From micoots at yahoo.com Thu May 1 00:39:58 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Thu May 1 00:41:48 2008
Subject: Running a CustomAction on High Scoring Spam
Message-ID: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Hi,
I have a perl script I would like to run on each High
Scoring Spam that is detected by MailScanner.
The current default behaviour for my
high.scoring.spam.actions.rules file is:
FromOrTo: default delete
store-spam header "X-Spam-Status: Yes"
The perl script simply takes stdout piped into it, so
I just need to do:
# cat spam.eml | spam.pl
for the script to work.
What I'm hoping I can do is use the FromOrTo line
above to call a CustomAction (if that is the right way
to do this) which will "cat" the spam email into my
perl script.
I currently run the script nightly on the entire high
scoring "spam" directory and I'd like to make that a
little more real-time.
Thanks for any suggestions.
Michael.
Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail
From vernon at comp-wiz.com Thu May 1 00:59:12 2008
From: vernon at comp-wiz.com (Vernon Webb)
Date: Thu May 1 00:59:54 2008
Subject: Archive Option
Message-ID: <004701c8ab1e$301aa400$904fec00$@com>
I know that there is an archive option in MailSacnner and I also know that I
can define a locate where they can be archived to, however I am wondering if
that those emails can somehow be sent to an email box that can me popped
using pop3 ? I need to have all mail sent through Sendmail (in and out) sent
through a specific domain have a BCC sent to a certain account. From want I
understand they are looking for something similar to Journaling in Microsoft
Exchange Server. Anyone have any ideas on how and if this can be done with
(or without) MailScanner?
Vernon Webb
(201) 703-1232
web designs & web hosting
by comp-wiz.com, inc.
Information in this transmission is privileged & confidential. It is
intended for the use of the individual or entity named above. Any review,
dissemination, disclosure, alteration, printing, circulation or transmission
of this email or it's attachments is prohibited and unlawful.
--
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/fe2e1e84/attachment.html
From lilvalo at mikiboy.com Thu May 1 01:54:12 2008
From: lilvalo at mikiboy.com (Valmiki N. Ramsewak)
Date: Thu May 1 01:55:23 2008
Subject: Archive Option
In-Reply-To: <004701c8ab1e$301aa400$904fec00$@com>
References: <004701c8ab1e$301aa400$904fec00$@com>
Message-ID: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>
http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc - That
will do it on Postfix... but you're using sendmail....
Been a while since then....
http://www.snertsoft.com/sendmail/milter-bcc/index.shtml <- thats one
option google returned.. I've never used milters in my 1.5 years of
using sendmail...
Some googling said you can edit the source code to do it (too hard for
me)
Have fun. let us know how it works out
On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:
> I know that there is an archive option in MailSacnner and I also
> know that I can define a locate where they can be archived to,
> however I am wondering if that those emails can somehow be sent to
> an email box that can me popped using pop3 ? I need to have all mail
> sent through Sendmail (in and out) sent through a specific domain
> have a BCC sent to a certain account. From want I understand they
> are looking for something similar to Journaling in Microsoft
> Exchange Server. Anyone have any ideas on how and if this can be
> done with (or without) MailScanner?
>
> Vernon Webb
> (201) 703-1232
> web designs & web hosting by comp-wiz.com, inc.
> Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any
> review, dissemination, disclosure, alteration, printing, circulation
> or transmission of this email or it's attachments is prohibited and
> unlawful.
>
>
> --
> This message has been scanned for viruses and
> dangerous content at www.comp-wiz.com, and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080430/32a73b2c/attachment-0001.html
From MailScanner at ecs.soton.ac.uk Thu May 1 08:48:06 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 08:49:01 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <481975B6.60807@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Mansour wrote:
> Hi,
>
> I have a perl script I would like to run on each High
> Scoring Spam that is detected by MailScanner.
>
> The current default behaviour for my
> high.scoring.spam.actions.rules file is:
>
> FromOrTo: default delete
> store-spam header "X-Spam-Status: Yes"
>
> The perl script simply takes stdout piped into it, so
> I just need to do:
>
> # cat spam.eml | spam.pl
>
> for the script to work.
>
> What I'm hoping I can do is use the FromOrTo line
> above to call a CustomAction (if that is the right way
> to do this)
You can't have a Custom Function as the right-hand side value in a rule
set. The Custom Function has to provide the result for the setting, so
you would just have
High-Scoring Spam Actions = &MyCustomFunction
and your subroutine MyCustomFunction would return the value listing the
actions to take for this message.
> which will "cat" the spam email into my
> perl script.
>
It is passed the message as an object. Take a look at the examples that
are there already.
> I currently run the script nightly on the entire high
> scoring "spam" directory and I'd like to make that a
> little more real-time.
>
> Thanks for any suggestions.
>
> Michael.
>
>
>
> Get the name you always wanted with the new y7mail email address.
> www.yahoo7.com.au/y7mail
>
>
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGXW/EfZZRxQVtlQRApl7AKCyzpe8suDZwC8N5TeY5MMJZCavHQCg/SbN
IFeDTGtRWRGpIo/bdk+Fycs=
=XqJR
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Thu May 1 08:49:13 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 08:49:41 2008
Subject: Archive Option
In-Reply-To: <004701c8ab1e$301aa400$904fec00$@com>
References: <004701c8ab1e$301aa400$904fec00$@com>
Message-ID: <481975F9.7040408@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You want to use milter-bcc to add extra recipients to the mail at
sendmail level.
