virus scanners installed: clamavmodule, clamd, clamavmodule, 
clamd
===========================================================================
Virus and Content Scanning: Starting
ClamAVModule::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
Filename Checks:  (1 eicar.com)
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
Clamd said "eicar.com was infected: Eicar-Test-Signature"

Regards

Gordon


----- Original Message ----- 
From: "Julian Field" <MailScanner@ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner@lists.mailscanner.info>
Sent: Tuesday, May 27, 2008 10:11 PM
Subject: Re: Switched from clamavmodule to clamd


Ooh, can someone add this to the Wiki please?

Thanks!
Jules.

Stephen Swaney wrote:
> Ronny T. Lampert wrote:
>>> In the MailScanner.conf:
>>>
>>> Virus Scanners = clamd
>>> ClamAVmodule Maximum Compression Ratio = 1000
>>> Clamd Port = 3310
>>> Clamd Socket = /tmp/clamd.socket
>>> Clamd Lock File = /var/lock/subsys/clamd
>>
>> You might have to adjust (obviously) the Socket and the Lock File.
>> You get those from the clamd.conf file.
>>
>>> In the /etc/clamd.conf file:
>>>
>>> ScanMail no
>>>
>>> # With this option enabled ClamAV will try to detect
>>> phishing attempts by using
>>> # signatures.
>>> # Default: yes
>>> #PhishingSignatures yes
>>>
>>> # Scan URLs found in mails for phishing attempts using
>>> heuristics.
>>> # Default: yes
>>> #PhishingScanURLs yes
>>>
>>> # Perform HTML normalisation and decryption of MS
>>> Script Encoder code.
>>> # Default: yes
>>> #ScanHTML yes
>>>
>>> Do I need to turn off the defaults above as
>>> MailScanner handles these or just leave things as is?
>>
>> This should be OK. The fancy stuff (HTML, Phishing etc) is done by
>> MailScanner. You don't want to get overzealous or else too many false
>> positives creep up.
>> Depending on your setup you might have to adjust the
>>
>> User clamav
>>
>> setting in clamd.conf because the clamav user per default is NOT able
>> to read the queue files for postfix (I run MailScanner as the postfix
>> user).
>> Using "root" is a quick workaround, but dangerous (obviously).
>>
>> Also you want to set the following to match your CPUs
>>
>> clamd.conf:
>>
>> MaxThreads 16
>>
>>
>> and in MailScanner.conf:
>>
>> Clamd Use Threads = yes
>>
>>
>>> Also, does MailScanner handle the clam definition
>>> updates automatically? or do I need to enable a
>>> freshclam run? or cron freshclam?
>>
>> freshclam can be set (and usually is by default in
>> /etc/freshclam.conf, see option NotifyClamd) to notify clamd to
>> reload the definitions.
>> So, yes.
>>
>> Cheers,
>> Ronny
>>
> You also probably want to add a keep-alive script for clamd. It
> doesn't fail often but I have seen it fail.
>
> And you should make sure that the NotifyClamd option is set in
> freshclam.conf.
>
>    # Send the RELOAD command to clamd.
>    # Default: no
>    NotifyClamd /path/to/clamd.conf
>
> Alternately you may want to disable the freshclam cron updates and run
> freshclam in daemon mode:
>
>    freshclam --daemon --daemon-notify=/path/to/clamd.conf -c 24
>
> This will check every hour and notify clamd if an update occurs.
>
> Best regards,
>
> Steve
>
> Steve Swaney
> steve@fsl.com
>
> www.fsl.com
>
>>
>>
>>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

From mailwatch.kp at gmail.com  Wed May 28 05:31:31 2008
From: mailwatch.kp at gmail.com (vinayan KP)
Date: Wed May 28 05:31:43 2008
Subject: Help with spamassassin+mailscanner
In-Reply-To: <g1h8pl$rf5$1@ger.gmane.org>
References: <6a7195cc0805270359y58235470u1a8f1cb4f732a269@mail.gmail.com>
	<g1h8pl$rf5$1@ger.gmane.org>
Message-ID: <6a7195cc0805272131lf5fa3d8lf64491480e8adb0@mail.gmail.com>

Dear Mr. Scott Silva,

Thank you very much for your quick response.  I shall follow your
suggestions and let you the status at the earliest.

Thanking you very much
Vinu

On Tue, May 27, 2008 at 8:49 PM, Scott Silva <ssilva@sgvwater.com> wrote:
> Comments are inline ...
>
>> Dear all,
>> I am just a beginner to postfix,spamassassin,Mailscanner and
>> mailwatch.  I recently installed a mail server with the following and
>> is working fine except for one problem that mailscanner+spamassassin
>> combination is not detecting mails with SA Score lower than the
>> Required Spamassassin score ( I use 3) as spam though they are
>> definitely spam. The mailscanner+spamassassin combination tags mails
>> with SA score greater than the Required Spamassassin score as spam.
>>
>> postfix.2.3.2-28
>> Spamassassin.3.1.6-15
>> MailScanner 4.58.9
>
> All older versions of the software. It might be adding to your problems.
>>
>> I have been reading different posts on mailscanner and about
>> spamassassin to understand why low scoring mails are not detected as
>> spam by mailscanner+spamassassin.
>>
>> The following are the things I could find out .
>>
>> 1.  The headers of mails does not contain "autolearn=spam" in the mail
>> header and rest of the fields are there. (See below)
>>
>> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
>> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09,
>> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00,
>> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12,
>> INFO_TLD 1.27)
>>
>> 2.  the /root/.spamassassin folder does not contain any bayes related
>> database.
>
> When running with postfix, MailScanner runs as postfix and cannot access the
> /root directory. Maybe you missed some steps in the postfix howtos.
> http://www.mailscanner.info/postfix.html and
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation
> You need the bayes directory somewhere that the postfix user can access.
>
> Maybe Glenn will chime in here.
>
>
>>
>> 3.  I could not see anything in /var/log/mail which says mailscanner
>> is checking the Spam Lists.
>>
>> ***********************************************
>> When I tried to test the spamassassin configuration with "spamassassin
>> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please
>> rerun with debug enabled for more information"
>>
>> Please see the result below. :
>>
>>
>> ---------------------------------------------------------------------------------------------
>> mail:/etc/MailScanner # spamassassin -D --lint
>>
>> [4882] dbg: logger: adding facilities: all
>> [4882] dbg: logger: logging level is DBG
>> [4882] dbg: generic: SpamAssassin version 3.1.6
>> [4882] dbg: config: score set 0 chosen.
>> [4882] dbg: util: running in taint mode? yes
>> [4882] dbg: util: taint mode: deleting unsafe environment variables,
>> resetting PATH
>> [4882] dbg: util: PATH included '/sbin', keeping
>> [4882] dbg: util: PATH included '/usr/sbin', keeping
>> [4882] dbg: util: PATH included '/usr/local/sbin', keeping
>> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping
>> [4882] dbg: util: PATH included '/root/bin', keeping
>> [4882] dbg: util: PATH included '/usr/local/bin', keeping
>> [4882] dbg: util: PATH included '/usr/bin', keeping
>> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping
>> [4882] dbg: util: PATH included '/bin', keeping
>> [4882] dbg: util: PATH included '/usr/games', keeping
>> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping
>> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping
>> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
>> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping
>> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
>> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
>> [4882] dbg: util: final PATH set to:
>>
>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
>> [4882] dbg: message: ---- MIME PARSER START ----
>> [4882] dbg: message: main message type: text/plain
>> [4882] dbg: message: parsing normal part
>> [4882] dbg: message: added part, type: text/plain
>> [4882] dbg: message: ---- MIME PARSER END ----
>> [4882] dbg: dns: is Net::DNS::Resolver available? yes
>> [4882] dbg: dns: Net::DNS version: 0.59
>> [4882] dbg: diag: perl platform: 5.008008 linux
>> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11
>> [4882] dbg: diag: module installed: HTML::Parser, version 3.55
>> [4882] dbg: diag: module installed: MIME::Base64, version 3.07
>> [4882] dbg: diag: module installed: DB_File, version 1.814
>> [4882] dbg: diag: module installed: Net::DNS, version 0.59
>> [4882] dbg: diag: module installed: Net::SMTP, version 2.29
>> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require'
>> failed)
>> [4882] dbg: diag: module not installed: IP::Country::Fast ('require'
>> failed)
>> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require'
>> failed)
>> [4882] dbg: diag: module not installed: Net::Ident ('require' failed)
>> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require'
>> failed)
>> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
>> [4882] dbg: diag: module installed: Time::HiRes, version 1.86
>> [4882] dbg: diag: module installed: DBI, version 1.52
>> [4882] dbg: diag: module installed: Getopt::Long, version 2.35
>> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033
>> [4882] dbg: diag: module installed: HTTP::Date, version 1.47
>> [4882] dbg: diag: module installed: Archive::Tar, version 1.30
>> [4882] dbg: diag: module installed: IO::Zlib, version 1.04
>> [4882] dbg: ignore: using a test message to lint rules
>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre
>> files
>> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre
>> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre
>> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre
>> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre
>> files
>> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir
>> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
>> [4882] dbg: config: read file
>> /usr/share/spamassassin/20_fake_helo_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
>> [4882] dbg: config: read file
>> /usr/share/spamassassin/60_whitelist_subject.cf
>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir
>> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf
>> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
>> [4882] dbg: pyzor: local tests only, disabling Pyzor
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
>> [4882] dbg: razor2: local tests only, skipping Razor
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
>> [4882] dbg: reporter: local tests only, disabling SpamCop
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8)
>> [4882] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c)
>> [4882] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
>> @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844)
>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
>> @INC
>> [4882] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac)
>> [4882] dbg: config: adding redirector regex:
>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
>> [4882] dbg: config: adding redirector regex:
>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
>> [4882] dbg: config: adding redirector regex:
>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
>> [4882] dbg: config: adding redirector regex:
>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
>> [4882] dbg: config: adding redirector regex:
>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
>> [4882] dbg: config: adding redirector regex:
>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
>> [4882] dbg: config: adding redirector regex:
>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
>> [4882] dbg: config: adding redirector regex:
>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
>> [4882] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
>> [4882] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
>> [4882] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
>> [4882] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>> [4882] warn: config: SpamAssassin failed to parse line,
>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>> /usr/bin/pyzor
>> [4882] dbg: plugin:
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements
>> 'finish_parsing_end'
>> [4882] dbg: replacetags: replacing tags
>> [4882] dbg: replacetags: done replacing tags
>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>> /root/.spamassassin/bayes_toks
>
> Here is your error. Mailscanner running as postfix cannot access /root
> directory. You need to set a bayes path somewhere that postfix has access,
> and then you will need to do some training.
>
>> [4882] dbg: config: score set 0 chosen.
>> [4882] dbg: message: ---- MIME PARSER START ----
>> [4882] dbg: message: main message type: text/plain
>> [4882] dbg: message: parsing normal part
>> [4882] dbg: message: added part, type: text/plain
>> [4882] dbg: message: ---- MIME PARSER END ----
>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>> /root/.spamassassin/bayes_toks
>> [4882] dbg: dns: is DNS available? 0
>> [4882] dbg: metadata: X-Spam-Relays-Trusted:
>> [4882] dbg: metadata: X-Spam-Relays-Untrusted:
>> [4882] dbg: metadata: X-Spam-Relays-Internal:
>> [4882] dbg: metadata: X-Spam-Relays-External:
>> [4882] dbg: message: no encoding detected
>> [4882] dbg: plugin:
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>> 'parsed_metadata'
>> [4882] dbg: rules: local tests only, ignoring RBL eval
>> [4882] dbg: check: running tests for priority: 0
>> [4882] dbg: rules: running header regexp tests; score so far=0
>> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
>> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
>> "1211883990"
>> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
>> "<1211883990@lint_rules>
>> [4882] dbg: rules: "
>> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
>> "@lint_rules>"
>> [4882] dbg: eval: all '*From' addrs:
>> ignore@compiling.spamassassin.taint.org
>> [4882] dbg: eval: all '*To' addrs:
>> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit
>> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>> far=-0.001
>> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
>> [4882] dbg: uri: running uri tests; score so far=-0.001
>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>> /root/.spamassassin/bayes_toks
>> [4882] dbg: bayes: not scoring message, returning undef
>> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable
>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>> so far=-0.001
>> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001
>> [4882] dbg: plugin:
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>> 'check_tick'
>> [4882] dbg: check: running tests for priority: 500
>> [4882] dbg: plugin:
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>> 'check_post_dnsbl'
>> [4882] dbg: rules: running meta tests; score so far=-0.001
>> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
>> 'DCC_CHECK'
>> [4882] dbg: rules: running header regexp tests; score so far=1.866
>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>> far=1.866
>> [4882] dbg: uri: running uri tests; score so far=1.866
>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>> so far=1.866
>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
>> [4882] dbg: check: running tests for priority: 1000
>> [4882] dbg: rules: running meta tests; score so far=1.866
>> [4882] dbg: rules: running header regexp tests; score so far=1.866
>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>> far=1.866
>> [4882] dbg: uri: running uri tests; score so far=1.866
>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>> so far=1.866
>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
>> [4882] dbg: check: is spam? score=1.866 required=5
>> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
>> [4882] dbg: check:
>>
>> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
>> [4882] warn: lint: 1 issues detected, please rerun with debug enabled
>> for more information
>>
>>
>> ------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Is the warning because of
>>
>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>> [4882] warn: config: SpamAssassin failed to parse line,
>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>> /usr/bin/pyzor
>>
>> and can I ignore it?? ( I dont have pyzor installed. Is it a must to
>> have pyzor installed??)
>
> Either install pyzor, or disable the plugin line that tries to load it.
> Look in all your .pre files in /etc/mail/spamassassin
>>
>>
>> *******************************************************************************************************************
>>
>>
>> When I tried sa-learn --dump magic -D, I got the following error :
>>
>> ERROR: Bayes dump returned an error, please re-run with -D for more
>> information
>
> Again, no bayes db to dump.
>>
>>
>>
>> -----------------------------------------------------------------------------------------
>> mail:/etc/mail/spamassassin # sa-learn --dump magic -D
>> [2675] dbg: logger: adding facilities: all
>> [2675] dbg: logger: logging level is DBG
>> [2675] dbg: generic: SpamAssassin version 3.1.6
>> [2675] dbg: config: score set 0 chosen.
>> [2675] dbg: util: running in taint mode? yes
>> [2675] dbg: util: taint mode: deleting unsafe environment variables,
>> resetting PATH
>> [2675] dbg: util: PATH included '/sbin', keeping
>> [2675] dbg: util: PATH included '/usr/sbin', keeping
>> [2675] dbg: util: PATH included '/usr/local/sbin', keeping
>> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping
>> [2675] dbg: util: PATH included '/root/bin', keeping
>> [2675] dbg: util: PATH included '/usr/local/bin', keeping
>> [2675] dbg: util: PATH included '/usr/bin', keeping
>> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping
>> [2675] dbg: util: PATH included '/bin', keeping
>> [2675] dbg: util: PATH included '/usr/games', keeping
>> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping
>> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping
>> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
>> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping
>> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
>> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
>> [2675] dbg: util: final PATH set to:
>>
>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
>> [2675] dbg: message: ---- MIME PARSER START ----
>> [2675] dbg: message: main message type: text/plain
>> [2675] dbg: message: parsing normal part
>> [2675] dbg: message: added part, type: text/plain
>> [2675] dbg: message: ---- MIME PARSER END ----
>> [2675] dbg: dns: is Net::DNS::Resolver available? yes
>> [2675] dbg: dns: Net::DNS version: 0.59
>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre
>> files
>> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre
>> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre
>> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre
>> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre
>> files
>> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir
>> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
>> [2675] dbg: config: read file
>> /usr/share/spamassassin/20_fake_helo_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
>> [2675] dbg: config: read file
>> /usr/share/spamassassin/60_whitelist_subject.cf
>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir
>> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf
>> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
>> [2675] dbg: pyzor: network tests on, attempting Pyzor
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
>> [2675] dbg: razor2: razor2 is not available
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
>> [2675] dbg: reporter: network tests on, attempting SpamCop
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0)
>> [2675] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14)
>> [2675] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
>> @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8)
>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
>> @INC
>> [2675] dbg: plugin: registered
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8)
>> [2675] dbg: config: adding redirector regex:
>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
>> [2675] dbg: config: adding redirector regex:
>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
>> [2675] dbg: config: adding redirector regex:
>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
>> [2675] dbg: config: adding redirector regex:
>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
>> [2675] dbg: config: adding redirector regex:
>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
>> [2675] dbg: config: adding redirector regex:
>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
>> [2675] dbg: config: adding redirector regex:
>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
>> [2675] dbg: config: adding redirector regex:
>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
>> [2675] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
>> [2675] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
>> [2675] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
>> [2675] dbg: config: adding redirector regex:
>>
>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
>> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>> [2675] info: config: SpamAssassin failed to parse line,
>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>> /usr/bin/pyzor
>> [2675] dbg: plugin:
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements
>> 'finish_parsing_end'
>> [2675] dbg: replacetags: replacing tags
>> [2675] dbg: replacetags: done replacing tags
>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
>> /root/.spamassassin/bayes_toks
>> [2675] dbg: config: score set 1 chosen.
>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
>> /root/.spamassassin/bayes_toks
>> ERROR: Bayes dump returned an error, please re-run with -D for more
>> information
>>
>> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> -->   Am I getting this error because there are no bayes related files
>> in the /root/.spamassassin directory?? (its empty now)
>>
>> -->  If yes, should I use the following command to create them??
>>
>>              # sa-learn --showdots --spam
>> /home/<username>/Maildir/cur       (this is my inbox)
>>
>>
>>               # sa-learn --showdots --ham /home/Maildir/.spam/cur
>>            (this is where i filter all my {spam?} tagged mails)
>>
>>
>> ---> After this if i restart spamassassin, will
>> spamassassin+mailscanner start doing the bayes autolearn and check the
>> lists specified in Spam Lists option of the mailscanner?  If not, what
>> should I do to get my spamassassin+mailscanner start doing the bayes
>> autolearn and check the lists specified in Spam Lists option of the
>> mailscanner?
>>
>>
>> Hope someone would be kind enough to help me.
>>
>> Expecting an early reply
>>
>> sincerely yours
>
>
> --
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
From simon at vum.co.za  Wed May 28 07:20:54 2008
From: simon at vum.co.za (VUM)
Date: Wed May 28 07:20:36 2008
Subject: Qmail install
Message-ID: <001001c8c08a$fbc1efb0$0400a8c0@Simonc>