Vernon Webb wrote:
>
> I know that there is an archive option in MailSacnner and I also know
> that I can define a locate where they can be archived to, however I am
> wondering if that those emails can somehow be sent to an email box
> that can me popped using pop3 ? I need to have all mail sent through
> Sendmail (in and out) sent through a specific domain have a BCC sent
> to a certain account. From want I understand they are looking for
> something similar to Journaling in Microsoft Exchange Server. Anyone
> have any ideas on how and if this can be done with (or without)
> MailScanner?
>
>
>
> Vernon Webb
>
> (201) 703-1232
>
> web designs & web hosting
> by comp-wiz.com, inc.
>
> Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any
> review, dissemination, disclosure, alteration, printing, circulation
> or transmission of this email or it's attachments is prohibited and
> unlawful.
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content at *www.comp-wiz.com* ,
> and is
> believed to be clean.
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGXX+EfZZRxQVtlQRApC9AJ95dtp8Cu8rUlDjmBVWZNl8/vstkACg00eV
DdsmToU21STfprXA+IR8dX4=
=uirH
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From martinh at solidstatelogic.com Thu May 1 08:50:21 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 1 08:51:16 2008
Subject: Archive Option
In-Reply-To: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>
Message-ID:
There's a new option in the latest beta's ...
From the changelog...
3 Added new configuration setting "Missing Mail Archive Is =" which can take
the values "file" or "directory". This allows you archive to mbox files whose
name is based on the addresses of the original recipients.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Valmiki N. Ramsewak
> Sent: 01 May 2008 01:54
> To: MailScanner discussion
> Subject: Re: Archive Option
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc - That
> will do it on Postfix... but you're using sendmail....
>
> Been a while since then....
>
> http://www.snertsoft.com/sendmail/milter-bcc/index.shtml <- thats one
> option google returned.. I've never used milters in my 1.5 years of using
> sendmail...
>
> Some googling said you can edit the source code to do it (too hard for me)
>
> Have fun. let us know how it works out
>
>
>
>
> On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:
>
>
>
> I know that there is an archive option in MailSacnner and I also
> know that I can define a locate where they can be archived to, however I
> am wondering if that those emails can somehow be sent to an email box that
> can me popped using pop3 ? I need to have all mail sent through Sendmail
> (in and out) sent through a specific domain have a BCC sent to a certain
> account. From want I understand they are looking for something similar to
> Journaling in Microsoft Exchange Server. Anyone have any ideas on how and
> if this can be done with (or without) MailScanner?
>
> Vernon Webb
> (201) 703-1232
> web designs & web hosting
> by comp-wiz.com, inc.
> Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any review,
> dissemination, disclosure, alteration, printing, circulation or
> transmission of this email or it's attachments is prohibited and unlawful.
>
>
> --
> This message has been scanned for viruses and
> dangerous content at www.comp-wiz.com ,
> and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
From MailScanner at ecs.soton.ac.uk Thu May 1 09:42:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 09:43:14 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
Message-ID: <4819826C.9080508@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Morning all!
I have just released the latest stable release of MailScanner, 4.69.
There's quite a lot this month, but the main new features this month are:
- - Can now extract embedded files from within Microsoft Office documents
and subject them to all the file tests like any other attachments.
- - Added new keywords available in Spam Actions, the SpamAssassin Rule
Actions and Archive Mail locations. You can now specify _DATE_,
_FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords in any of
those and they will be replaced with the user and domain halves of the
relevant addresses of the original message.
- - Using the "store" Spam Action, you can now specify an arbitrary
directory path after the '-', so
"store-/var/spool/MailScanner/quarantine/spam/_TOUSER_._TODOMAIN_" will
store the message in a location determined by the recipient addresses.
Any of the _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_
keywords can be used.
- - Added new command-line options "--id=" and
"--inqueuedir=" to assist with debugging and testing.
There are many other new features, and some important fixes, which are
described below in the Change Log.
Download as usual from www.mailscanner.info.
The full Change Log is this:
* New Features and Improvements *
1 Added command-line option "--id=" which will force it to scan
just the message described by . Only works when used with
"--debug".
1 Commented out definition of ORDB-RBL to force a syntax error in setups
which
are still mistakenly using it (and not getting any mail as a result!).
1 Added comand-line option "--inqueuedir=" which can take
a) a directory name, or
b) a directory name glob (or wildcard), or
c) a text file listing any combination of (a) and (b) above.
This specifies where to look for incoming messages. This is very
useful when
debugging, as test messages can be put in their own queue directory,
and the
main MailScanner running will not touch them, only a MailScanner run with
this command-line option will see them.
1 Can now extract embedded files from within Microsoft Office documents and
subject them to all the file tests like any other attachments.
1 To allow for executables embedded in zipped Office documents, default
value
for "Maximum Archive Depth" has been increased to 3. Remember that using
upgrade_MailScanner_conf will *not* over-ride your current settings,
so you
will have to change this manually to use the new value.
3 Added new keywords available in Spam Actions, the SpamAssassin Rule
Actions
and Archive Mail locations. You can now specify _DATE_, _FROMUSER_,
_FROMDOMAIN_, _TOUSER_ and _TODOMAIN_ keywords in any of those and they
will be replaced with the user and domain halves of the relevant addresses
of the original message.
If, for example, you specify a "forward" address
"spam.archive-_TOUSER_-at-_TODOMAIN_@mydomain.com", then a new recipient
will be added to the message for *each* of the original recipients. So
a message with 5 original recipients will have 5 new ones added to it.
3 Added new configuration setting "Missing Mail Archive Is =" which can take
the values "file" or "directory". This allows you archive to mbox
files whose
name is based on the addresses of the original recipients.