Skipped content of type multipart/alternative-------------- next part --------------
-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
From philippe at beau.nom.fr  Wed May 28 09:18:34 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Wed May 28 09:16:27 2008
Subject: Qmail install
In-Reply-To: <001001c8c08a$fbc1efb0$0400a8c0@Simonc>
References: <001001c8c08a$fbc1efb0$0400a8c0@Simonc>
Message-ID: <12dfdf1f534ec423b6a82842e5285137@localhost>


 Hi Simon,  
 Yes for sure but in backend :) (postfix+mailscanner in front)  

 Regards  

 Philippe,  
 On Wed, 28 May 2008 08:20:54 +0200, "VUM"  wrote:    Hi,   Does
anyone have a working qmail MTA that is  working with Mailscanner.    
  Please advise.       Simon  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/4dd2b1e7/attachment.html
From simon at vum.co.za  Wed May 28 13:00:16 2008
From: simon at vum.co.za (VUM)
Date: Wed May 28 13:00:05 2008
Subject: Qmail install
References: <001001c8c08a$fbc1efb0$0400a8c0@Simonc>
	<12dfdf1f534ec423b6a82842e5285137@localhost>
Message-ID: <001a01c8c0ba$64b03a20$0400a8c0@Simonc>

Skipped content of type multipart/alternative-------------- next part --------------
-- 
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
From martinh at solidstatelogic.com  Wed May 28 13:39:27 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed May 28 13:39:39 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6836.4040906@marlboro.edu>
Message-ID: <13da9bdcabdbbe4b96333a8376cf15b4@solidstatelogic.com>

John

You had a look at this
 http://wiki.mailscanner.info/doku.php?id=maq:index&s=getting#getting_the_best_out_of_spamassassin


Also I don't deliver spam over a certain score. I started with this set at 20 and now I've got SA well tuned etc I've dropped that down to 10. Saves a lot of user level traffic.

Might be worth posting a message that gets through on a web page (headers and all) and then letting some people process it and see what scores they get. SA can be interesting to tune sometimes.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of John Baker
> Sent: 27 May 2008 21:00
> To: mailscanner@lists.mailscanner.info
> Subject: users who get more than there share of spam
>
> Hi all,
>
> I wondered if any of the experts on the list had any suggestions for
> this problem.
>
> I have a few users who gave their name to the wrong website and get way
> more than there share of spam.  I've been trying to figure out a way to
> bring those numbers down for them.
>
> Most of the spam coming through to us either doesn't make it past the
> geylist or gets marked  by the Mailscanner process and then sent to a
> junk folder by procmail upon delivery. These folks get hundreds in the
> junk mail folder every day and hundreds per week that slip through the
> process. It makes their mail unmanageable particularly as we are in an
> area where many of them still have to retrieve their mail with a 28k
> dialup connection when they are at home.
>
> At this point it seems as though improving the spam marking process for
> us would involve spending money on external services that we don't have
> to spend and it is working well enough for the average user. Would
> anybody have any suggestions on how to help users who get caught up in
> this sort of thing short of giving them a new address and bouncing
> everything to the old one?
>
> Thanks
> --
> John Baker
> Network Systems Administrator
> Marlboro College
> Phone: 451-7551 off campus; 551 on campus
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From admin at lctn.org  Wed May 28 13:48:33 2008
From: admin at lctn.org (Raymond Norton)
Date: Wed May 28 13:52:10 2008
Subject: missed something on new install
Message-ID: <32593427.32811211978913706.JavaMail.root@mail.lctn.org>

Just did a new install, but don't have a way to release quarantined messages in the web interface. Looking through the docs again. Wondering what I need to turn on or add to the config to get this feature back? 

-- 
Raymond Norton 
LCTN 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/5fd24676/attachment.html
From richard.frovarp at sendit.nodak.edu  Wed May 28 14:27:14 2008
From: richard.frovarp at sendit.nodak.edu (Richard Frovarp)
Date: Wed May 28 14:27:25 2008
Subject: OT: "Nolisting"
In-Reply-To: <483C7707.8000505@pacific.net>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>	<g1h91u$rf5$2@ger.gmane.org>	<483C2B8A.5020507@coders.co.uk>
	<483C7707.8000505@pacific.net>
Message-ID: <483D5DB2.5050208@sendit.nodak.edu>

Ken A wrote:
> Matt Hampton wrote:
>> Scott Silva wrote:
>>>
>>> There is even a service that will host your tarpit for you.
>>> http://www.fakemx.org/
>> There is also a very active discussion on the SpamAssassin list at 
>> the moment regarding the very same thing...
>>
>> http://www.gossamer-threads.com/lists/spamassassin/users/120559
>>>
>
> yep. And see this one too:
> http://securepoint.com/lists/html/Qmail/2006-11/msg00145.html
>
> The point being that you can do this, but be careful HOW you do it, 
> since some mtas (some qmail servers) will not try the next highest mx 
> if you allow the smtp connection to begin on the lowest mx, then issue 
> a 4xx error.
>
> Ken
>
There are other mailers out there that behave badly as well. Even with a 
tcp reset, we've had to allow a few through the firewall to talk to what 
is listed as our primary mail server.
From malli at mcrirents.com  Wed May 28 15:30:28 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Wed May 28 14:30:20 2008
Subject: missed something on new install
In-Reply-To: <32593427.32811211978913706.JavaMail.root@mail.lctn.org>
References: <32593427.32811211978913706.JavaMail.root@mail.lctn.org>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FD68@exchange.computerrents.com>

________________________________

From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Raymond
Norton
Sent: Wednesday, May 28, 2008 7:49 AM
To: MailScanner discussion
Subject: missed something on new install

 
Just did a new install, but don't have a way to release quarantined
messages in the web interface. Looking through the docs again. Wondering
what I need to turn on or add to the config to get this feature back?

-- 
Raymond Norton
LCTN

Hey Raymond,

Please give us some details about your install.  You might be having
permission issues if you're using MailWatch.  Double check your
settings.

Mohammed  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/43aec77d/attachment.html
From ssilva at sgvwater.com  Wed May 28 16:00:42 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 28 16:01:12 2008
Subject: Help with spamassassin+mailscanner
In-Reply-To: <6a7195cc0805272131lf5fa3d8lf64491480e8adb0@mail.gmail.com>
References: <6a7195cc0805270359y58235470u1a8f1cb4f732a269@mail.gmail.com>	<g1h8pl$rf5$1@ger.gmane.org>
	<6a7195cc0805272131lf5fa3d8lf64491480e8adb0@mail.gmail.com>
Message-ID: <g1js2q$383$1@ger.gmane.org>

on 5-27-2008 9:31 PM vinayan KP spake the following:

> On Tue, May 27, 2008 at 8:49 PM, Scott Silva <ssilva@sgvwater.com> wrote:
>> Comments are inline ...
>>
>>> Dear all,
>>> I am just a beginner to postfix,spamassassin,Mailscanner and
>>> mailwatch.  I recently installed a mail server with the following and
>>> is working fine except for one problem that mailscanner+spamassassin
>>> combination is not detecting mails with SA Score lower than the
>>> Required Spamassassin score ( I use 3) as spam though they are
>>> definitely spam. The mailscanner+spamassassin combination tags mails
>>> with SA score greater than the Required Spamassassin score as spam.
>>>
>>> postfix.2.3.2-28
>>> Spamassassin.3.1.6-15
>>> MailScanner 4.58.9
>> All older versions of the software. It might be adding to your problems.
>>> I have been reading different posts on mailscanner and about
>>> spamassassin to understand why low scoring mails are not detected as
>>> spam by mailscanner+spamassassin.
>>>
>>> The following are the things I could find out .
>>>
>>> 1.  The headers of mails does not contain "autolearn=spam" in the mail
>>> header and rest of the fields are there. (See below)
>>>
>>> X-econdse-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
>>> score=10.054, required 3, BAYES_99 3.50, EXTRA_MPART_TYPE 1.09,
>>> HTML_IMAGE_ONLY_08 3.13, HTML_MESSAGE 0.00,
>>> HTML_SHORT_LINK_IMG_1 0.95, HTML_TEXT_AFTER_BODY 0.12,
>>> INFO_TLD 1.27)
>>>
>>> 2.  the /root/.spamassassin folder does not contain any bayes related
>>> database.
>> When running with postfix, MailScanner runs as postfix and cannot access the
>> /root directory. Maybe you missed some steps in the postfix howtos.
>> http://www.mailscanner.info/postfix.html and
>> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:installation
>> You need the bayes directory somewhere that the postfix user can access.
>>
>> Maybe Glenn will chime in here.
>>
>>
>>> 3.  I could not see anything in /var/log/mail which says mailscanner
>>> is checking the Spam Lists.
>>>
>>> ***********************************************
>>> When I tried to test the spamassassin configuration with "spamassassin
>>> -D --lint", I am getting "[4882] warn: lint: 1 issues detected, please
>>> rerun with debug enabled for more information"
>>>
>>> Please see the result below. :
>>>
>>>
>>> ---------------------------------------------------------------------------------------------
>>> mail:/etc/MailScanner # spamassassin -D --lint
>>>
>>> [4882] dbg: logger: adding facilities: all
>>> [4882] dbg: logger: logging level is DBG
>>> [4882] dbg: generic: SpamAssassin version 3.1.6
>>> [4882] dbg: config: score set 0 chosen.
>>> [4882] dbg: util: running in taint mode? yes
>>> [4882] dbg: util: taint mode: deleting unsafe environment variables,
>>> resetting PATH
>>> [4882] dbg: util: PATH included '/sbin', keeping
>>> [4882] dbg: util: PATH included '/usr/sbin', keeping
>>> [4882] dbg: util: PATH included '/usr/local/sbin', keeping
>>> [4882] dbg: util: PATH included '/opt/gnome/sbin', keeping
>>> [4882] dbg: util: PATH included '/root/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/local/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/X11R6/bin', keeping
>>> [4882] dbg: util: PATH included '/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/games', keeping
>>> [4882] dbg: util: PATH included '/opt/gnome/bin', keeping
>>> [4882] dbg: util: PATH included '/opt/kde3/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/lib/mit/bin', keeping
>>> [4882] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
>>> [4882] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
>>> [4882] dbg: util: final PATH set to:
>>>
>>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
>>> [4882] dbg: message: ---- MIME PARSER START ----
>>> [4882] dbg: message: main message type: text/plain
>>> [4882] dbg: message: parsing normal part
>>> [4882] dbg: message: added part, type: text/plain
>>> [4882] dbg: message: ---- MIME PARSER END ----
>>> [4882] dbg: dns: is Net::DNS::Resolver available? yes
>>> [4882] dbg: dns: Net::DNS version: 0.59
>>> [4882] dbg: diag: perl platform: 5.008008 linux
>>> [4882] dbg: diag: module installed: Digest::SHA1, version 2.11
>>> [4882] dbg: diag: module installed: HTML::Parser, version 3.55
>>> [4882] dbg: diag: module installed: MIME::Base64, version 3.07
>>> [4882] dbg: diag: module installed: DB_File, version 1.814
>>> [4882] dbg: diag: module installed: Net::DNS, version 0.59
>>> [4882] dbg: diag: module installed: Net::SMTP, version 2.29
>>> [4882] dbg: diag: module not installed: Mail::SPF::Query ('require'
>>> failed)
>>> [4882] dbg: diag: module not installed: IP::Country::Fast ('require'
>>> failed)
>>> [4882] dbg: diag: module not installed: Razor2::Client::Agent ('require'
>>> failed)
>>> [4882] dbg: diag: module not installed: Net::Ident ('require' failed)
>>> [4882] dbg: diag: module not installed: IO::Socket::INET6 ('require'
>>> failed)
>>> [4882] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
>>> [4882] dbg: diag: module installed: Time::HiRes, version 1.86
>>> [4882] dbg: diag: module installed: DBI, version 1.52
>>> [4882] dbg: diag: module installed: Getopt::Long, version 2.35
>>> [4882] dbg: diag: module installed: LWP::UserAgent, version 2.033
>>> [4882] dbg: diag: module installed: HTTP::Date, version 1.47
>>> [4882] dbg: diag: module installed: Archive::Tar, version 1.30
>>> [4882] dbg: diag: module installed: IO::Zlib, version 1.04
>>> [4882] dbg: ignore: using a test message to lint rules
>>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules pre
>>> files
>>> [4882] dbg: config: read file /etc/mail/spamassassin/init.pre
>>> [4882] dbg: config: read file /etc/mail/spamassassin/v310.pre
>>> [4882] dbg: config: read file /etc/mail/spamassassin/v312.pre
>>> [4882] dbg: config: using "/usr/share/spamassassin" for sys rules pre
>>> files
>>> [4882] dbg: config: using "/usr/share/spamassassin" for default rules dir
>>> [4882] dbg: config: read file /usr/share/spamassassin/10_misc.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
>>> [4882] dbg: config: read file
>>> /usr/share/spamassassin/20_fake_helo_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_porn.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_replace.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_spf.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/50_scores.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/60_awl.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
>>> [4882] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
>>> [4882] dbg: config: read file
>>> /usr/share/spamassassin/60_whitelist_subject.cf
>>> [4882] dbg: config: using "/etc/mail/spamassassin" for site rules dir
>>> [4882] dbg: config: read file /etc/mail/spamassassin/local.cf
>>> [4882] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x90d6fcc)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x90fa144)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
>>> [4882] dbg: pyzor: local tests only, disabling Pyzor
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91109a4)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
>>> [4882] dbg: razor2: local tests only, skipping Razor
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x90dcc0c)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
>>> [4882] dbg: reporter: local tests only, disabling SpamCop
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x90df4d4)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x916a1b8)
>>> [4882] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917945c)
>>> [4882] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9185c14)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
>>> @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9192844)
>>> [4882] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
>>> @INC
>>> [4882] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac)
>>> [4882] dbg: config: adding redirector regex:
>>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
>>> [4882] dbg: config: adding redirector regex:
>>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
>>> [4882] dbg: config: adding redirector regex:
>>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
>>> [4882] dbg: config: adding redirector regex:
>>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
>>> [4882] dbg: config: adding redirector regex:
>>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
>>> [4882] dbg: config: adding redirector regex:
>>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
>>> [4882] dbg: config: adding redirector regex:
>>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
>>> [4882] dbg: config: adding redirector regex:
>>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
>>> [4882] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
>>> [4882] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
>>> [4882] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
>>> [4882] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
>>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>>> [4882] warn: config: SpamAssassin failed to parse line,
>>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>>> /usr/bin/pyzor
>>> [4882] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x918b5ac) implements
>>> 'finish_parsing_end'
>>> [4882] dbg: replacetags: replacing tags
>>> [4882] dbg: replacetags: done replacing tags
>>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>>> /root/.spamassassin/bayes_toks
>> Here is your error. Mailscanner running as postfix cannot access /root
>> directory. You need to set a bayes path somewhere that postfix has access,
>> and then you will need to do some training.
>>
>>> [4882] dbg: config: score set 0 chosen.
>>> [4882] dbg: message: ---- MIME PARSER START ----
>>> [4882] dbg: message: main message type: text/plain
>>> [4882] dbg: message: parsing normal part
>>> [4882] dbg: message: added part, type: text/plain
>>> [4882] dbg: message: ---- MIME PARSER END ----
>>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>>> /root/.spamassassin/bayes_toks
>>> [4882] dbg: dns: is DNS available? 0
>>> [4882] dbg: metadata: X-Spam-Relays-Trusted:
>>> [4882] dbg: metadata: X-Spam-Relays-Untrusted:
>>> [4882] dbg: metadata: X-Spam-Relays-Internal:
>>> [4882] dbg: metadata: X-Spam-Relays-External:
>>> [4882] dbg: message: no encoding detected
>>> [4882] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>>> 'parsed_metadata'
>>> [4882] dbg: rules: local tests only, ignoring RBL eval
>>> [4882] dbg: check: running tests for priority: 0
>>> [4882] dbg: rules: running header regexp tests; score so far=0
>>> [4882] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
>>> [4882] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
>>> "1211883990"
>>> [4882] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
>>> "<1211883990@lint_rules>
>>> [4882] dbg: rules: "
>>> [4882] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
>>> "@lint_rules>"
>>> [4882] dbg: eval: all '*From' addrs:
>>> ignore@compiling.spamassassin.taint.org
>>> [4882] dbg: eval: all '*To' addrs:
>>> [4882] dbg: rules: ran eval rule NO_RELAYS ======> got hit
>>> [4882] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
>>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>>> far=-0.001
>>> [4882] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
>>> [4882] dbg: uri: running uri tests; score so far=-0.001
>>> [4882] dbg: bayes: no dbs present, cannot tie DB R/O:
>>> /root/.spamassassin/bayes_toks
>>> [4882] dbg: bayes: not scoring message, returning undef
>>> [4882] dbg: bayes: opportunistic call attempt failed, DB not readable
>>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>>> so far=-0.001
>>> [4882] dbg: rules: running full-text regexp tests; score so far=-0.001
>>> [4882] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>>> 'check_tick'
>>> [4882] dbg: check: running tests for priority: 500
>>> [4882] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835f044) implements
>>> 'check_post_dnsbl'
>>> [4882] dbg: rules: running meta tests; score so far=-0.001
>>> [4882] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
>>> 'DCC_CHECK'
>>> [4882] dbg: rules: running header regexp tests; score so far=1.866
>>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>>> far=1.866
>>> [4882] dbg: uri: running uri tests; score so far=1.866
>>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>>> so far=1.866
>>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
>>> [4882] dbg: check: running tests for priority: 1000
>>> [4882] dbg: rules: running meta tests; score so far=1.866
>>> [4882] dbg: rules: running header regexp tests; score so far=1.866
>>> [4882] dbg: rules: running body-text per-line regexp tests; score so
>>> far=1.866
>>> [4882] dbg: uri: running uri tests; score so far=1.866
>>> [4882] dbg: rules: running raw-body-text per-line regexp tests; score
>>> so far=1.866
>>> [4882] dbg: rules: running full-text regexp tests; score so far=1.866
>>> [4882] dbg: check: is spam? score=1.866 required=5
>>> [4882] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
>>> [4882] dbg: check:
>>>
>>> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
>>> [4882] warn: lint: 1 issues detected, please rerun with debug enabled
>>> for more information
>>>
>>>
>>> ------------------------------------------------------------------------------------------------------------------------------------------------------
>>>
>>> Is the warning because of
>>>
>>> [4882] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>>> [4882] warn: config: SpamAssassin failed to parse line,
>>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>>> /usr/bin/pyzor
>>>
>>> and can I ignore it?? ( I dont have pyzor installed. Is it a must to
>>> have pyzor installed??)
>> Either install pyzor, or disable the plugin line that tries to load it.
>> Look in all your .pre files in /etc/mail/spamassassin
>>>
>>> *******************************************************************************************************************
>>>
>>>
>>> When I tried sa-learn --dump magic -D, I got the following error :
>>>
>>> ERROR: Bayes dump returned an error, please re-run with -D for more
>>> information
>> Again, no bayes db to dump.
>>>
>>>
>>> -----------------------------------------------------------------------------------------
>>> mail:/etc/mail/spamassassin # sa-learn --dump magic -D
>>> [2675] dbg: logger: adding facilities: all
>>> [2675] dbg: logger: logging level is DBG
>>> [2675] dbg: generic: SpamAssassin version 3.1.6
>>> [2675] dbg: config: score set 0 chosen.
>>> [2675] dbg: util: running in taint mode? yes
>>> [2675] dbg: util: taint mode: deleting unsafe environment variables,
>>> resetting PATH
>>> [2675] dbg: util: PATH included '/sbin', keeping
>>> [2675] dbg: util: PATH included '/usr/sbin', keeping
>>> [2675] dbg: util: PATH included '/usr/local/sbin', keeping
>>> [2675] dbg: util: PATH included '/opt/gnome/sbin', keeping
>>> [2675] dbg: util: PATH included '/root/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/local/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/X11R6/bin', keeping
>>> [2675] dbg: util: PATH included '/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/games', keeping
>>> [2675] dbg: util: PATH included '/opt/gnome/bin', keeping
>>> [2675] dbg: util: PATH included '/opt/kde3/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/lib/jvm/jre/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/lib/mit/bin', keeping
>>> [2675] dbg: util: PATH included '/usr/lib/mit/sbin', keeping
>>> [2675] dbg: util: PATH included '/usr/lib/qt3/bin', keeping
>>> [2675] dbg: util: final PATH set to:
>>>
>>> /sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin:/usr/lib/mit/bin:/usr/lib/mit/sbin:/usr/lib/qt3/bin
>>> [2675] dbg: message: ---- MIME PARSER START ----
>>> [2675] dbg: message: main message type: text/plain
>>> [2675] dbg: message: parsing normal part
>>> [2675] dbg: message: added part, type: text/plain
>>> [2675] dbg: message: ---- MIME PARSER END ----
>>> [2675] dbg: dns: is Net::DNS::Resolver available? yes
>>> [2675] dbg: dns: Net::DNS version: 0.59
>>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules pre
>>> files
>>> [2675] dbg: config: read file /etc/mail/spamassassin/init.pre
>>> [2675] dbg: config: read file /etc/mail/spamassassin/v310.pre
>>> [2675] dbg: config: read file /etc/mail/spamassassin/v312.pre
>>> [2675] dbg: config: using "/usr/share/spamassassin" for sys rules pre
>>> files
>>> [2675] dbg: config: using "/usr/share/spamassassin" for default rules dir
>>> [2675] dbg: config: read file /usr/share/spamassassin/10_misc.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
>>> [2675] dbg: config: read file
>>> /usr/share/spamassassin/20_fake_helo_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_porn.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_dkim.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_replace.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_spf.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/50_scores.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/60_awl.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dk.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf
>>> [2675] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
>>> [2675] dbg: config: read file
>>> /usr/share/spamassassin/60_whitelist_subject.cf
>>> [2675] dbg: config: using "/etc/mail/spamassassin" for site rules dir
>>> [2675] dbg: config: read file /etc/mail/spamassassin/local.cf
>>> [2675] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835ef70)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8e113dc)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::SPF=HASH(0x8e345f4)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
>>> [2675] dbg: pyzor: network tests on, attempting Pyzor
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e39eac)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
>>> [2675] dbg: razor2: razor2 is not available
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8e13d58)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
>>> [2675] dbg: reporter: network tests on, attempting SpamCop
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ed3d44)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::AWL=HASH(0x903b0e0)
>>> [2675] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9043d14)
>>> [2675] dbg: plugin: loading
>>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9051f04)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
>>> @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9052be8)
>>> [2675] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
>>> @INC
>>> [2675] dbg: plugin: registered
>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8)
>>> [2675] dbg: config: adding redirector regex:
>>> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
>>> [2675] dbg: config: adding redirector regex:
>>> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
>>> [2675] dbg: config: adding redirector regex:
>>> /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
>>> [2675] dbg: config: adding redirector regex:
>>> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
>>> [2675] dbg: config: adding redirector regex:
>>> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
>>> [2675] dbg: config: adding redirector regex:
>>> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
>>> [2675] dbg: config: adding redirector regex:
>>> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
>>> [2675] dbg: config: adding redirector regex:
>>> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
>>> [2675] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
>>> [2675] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
>>> [2675] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
>>> [2675] dbg: config: adding redirector regex:
>>>
>>> m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
>>> [2675] info: config: pyzor_path "/usr/bin/pyzor" isn't an executable
>>> [2675] info: config: SpamAssassin failed to parse line,
>>> "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path
>>> /usr/bin/pyzor
>>> [2675] dbg: plugin:
>>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90432d8) implements
>>> 'finish_parsing_end'
>>> [2675] dbg: replacetags: replacing tags
>>> [2675] dbg: replacetags: done replacing tags
>>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
>>> /root/.spamassassin/bayes_toks
>>> [2675] dbg: config: score set 1 chosen.
>>> [2675] dbg: bayes: no dbs present, cannot tie DB R/O:
>>> /root/.spamassassin/bayes_toks
>>> ERROR: Bayes dump returned an error, please re-run with -D for more
>>> information
>>>
>>> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>>
>>> -->   Am I getting this error because there are no bayes related files
>>> in the /root/.spamassassin directory?? (its empty now)
>>>
>>> -->  If yes, should I use the following command to create them??
>>>
>>>              # sa-learn --showdots --spam
>>> /home/<username>/Maildir/cur       (this is my inbox)
>>>
>>>
>>>               # sa-learn --showdots --ham /home/Maildir/.spam/cur
>>>            (this is where i filter all my {spam?} tagged mails)
>>>
>>>
>>> ---> After this if i restart spamassassin, will
>>> spamassassin+mailscanner start doing the bayes autolearn and check the
>>> lists specified in Spam Lists option of the mailscanner?  If not, what
>>> should I do to get my spamassassin+mailscanner start doing the bayes
>>> autolearn and check the lists specified in Spam Lists option of the
>>> mailscanner?
>>>
>>>
>>> Hope someone would be kind enough to help me.
>>>
>>> Expecting an early reply
>>>
>>> sincerely yours
>>
> Dear Mr. Scott Silva,
> 
> Thank you very much for your quick response.  I shall follow your
> suggestions and let you the status at the earliest.
> 
> Thanking you very much
> Vinu
> 
You are very welcome.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/869035e2/signature.bin
From johnnyb at marlboro.edu  Wed May 28 16:11:34 2008
From: johnnyb at marlboro.edu (John Baker)
Date: Wed May 28 16:08:47 2008
Subject: users who get more than there share of spam
In-Reply-To: <g1htcu$c24$1@ger.gmane.org>
References: <483C6836.4040906@marlboro.edu> <g1htcu$c24$1@ger.gmane.org>
Message-ID: <483D7626.6040504@marlboro.edu>

I do use most of this stuff. What is kam? I'm not familiar with that 
one. I use sare rules from Rules emporium but I've probably been to 
conservative about this and added more this morning.

I'll see how things look a few after some tuning up here and then put 
what's getting through up.

Thanks,

John
Scott Silva wrote:
> on 5-27-2008 12:59 PM John Baker spake the following:
>> Hi all,
>>
>> I wondered if any of the experts on the list had any suggestions for 
>> this problem.
>>
>> I have a few users who gave their name to the wrong website and get 
>> way more than there share of spam.  I've been trying to figure out a 
>> way to bring those numbers down for them.
>>
>> Most of the spam coming through to us either doesn't make it past the 
>> geylist or gets marked  by the Mailscanner process and then sent to a 
>> junk folder by procmail upon delivery. These folks get hundreds in the 
>> junk mail folder every day and hundreds per week that slip through the 
>> process. It makes their mail unmanageable particularly as we are in an 
>> area where many of them still have to retrieve their mail with a 28k 
>> dialup connection when they are at home.
>>
>> At this point it seems as though improving the spam marking process 
>> for us would involve spending money on external services that we don't 
>> have to spend and it is working well enough for the average user. 
>> Would anybody have any suggestions on how to help users who get caught 
>> up in this sort of thing short of giving them a new address and 
>> bouncing everything to the old one?
>>
>> Thanks
> What are you using for options to spamassassin?
> Any digests like razor or pyzor?
> Any other rules like kam or some of the sare rules?
> Blacklists?
> 
> If you can post links to a couple COMPLETE mail files, either from queue 
> files or quarantined, others here will run them through our systems and 
> post the results we get.
> 


-- 
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
From johnnyb at marlboro.edu  Wed May 28 16:16:36 2008
From: johnnyb at marlboro.edu (John Baker)
Date: Wed May 28 16:13:54 2008
Subject: users who get more than there share of spam
In-Reply-To: <483C6B6A.2080706@ecs.soton.ac.uk>
References: <483C6836.4040906@marlboro.edu> <483C6B6A.2080706@ecs.soton.ac.uk>
Message-ID: <483D7754.9020803@marlboro.edu>

I don't know if we can afford it but its worth getting a quote. Dealing 
with spam is such a continuous headache and time sink for me that my 
boss is willing to reconsider his standard opposition to appliances if 
its not outrageous.

Doing everything without spending money is actually written into my job 
description. :)
Julian Field wrote:
> Can you afford a copy of BarricadeMX to run on your mail server in 
> addition to MailScanner?
> 
> It will pay for itself very quickly in all the hardware that you won't 
> need to replace the next time around, as the load on the system will 
> drop like a stone. And you can probably throw out half your MX servers 
> too, and use the boxes for some other better purpose than processing 
> spam. An average site redeploys half their MX servers in other roles 
> after installing BarricadeMX on the other half.
> 
> That's my best advice for this problem, right now.
> 
> Jules.
> 
> John Baker wrote:
>> Hi all,
>>
>> I wondered if any of the experts on the list had any suggestions for 
>> this problem.
>>
>> I have a few users who gave their name to the wrong website and get 
>> way more than there share of spam.  I've been trying to figure out a 
>> way to bring those numbers down for them.
>>
>> Most of the spam coming through to us either doesn't make it past the 
>> geylist or gets marked  by the Mailscanner process and then sent to a 
>> junk folder by procmail upon delivery. These folks get hundreds in the 
>> junk mail folder every day and hundreds per week that slip through the 
>> process. It makes their mail unmanageable particularly as we are in an 
>> area where many of them still have to retrieve their mail with a 28k 
>> dialup connection when they are at home.
>>
>> At this point it seems as though improving the spam marking process 
>> for us would involve spending money on external services that we don't 
>> have to spend and it is working well enough for the average user. 
>> Would anybody have any suggestions on how to help users who get caught 
>> up in this sort of thing short of giving them a new address and 
>> bouncing everything to the old one?
>>
>> Thanks
> 
> Jules
> 


-- 
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
From ssilva at sgvwater.com  Wed May 28 16:15:01 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 28 16:15:25 2008
Subject: Qmail install
In-Reply-To: <001a01c8c0ba$64b03a20$0400a8c0@Simonc>
References: <001001c8c08a$fbc1efb0$0400a8c0@Simonc>	<12dfdf1f534ec423b6a82842e5285137@localhost>
	<001a01c8c0ba$64b03a20$0400a8c0@Simonc>
Message-ID: <g1jstm$d0f$1@ger.gmane.org>

on 5-28-2008 5:00 AM VUM spake the following:
> Thanks Philippe,
> Sorry i am fairly new to mailscanner  - does this mean you are running 
> qmail and postfix parrallel to each other. If so how do they "talk" to 
> each other to handle the mail.
>  
I think he meant he has a separate gateway server in front of the qmail server 
and it runs postfix.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/bfc4a153/signature.bin
From list-mailscanner at linguaphone.com  Wed May 28 16:25:20 2008
From: list-mailscanner at linguaphone.com (Gareth)
Date: Wed May 28 16:25:33 2008
Subject: users who get more than there share of spam
In-Reply-To: <483D7626.6040504@marlboro.edu>
References: <483C6836.4040906@marlboro.edu> <g1htcu$c24$1@ger.gmane.org>
	<483D7626.6040504@marlboro.edu>
Message-ID: <1211988320.28284.21.camel@gblades-suse.linguaphone-intranet.co.uk>

Here is the setup that I use including a list of all the additional
rules:-
http://www.gbnetwork.co.uk/mailscanner/

On Wed, 2008-05-28 at 16:11, John Baker wrote:
> I do use most of this stuff. What is kam? I'm not familiar with that 
> one. I use sare rules from Rules emporium but I've probably been to 
> conservative about this and added more this morning.
> 
> I'll see how things look a few after some tuning up here and then put 
> what's getting through up.
> 
> Thanks,
> 
> John
> Scott Silva wrote:
> > on 5-27-2008 12:59 PM John Baker spake the following:
> >> Hi all,
> >>
> >> I wondered if any of the experts on the list had any suggestions for 
> >> this problem.
> >>
> >> I have a few users who gave their name to the wrong website and get 
> >> way more than there share of spam.  I've been trying to figure out a 
> >> way to bring those numbers down for them.
> >>
> >> Most of the spam coming through to us either doesn't make it past the 
> >> geylist or gets marked  by the Mailscanner process and then sent to a 
> >> junk folder by procmail upon delivery. These folks get hundreds in the 
> >> junk mail folder every day and hundreds per week that slip through the 
> >> process. It makes their mail unmanageable particularly as we are in an 
> >> area where many of them still have to retrieve their mail with a 28k 
> >> dialup connection when they are at home.
> >>
> >> At this point it seems as though improving the spam marking process 
> >> for us would involve spending money on external services that we don't 
> >> have to spend and it is working well enough for the average user. 
> >> Would anybody have any suggestions on how to help users who get caught 
> >> up in this sort of thing short of giving them a new address and 
> >> bouncing everything to the old one?
> >>
> >> Thanks
> > What are you using for options to spamassassin?
> > Any digests like razor or pyzor?
> > Any other rules like kam or some of the sare rules?
> > Blacklists?
> > 
> > If you can post links to a couple COMPLETE mail files, either from queue 
> > files or quarantined, others here will run them through our systems and 
> > post the results we get.
> > 
> 
> 
> -- 
> John Baker
> Network Systems Administrator
> Marlboro College
> Phone: 451-7551 off campus; 551 on campus

From ssilva at sgvwater.com  Wed May 28 16:30:09 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 28 16:30:25 2008
Subject: missed something on new install
In-Reply-To: <32593427.32811211978913706.JavaMail.root@mail.lctn.org>
References: <32593427.32811211978913706.JavaMail.root@mail.lctn.org>
Message-ID: <g1jtq1$gho$1@ger.gmane.org>

on 5-28-2008 5:48 AM Raymond Norton spake the following:
> Just did a new install, but don't have a way to release quarantined 
> messages in the web interface. Looking through the docs again. Wondering 
> what I need to turn on or add to the config to get this feature back?
> 
> -- 
> Raymond Norton
> LCTN
> 
Technically, Mailscanner doesn't have a web interface. That is mailwatch, a 
completely different project with its own list and site. It is an add on for 
mailscanner.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/fd437ad9/signature.bin
From J.Ede at birchenallhowden.co.uk  Wed May 28 16:26:51 2008
From: J.Ede at birchenallhowden.co.uk (Jason Ede)
Date: Wed May 28 16:31:26 2008
Subject: users who get more than there share of spam
In-Reply-To: <483D7754.9020803@marlboro.edu>
References: <483C6836.4040906@marlboro.edu>
	<483C6B6A.2080706@ecs.soton.ac.uk>,<483D7754.9020803@marlboro.edu>
Message-ID: <4CAB0118AEC63A4FAAE77E6BCBDF760C52F1B0BE3D@server02.bhl.local>

I'm assuming you've the normal blacklists such as spamhaus, spamcop, abuseat etc running along with maybe some greylisting?