4 Using the "store" Spam Action, you can now specify an arbitrary directory
path after the '-', so
"store-/var/spool/MailScanner/quarantine/spam/_TOUSER_._TODOMAIN_"
will store the message in a location determined by the recipient
addresses.
Any of the _DATE_, _FROMUSER_, _FROMDOMAIN_, _TOUSER_ and _TODOMAIN_
keywords can be used.
4 Changed "Monitors for ClamAV Updates" for ClamAV version 0.93.
5 If the image signature tag includes alt="MailScanner Signature" then
it notices the sig file is present and so doesn't add it again.
The "alt" attribute is matched by the word "MailScanner" followed by
anything
followed by the word "Signature" in any combination of upper- and
lower-case
so you can adapt this text quite a lot. See note for "6" below.
6 Added new configuration setting "IP Protocol Version Header" which
will tell
you the IP version number used in the last hop to this server. It produces
either "IPv4" or "IPv6" in the header. To stop the header appearing, just
set it to be blank. Added at special request by my boss :-)
6 Added new configuration setting "Allow Multiple HTML Signatures". If the
message has been signed with an HTML signature containing an tag,
whose "alt" attribute contains "MailScanner" and "Signature" and
"%org-name%", then it will not be signed again if this option is set
to "no".
Once a message (with an image in the signature) has been replied to a few
times, it starts getting very large and ugly. This option keeps the
message
size down and makes it look better. This is set to "no" by default as
messages look better this way.
7 Debian/Ubuntu have changed the default %org-name% value to "unconfigured-
debian-site" so I have to check for that as well in the 'Have I Been
Configured" code at startup :-(
* Fixes *
1 "IPBlock" Custom Function will start up properly without MailScanner.conf
location on the command-line.
2 Fixed problem with file MIME type checks were being incorrectly applied.
2 Added OLE::Storage_Lite to the list output by "MailScanner -v".
4 Forced "Debug SpamAssassin" to no unless "Debug" is set to yes.
7 Fixed problem with "--debug-sa" and MailScanner freezing using 100% CPU.
8 Fixed problem with modules not reporting properly with "MailScanner -v".
8 Fixed problem where "MailScanner --lint" would sometimes report false
errors.
That's all folks!
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGYJyEfZZRxQVtlQRAnZ+AKCpOBmqKfT5nr8x7QuVl48/1790jgCg+4rr
PsLVXIxmarfdHIwUwbUJQZw=
=+YLV
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From hb.maillists at dfs.dk Thu May 1 11:41:15 2008
From: hb.maillists at dfs.dk (Henriks Maillists)
Date: Thu May 1 11:42:30 2008
Subject: Problem with F-Secure Server version 7?
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID:
Does anyone have F-Secure Linux Server Security version 7.0 running with
MailScanner.
MailScanner --lint detects the eicar virus with both F-Secure and ClamAV.
When I relay a message with virus it is not detected by F-Secure.
MailScanner does not stop it. (ClamAV does not know the virus - have
submitted it)
-------------------------------------------------------------------------------------------------------
Testing from the commandline:
F-Secure Security Platform version 2.00 build 7161
Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
Scan started at Thu May 1 12:36:56 2008
Database version: 2008-05-01_01
[/root/certificado-2.25.rar] certificado-2.25.exe: Infected:
Trojan-Downloader.Win32.Banload.lpy [AVP]
Scan ended at Thu May 1 12:36:56 2008
1 file scanned
1 file infected
-------------------------------------------------------------------------------------------------------
MailScanner --lint output this: (eset is not active!)
MailScanner.conf says "Virus Scanners = f-secure clamavmodule"
Found these virus scanners installed: clamavmodule, f-secure, esets
===========================================================================
Virus and Content Scanning: Starting
Found F-Secure version 2.00=2
Scan ended at Thu May 1 12:35:52 2008
2 files scanned
1 file infected
ProcessClamAVModOutput ClamAVModule
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/
ProcessClamAVModOutput ClamAVModule
ProcessClamAVModOutput ClamAVModule
ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
Virus Scanning: ClamAVModule found 2 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 2 viruses
Filename Checks: (1 eicar.com)
Other Checks: Found 1 problems
===========================================================================
Virus Scanner test reports:
ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"
If any of your virus scanners (clamavmodule,f-secure,esets)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080501/3f07472d/attachment.html
From hvdkooij at vanderkooij.org Thu May 1 12:19:27 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 1 12:20:22 2008
Subject: VBA32 as new scanner
Message-ID: <4819A73F.80104@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jules,
Could you add VBA32 as a virus scanner?
You can download the latest commandline version from
ftp://anti-virus.by/pub/
At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz
I must admit I have not yet tried to decode the output from the
commandline. But I use the following bit of perl to read the log file:
while ($line = ) {
~ if ($line =~ / : (infected|is suspected of) /) {
~ chomp($line);
~ $line =~ s/^\/var\/virus\/2do\///;
~ @fields = split(/ : /,$line);
~ @fields[0] =~ s/:.*//;
~ }
}
The commandline scanner is free to use. That is free as in free wine.
(No point in telling Jules it's free beer ;-)
Regards,
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIGac9BvzDRVjxmYERAhmHAJ9rF9z+R/wrNEQcOjSTiTNujt8xggCfc2DY
GU4irMBJBHuson+rGxUv/aQ=
=4z0S
-----END PGP SIGNATURE-----
From stef at aoc-uk.com Thu May 1 12:40:00 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Thu May 1 12:40:44 2008
Subject: Clamd throwing ClamAVModule log entries
Message-ID: <200805011140.m41BeBxG021949@safir.blacknight.ie>
Hello,
I've just switched over from Clam 0.92.1 + ClamAVModule to 0.93 and
Clamd and am seeing entries in the log such as
May 1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
Email.Hdr.Sanesecurity.08022900 FOUND :: ./8DEBD3741C2.4D00E/
May 1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
Email.Hdr.Sanesecurity.08022900 FOUND :: ./D02EC37419C.E60B6/
May 1 12:36:45 fedecks MailScanner[24892]: Virus Scanning: Clamd found
2 infections
I'm not massively worried as the system appears to be working correctly,
but I am slightly confused. I presume this is a 'feature' rather than a
'bug' ?
Regards
Stef
Stefan Morrell | Operations Director
Tel: 0845 3452820 | Alpha Omega Computers Ltd
Fax: 0845 3452830 | Incorporating Level 5 Internet
stef@aoc-uk.com | stef@l5net.net
Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142. VAT No. GB734421454
From vernon at comp-wiz.com Thu May 1 13:39:53 2008
From: vernon at comp-wiz.com (Vernon Webb)
Date: Thu May 1 13:40:32 2008
Subject: Archive Option
In-Reply-To:
References: <197865E1-ADA5-4BD2-8CD8-7682AA2F0393@mikiboy.com>
Message-ID: <000601c8ab88$746c84b0$5d458e10$@com>
Which means what exactly? Can I have everything @somedomain.com sent to
bigbrother@somedomain.com?
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: Thursday, May 01, 2008 3:50 AM
To: MailScanner discussion
Subject: RE: Archive Option
There's a new option in the latest beta's ...
>From the changelog...
3 Added new configuration setting "Missing Mail Archive Is =" which can take
the values "file" or "directory". This allows you archive to mbox files
whose
name is based on the addresses of the original recipients.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Valmiki N. Ramsewak
> Sent: 01 May 2008 01:54
> To: MailScanner discussion
> Subject: Re: Archive Option
>
> http://www.postfix.org/ADDRESS_REWRITING_README.html#auto_bcc - That
> will do it on Postfix... but you're using sendmail....
>
> Been a while since then....
>
> http://www.snertsoft.com/sendmail/milter-bcc/index.shtml <- thats one
> option google returned.. I've never used milters in my 1.5 years of using
> sendmail...
>
> Some googling said you can edit the source code to do it (too hard for me)
>
> Have fun. let us know how it works out
>
>
>
>
> On Apr 30, 2008, at 7:59 PM, Vernon Webb wrote:
>
>
>
> I know that there is an archive option in MailSacnner and I also
> know that I can define a locate where they can be archived to, however I
> am wondering if that those emails can somehow be sent to an email box that
> can me popped using pop3 ? I need to have all mail sent through Sendmail
> (in and out) sent through a specific domain have a BCC sent to a certain
> account. From want I understand they are looking for something similar to
> Journaling in Microsoft Exchange Server. Anyone have any ideas on how and
> if this can be done with (or without) MailScanner?
>
> Vernon Webb
> (201) 703-1232
> web designs & web hosting
> by comp-wiz.com, inc.
> Information in this transmission is privileged & confidential. It is
> intended for the use of the individual or entity named above. Any review,
> dissemination, disclosure, alteration, printing, circulation or
> transmission of this email or it's attachments is prohibited and unlawful.
>
>
> --
> This message has been scanned for viruses and
> dangerous content at www.comp-wiz.com ,
> and is
> believed to be clean. --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content at comp-wiz.com, and is
believed to be clean.
From martinh at solidstatelogic.com Thu May 1 14:10:47 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Thu May 1 14:11:24 2008
Subject: test email for latency
Message-ID: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>
Lets see how long this takes to arrive - sent 13.10 GMT
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
From adc at dc-uoit.net Thu May 1 15:00:02 2008
From: adc at dc-uoit.net (Andrei Caraman)
Date: Thu May 1 15:00:45 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <139010.45286.qm@web33304.mail.mud.yahoo.com>
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <20080501140002.GA28676@logger.dc-uoit.net>
On Thu, May 01, 2008 at 09:39:58AM +1000, Michael Mansour wrote:
> Hi,
>
> I have a perl script I would like to run on each High
> Scoring Spam that is detected by MailScanner.
you could forward high scoring spam to a local account and use a .forward or
.procmailrc type of thing to pipe the messages through your script. all the
tools are there, documented, and you don't need to get deep into custom
mailscanner functions.
From Timo.Jacobs at partners.de Thu May 1 15:05:12 2008
From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de)
Date: Thu May 1 15:05:59 2008
Subject: Timo Jacobs is out of the office.
Message-ID:
I will be out of the office starting 30.04.2008 and will not return until
02.05.2008.
I will respond to your message when I return.