Jason

________________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailscanner-bounces@lists.mailscanner.info] On Behalf Of John Baker [johnnyb@marlboro.edu]
Sent: 28 May 2008 16:16
To: MailScanner discussion
Subject: Re: users who get more than there share of spam

I don't know if we can afford it but its worth getting a quote. Dealing
with spam is such a continuous headache and time sink for me that my
boss is willing to reconsider his standard opposition to appliances if
its not outrageous.

Doing everything without spending money is actually written into my job
description. :)
Julian Field wrote:
> Can you afford a copy of BarricadeMX to run on your mail server in
> addition to MailScanner?
>
> It will pay for itself very quickly in all the hardware that you won't
> need to replace the next time around, as the load on the system will
> drop like a stone. And you can probably throw out half your MX servers
> too, and use the boxes for some other better purpose than processing
> spam. An average site redeploys half their MX servers in other roles
> after installing BarricadeMX on the other half.
>
> That's my best advice for this problem, right now.
>
> Jules.
>
> John Baker wrote:
>> Hi all,
>>
>> I wondered if any of the experts on the list had any suggestions for
>> this problem.
>>
>> I have a few users who gave their name to the wrong website and get
>> way more than there share of spam.  I've been trying to figure out a
>> way to bring those numbers down for them.
>>
>> Most of the spam coming through to us either doesn't make it past the
>> geylist or gets marked  by the Mailscanner process and then sent to a
>> junk folder by procmail upon delivery. These folks get hundreds in the
>> junk mail folder every day and hundreds per week that slip through the
>> process. It makes their mail unmanageable particularly as we are in an
>> area where many of them still have to retrieve their mail with a 28k
>> dialup connection when they are at home.
>>
>> At this point it seems as though improving the spam marking process
>> for us would involve spending money on external services that we don't
>> have to spend and it is working well enough for the average user.
>> Would anybody have any suggestions on how to help users who get caught
>> up in this sort of thing short of giving them a new address and
>> bouncing everything to the old one?
>>
>> Thanks
>
> Jules
>


--
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
From johnnyb at marlboro.edu  Wed May 28 17:11:40 2008
From: johnnyb at marlboro.edu (John Baker)
Date: Wed May 28 17:08:54 2008
Subject: users who get more than there share of spam
In-Reply-To: <483D7754.9020803@marlboro.edu>
References: <483C6836.4040906@marlboro.edu> <483C6B6A.2080706@ecs.soton.ac.uk>
	<483D7754.9020803@marlboro.edu>
Message-ID: <483D843C.6090001@marlboro.edu>

I just realized that this was not an appliance. I was confusing it with 
the Barracuda.

So what is the real advantage with this? I mean, it looks like a slicked 
up version of the open source I already use. Are there particularly good 
custom rules sets?


John Baker wrote:
> I don't know if we can afford it but its worth getting a quote. Dealing 
> with spam is such a continuous headache and time sink for me that my 
> boss is willing to reconsider his standard opposition to appliances if 
> its not outrageous.
> 
> Doing everything without spending money is actually written into my job 
> description. :)
> Julian Field wrote:
>> Can you afford a copy of BarricadeMX to run on your mail server in 
>> addition to MailScanner?
>>
>> It will pay for itself very quickly in all the hardware that you won't 
>> need to replace the next time around, as the load on the system will 
>> drop like a stone. And you can probably throw out half your MX servers 
>> too, and use the boxes for some other better purpose than processing 
>> spam. An average site redeploys half their MX servers in other roles 
>> after installing BarricadeMX on the other half.
>>
>> That's my best advice for this problem, right now.
>>
>> Jules.
>>
>> John Baker wrote:
>>> Hi all,
>>>
>>> I wondered if any of the experts on the list had any suggestions for 
>>> this problem.
>>>
>>> I have a few users who gave their name to the wrong website and get 
>>> way more than there share of spam.  I've been trying to figure out a 
>>> way to bring those numbers down for them.
>>>
>>> Most of the spam coming through to us either doesn't make it past the 
>>> geylist or gets marked  by the Mailscanner process and then sent to a 
>>> junk folder by procmail upon delivery. These folks get hundreds in 
>>> the junk mail folder every day and hundreds per week that slip 
>>> through the process. It makes their mail unmanageable particularly as 
>>> we are in an area where many of them still have to retrieve their 
>>> mail with a 28k dialup connection when they are at home.
>>>
>>> At this point it seems as though improving the spam marking process 
>>> for us would involve spending money on external services that we 
>>> don't have to spend and it is working well enough for the average 
>>> user. Would anybody have any suggestions on how to help users who get 
>>> caught up in this sort of thing short of giving them a new address 
>>> and bouncing everything to the old one?
>>>
>>> Thanks
>>
>> Jules
>>
> 
> 


-- 
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
From ssilva at sgvwater.com  Wed May 28 17:37:15 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Wed May 28 17:37:37 2008
Subject: users who get more than there share of spam
In-Reply-To: <483D843C.6090001@marlboro.edu>
References: <483C6836.4040906@marlboro.edu>
	<483C6B6A.2080706@ecs.soton.ac.uk>	<483D7754.9020803@marlboro.edu>
	<483D843C.6090001@marlboro.edu>
Message-ID: <g1k1nr$vji$1@ger.gmane.org>

on 5-28-2008 9:11 AM John Baker spake the following:
> I just realized that this was not an appliance. I was confusing it with 
> the Barracuda.
> 
> So what is the real advantage with this? I mean, it looks like a slicked 
> up version of the open source I already use. Are there particularly good 
> custom rules sets?
> 
It is like all the open source stuff, mixed with a case of RedBull and some 
steroids! I'm not using it either, but the people that are have cut their 
hardware in half. You can do with one server what you used to need 2 or 3 for.
You could probably run it on a retired P4 desktop with a gig of ram and 2 
network interfaces. Maybe even 512 MB.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/570ae95f/signature.bin
From MailScanner at ecs.soton.ac.uk  Wed May 28 19:07:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 28 19:08:18 2008
Subject: users who get more than there share of spam
In-Reply-To: <483D7626.6040504@marlboro.edu>
References: <483C6836.4040906@marlboro.edu> <g1htcu$c24$1@ger.gmane.org>
	<483D7626.6040504@marlboro.edu>
Message-ID: <483D9F7A.30502@ecs.soton.ac.uk>


John Baker wrote:
> I do use most of this stuff. What is kam? I'm not familiar with that one.
You can get it from:
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf

I get it every day on a cron job. I have attached the cron job for you. 
Just unpack the zip file, bung it in /etc/cron.daily and make sure it's 
rwxr-xr-x. It does a random delay before fetching the file, so as to not 
stress their poor server too much.

It's *very* useful.
> I use sare rules from Rules emporium but I've probably been to 
> conservative about this and added more this morning.
>
> I'll see how things look a few after some tuning up here and then put 
> what's getting through up.
>
> Thanks,
>
> John
> Scott Silva wrote:
>> on 5-27-2008 12:59 PM John Baker spake the following:
>>> Hi all,
>>>
>>> I wondered if any of the experts on the list had any suggestions for 
>>> this problem.
>>>
>>> I have a few users who gave their name to the wrong website and get 
>>> way more than there share of spam.  I've been trying to figure out a 
>>> way to bring those numbers down for them.
>>>
>>> Most of the spam coming through to us either doesn't make it past 
>>> the geylist or gets marked  by the Mailscanner process and then sent 
>>> to a junk folder by procmail upon delivery. These folks get hundreds 
>>> in the junk mail folder every day and hundreds per week that slip 
>>> through the process. It makes their mail unmanageable particularly 
>>> as we are in an area where many of them still have to retrieve their 
>>> mail with a 28k dialup connection when they are at home.
>>>
>>> At this point it seems as though improving the spam marking process 
>>> for us would involve spending money on external services that we 
>>> don't have to spend and it is working well enough for the average 
>>> user. Would anybody have any suggestions on how to help users who 
>>> get caught up in this sort of thing short of giving them a new 
>>> address and bouncing everything to the old one?
>>>
>>> Thanks
>> What are you using for options to spamassassin?
>> Any digests like razor or pyzor?
>> Any other rules like kam or some of the sare rules?
>> Blacklists?
>>
>> If you can post links to a couple COMPLETE mail files, either from 
>> queue files or quarantined, others here will run them through our 
>> systems and post the results we get.
>>
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: KAM.cf.sh.zip
Type: application/zip
Size: 741 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080528/814c55a4/KAM.cf.sh-0001.zip
From astephens at ptera.net  Thu May 29 00:45:29 2008
From: astephens at ptera.net (Arthur Stephens)
Date: Thu May 29 00:46:16 2008
Subject: postfix virtual domains problem
Message-ID: <483DEE99.1090604@ptera.net>

Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat Linux 
Fedora 7
All of my virtual Domains are being ignored the email is being delivered 
to the actual mailbox on the server.
Example sales@domain.com and sales@otherdomain.com are all going to 
sales mailbox.
Help!

-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net

From hvdkooij at vanderkooij.org  Thu May 29 06:36:25 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 29 06:36:36 2008
Subject: OT: "Nolisting"
In-Reply-To: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
References: <66cad9ef0d2b36cdf070accad6c8504a@194.75.249.194>
Message-ID: <483E40D9.5050202@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Welsh wrote:
| Hi all
|
| I have read that one way of blocking spam is to use a lowest priority MX
| record that points to a host that doesn't respond to SMTP requests.  I've
| seen this idea coined as "nolisting".
|
| The idea is to block the many spammers who target the lowest priority MX,
| eg, the one with priority 90 rather than 10 as a way of trying to
circumvent
| anti-spam measures.  If the MX with the lowest priority doesn't
respond then
| the spammer doesn't try the higher priority MX but just moves on to
the next
| victim.
|
| Any thoughts on this idea?

I have been playing with a few options myself and I had a setup like this:
~ MX 10 = real server
~ MX 100 = backup server at other site
~ MX 1000 = real server

Ovver time I also added temporary records adding temporary units in the
flow. (for example: 2 Barracuda's were used a MX5 and MX 1000 while they
were in fact a cluster so they had an identical configuration.)

My observations over the past few years:

~ 1. About 2 years ago most spammers targeted the best MX record.
~ 2. Then all of a sudden a lot of them targeted the worst MX record.
That was the time I added the MX 1000 record.
~ 3. After about 3 months they started to ignore MX priorities and pick
one at random.
~ 4. I have had temporary records there for a few weeks and those are
still targeted sometimes but not as often as the currently listed servers.

So what can we learn from this? That having lots of MX records seem to
result in a distributed load as far as spam is concerned and a
reasonable normal behaviour for normal email. (Almost all traffic is
send to my MX 10 server and some regular messages hit my backup server.)

Having non existing MX servers as primary server will not stop that much
spam but it will anoy the hell ot of regular servers and may result in
lost email at worst and delayed email as a minimum.

Having a few customers with Barracuda clusters out in the filed gives me
the impression that my findings are not exclusive for my own domain but
seem to correspond with the findings for those customers with similar
setups.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIPkDXBvzDRVjxmYERAjKrAKCWRk0CPdxQZbr+kEaP4hlrwt9UpQCdH0cn
lTOkcpLwN6K/XsFciOIjDe8=
=Yxnv
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org  Thu May 29 06:42:56 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 29 06:43:05 2008
Subject: postfix virtual domains problem
In-Reply-To: <483DEE99.1090604@ptera.net>
References: <483DEE99.1090604@ptera.net>
Message-ID: <483E4260.7020400@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arthur Stephens wrote:
| Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat Linux
| Fedora 7
| All of my virtual Domains are being ignored the email is being delivered
| to the actual mailbox on the server.
| Example sales@domain.com and sales@otherdomain.com are all going to
| sales mailbox.

May I suggest you post postfix specific config uestions to the postfix
mailinglist? You propaly will get better support there as long as:
~ - You do not mention MailScanner
~ - You add the proper details of your config to your question.

Failing to do these two things will very likely result in total silence.

Hugo.


- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIPkJeBvzDRVjxmYERAkclAKCGDnC6F+HqZNR4KqtYAHMlfyMGlwCfXfJe
9W5xg0f0+jYRJx76zWKH64c=
=wI84
-----END PGP SIGNATURE-----
From Heinz.Knutzen at dataport.de  Thu May 29 09:17:14 2008
From: Heinz.Knutzen at dataport.de (Heinz.Knutzen@dataport.de)
Date: Thu May 29 09:17:26 2008
Subject: Patch: update_bad_phishing_sites to honor proxy settings
Message-ID: <6FC4FABB58655144A7EF4BBB19D90B8D0176DB03@wscxpr12.fhhnet.stadt.hamburg.de>

The script "update_bad_phishing_sites" currently doesn't work if it has
to use a http proxy:
"running hourly cronjob scripts  SCRIPT: update_bad_phishing_sites
exited with RETURNCODE = 2."
 
Below you will find a small patch, which instructs LWP::UserAgent to
honor the proxy_* environment variables.
I tested this with mailscanner-4.69.9-3.
 
Heinz 
 
 
*** /usr/sbin/update_bad_phishing_sites.unpatched       Thu May 29
09:24:13 2008
--- /usr/sbin/update_bad_phishing_sites Thu May 29 09:24:50 2008
***************
*** 140,145 ****
--- 140,146 ----
  # Create a user agent object
  my $ua = LWP::UserAgent->new;
  $ua->agent("UpdateBadPhishingSites/0.1 ");
+ $ua->env_proxy;
 
  if (!($currentbase eq $status_base)) {
        print "This is base update\n";

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080529/b604f508/attachment.html
From MailScanner at ecs.soton.ac.uk  Thu May 29 10:06:23 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 29 10:06:42 2008
Subject: Patch: update_bad_phishing_sites to honor proxy settings
In-Reply-To: <6FC4FABB58655144A7EF4BBB19D90B8D0176DB03@wscxpr12.fhhnet.stadt.hamburg.de>
References: <6FC4FABB58655144A7EF4BBB19D90B8D0176DB03@wscxpr12.fhhnet.stadt.hamburg.de>
Message-ID: <483E720F.1090302@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Many thanks for that. It will be in the next release unless anyone has 
anything bad to say about it.

Heinz.Knutzen@dataport.de wrote:
> The script "update_bad_phishing_sites" currently doesn't work if it 
> has to use a http proxy:
> "running hourly cronjob scripts  SCRIPT: update_bad_phishing_sites 
> exited with RETURNCODE = 2."
>  
> Below you will find a small patch, which instructs LWP::UserAgent to 
> honor the proxy_* environment variables.
> I tested this with mailscanner-4.69.9-3.
>  
> Heinz
>  
>  
> *** /usr/sbin/update_bad_phishing_sites.unpatched       Thu May 29 
> 09:24:13 2008
> --- /usr/sbin/update_bad_phishing_sites Thu May 29 09:24:50 2008
> ***************
> *** 140,145 ****
> --- 140,146 ----
>   # Create a user agent object
>   my $ua = LWP::UserAgent->new;
>   $ua->agent("UpdateBadPhishingSites/0.1 ");
> + $ua->env_proxy;
>  
>   if (!($currentbase eq $status_base)) {
>         print "This is base update\n";

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIPnIQEfZZRxQVtlQRAr02AJ0cldTG5w34Y7D5xxoWP6e7VVDhpACdHh/w
A+jnD1vQ07YVhCyCuM8gp98=
=4/NL
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From stef at aoc-uk.com  Thu May 29 13:13:51 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May 29 13:53:15 2008
Subject: Spawning new child for each batch.
Message-ID: <200805291253.m4TCr6T1014040@safir.blacknight.ie>

Hi,

I'm running MS 4.69.8, Postfix 2.1.5

Suddenly today (or at least I've not noticed before) MS seems to be
endlessly spawning children - a new child for each batch, with the
previous child dying.