In urgent cases please contact Mr. Timo A. Schmidt
(timo.schmidt@partners.de)
Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Geschäftsführer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 _________________________________________________________________ Diese Information ist ausschließlich für die adressierte Person oder Organisation bestimmt und könnte vertrauliches und/oder privilegiertes Material enthalten. Personen oder Organisationen, für die diese Information nicht bestimmt ist, ist es nicht gestattet, diese zu lesen, erneut zu übertragen, zu verbreiten, anderweitig zu verwenden oder sich durch sie veranlasst zu sehen, Massnahmen irgendeiner Art zu ergreifen. Sollten Sie diese Nachricht irrtümlich erhalten haben, bitten wir Sie, sich mit dem Absender in Verbindung zu setzen und das Material von Ihrem Computer zu löschen. Unbeschadet dessen ist allein die von uns unterzeichnete schriftliche Fassung verbindlich. Wir weisen darauf hin, dass elektronisch Nachrichten mit und ohne Zutun von Dritten verloren gehen, verändert oder verfälscht werden können. Herkömmliche E-Mails sind nicht gegen den Zugriff von Dritten geschützt und deshalb ist auch die Vertraulichkeit unter Umständen nicht gewahrt. Wir haften deshalb nicht für die Unversehrtheit von E-Mails nachdem sie unseren Herrschaftsbereich verlassen haben und können Ihnen hieraus entstehende Schaeden nicht ersetzen. Bitte beachten Sie, dass eine AntiViren- und AntiSPAM-Lösung installiert ist und alle eingehenden EMails untersucht werden, um die Sicherheit unserer Informationssysteme zu gewährleisten. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. You have asked us to correspond with you via the Internet per e-mail. However, the written version signed by us is the only authoritative version. We draw your attention to the fact that such messages can be lost, changed or falsified, with or without any interference by third persons. Normal e-mails are not protected against access by third persons and, therefore, their confidentiality may not be assured in certain circumstances. We cannot be responsible for the integrity of emails after they have left our sphere of control. Please note that in order to protect the security of our information systems an AntiVirus- and AntiSPAM solution is in use and will browse through incoming emails. _________________________________________________________________
From MailScanner at ecs.soton.ac.uk Thu May 1 15:42:31 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 15:43:23 2008
Subject: Problem with F-Secure Server version 7?
In-Reply-To:
References: <139010.45286.qm@web33304.mail.mud.yahoo.com>
Message-ID: <4819D6D7.8070100@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sorry, no-one has ever given me anything newer than 5.54, so I have
never had a chance to incorporate support for 7.0.
If you send me a fully-licenced copy of 7.0 (off-list, it will only be
used for MailScanner development and won't leak out) I will try to write
support for it for you.
Jules.
Henriks Maillists wrote:
> Does anyone have F-Secure Linux Server Security version 7.0 running
> with MailScanner.
>
> MailScanner --lint detects the eicar virus with both F-Secure and
> ClamAV. When I relay a message with virus it is not detected by F-Secure.
>
> MailScanner does not stop it. (ClamAV does not know the virus - have
> submitted it)
>
> -------------------------------------------------------------------------------------------------------
> Testing from the commandline:
> F-Secure Security Platform version 2.00 build 7161
> Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved.
> Scan started at Thu May 1 12:36:56 2008
> Database version: 2008-05-01_01
> [/root/certificado-2.25.rar] certificado-2.25.exe: Infected:
> Trojan-Downloader.Win32.Banload.lpy [AVP]
> Scan ended at Thu May 1 12:36:56 2008
> 1 file scanned
> 1 file infected
>
> -------------------------------------------------------------------------------------------------------
> MailScanner --lint output this: (eset is not active!)
> MailScanner.conf says "Virus Scanners = f-secure clamavmodule"
> Found these virus scanners installed: clamavmodule, f-secure, esets
> ===========================================================================
> Virus and Content Scanning: Starting
> Found F-Secure version 2.00=2
> Scan ended at Thu May 1 12:35:52 2008
> 2 files scanned
> 1 file infected
> ProcessClamAVModOutput ClamAVModule
> ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/
> ProcessClamAVModOutput ClamAVModule
> ProcessClamAVModOutput ClamAVModule
> ClamAVModule::INFECTED:: Eicar-Test-Signature:: ./1/eicar.com
> Virus Scanning: ClamAVModule found 2 infections
> Infected message 1 came from 10.1.1.1
> Virus Scanning: Found 2 viruses
> Filename Checks: (1 eicar.com)
> Other Checks: Found 1 problems
> ===========================================================================
> Virus Scanner test reports:
> ClamAVModule said "eicar.com was infected: Eicar-Test-Signature"
> If any of your virus scanners (clamavmodule,f-secure,esets)
> are not listed there, you should check that they are installed correctly
> and that MailScanner is finding them correctly via its
> virus.scanners.conf.
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGdbcEfZZRxQVtlQRAvEIAJ43zfmGMXGI1K0PaNq8mmo/U4Pv7ACePZy3
gmaIUmizpN208mgvy8FtRas=
=nQRh
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Thu May 1 16:41:42 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 16:42:30 2008
Subject: Clamd throwing ClamAVModule log entries
In-Reply-To: <200805011140.m41BeBxG021949@safir.blacknight.ie>
References: <200805011140.m41BeBxG021949@safir.blacknight.ie>
Message-ID: <4819E4B6.8010303@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stef Morrell wrote:
> Hello,
>
> I've just switched over from Clam 0.92.1 + ClamAVModule to 0.93 and
> Clamd and am seeing entries in the log such as
>
> May 1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
> Email.Hdr.Sanesecurity.08022900 FOUND :: ./8DEBD3741C2.4D00E/
> May 1 12:36:44 fedecks MailScanner[24892]: ClamAVModule::INFECTED::
> Email.Hdr.Sanesecurity.08022900 FOUND :: ./D02EC37419C.E60B6/
> May 1 12:36:45 fedecks MailScanner[24892]: Virus Scanning: Clamd found
> 2 infections
>
> I'm not massively worried as the system appears to be working correctly,
> but I am slightly confused. I presume this is a 'feature' rather than a
> 'bug' ?
>
Yes, sorry, it's down to the way the parsers interact with each other. I
use the same parser for clamavmodule, clamd and sophossavi, and
sometimes it gets the name wrong :-(
> Regards
>
> Stef
> Stefan Morrell | Operations Director
> Tel: 0845 3452820 | Alpha Omega Computers Ltd
> Fax: 0845 3452830 | Incorporating Level 5 Internet
> stef@aoc-uk.com | stef@l5net.net
>
> Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
> Registered in England No. 3867142. VAT No. GB734421454
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGeS3EfZZRxQVtlQRAsU9AJ9lA+oiI3HxGZzGR/Onbaf9PfUQEwCfWdF3
25zLpBPAQpbj3ObHaSasNJM=
=FmF7
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Thu May 1 16:41:55 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 16:42:47 2008
Subject: VBA32 as new scanner
In-Reply-To: <4819A73F.80104@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
Message-ID: <4819E4C3.8030205@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'll take a look tonight.
Hugo van der Kooij wrote:
> * PGP Signed by an unverified key: 05/01/08 at 12:19:25
>
> Hi Jules,
>
> Could you add VBA32 as a virus scanner?
>
> You can download the latest commandline version from
> ftp://anti-virus.by/pub/
>
> At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz
>
> I must admit I have not yet tried to decode the output from the
> commandline. But I use the following bit of perl to read the log file:
>
> while ($line = ) {
> ~ if ($line =~ / : (infected|is suspected of) /) {
> ~ chomp($line);
> ~ $line =~ s/^\/var\/virus\/2do\///;
> ~ @fields = split(/ : /,$line);
> ~ @fields[0] =~ s/:.*//;
> ~ }
> }
>
> The commandline scanner is free to use. That is free as in free wine.
> (No point in telling Jules it's free beer ;-)
>
> Regards,
> Hugo.
>
> --
> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> * Hugo van der Kooij
> * 0x58F19981 - Unverified(L)
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-15
wj8DBQFIGeTGEfZZRxQVtlQRAhgDAJ9LarCacH+myi7EzvnCxvv6wgubMACg1SqH
qHgMw6SxovcbBqUVzAZ5T6U=
=FALZ
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Thu May 1 18:38:49 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 18:39:43 2008
Subject: VBA32 as new scanner
In-Reply-To: <4819A73F.80104@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
Message-ID: <481A0029.5050003@ecs.soton.ac.uk>
I have written support for it, and this will be in the next release.
Fortunately it was fairly straightforward to analyse.
Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Jules,
>
> Could you add VBA32 as a virus scanner?
>
> You can download the latest commandline version from
> ftp://anti-virus.by/pub/
>
> At the moment that would be vbacl-linux-3.12.6.1-20080215.tar.gz
>
> I must admit I have not yet tried to decode the output from the
> commandline. But I use the following bit of perl to read the log file:
>
> while ($line = ) {
> ~ if ($line =~ / : (infected|is suspected of) /) {
> ~ chomp($line);
> ~ $line =~ s/^\/var\/virus\/2do\///;
> ~ @fields = split(/ : /,$line);
> ~ @fields[0] =~ s/:.*//;
> ~ }
> }
>
> The commandline scanner is free to use. That is free as in free wine.
> (No point in telling Jules it's free beer ;-)
>
> Regards,
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIGac9BvzDRVjxmYERAhmHAJ9rF9z+R/wrNEQcOjSTiTNujt8xggCfc2DY
> GU4irMBJBHuson+rGxUv/aQ=
> =4z0S
> -----END PGP SIGNATURE-----
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From malli at mcrirents.com Thu May 1 19:56:04 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Thu May 1 18:55:55 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
Guys,
I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04. I thought some
of you guys might find it interesting and can possibly make it better.
It serves as a gateway to my Exchange 2003 handling multiple domains.
It's a step-by-step tutorial detailing the installation with the
following title:
The Perfect SpamSnake - Postfix w/Bayesian Filtering and
Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner
(Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks,
FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-gld
(Greylisting Optional), Logwatch Statistical Reporting (Optional),
Outgoing Disclaimer with alterMIME (Optional)
Any suggestions as to how to make it better, would be greatly
appreciated. Have a look and let me know what you think.
Regards,
Mohammed Alli
From peter at farrows.org Thu May 1 20:38:13 2008
From: peter at farrows.org (Peter Farrow)
Date: Thu May 1 20:39:12 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
Message-ID: <481A1C25.7010800@farrows.org>
Mohammed Alli wrote:
> Guys,
>
> I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
> http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04. I thought some
> of you guys might find it interesting and can possibly make it better.
>
> It serves as a gateway to my Exchange 2003 handling multiple domains.
> It's a step-by-step tutorial detailing the installation with the
> following title:
>
> The Perfect SpamSnake - Postfix w/Bayesian Filtering and
> Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner
> (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks,
> FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-gld
> (Greylisting Optional), Logwatch Statistical Reporting (Optional),
> Outgoing Disclaimer with alterMIME (Optional)
>
> Any suggestions as to how to make it better, would be greatly
> appreciated. Have a look and let me know what you think.
>
> Regards,
>
> Mohammed Alli
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
thanks!
Pete
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
From sandrews at andrewscompanies.com Thu May 1 20:52:48 2008
From: sandrews at andrewscompanies.com (Steven Andrews)
Date: Thu May 1 20:53:24 2008
Subject: Undelivered Messages Solution?
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com>
References: <480E1285.1050902@tippingmar.com><48124A74.40603@tippingmar.com> <6beca9db0804251634x5148bddbr29cccf0d942a840c@mail.gmail.com> <48127C4A.2090303@tippingmar.com><6beca9db0804260413w31a2e1aep7f9931bbb5e0295d@mail.gmail.com><481326CB.20004@vanderkooij.org>
<3B1A431BDA34C54581BE43253BC1BD9302F9BE@exchange.computerrents.com>
Message-ID: <1964AAFBC212F742958F9275BF63DBB0760D23@winchester.andrewscompanies.com>
I just use a spamassassin rule that checks for certain subject words.