I ran a quick debug batch and saw the following error, right at the end 

Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line
3168.
 Failed.

I'm experiencing a real slowdown of email delivery (presumably) due to
this. I wonder if anyone can advise what's going on.

Regards

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From stef at aoc-uk.com  Thu May 29 13:56:40 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May 29 14:02:43 2008
Subject: Spawning new child for each batch. - Resolved!
In-Reply-To: <2861F1B24EB21D4EBD8A2A72DD821905360625@flatulous.aoc-uk.com>
References: <2861F1B24EB21D4EBD8A2A72DD821905360625@flatulous.aoc-uk.com>
Message-ID: <200805291302.m4TD2ZRV014502@safir.blacknight.ie>

Stef Morrell wrote:
> I'm running MS 4.69.8

Solution:

1 - Observe Hitchhikers Guide, take advice printed on cover.
2 - Check list archives.
3 - Upgrade to 4.69.9-3
4 - Apologise sheepishly to list for bothering them without checking
first.

Stef
Stefan Morrell          | Operations Director
Tel: 0845 3452820       | Alpha Omega Computers Ltd
Fax: 0845 3452830       | Incorporating Level 5 Internet
stef@aoc-uk.com         | stef@l5net.net

Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142.  VAT No. GB734421454
From martinh at solidstatelogic.com  Thu May 29 14:06:09 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 29 14:06:20 2008
Subject: Spawning new child for each batch.
In-Reply-To: <200805291253.m4TCr6T1014040@safir.blacknight.ie>
Message-ID: <dbbc37ef2545ee409792db57015a0804@solidstatelogic.com>

Stef

Could be a bad message in the hold queue - anything in there that is old or shouldn't be there (. Files etc).

Also a run in debug might show some more info.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Stef Morrell
> Sent: 29 May 2008 13:14
> To: mailscanner@lists.mailscanner.info
> Subject: Spawning new child for each batch.
>
> Hi,
>
> I'm running MS 4.69.8, Postfix 2.1.5
>
> Suddenly today (or at least I've not noticed before) MS seems to be
> endlessly spawning children - a new child for each batch, with the
> previous child dying.
>
> I ran a quick debug batch and saw the following error, right at the end
>
> Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line
> 3168.
>  Failed.
>
> I'm experiencing a real slowdown of email delivery (presumably) due to
> this. I wonder if anyone can advise what's going on.
>
> Regards
>
> Stef
> Stefan Morrell          | Operations Director
> Tel: 0845 3452820       | Alpha Omega Computers Ltd
> Fax: 0845 3452830       | Incorporating Level 5 Internet
> stef@aoc-uk.com         | stef@l5net.net
>
> Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
> Registered in England No. 3867142.  VAT No. GB734421454
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From ajos1 at onion.demon.co.uk  Thu May 29 16:09:36 2008
From: ajos1 at onion.demon.co.uk (ajos1 at onion)
Date: Thu May 29 15:09:52 2008
Subject: commit ineffective with AutoCommit enabled... MailWatch.pm
Message-ID: <sentthu29may20081509360000ajos1@www.sonicbadger.com>

-

Re: commit ineffective with AutoCommit enabled... MailWatch.pm

Ideas from:  http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm
Section vw:  TRANSACTION SUPPORT


Old Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
========================================================================
 sub ExitLogging {
   # Server exit - commit changes, close socket, and exit gracefully.
   close(SERVER);
   $dbh->commit;
   $dbh->disconnect;
   exit;
 }


New Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
========================================================================
 sub ExitLogging {
   # Server exit - commit changes, close socket, and exit gracefully.
   close(SERVER);
   if (! $dbh->{'AutoCommit'}) {
      $dbh->commit;
   }
   $dbh->disconnect;
   exit;
 }


My Intepretation... but I could be wrong
========================================
Basically detect if "$dbh->{'AutoCommit'}" is set to 1 or 0...

If it is on (1)... then commits to the database are automatic and should have already happened?
If this is the case... we do not need to do a COMMIT ?


Test Code...
============
#!/usr/bin/perl
use strict;
use DBI();
my $dbh = DBI->connect("DBI:mysql:database=phpmyadmin;host=localhost","USERNAME", "PASSWORD",{'RaiseError' => 1});
if (! $dbh->{'AutoCommit'}) {
   $dbh->commit;
}
$dbh->disconnect();

==
=====================================================================
=
= "What's it called when you put off procrastinating?"
=
=====================================================================
=  Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid???
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=====================================================================
From paul.hutchings at mira.co.uk  Thu May 29 16:16:04 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Thu May 29 16:16:15 2008
Subject: "Could not analyze message" errors?
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>

Is there any way of bumping up the logging for these without bumping it
up for all messages (which would kill us)?

I've had a couple of emails to users that have been treated like this,
from reputable/reliable sources and I don't have any idea why.

Cheers,
Paul

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From alan at essex.ac.uk  Thu May 29 16:24:45 2008
From: alan at essex.ac.uk (Stanier, Alan M)
Date: Thu May 29 16:24:56 2008
Subject: AOL and Nolisting
Message-ID: <DCC3D3335E55CC44B3D36FE2EAB5CD8018434D@sernt8.essex.ac.uk>

Hi List

Is anyone else who uses Nolisting having a problem receiving mail from
aol.com? 

Since late last week anyone who mails us from an aol.com gets a bounce
message after 3 hours, saying

"Deferred: Connection timed out with serlx01.essex.ac.uk.
Message could not be delivered for 3 hours
Message will be deleted from queue"

Serlx01 is our highest-priority MX record, on which we always reject.

This looks to me as though AOL are not moving on to our lower-priority
MX records, but retrying the highest-priority for 3 hours, then giving
up completely.

Alan
From ajos1 at onion.demon.co.uk  Thu May 29 17:27:25 2008
From: ajos1 at onion.demon.co.uk (ajos1 at onion)
Date: Thu May 29 16:27:36 2008
Subject: commit ineffective with AutoCommit enabled... MailWatch.pm
Message-ID: <sentthu29may20081627250000ajos1@www.sonicbadger.com>

Re: commit ineffective with AutoCommit enabled... MailWatch.pm

commit ineffective with AutoCommit enabled... MailWatch.pm
==========================================================


OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...


Basically... EVEN with AUTOCOMMIT ... there are times when "$dbh->commit" does work without warnings... so my original solution is not good news... as you could miss out on some crucial commits... if the disconnect statement does not do it for you...


/DBI-1.604/Driver.xst says: "Some databases will automatically commit on graceful disconnect."  (Ie) Not all do...


Here is the new solution... it leaves the commit as it was... but just turns off the warning temporarily! (Oh and it works)...

(ie) $dbh->{Warn} = 0;


Old Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
========================================================================
 sub ExitLogging {
   # Server exit - commit changes, close socket, and exit gracefully.
   close(SERVER);
   $dbh->commit;
   $dbh->disconnect;
   exit;
 }


New Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
========================================================================
 sub ExitLogging {
   # Server exit - commit changes, close socket, and exit gracefully.
   close(SERVER);
   ##### AJOS1 CHANGE #####
   $dbh->{Warn} = 0;
   ##### AJOS1 CHANGE #####
   $dbh->commit;
   $dbh->disconnect;
   exit;
 }

==
=====================================================================
=
= "What's it called when you put off procrastinating?"
=
=====================================================================
=  Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid???
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=====================================================================
From MailScanner at ecs.soton.ac.uk  Thu May 29 16:36:53 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 29 16:37:14 2008
Subject: "Could not analyze message" errors?
In-Reply-To: <EMEW-k4SGOq4faabf6f56163277c4967e6a4d52ee6b-FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>
References: <EMEW-k4SGOq4faabf6f56163277c4967e6a4d52ee6b-FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>
Message-ID: <483ECD95.5000907@ecs.soton.ac.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What's your "TNEF Expander" setting? If it isn't set to "internal" then 
try that first.

Paul Hutchings wrote:
> Is there any way of bumping up the logging for these without bumping it
> up for all messages (which would kill us)?
>
> I've had a couple of emails to users that have been treated like this,
> from reputable/reliable sources and I don't have any idea why.
>
> Cheers,
> Paul
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIPs2WEfZZRxQVtlQRAq24AJ9w51iu+t5tXwE58vTrJqKvzgTv8wCcDEcs
UF9BUM6ta5HBoQS/cmrdGus=
=MjdF
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From martinh at solidstatelogic.com  Thu May 29 16:44:32 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 29 16:44:45 2008
Subject: "Could not analyze message" errors?
In-Reply-To: <FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>
Message-ID: <f1dff86363a9de45abf665d4c9eb605a@solidstatelogic.com>

Paul

This is normally a Sophos /AV issue rather than a MailScanner one..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Paul Hutchings
> Sent: 29 May 2008 16:16
> To: MailScanner discussion
> Subject: "Could not analyze message" errors?
>
> Is there any way of bumping up the logging for these without bumping it
> up for all messages (which would kill us)?
>
> I've had a couple of emails to users that have been treated like this,
> from reputable/reliable sources and I don't have any idea why.
>
> Cheers,
> Paul
>
> --
> MIRA Ltd
>
> Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.
>
> Registered in England and Wales No. 402570
> VAT Registration  GB 114 5409 96
>
> The contents of this e-mail are confidential and are solely for the use of
> the intended recipient.
> If you receive this e-mail in error, please delete it and notify us either
> by e-mail, telephone or fax.
> You should not copy, forward or otherwise disclose the content of the e-
> mail as this is prohibited.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From astephens at ptera.net  Thu May 29 17:16:16 2008
From: astephens at ptera.net (Arthur Stephens)
Date: Thu May 29 17:17:08 2008
Subject: postfix virtual domains problem
In-Reply-To: <483E4260.7020400@vanderkooij.org>
References: <483DEE99.1090604@ptera.net> <483E4260.7020400@vanderkooij.org>
Message-ID: <483ED6D0.90002@ptera.net>

Um well here is the thing - the virtual domains worked before I 
installed Mailscanner.

Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arthur Stephens wrote:
> | Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat Linux
> | Fedora 7
> | All of my virtual Domains are being ignored the email is being 
> delivered
> | to the actual mailbox on the server.
> | Example sales@domain.com and sales@otherdomain.com are all going to
> | sales mailbox.
>
> May I suggest you post postfix specific config uestions to the postfix
> mailinglist? You propaly will get better support there as long as:
> ~ - You do not mention MailScanner
> ~ - You add the proper details of your config to your question.
>
> Failing to do these two things will very likely result in total silence.
>
> Hugo.
>
>
> - --
> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
>     A: Yes.
>     >Q: Are you sure?
>     >>A: Because it reverses the logical flow of conversation.
>     >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIPkJeBvzDRVjxmYERAkclAKCGDnC6F+HqZNR4KqtYAHMlfyMGlwCfXfJe
> 9W5xg0f0+jYRJx76zWKH64c=
> =wI84
> -----END PGP SIGNATURE-----


-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net

From martinh at solidstatelogic.com  Thu May 29 17:36:36 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 29 17:36:48 2008
Subject: postfix virtual domains problem
In-Reply-To: <483ED6D0.90002@ptera.net>
Message-ID: <ce82b9620253fa489b25f38162df4e77@solidstatelogic.com>

Arthur

How did you install mailscanner? What instructions did you follow?

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Arthur Stephens
> Sent: 29 May 2008 17:16
> To: MailScanner discussion
> Subject: Re: postfix virtual domains problem
>
> Um well here is the thing - the virtual domains worked before I
> installed Mailscanner.
>
> Hugo van der Kooij wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Arthur Stephens wrote:
> > | Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat
> Linux
> > | Fedora 7
> > | All of my virtual Domains are being ignored the email is being
> > delivered
> > | to the actual mailbox on the server.
> > | Example sales@domain.com and sales@otherdomain.com are all going to
> > | sales mailbox.
> >
> > May I suggest you post postfix specific config uestions to the postfix
> > mailinglist? You propaly will get better support there as long as:
> > ~ - You do not mention MailScanner
> > ~ - You add the proper details of your config to your question.
> >
> > Failing to do these two things will very likely result in total silence.
> >
> > Hugo.
> >
> >
> > - --
> > hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
> > PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
> >
> >     A: Yes.
> >     >Q: Are you sure?
> >     >>A: Because it reverses the logical flow of conversation.
> >     >>>Q: Why is top posting frowned upon?
> >
> > Bored? Click on http://spamornot.org/ and rate those images.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.7 (GNU/Linux)
> >
> > iD8DBQFIPkJeBvzDRVjxmYERAkclAKCGDnC6F+HqZNR4KqtYAHMlfyMGlwCfXfJe
> > 9W5xg0f0+jYRJx76zWKH64c=
> > =wI84
> > -----END PGP SIGNATURE-----
>
>
> --
> Arthur Stephens
> Senior Sales Technician
> Ptera Wireless Internet Service
> PO Box 135
> Liberty Lake, WA 99019
> 509-927-7837
> http://www.ptera.net
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From paul.hutchings at mira.co.uk  Thu May 29 17:45:06 2008
From: paul.hutchings at mira.co.uk (Paul Hutchings)
Date: Thu May 29 17:45:19 2008
Subject: "Could not analyze message" errors?
References: <EMEW-k4SGOq4faabf6f56163277c4967e6a4d52ee6b-FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>
	<483ECD95.5000907@ecs.soton.ac.uk>
Message-ID: <FF689DC51C3C1640BE668A0E31182AD004DB074E@mail03.mira.co.uk>

Thanks for the reply Julian, it's currently "TNEF Expander =
/usr/bin/tnef --maxsize=100000000"

Just so I can be prepared, should there be any adverse consequences from
changing it to internal, what's the difference please?

MailScanner is 4.69.9.

Regarding A/V we're using clamav via the clamd module.

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
Field
Sent: 29 May 2008 16:37
To: MailScanner discussion
Subject: Re: "Could not analyze message" errors?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What's your "TNEF Expander" setting? If it isn't set to "internal" then 
try that first.

Paul Hutchings wrote:
> Is there any way of bumping up the logging for these without bumping
it
> up for all messages (which would kill us)?
>
> I've had a couple of emails to users that have been treated like this,
> from reputable/reliable sources and I don't have any idea why.
>
> Cheers,
> Paul
>
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFIPs2WEfZZRxQVtlQRAq24AJ9w51iu+t5tXwE58vTrJqKvzgTv8wCcDEcs
UF9BUM6ta5HBoQS/cmrdGus=
=MjdF
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
MIRA Ltd

Watling Street, Nuneaton, Warwickshire, CV10 0TU, England.

Registered in England and Wales No. 402570
VAT Registration  GB 114 5409 96

The contents of this e-mail are confidential and are solely for the use of the intended recipient.
If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax.
You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited.


From mailscanner at lists.com.ar  Thu May 29 17:53:11 2008
From: mailscanner at lists.com.ar (Leonardo Helman)
Date: Thu May 29 17:53:27 2008
Subject: commit ineffective with AutoCommit enabled... MailWatch.pm
In-Reply-To: <sentthu29may20081627250000ajos1@www.sonicbadger.com>
References: <sentthu29may20081627250000ajos1@www.sonicbadger.com>
Message-ID: <1212079991.24721.12.camel@morticia.pert.com.ar>

I really don't know what you are talking about (so forgive me
for trying to clarify), 

The general idea is that if you set AutoCommit
the database sends a commit whenever is necesary

If you use AutoCommit there is no need to use $dbh-commit statenment

This is from "man DBI", it explains that there are 3 kind of
 databases and ...

 * Databases which don?t support transactions at all

   For these databases, attempting to turn "AutoCommit" off is a fatal
   error.  "commit" and "rollback" both issue warnings about being inef-
   fective while "AutoCommit" is in effect.

 * Databases in which a transaction is always active

   These are typically mainstream commercial relational databases with
   "ANSI standard" transaction behaviour.  If "AutoCommit" is off, then
   changes to the database won?t have any lasting effect unless "commit"
   is called (but see also "disconnect"). If "rollback" is called then 
   any changes since the last commit are undone.

   If "AutoCommit" is on, then the effect is the same as if the DBI
called
   "commit" automatically after every successful database operation. So
   calling "commit" or "rollback" explicitly while "AutoCommit" is on
   would be ineffective because the changes would have already been com-
   mited.

   Changing "AutoCommit" from off to on will trigger a "commit".
   For databases which don?t support a specific auto-commit mode, the
   driver has to commit each statement automatically using an explicit
   "COMMIT" after it completes successfully (and roll it back using an
   explicit "ROLLBACK" if it fails).  The error information reported to
   the application will correspond to the statement which was executed,
   unless it succeeded and the commit or rollback failed.