Am I really bastardizing the use of non-delivery reports? Sure I am.
Is it likely that real non-delivery reports may get caught up in the
rule, probably. The volume of these things is so out of hand that I
just don't care anymore.
Feel free to flame me on this if you think I'm being too heavy-handed or
violating this, that or another RFC; I'll be glad to do it another way
if a better one exists.
Steve
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Mohammed Alli
Sent: Sunday, April 27, 2008 1:06 AM
To: MailScanner discussion
Subject: Undelivered Messages Solution?
For everyone that's having the 'Undelivered Mail Returned to Sender'
messages. I think postgrey would be the solution. Let me know what you
guys think.
From hvdkooij at vanderkooij.org Thu May 1 20:54:53 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 1 20:55:38 2008
Subject: test email for latency
In-Reply-To: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>
References: <425446e8873922469317068eb2cf3ec4@solidstatelogic.com>
Message-ID: <481A200D.2080205@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin.Hepworth wrote:
| Lets see how long this takes to arrive - sent 13.10 GMT
Go figure:
Received: from safir.blacknight.ie (safir.blacknight.ie [83.98.192.7])
by balin.waakhond.net (Postfix) with ESMTP id D323817E802F
for ; Thu, 1 May 2008 18:11:41 +0200 (CEST)
Received: from safir.blacknight.ie (safir.blacknight.ie [127.0.0.1])
by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m41G7QxK012304;
Thu, 1 May 2008 17:08:07 +0100
X-Mailman-Handler: $Id: mm-handler,v 1.2 2002/04/05 19:41:09 bwarsaw Exp $
Received: from mail.solidstatelogic.com (mail.solidstatelogic.com
[80.241.69.19])
by safir.blacknight.ie (8.13.1/8.13.1) with ESMTP id m41DAoiY031948
for ; Thu, 1 May 2008 14:11:22 +0100
Received: from volt.solid-state-logic.com ([10.1.1.11]
helo=solidstatelogic.com)
by towers.solid-state-logic.com with esmtp (Exim 4.43 (FreeBSD))
id 1JrYYh-000Dmh-TX
for mailscanner@lists.mailscanner.info; Thu, 01 May 2008 14:10:47 +0100
Received: from [10.1.4.48] (account martinh@solidstatelogic.com)
by solidstatelogic.com (CommuniGate Pro IMAP 5.2.1)
with XMIT id 1268711 for mailscanner@lists.mailscanner.info;
Thu, 01 May 2008 14:10:47 +0100
Date: Thu, 01 May 2008 14:10:47 +0100
But I think the mailinglist holds it 15 minutes for each line of a
disclaimer. So it is rather fast ;-)
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIGiALBvzDRVjxmYERAlYnAKCZFMDYzVTr8LIqcWFEyw9iUb2hvgCfRSTe
GZIjlhxi5IqtjWJi5tS3sVs=
=vyXz
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org Thu May 1 20:58:58 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 1 20:59:07 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk>
<3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
Message-ID: <481A2102.2020108@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mohammed Alli wrote:
| Guys,
|
| I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
For a publisher it would have been nice if you had not hijacked a thread
to announce it:
In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org>
<481A0029.5050003@ecs.soton.ac.uk>
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIGiEBBvzDRVjxmYERAkVIAJ9LwAWGQFUMeg5d+qrVWI7lRbFzsACeI1ZL
6Dx9HYS5A5kjdC8RmW9bHgw=
=vq2W
-----END PGP SIGNATURE-----
From malli at mcrirents.com Thu May 1 22:06:03 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Thu May 1 22:06:26 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
Message-ID: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>
Well,
I'm sorry and did not intend to nor did I realize it. I'm just trying to share my experience with people who appreciates it!
-----Original Message-----
From: "Hugo van der Kooij"
To: "MailScanner discussion"
Sent: 5/1/08 5:34 PM
Subject: Re: The Perfect SpamSnake - Ubuntu 8.04 TLS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mohammed Alli wrote:
| Guys,
|
| I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
For a publisher it would have been nice if you had not hijacked a thread
to announce it:
In-Reply-To: <481A0029.5050003@ecs.soton.ac.uk>
References: <4819A73F.80104@vanderkooij.org>
<481A0029.5050003@ecs.soton.ac.uk>
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIGiEBBvzDRVjxmYERAkVIAJ9LwAWGQFUMeg5d+qrVWI7lRbFzsACeI1ZL
6Dx9HYS5A5kjdC8RmW9bHgw=
=vq2W
-----END PGP SIGNATURE-----
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
From Kevin_Miller at ci.juneau.ak.us Thu May 1 22:26:09 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Thu May 1 22:25:32 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>
References: <001601c8abd7$a505c038$0d00a8c0@computerrents.com>
Message-ID:
Mohammed Alli wrote:
> Well,
> I'm sorry and did not intend to nor did I realize it. I'm just
> trying to share my experience with people who appreciates it!
LOL. As they say, "No good deed goes unpunished!"
Best...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From davejones70 at gmail.com Thu May 1 22:56:07 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Thu May 1 22:56:41 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
In-Reply-To: <4819826C.9080508@ecs.soton.ac.uk>
References: <4819826C.9080508@ecs.soton.ac.uk>
Message-ID: <67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>
>I have just released the latest stable release of MailScanner, 4.69.