 * Databases in which a transaction must be explicitly started

   For these databases, the intention is to have them act like databases
   in which a transaction is always active (as described above).
   To do this, the driver will automatically begin an explicit
transaction
   when "AutoCommit" is turned off, or after a "commit" or
   "rollback" (or
   when the application issues the next database operation after one of
   those events).

   In this way, the application does not have to treat these databases 
   as a special case.


On Thu, 2008-05-29 at 16:27 +0000, ajos1 at onion wrote:
> Re: commit ineffective with AutoCommit enabled... MailWatch.pm
> 
> commit ineffective with AutoCommit enabled... MailWatch.pm
> ==========================================================
> 
> 
> OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
> OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
> OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
> OKAY... MY FIRST SOLUTION IS WRONG!!!  This one works...
> 
> 
> Basically... EVEN with AUTOCOMMIT ... there are times when "$dbh->commit" does work without warnings... so my original solution is not good news... as you could miss out on some crucial commits... if the disconnect statement does not do it for you...
> 
> 
> /DBI-1.604/Driver.xst says: "Some databases will automatically commit on graceful disconnect."  (Ie) Not all do...
> 
> 
> Here is the new solution... it leaves the commit as it was... but just turns off the warning temporarily! (Oh and it works)...
> 
> (ie) $dbh->{Warn} = 0;
> 
> 
> 
> Old Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
> ========================================================================
>  sub ExitLogging {
>    # Server exit - commit changes, close socket, and exit gracefully.
>    close(SERVER);
>    $dbh->commit;
>    $dbh->disconnect;
>    exit;
>  }
> 
> 
> New Code - /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
> ========================================================================
>  sub ExitLogging {
>    # Server exit - commit changes, close socket, and exit gracefully.
>    close(SERVER);
>    ##### AJOS1 CHANGE #####
>    $dbh->{Warn} = 0;
>    ##### AJOS1 CHANGE #####
>    $dbh->commit;
>    $dbh->disconnect;
>    exit;
>  }
> 
> ==
> =====================================================================
> =
> = "What's it called when you put off procrastinating?"
> =
> =====================================================================
> =  Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid???
> =  Call...    +44 8457 90 90 90    http://www.samaritans.org/
> =====================================================================

From csweeney at osubucks.org  Thu May 29 17:59:53 2008
From: csweeney at osubucks.org (Chris Sweeney)
Date: Thu May 29 18:00:23 2008
Subject: AOL and Nolisting
Message-ID: <200805291659.m4TGxat2013572@stewie.osubucks.org>

They are not the only ones lately doing that.  I have seen it from several places lately myself.

-----Original Message-----
From: Stanier, Alan M <alan@essex.ac.uk>
Sent: Thursday, May 29, 2008 11:24 AM
To: mailscanner@lists.mailscanner.info
Subject: AOL and Nolisting

Hi List

Is anyone else who uses Nolisting having a problem receiving mail from
aol.com? 

Since late last week anyone who mails us from an aol.com gets a bounce
message after 3 hours, saying

"Deferred: Connection timed out with serlx01.essex.ac.uk.
Message could not be delivered for 3 hours
Message will be deleted from queue"

Serlx01 is our highest-priority MX record, on which we always reject.

This looks to me as though AOL are not moving on to our lower-priority
MX records, but retrying the highest-priority for 3 hours, then giving
up completely.

Alan
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From MailScanner at ecs.soton.ac.uk  Thu May 29 18:07:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 29 18:07:47 2008
Subject: "Could not analyze message" errors?
In-Reply-To: <EMEW-k4SHnn139a2deff4164464e90459bdc835f462-FF689DC51C3C1640BE668A0E31182AD004DB074E@mail03.mira.co.uk>
References: <EMEW-k4SGOq4faabf6f56163277c4967e6a4d52ee6b-FF689DC51C3C1640BE668A0E31182AD004DB074C@mail03.mira.co.uk>	<483ECD95.5000907@ecs.soton.ac.uk>
	<EMEW-k4SHnn139a2deff4164464e90459bdc835f462-FF689DC51C3C1640BE668A0E31182AD004DB074E@mail03.mira.co.uk>
Message-ID: <483EE2C8.9030905@ecs.soton.ac.uk>


Paul Hutchings wrote:
> Thanks for the reply Julian, it's currently "TNEF Expander =
> /usr/bin/tnef --maxsize=100000000"
>
> Just so I can be prepared, should there be any adverse consequences from
> changing it to internal, what's the difference please?
>   
The internal one is a bit slower, but tends to cope with more variations 
in the format than the external one.
> MailScanner is 4.69.9.
>
> Regarding A/V we're using clamav via the clamd module.
>   
That won't be affected at all.
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian
> Field
> Sent: 29 May 2008 16:37
> To: MailScanner discussion
> Subject: Re: "Could not analyze message" errors?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What's your "TNEF Expander" setting? If it isn't set to "internal" then 
> try that first.
>
> Paul Hutchings wrote:
>   
>> Is there any way of bumping up the logging for these without bumping
>>     
> it
>   
>> up for all messages (which would kill us)?
>>
>> I've had a couple of emails to users that have been treated like this,
>> from reputable/reliable sources and I don't have any idea why.
>>
>> Cheers,
>> Paul
>>
>>   
>>     
>
> Jules
>
> - -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.3 (Build 4028)
> Comment: Use Enigmail to decrypt or check this message is legitimate
> Charset: ISO-8859-1
>
> wj8DBQFIPs2WEfZZRxQVtlQRAq24AJ9w51iu+t5tXwE58vTrJqKvzgTv8wCcDEcs
> UF9BUM6ta5HBoQS/cmrdGus=
> =MjdF
> -----END PGP SIGNATURE-----
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From astephens at ptera.net  Thu May 29 18:09:39 2008
From: astephens at ptera.net (Arthur Stephens)
Date: Thu May 29 18:10:31 2008
Subject: postfix virtual domains problem
In-Reply-To: <ce82b9620253fa489b25f38162df4e77@solidstatelogic.com>
References: <ce82b9620253fa489b25f38162df4e77@solidstatelogic.com>
Message-ID: <483EE353.2020006@ptera.net>

I followed personal notes that I found by googling. Here is the link.

http://www.linuxquestions.org/questions/linux-software-2/how-to-setup-mailscanner-clamav-postfix-spamassassin-my-notes-515935/

Martin.Hepworth wrote:
> Arthur
>
> How did you install mailscanner? What instructions did you follow?
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Arthur Stephens
>> Sent: 29 May 2008 17:16
>> To: MailScanner discussion
>> Subject: Re: postfix virtual domains problem
>>
>> Um well here is the thing - the virtual domains worked before I
>> installed Mailscanner.
>>
>> Hugo van der Kooij wrote:
>>     
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Arthur Stephens wrote:
>>> | Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat
>>>       
>> Linux
>>     
>>> | Fedora 7
>>> | All of my virtual Domains are being ignored the email is being
>>> delivered
>>> | to the actual mailbox on the server.
>>> | Example sales@domain.com and sales@otherdomain.com are all going to
>>> | sales mailbox.
>>>
>>> May I suggest you post postfix specific config uestions to the postfix
>>> mailinglist? You propaly will get better support there as long as:
>>> ~ - You do not mention MailScanner
>>> ~ - You add the proper details of your config to your question.
>>>
>>> Failing to do these two things will very likely result in total silence.
>>>
>>> Hugo.
>>>
>>>
>>> - --
>>> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>>>
>>>     A: Yes.
>>>     >Q: Are you sure?
>>>     >>A: Because it reverses the logical flow of conversation.
>>>     >>>Q: Why is top posting frowned upon?
>>>
>>> Bored? Click on http://spamornot.org/ and rate those images.
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.7 (GNU/Linux)
>>>
>>> iD8DBQFIPkJeBvzDRVjxmYERAkclAKCGDnC6F+HqZNR4KqtYAHMlfyMGlwCfXfJe
>>> 9W5xg0f0+jYRJx76zWKH64c=
>>> =wI84
>>> -----END PGP SIGNATURE-----
>>>       
>> --
>> Arthur Stephens
>> Senior Sales Technician
>> Ptera Wireless Internet Service
>> PO Box 135
>> Liberty Lake, WA 99019
>> 509-927-7837
>> http://www.ptera.net
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   


-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080529/a2d9af87/attachment.html
From rick at duvals.ca  Thu May 29 18:23:32 2008
From: rick at duvals.ca (Rick Duval)
Date: Thu May 29 18:23:41 2008
Subject: Where are attachments being stopped?
Message-ID: <4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>

I'm using a standard install of MailScanner.

Almost all attachments are being removed. I've looked in filename.rules.conf
and filetype.rules.conf and they're OK.

Is there some other process that could be stopping them? AV? If so, how do I
change that and how do I know what;s installed.

Thanks

Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080529/838d2e6b/attachment.html
From martinh at solidstatelogic.com  Thu May 29 18:47:23 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 29 18:46:44 2008
Subject: postfix virtual domains problem
Message-ID: <auto-001212083193@solidstatelogic.com>

There's alot of changes to postfix here..did you test at each stage to make sure you've not bren anything.?

All you really need is the hold queue stuff as per the setup in the wiki.

-- 
martin

-----Original Message-----
From: Arthur Stephens <astephens@ptera.net>
Sent: Thursday, May 29, 2008 6:18 PM
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: Re: postfix virtual domains problem

I followed personal notes that I found by googling. Here is the link.

http://www.linuxquestions.org/questions/linux-software-2/how-to-setup-mailscanner-clamav-postfix-spamassassin-my-notes-515935/

Martin.Hepworth wrote:
> Arthur
>
> How did you install mailscanner? What instructions did you follow?
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>   
>> -----Original Message-----
>> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
>> bounces@lists.mailscanner.info] On Behalf Of Arthur Stephens
>> Sent: 29 May 2008 17:16
>> To: MailScanner discussion
>> Subject: Re: postfix virtual domains problem
>>
>> Um well here is the thing - the virtual domains worked before I
>> installed Mailscanner.
>>
>> Hugo van der Kooij wrote:
>>     
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Arthur Stephens wrote:
>>> | Running Mailscanner 4.69.9-3 with Postfix version 2.3.6 on Redhat
>>>       
>> Linux
>>     
>>> | Fedora 7
>>> | All of my virtual Domains are being ignored the email is being
>>> delivered
>>> | to the actual mailbox on the server.
>>> | Example sales@domain.com and sales@otherdomain.com are all going to
>>> | sales mailbox.
>>>
>>> May I suggest you post postfix specific config uestions to the postfix
>>> mailinglist? You propaly will get better support there as long as:
>>> ~ - You do not mention MailScanner
>>> ~ - You add the proper details of your config to your question.
>>>
>>> Failing to do these two things will very likely result in total silence.
>>>
>>> Hugo.
>>>
>>>
>>> - --
>>> hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
>>> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>>>
>>>     A: Yes.
>>>     >Q: Are you sure?
>>>     >>A: Because it reverses the logical flow of conversation.
>>>     >>>Q: Why is top posting frowned upon?
>>>
>>> Bored? Click on http://spamornot.org/ and rate those images.
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.7 (GNU/Linux)
>>>
>>> iD8DBQFIPkJeBvzDRVjxmYERAkclAKCGDnC6F+HqZNR4KqtYAHMlfyMGlwCfXfJe
>>> 9W5xg0f0+jYRJx76zWKH64c=
>>> =wI84
>>> -----END PGP SIGNATURE-----
>>>       
>> --
>> Arthur Stephens
>> Senior Sales Technician
>> Ptera Wireless Internet Service
>> PO Box 135
>> Liberty Lake, WA 99019
>> 509-927-7837
>> http://www.ptera.net
>>
>> --
>> MailScanner mailing list
>> mailscanner@lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>     
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the 
> addressee only and may be confidential. If they come to you in error 
> you must take no action based on them, nor must you copy or show them 
> to anyone. Please advise the sender by replying to this e-mail 
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We advise 
> that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **********************************************************************
>
>   


-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net


**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

From astephens at ptera.net  Thu May 29 20:19:26 2008
From: astephens at ptera.net (Arthur Stephens)
Date: Thu May 29 20:19:37 2008
Subject: postfix virtual domains problem
In-Reply-To: <auto-001212083193@solidstatelogic.com>
References: <auto-001212083193@solidstatelogic.com>
Message-ID: <483F01BE.9000900@ptera.net>

I skipped all the stuff for installing postfix since it was already 
installed and working.
I picked it up at the Install Clamav point since I had to do that from 
scratch to get it working.
The main configs that I made was the main.cf header_checks and HOLD in 
the header_checks file.

Also I had this same problem with this server before it crashed and I 
had to build a new one.
Even back then I had to remove Mailscanner to get the virtual domains 
working again.
So even with this this new install I end up with the same problem.

******* main.cf ******
readme_directory = /usr/share/doc/postfix-2.2.3-documentation/readme
myorigin = web.ptera.net
mynetworks = 69.28.32.0/20, 216.229.172.0/24, 127.0.0.0/8, 
134.39.173.11, 216.178.52.0/22, 67.185.23.0/24
relay_domains = web.ptera.net, webmail.ptera.net, pdi-inc.com, 
avistaadvantage.com, nw-tel.com
smtpd_banner = 56C-web.ptera.net NO UCE ESMTP
smtpd_recipient_restrictions = permit_sasl_authenticated,     
permit_mynetworks,      reject_invalid_hostname,      
reject_non_fqdn_sender,     reject_non_fqdn_recipient,     
reject_unknown_sender_domain,     reject_unknown_recipient_domain,     
reject_unauth_pipelining,     reject_unauth_destination,     
reject_rbl_client domain-name, check_policy_service inet:127.0.0.1:2501
#
# Mailscanner
# maps_rbl_domains = bl.spamcop.net
# content_filter = scan:127.0.0.1:10025
header_checks = regexp:/etc/postfix/header_checks
# MailScanner
#
receive_override_options = no_address_mappings
message_size_limit = 20480000
maximal_queue_lifetime = 1d
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
strict_rfc821_envelopes = yes
smtpd_delay_reject = no
biff = no
disable_vrfy_command = yes
luser_relay = address_mapped_to_dev_null
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,     
permit_mynetworks,      reject_invalid_hostname
message_size_limit = 46080000
bounce_queue_lifetime = 1d
queue_directory = /var/spool/postfix
mail_owner = postfix

******header_checks*******
/^Received:/ HOLD

Martin.Hepworth wrote:
> There's alot of changes to postfix here..did you test at each stage to make sure you've not bren anything.?
>
> All you really need is the hold queue stuff as per the setup in the wiki.
>
>   


-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net

From MailScanner at ecs.soton.ac.uk  Thu May 29 20:38:47 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 29 20:39:10 2008
Subject: Where are attachments being stopped?
In-Reply-To: <EMEW-k4SIYY7ec7b75e442e55658899e4f0445ca45e-4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>
References: <EMEW-k4SIYY7ec7b75e442e55658899e4f0445ca45e-4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>
Message-ID: <483F0647.3000801@ecs.soton.ac.uk>


Rick Duval wrote:
> I'm using a standard install of MailScanner.
>
> Almost all attachments are being removed. I've looked in 
> filename.rules.conf and filetype.rules.conf and they're OK.
What do all the report attachments say?
(i.e. what the attachments are replaced with)
That will give you some clue as to why they are being removed.

It's the report lines in the middle of the replacement attachment that 
will tell you what's going on. Also read your /var/log/maillog and see 
what it is telling you about the attachments.

Come back to us once you have got that information, and once you have 
looked for those strings in the /etc/MailScanner directory.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

From rick at duvals.ca  Thu May 29 21:29:13 2008
From: rick at duvals.ca (Rick Duval)
Date: Thu May 29 21:29:23 2008
Subject: Where are attachments being stopped?
In-Reply-To: <483F0647.3000801@ecs.soton.ac.uk>
References: <EMEW-k4SIYY7ec7b75e442e55658899e4f0445ca45e-4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>
	<483F0647.3000801@ecs.soton.ac.uk>
Message-ID: <4baa40ce0805291329u38033dact9d24a3022fe42584@mail.gmail.com>

The Subject had {Dangerous Content?} prefixed and the message had:

*Warning: This message has had one or more attachments removed
Warning: (msg-21657-8.html).
Warning: Please read the "AccurateAntiSpam-Attachment-Warning.txt"
attachment(s) for more information*.

added to the top.

I grep'd etc/MailScanner for parts of this and got nothing

Rick

On Thu, May 29, 2008 at 3:38 PM, Julian Field <MailScanner@ecs.soton.ac.uk>
wrote:

>
>
> Rick Duval wrote:
>
>> I'm using a standard install of MailScanner.
>>
>> Almost all attachments are being removed. I've looked in
>> filename.rules.conf and filetype.rules.conf and they're OK.
>>
> What do all the report attachments say?
> (i.e. what the attachments are replaced with)
> That will give you some clue as to why they are being removed.
>
> It's the report lines in the middle of the replacement attachment that will
> tell you what's going on. Also read your /var/log/maillog and see what it is
> telling you about the attachments.
>
> Come back to us once you have got that information, and once you have
> looked for those strings in the /etc/MailScanner directory.
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules@Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> This message has been scanned for viruses and
> dangerous content by Accurate Anti-Spam, and is
> believed to be clean.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080529/358e0811/attachment-0001.html
From ssilva at sgvwater.com  Thu May 29 22:07:24 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Thu May 29 22:07:51 2008
Subject: Where are attachments being stopped?
In-Reply-To: <4baa40ce0805291329u38033dact9d24a3022fe42584@mail.gmail.com>
References: <EMEW-k4SIYY7ec7b75e442e55658899e4f0445ca45e-4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>	<483F0647.3000801@ecs.soton.ac.uk>
	<4baa40ce0805291329u38033dact9d24a3022fe42584@mail.gmail.com>
Message-ID: <g1n5uc$boe$1@ger.gmane.org>

on 5-29-2008 1:29 PM Rick Duval spake the following:
> The Subject had {Dangerous Content?} prefixed and the message had:
> 
> /Warning: This message has had one or more attachments removed
> Warning: (msg-21657-8.html).
> Warning: Please read the "AccurateAntiSpam-Attachment-Warning.txt" 
> attachment(s) for more information/.
> 
> added to the top.
> 
> I grep'd etc/MailScanner for parts of this and got nothing
> 
> Rick
And what does AccurateAntiSpam-Attachment-Warning.txt say?


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080529/5bcfedf7/signature.bin
From glenn.steen at gmail.com  Thu May 29 23:37:47 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu May 29 23:37:57 2008
Subject: postfix virtual domains problem
In-Reply-To: <483F01BE.9000900@ptera.net>
References: <auto-001212083193@solidstatelogic.com>
	<483F01BE.9000900@ptera.net>
Message-ID: <223f97700805291537k427828eeve3e566b2bd14388@mail.gmail.com>

2008/5/29 Arthur Stephens <astephens@ptera.net>:
> I skipped all the stuff for installing postfix since it was already
> installed and working.
Good.

> I picked it up at the Install Clamav point since I had to do that from
> scratch to get it working.
> The main configs that I made was the main.cf header_checks and HOLD in the
> header_checks file.
>
> Also I had this same problem with this server before it crashed and I had to
> build a new one.
> Even back then I had to remove Mailscanner to get the virtual domains
> working again.
> So even with this this new install I end up with the same problem.
Indicates you do something wrong then:-)


> ******* main.cf ******
> readme_directory = /usr/share/doc/postfix-2.2.3-documentation/readme
> myorigin = web.ptera.net
> mynetworks = 69.28.32.0/20, 216.229.172.0/24, 127.0.0.0/8, 134.39.173.11,
> 216.178.52.0/22, 67.185.23.0/24
> relay_domains = web.ptera.net, webmail.ptera.net, pdi-inc.com,
Ok,so you relay... not really "virtual domains" at all. This looks
more like a normal mail gateway than anything.

> avistaadvantage.com, nw-tel.com
> smtpd_banner = 56C-web.ptera.net NO UCE ESMTP
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks,      reject_invalid_hostname,
>  reject_non_fqdn_sender,     reject_non_fqdn_recipient,
> reject_unknown_sender_domain,     reject_unknown_recipient_domain,
> reject_unauth_pipelining,     reject_unauth_destination,
> reject_rbl_client domain-name, check_policy_service inet:127.0.0.1:2501
> #
> # Mailscanner
> # maps_rbl_domains = bl.spamcop.net
> # content_filter = scan:127.0.0.1:10025
> header_checks = regexp:/etc/postfix/header_checks
> # MailScanner
Good so far... minimal change to a percieved-as-working config:-).

> #
> receive_override_options = no_address_mappings
> message_size_limit = 20480000
> maximal_queue_lifetime = 1d
> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
> strict_rfc821_envelopes = yes
> smtpd_delay_reject = no
> biff = no
> disable_vrfy_command = yes
> luser_relay = address_mapped_to_dev_null
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_sasl_authenticated,     permit_mynetworks,
>      reject_invalid_hostname
> message_size_limit = 46080000
> bounce_queue_lifetime = 1d
> queue_directory = /var/spool/postfix
> mail_owner = postfix
>
> ******header_checks*******
> /^Received:/ HOLD
>
Right, with that subject I  was expecting something along the lines of
http://www.postfix.org/VIRTUAL_README.html ... which detail how
virtual aliasing/mailbox settings work in PF.

But that doesn't seem to be what you are doing. You seem to be after
normal relaying (a thing I know work very well;-).
Do you rely on internal MX records ("split view DNS" kind of thing),
or the transport file? What do you have in it (the transport file, I
mean:-)?
(snip)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com  Thu May 29 23:49:36 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu May 29 23:49:47 2008
Subject: postfix virtual domains problem
In-Reply-To: <223f97700805291537k427828eeve3e566b2bd14388@mail.gmail.com>
References: <auto-001212083193@solidstatelogic.com>
	<483F01BE.9000900@ptera.net>
	<223f97700805291537k427828eeve3e566b2bd14388@mail.gmail.com>
Message-ID: <223f97700805291549w3d4cc68cr448b3f2ec2865f45@mail.gmail.com>

2008/5/30 Glenn Steen <glenn.steen@gmail.com>:
> 2008/5/29 Arthur Stephens <astephens@ptera.net>:
>> I skipped all the stuff for installing postfix since it was already
>> installed and working.
> Good.
>
>> I picked it up at the Install Clamav point since I had to do that from
>> scratch to get it working.
>> The main configs that I made was the main.cf header_checks and HOLD in the
>> header_checks file.
>>
>> Also I had this same problem with this server before it crashed and I had to
>> build a new one.
>> Even back then I had to remove Mailscanner to get the virtual domains
>> working again.
>> So even with this this new install I end up with the same problem.
> Indicates you do something wrong then:-)
>
>
>> ******* main.cf ******
>> readme_directory = /usr/share/doc/postfix-2.2.3-documentation/readme
>> myorigin = web.ptera.net
>> mynetworks = 69.28.32.0/20, 216.229.172.0/24, 127.0.0.0/8, 134.39.173.11,
>> 216.178.52.0/22, 67.185.23.0/24
>> relay_domains = web.ptera.net, webmail.ptera.net, pdi-inc.com,
> Ok,so you relay... not really "virtual domains" at all. This looks
> more like a normal mail gateway than anything.
>
>> avistaadvantage.com, nw-tel.com
>> smtpd_banner = 56C-web.ptera.net NO UCE ESMTP
>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>> permit_mynetworks,      reject_invalid_hostname,
>>  reject_non_fqdn_sender,     reject_non_fqdn_recipient,
>> reject_unknown_sender_domain,     reject_unknown_recipient_domain,
>> reject_unauth_pipelining,     reject_unauth_destination,
>> reject_rbl_client domain-name, check_policy_service inet:127.0.0.1:2501
>> #
>> # Mailscanner
>> # maps_rbl_domains = bl.spamcop.net
>> # content_filter = scan:127.0.0.1:10025
>> header_checks = regexp:/etc/postfix/header_checks
>> # MailScanner
> Good so far... minimal change to a percieved-as-working config:-).
>
>> #
>> receive_override_options = no_address_mappings
>> message_size_limit = 20480000
>> maximal_queue_lifetime = 1d
>> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
>> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>> strict_rfc821_envelopes = yes
>> smtpd_delay_reject = no
>> biff = no
>> disable_vrfy_command = yes
>> luser_relay = address_mapped_to_dev_null
>> smtpd_helo_required = yes
>> smtpd_helo_restrictions = permit_sasl_authenticated,     permit_mynetworks,
>>      reject_invalid_hostname
>> message_size_limit = 46080000
>> bounce_queue_lifetime = 1d
>> queue_directory = /var/spool/postfix
>> mail_owner = postfix
>>
>> ******header_checks*******
>> /^Received:/ HOLD
>>
> Right, with that subject I  was expecting something along the lines of
> http://www.postfix.org/VIRTUAL_README.html ... which detail how
> virtual aliasing/mailbox settings work in PF.
>
> But that doesn't seem to be what you are doing. You seem to be after
> normal relaying (a thing I know work very well;-).
> Do you rely on internal MX records ("split view DNS" kind of thing),
> or the transport file? What do you have in it (the transport file, I
> mean:-)?
> (snip)
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>


BTW, could you give us a "postconf -n" instead ... Would be more ...
comprehensive:-).
Oh and don't forget the transports file ... Feel free to "obfuscate"
as much as you like, but please do so in a consistent manner;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ram at netcore.co.in  Fri May 30 12:08:49 2008
From: ram at netcore.co.in (ram)
Date: Fri May 30 12:09:09 2008
Subject: AOL and Nolisting
In-Reply-To: <DCC3D3335E55CC44B3D36FE2EAB5CD8018434D@sernt8.essex.ac.uk>
References: <DCC3D3335E55CC44B3D36FE2EAB5CD8018434D@sernt8.essex.ac.uk>
Message-ID: <1212145729.6109.121.camel@localhost.localdomain>

On Thu, 2008-05-29 at 16:24 +0100, Stanier, Alan M wrote:
> Hi List
> 
> Is anyone else who uses Nolisting having a problem receiving mail from
> aol.com? 
> 
> Since late last week anyone who mails us from an aol.com gets a bounce
> message after 3 hours, saying
> 
> "Deferred: Connection timed out with serlx01.essex.ac.uk.
> Message could not be delivered for 3 hours
> Message will be deleted from queue"
> 
> Serlx01 is our highest-priority MX record, on which we always reject.
> 
> This looks to me as though AOL are not moving on to our lower-priority
> MX records, but retrying the highest-priority for 3 hours, then giving
> up completely.
> 
> Alan

I dont know about AOL I have seen this happenning with a lot of more
broken SMTP servers

If your high priority MX is a fake , it should be a machine that is not
reachable. Or else you do see mails lost 


Thanks
Ram


From kevin.murphy at midland-ics.ie  Fri May 30 14:49:32 2008
From: kevin.murphy at midland-ics.ie (Kevin Murphy)
Date: Fri May 30 14:49:54 2008
Subject: GreyListing
Message-ID: <014b01c8c25b$fe1f5d60$fa5e1820$@murphy@midland-ics.ie>

Hi All

 
Could someone advise on a decent grey listing program to run with my setup,
which is  :  Fedora Core (Sendmail, MailScanner, Spamassasin)

 
Thanks 

 
Kevin


This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080530/2d02e999/attachment.html
From gary at sgluk.com  Fri May 30 15:00:58 2008
From: gary at sgluk.com (Gary Pentland)
Date: Fri May 30 15:01:16 2008
Subject: GreyListing
In-Reply-To: <EMEW-k4YEuZ3b2972399680fdb5e4844b3cd996c7a3-014b01c8c25b$fe1f5d60$fa5e1820$@murphy@midland-ics.ie>
References: <EMEW-k4YEuZ3b2972399680fdb5e4844b3cd996c7a3-014b01c8c25b$fe1f5d60$fa5e1820$@murphy@midland-ics.ie>
Message-ID: <CECBF038AC8DF546A861C7D5E6FFC64E4073955EE2@sgl-nc-exch-1.sgluk.com>

Milter-greylist

http://hcpnet.free.fr/milter-greylist/

Works fine for me, been using version 3.0 since October with no issues.

Gary

________________________________
From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kevin Murphy
Sent: 30 May 2008 14:50
To: mailscanner@lists.mailscanner.info
Subject: GreyListing

Hi All

Could someone advise on a decent grey listing program to run with my setup, which is  :  Fedora Core (Sendmail, MailScanner, Spamassasin)

Thanks

Kevin

This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although we make every effort to keep our systems free from viruses, you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080530/64515d21/attachment.html
From shuttlebox at gmail.com  Fri May 30 15:20:32 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 30 15:20:40 2008
Subject: GreyListing
In-Reply-To: <CECBF038AC8DF546A861C7D5E6FFC64E4073955EE2@sgl-nc-exch-1.sgluk.com>
References: <CECBF038AC8DF546A861C7D5E6FFC64E4073955EE2@sgl-nc-exch-1.sgluk.com>
Message-ID: <625385e30805300720m5ccf98bevf984bcea3668165a@mail.gmail.com>

On Fri, May 30, 2008 at 4:00 PM, Gary Pentland <gary@sgluk.com> wrote:
> Milter-greylist
>
> http://hcpnet.free.fr/milter-greylist/
>
> Works fine for me, been using version 3.0 since October with no issues.
>
> Gary

+1.

It's extremely flexible and it can sync its database between your MX:es.

-- 
/peter
From ecasarero at gmail.com  Fri May 30 16:07:15 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Fri May 30 16:07:25 2008
Subject: GreyListing
In-Reply-To: <625385e30805300720m5ccf98bevf984bcea3668165a@mail.gmail.com>
References: <CECBF038AC8DF546A861C7D5E6FFC64E4073955EE2@sgl-nc-exch-1.sgluk.com>
	<625385e30805300720m5ccf98bevf984bcea3668165a@mail.gmail.com>
Message-ID: <7d9b3cf20805300807m9e6106ah8b16cb758e126ed6@mail.gmail.com>

2008/5/30 shuttlebox <shuttlebox@gmail.com>:
> On Fri, May 30, 2008 at 4:00 PM, Gary Pentland <gary@sgluk.com> wrote:
>> Milter-greylist
>>
>> http://hcpnet.free.fr/milter-greylist/
>>
>> Works fine for me, been using version 3.0 since October with no issues.
>>

Latest stable is 4.0, you should upgrade there are many improvements

>> Gary
>
> +1.
>
> It's extremely flexible and it can sync its database between your MX:es.
>

Also check this configuration options, i'm using this values because
if you use default's your server will use a lot of resources.
lazyaw #whitelist ips, not the full tuple (it will reduce users delays
complaints)
dumpfreq 1d #not necesary to dump every 10 minutes, just dump a day
dump_no_time_translation #reduce dumping load
timeout 5h  #reduce memory usage

all this is explained in greylist2.conf

Regards

> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
From Rich.West at wesmo.com  Fri May 30 17:03:56 2008
From: Rich.West at wesmo.com (Rich West)
Date: Fri May 30 17:05:54 2008
Subject: Blacklist all + allow some?
Message-ID: <4840256C.5060606@wesmo.com>

This is a pretty basic question, but we have a couple of users (interns)
that we need to disallow all incoming email except for a select few. 
So, the idea was to blacklist all incoming email and whitelist the few
allowed inbound email addresses.

How does one go about blacklisting *everything*?  Actually.. what's the
right syntax for the blacklist?  *?

-Rich
From mailadmin at midland-ics.ie  Fri May 30 17:06:08 2008
From: mailadmin at midland-ics.ie (Mail Admin)
Date: Fri May 30 17:06:29 2008
Subject: GreyListing
In-Reply-To: <7d9b3cf20805300807m9e6106ah8b16cb758e126ed6@mail.gmail.com>
References: <CECBF038AC8DF546A861C7D5E6FFC64E4073955EE2@sgl-nc-exch-1.sgluk.com>	<625385e30805300720m5ccf98bevf984bcea3668165a@mail.gmail.com>
	<7d9b3cf20805300807m9e6106ah8b16cb758e126ed6@mail.gmail.com>
Message-ID: <01ae01c8c26f$145cbec0$3d163c40$@ie>

Thanks guys for your mails. I'll investigate it . Great.
This is the best list ever :-)

-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo
Casarero
Sent: 30 May 2008 16:07
To: MailScanner discussion
Subject: Re: GreyListing

2008/5/30 shuttlebox <shuttlebox@gmail.com>:
> On Fri, May 30, 2008 at 4:00 PM, Gary Pentland <gary@sgluk.com> wrote:
>> Milter-greylist
>>
>> http://hcpnet.free.fr/milter-greylist/
>>
>> Works fine for me, been using version 3.0 since October with no issues.
>>

Latest stable is 4.0, you should upgrade there are many improvements

>> Gary
>
> +1.
>
> It's extremely flexible and it can sync its database between your MX:es.
>

Also check this configuration options, i'm using this values because
if you use default's your server will use a lot of resources.
lazyaw #whitelist ips, not the full tuple (it will reduce users delays
complaints)
dumpfreq 1d #not necesary to dump every 10 minutes, just dump a day
dump_no_time_translation #reduce dumping load
timeout 5h  #reduce memory usage

all this is explained in greylist2.conf

Regards

> --
> /peter
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use.

From astephens at ptera.net  Fri May 30 17:15:12 2008
From: astephens at ptera.net (Arthur Stephens)
Date: Fri May 30 17:15:27 2008
Subject: postfix virtual domains problem
In-Reply-To: <223f97700805291549w3d4cc68cr448b3f2ec2865f45@mail.gmail.com>
References: <auto-001212083193@solidstatelogic.com>	<483F01BE.9000900@ptera.net>	<223f97700805291537k427828eeve3e566b2bd14388@mail.gmail.com>
	<223f97700805291549w3d4cc68cr448b3f2ec2865f45@mail.gmail.com>
Message-ID: <48402810.2030008@ptera.net>

Well I feel kinda....
It turns out that when using Webmin to issue commands to build the 
virtual database it was not happening.

I was able to track it down when I moved one of the mydestination 
domains in the config to a virtual_alias_domains, postfix came back with
unable to deliver the email because the domain was not found in the 
virtual_alias_map.
Once I issued the commands from console everything worked.
Sorry Hugo, Martin, and Glenn

Thanks
Arthur Stephens

Glenn Steen wrote:
> 2008/5/30 Glenn Steen <glenn.steen@gmail.com>:
>   
>> 2008/5/29 Arthur Stephens <astephens@ptera.net>:
>>     
>>> I skipped all the stuff for installing postfix since it was already
>>> installed and working.
>>>       
>> Good.
>>
>>     
>>> I picked it up at the Install Clamav point since I had to do that from
>>> scratch to get it working.
>>> The main configs that I made was the main.cf header_checks and HOLD in the
>>> header_checks file.
>>>
>>> Also I had this same problem with this server before it crashed and I had to
>>> build a new one.
>>> Even back then I had to remove Mailscanner to get the virtual domains
>>> working again.
>>> So even with this this new install I end up with the same problem.
>>>       
>> Indicates you do something wrong then:-)
>>
>>
>>     
>>> ******* main.cf ******
>>> readme_directory = /usr/share/doc/postfix-2.2.3-documentation/readme
>>> myorigin = web.ptera.net
>>> mynetworks = 69.28.32.0/20, 216.229.172.0/24, 127.0.0.0/8, 134.39.173.11,
>>> 216.178.52.0/22, 67.185.23.0/24
>>> relay_domains = web.ptera.net, webmail.ptera.net, pdi-inc.com,
>>>       
>> Ok,so you relay... not really "virtual domains" at all. This looks
>> more like a normal mail gateway than anything.
>>
>>     
>>> avistaadvantage.com, nw-tel.com
>>> smtpd_banner = 56C-web.ptera.net NO UCE ESMTP
>>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>>> permit_mynetworks,      reject_invalid_hostname,
>>>  reject_non_fqdn_sender,     reject_non_fqdn_recipient,
>>> reject_unknown_sender_domain,     reject_unknown_recipient_domain,
>>> reject_unauth_pipelining,     reject_unauth_destination,
>>> reject_rbl_client domain-name, check_policy_service inet:127.0.0.1:2501
>>> #
>>> # Mailscanner
>>> # maps_rbl_domains = bl.spamcop.net
>>> # content_filter = scan:127.0.0.1:10025
>>> header_checks = regexp:/etc/postfix/header_checks
>>> # MailScanner
>>>       
>> Good so far... minimal change to a percieved-as-working config:-).
>>
>>     
>>> #
>>> receive_override_options = no_address_mappings
>>> message_size_limit = 20480000
>>> maximal_queue_lifetime = 1d
>>> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
>>> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>>> strict_rfc821_envelopes = yes
>>> smtpd_delay_reject = no
>>> biff = no
>>> disable_vrfy_command = yes
>>> luser_relay = address_mapped_to_dev_null
>>> smtpd_helo_required = yes
>>> smtpd_helo_restrictions = permit_sasl_authenticated,     permit_mynetworks,
>>>      reject_invalid_hostname
>>> message_size_limit = 46080000
>>> bounce_queue_lifetime = 1d
>>> queue_directory = /var/spool/postfix
>>> mail_owner = postfix
>>>
>>> ******header_checks*******
>>> /^Received:/ HOLD
>>>
>>>       
>> Right, with that subject I  was expecting something along the lines of
>> http://www.postfix.org/VIRTUAL_README.html ... which detail how
>> virtual aliasing/mailbox settings work in PF.
>>
>> But that doesn't seem to be what you are doing. You seem to be after
>> normal relaying (a thing I know work very well;-).
>> Do you rely on internal MX records ("split view DNS" kind of thing),
>> or the transport file? What do you have in it (the transport file, I
>> mean:-)?
>> (snip)
>>
>> Cheers
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>>
>>     
>
>
> BTW, could you give us a "postconf -n" instead ... Would be more ...
> comprehensive:-).
> Oh and don't forget the transports file ... Feel free to "obfuscate"
> as much as you like, but please do so in a consistent manner;-).
>
> Cheers
>   


-- 
Arthur Stephens
Senior Sales Technician
Ptera Wireless Internet Service
PO Box 135
Liberty Lake, WA 99019
509-927-7837
http://www.ptera.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080530/c9baae28/attachment.html
From glenn.steen at gmail.com  Fri May 30 21:55:25 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri May 30 21:55:35 2008
Subject: postfix virtual domains problem
In-Reply-To: <48402810.2030008@ptera.net>
References: <auto-001212083193@solidstatelogic.com>
	<483F01BE.9000900@ptera.net>
	<223f97700805291537k427828eeve3e566b2bd14388@mail.gmail.com>
	<223f97700805291549w3d4cc68cr448b3f2ec2865f45@mail.gmail.com>
	<48402810.2030008@ptera.net>
Message-ID: <223f97700805301355w5507aa2bn14fa70774029b0d1@mail.gmail.com>

2008/5/30 Arthur Stephens <astephens@ptera.net>:
> Well I feel kinda....
> It turns out that when using Webmin to issue commands to build the virtual
> database it was not happening.
>
> I was able to track it down when I moved one of the mydestination domains in
> the config to a virtual_alias_domains, postfix came back with
> unable to deliver the email because the domain was not found in the
> virtual_alias_map.
> Once I issued the commands from console everything worked.
> Sorry Hugo, Martin, and Glenn
Can happen to anyone:-)
Just goes to show that nothing beats a pair of "critical" eyes and
good oldfashioned textmode tools:-):-)

> Thanks
> Arthur Stephens
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From mkettler at evi-inc.com  Fri May 30 22:35:12 2008
From: mkettler at evi-inc.com (Matt Kettler)
Date: Fri May 30 22:36:14 2008
Subject: Blacklist all + allow some?
In-Reply-To: <4840256C.5060606@wesmo.com>
References: <4840256C.5060606@wesmo.com>
Message-ID: <48407310.6090505@evi-inc.com>

Rich West wrote:
> This is a pretty basic question, but we have a couple of users (interns)
> that we need to disallow all incoming email except for a select few. 
> So, the idea was to blacklist all incoming email and whitelist the few
> allowed inbound email addresses.
> 
> How does one go about blacklisting *everything*? 

At the end of your config:

racl blacklist default

("default" is really just a keyword meaning "match everything that hasn't been 
matched by a previous rul")

> Actually.. what's the
> right syntax for the blacklist?  *?

racl blacklist <insert any recipient-time criteria here>

dacl blacklist <insert any data-phase critera here. ie: header, body or datasize 
criteria>


In general all the ACLs are of the same basic syntax:

racl <action> <criteria>

such as

racl whitelist rcpt me@example.com
racl blacklist from you@example.com
racl greylist addr 10.0.0.0/8

And the ACLs are applied in-order and the first to match takes effect.

see also:

man greylist.conf


From mkettler at evi-inc.com  Fri May 30 22:40:16 2008
From: mkettler at evi-inc.com (Matt Kettler)
Date: Fri May 30 22:40:47 2008
Subject: Blacklist all + allow some?
In-Reply-To: <48407310.6090505@evi-inc.com>
References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com>
Message-ID: <48407440.2030009@evi-inc.com>

Whooops...

Ignore that post, I thought I was on a different list, where the syntax is 
completely different!!


Matt Kettler wrote:
> Rich West wrote:
>> This is a pretty basic question, but we have a couple of users (interns)
>> that we need to disallow all incoming email except for a select few. 
>> So, the idea was to blacklist all incoming email and whitelist the few
>> allowed inbound email addresses.
>>
>> How does one go about blacklisting *everything*? 
> 
> At the end of your config:
> 
> racl blacklist default
> 
> ("default" is really just a keyword meaning "match everything that 
> hasn't been matched by a previous rul")
> 
>> Actually.. what's the
>> right syntax for the blacklist?  *?
> 
> racl blacklist <insert any recipient-time criteria here>
> 
> dacl blacklist <insert any data-phase critera here. ie: header, body or 
> datasize criteria>
> 
> 
> In general all the ACLs are of the same basic syntax:
> 
> racl <action> <criteria>
> 
> such as
> 
> racl whitelist rcpt me@example.com
> racl blacklist from you@example.com
> racl greylist addr 10.0.0.0/8
> 
> And the ACLs are applied in-order and the first to match takes effect.
> 
> see also:
> 
> man greylist.conf
> 
> 
> 
> 
> 
> 
> 

From ssilva at sgvwater.com  Fri May 30 23:23:17 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 30 23:25:13 2008
Subject: Blacklist all + allow some?
In-Reply-To: <48407440.2030009@evi-inc.com>
References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com>
	<48407440.2030009@evi-inc.com>
Message-ID: <g1puol$u07$2@ger.gmane.org>

on 5-30-2008 2:40 PM Matt Kettler spake the following:
> Whooops...
> 
> Ignore that post, I thought I was on a different list, where the syntax 
> is completely different!!
> 
> 
I was wondering! Started thinking, "I'm more tired than I thought I was!"


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080530/8f9534bc/signature.bin
From ajos1 at onion.demon.co.uk  Sat May 31 01:43:34 2008
From: ajos1 at onion.demon.co.uk (ajos1 at onion)
Date: Sat May 31 00:43:45 2008
Subject: commit ineffective with AutoCommit enabled... MailWatch.pm
Message-ID: <sentsat31may20080043340000ajos1@www.sonicbadger.com>

-

Leonardo Helman, I was responding to this...

>> 
>> Any ideas of something I could do in MailScanner to stop MailWatch
>> generating this error? If it's an easy thing to stop, I'm quite prepared
>> to add it, as it would stop a significant number of support requests.
>>

My solution of "$dbh->{Warn} = 0;" will work...

AutoCommit does not always autocommit on disconnect on some DB's... the person who wrote DBI perl module suggests that.

==
=====================================================================
=
= "What's it called when you put off procrastinating?"
=
=====================================================================
=  Need help with: Parking Tickets, Bailiffs, Capita or HertsGrid???
=  Call...    +44 8457 90 90 90    http://www.samaritans.org/
=====================================================================
From Rich.West at wesmo.com  Sat May 31 03:40:05 2008
From: Rich.West at wesmo.com (Rich West)
Date: Sat May 31 03:40:17 2008
Subject: Blacklist all + allow some?
In-Reply-To: <g1puol$u07$2@ger.gmane.org>
References: <4840256C.5060606@wesmo.com>
	<48407310.6090505@evi-inc.com>	<48407440.2030009@evi-inc.com>
	<g1puol$u07$2@ger.gmane.org>
Message-ID: <4840BA85.2000208@wesmo.com>


Scott Silva wrote:
> on 5-30-2008 2:40 PM Matt Kettler spake the following:
>> Whooops...
>>
>> Ignore that post, I thought I was on a different list, where the 
>> syntax is completely different!!
>>
>>
> I was wondering! Started thinking, "I'm more tired than I thought I was!"

Same here.. I went back to check what mailing list I was reading.. "I'm 
not reading the milter-greylist mailing list, am I?  I'm not even 
subscribed to that one...." :-)

-Rich
From hvdkooij at vanderkooij.org  Sat May 31 07:51:46 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Sat May 31 07:51:55 2008
Subject: Where are attachments being stopped?
In-Reply-To: <4baa40ce0805291329u38033dact9d24a3022fe42584@mail.gmail.com>
References: <EMEW-k4SIYY7ec7b75e442e55658899e4f0445ca45e-4baa40ce0805291023m48da9fb7g9badf91bfd774394@mail.gmail.com>	<483F0647.3000801@ecs.soton.ac.uk>
	<4baa40ce0805291329u38033dact9d24a3022fe42584@mail.gmail.com>
Message-ID: <4840F582.8030507@vanderkooij.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rick Duval wrote:
| The Subject had {Dangerous Content?} prefixed and the message had:
|
| /Warning: This message has had one or more attachments removed
| Warning: (msg-21657-8.html).
| Warning: Please read the "AccurateAntiSpam-Attachment-Warning.txt"
| attachment(s) for more information/.

Diable AV scanning for the system and try again. Then enable just one
scanner at a time.

Hugo.

- --
hvdkooij@vanderkooij.org               http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc

	A: Yes.
	>Q: Are you sure?
	>>A: Because it reverses the logical flow of conversation.
	>>>Q: Why is top posting frowned upon?

Bored? Click on http://spamornot.org/ and rate those images.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIQPWABvzDRVjxmYERAjGJAKCSZ6R9jTWyHqTtud5veJbCilTAeQCgkGch
652yYLWdncF3z6wry4zs3bI=
=Bszm
-----END PGP SIGNATURE-----
From ja at conviator.com  Sat May 31 10:03:21 2008
From: ja at conviator.com (Jan Agermose)
Date: Sat May 31 10:04:28 2008
Subject: delay and xdelay
Message-ID: <CD6321314686A64C90A1F5870AAD3D52BE5300@MAIL031.mail.lan>

hi

 
I want to check what delays are put on the emails going though my
scanner so I need to check what delay and xdelay really means (from
/var/log/maillog). Also if someone could point me to an "official" site
that explains it. 

 So fare I have found one saying the

 
delay = the time from accepting and queuing the mail to the first
delivery attempt

xdelay = the time from the first delivery attemt to the final attempt

 
could this be true? Then what I'm looking for would be the "delay" value
since I don't really care if I'm unable to deliver the mail in the first
attempt as this must be an external problem out of my control.

 
regards

Jan

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080531/1e572fac/attachment.html
From glenn.steen at gmail.com  Sat May 31 11:15:11 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Sat May 31 11:15:20 2008
Subject: Blacklist all + allow some?
In-Reply-To: <4840BA85.2000208@wesmo.com>
References: <4840256C.5060606@wesmo.com> <48407310.6090505@evi-inc.com>
	<48407440.2030009@evi-inc.com> <g1puol$u07$2@ger.gmane.org>
	<4840BA85.2000208@wesmo.com>
Message-ID: <223f97700805310315n3f29a56bq1c60994f88b19968@mail.gmail.com>

2008/5/31 Rich West <Rich.West@wesmo.com>:
>
> Scott Silva wrote:
>>
>> on 5-30-2008 2:40 PM Matt Kettler spake the following:
>>>
>>> Whooops...
>>>
>>> Ignore that post, I thought I was on a different list, where the syntax
>>> is completely different!!
>>>
>>>
>> I was wondering! Started thinking, "I'm more tired than I thought I was!"
>
> Same here.. I went back to check what mailing list I was reading.. "I'm not
> reading the milter-greylist mailing list, am I?  I'm not even subscribed to
> that one...." :-)
>
> -Rich
If we try to stay on this list then, I suppose you're asking what
syntax you need use for a ruleset "blacklisting" everything, and then
whitelisting some mails passing through MailScanner... In which case
you can do this with a normal ruleset ... The syntax is described in
numerous places (the EXAMPLES file in the rules subdirectory, the
wiki, the book...) ... So all you really need do is decide on what
setting (in MailScanner.conf) you should apply the ruleset, since this
will
a) decide what the rightmost value should be (it need make sense to
the setting applied to), and
b) affect what will actually happen.

I'd think the "Is Definitely Spam"/"Is Definitely Not Spam" and
perhaps "Definite Spam Is Highscoring" settings could be used for
this, along with a "store" only "High Scoring Spam Actions" setting,
or similar ... (or perhaps use a SA "rule" to tag the messages and
selectively act on them with the new SA-rules actions... Seems a bit
backward, but might be more manageable for you).

Note that for this to really work on a "per intern basis", you need
split your incoming mails into one/recipient, else MailScanner will
just use the rules applicable for the first recipient.

Links that apply to all this:
http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Spam
http://www.mailscanner.info/MailScanner.conf.index.html#Is%20Definitely%20Not%20Spam
http://www.mailscanner.info/MailScanner.conf.index.html#Definite%20Spam%20Is%20High%20Scoring
http://www.mailscanner.info/MailScanner.conf.index.html#High%20Scoring%20Spam%20Actions
http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:split_mails_per_recipient
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:exim:how_to:split_mails_per_recipient
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:sendmail:how_to:split_mails_per_recipient
(watch out for line wrapping in the above:-)

HtH
Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From ecasarero at gmail.com  Sat May 31 14:50:08 2008
From: ecasarero at gmail.com (Eduardo Casarero)
Date: Sat May 31 14:50:19 2008
Subject: senderscore with MailScanner
Message-ID: <7d9b3cf20805310650o5dd8a56dnb842b7481c1b5925@mail.gmail.com>

hi guys, is someone using senderscore? it seems to be very accurate
but i've not contact them yet to see how to use their service.

Does someone use senderscore in MS/SA?

Regards,

Eduardo.
From martinh at solidstatelogic.com  Sat May 31 20:50:28 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Sat May 31 20:49:37 2008
Subject: senderscore with MailScanner
Message-ID: <auto-001212263365@solidstatelogic.com>

Eduardo

A google of senderscore doesn't paint a very positive view of this, or any other sender reputation system for that matter (heabus etc).

-- 
martin

-----Original Message-----
From: Eduardo Casarero <ecasarero@gmail.com>
Sent: Saturday, May 31, 2008 2:58 PM
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: senderscore with MailScanner

hi guys, is someone using senderscore? it seems to be very accurate
but i've not contact them yet to see how to use their service.

Does someone use senderscore in MS/SA?

Regards,

Eduardo.
-- 
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************