>There's quite a lot this month, but the main new features this month are:
>- - Can now extract embedded files from within Microsoft Office documents
>and subject them to all the file tests like any other attachments.
FYI, I hope our problem with defunct processes doesn't start popping up all
over the place with this new feature. We had to disable this feature to get
our MailScanner stable again but use another new feature Julian added for us
in this release.
----SNIP of "Re: MailScanner defunct processes" -----
>The only way to disable the Storage_Lite code is to comment out the
>calls to sub "ExtractOle" in Message.pm (in
>/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
>whenever it sees an attachment which starts with the "magic" strings
>that define a Microsoft Office document.
I ended up commenting out 2 lines that were a single call to UnpackOle
and mail is flowing again with no defunct processes.
----SNIP of "Re: MailScanner defunct processes" -----
--
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080501/1829e120/attachment.html
From MailScanner at ecs.soton.ac.uk Thu May 1 23:34:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 1 23:35:19 2008
Subject: MailScanner ANNOUNCE: 4.69.8 released
In-Reply-To: <67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>
References: <4819826C.9080508@ecs.soton.ac.uk>
<67a55ed50805011456n5c0edb96hdf7b81445b0c8597@mail.gmail.com>
Message-ID: <481A456C.3030107@ecs.soton.ac.uk>
Dave Jones wrote:
> >I have just released the latest stable release of MailScanner, 4.69.
>
> >There's quite a lot this month, but the main new features this month are:
>
> >- - Can now extract embedded files from within Microsoft Office documents
> >and subject them to all the file tests like any other attachments.
> FYI, I hope our problem with defunct processes doesn't start popping
> up all over the place with this new feature. We had to disable this
> feature to get our MailScanner stable again but use another new
> feature Julian added for us in this release.
If you can actually send me an email message which you know causes the
problem to appear, I can code round it. Last time I asked for this I
didn't receive anything useful to me.
>
> ----SNIP of "Re: MailScanner defunct processes" -----
> >The only way to disable the Storage_Lite code is to comment out the
> >calls to sub "ExtractOle" in Message.pm (in
> >/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
> >whenever it sees an attachment which starts with the "magic" strings
> >that define a Microsoft Office document.
> I ended up commenting out 2 lines that were a single call to UnpackOle
> and mail is flowing again with no defunct processes.
> ----SNIP of "Re: MailScanner defunct processes" -----
Send me problem-causing messages please. Preferably zipped up and put on
an http site for me to download, so my MailScanner doesn't also hit
problems with it.
Coding round any problems with the OLE unpacker should be pretty easy,
but I can't do it without any messages that exhibit problems.
Thanks.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From peter at farrows.org Fri May 2 00:21:46 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May 2 00:22:52 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A2102.2020108@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org>
<481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com>
<481A2102.2020108@vanderkooij.org>
Message-ID: <481A508A.20405@farrows.org>
Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mohammed Alli wrote:
> | Guys,
> |
> | I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
>
> For a publisher it would have been nice if you had not hijacked a thread
> to announce it:
>
Get a life mate, can't you just say thanks for once.
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
From micoots at yahoo.com Fri May 2 03:00:05 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Fri May 2 03:00:39 2008
Subject: High Scoring Spam quarantine directory
Message-ID: <319379.60969.qm@web33308.mail.mud.yahoo.com>
Hi,
I'd like to separate the quarantined spam directory
for "normal" spam and high scoring spam ie. the
directory:
/var/spool/MailScanner/quarantine//spam
which contains both normal spam and high scoring spam.
I'd like to put the high scoring spam in an area of
it's own.
Which is the best way to do this? or should I just use
a default rule to forward all high scoring spam an
another email address or "archive" for processing.
Thanks.
Michael.
Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail
From micoots at yahoo.com Fri May 2 03:17:13 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Fri May 2 03:17:48 2008
Subject: Running a CustomAction on High Scoring Spam
In-Reply-To: <20080501140002.GA28676@logger.dc-uoit.net>
Message-ID: <745953.85920.qm@web33306.mail.mud.yahoo.com>
Hi,
--- Andrei Caraman wrote:
> On Thu, May 01, 2008 at 09:39:58AM +1000, Michael
> Mansour wrote:
> > Hi,
> >
> > I have a perl script I would like to run on each
> High
> > Scoring Spam that is detected by MailScanner.
>
> you could forward high scoring spam to a local
> account and use a .forward or
> .procmailrc type of thing to pipe the messages
> through your script. all the
> tools are there, documented, and you don't need to
> get deep into custom
> mailscanner functions.
This is actually an excellent idea. I read Jules'
response and checked out some of the function stuff,
but I have little chance of figuring it out without
investing weeks on it.
Your idea is actually quite easy to do, so I think I
will go that route.
Thankyou.
Michael.
Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail
From hvdkooij at vanderkooij.org Fri May 2 06:21:23 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Fri May 2 06:22:08 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481A508A.20405@farrows.org>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com> <481A2102.2020108@vanderkooij.org>
<481A508A.20405@farrows.org>
Message-ID: <481AA4D3.7000802@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter Farrow wrote:
| Hugo van der Kooij wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Mohammed Alli wrote:
|> | Guys,
|> |
|> | I've published my tutorial, The Perfect SpamSnake, on HowToForge.org,
|>
|> For a publisher it would have been nice if you had not hijacked a thread
|> to announce it:
|>
| Get a life mate, can't you just say thanks for once.
I'm not your mate. Let's get that clear.
But if you prefer to hide announcements away then why bother to announce
at all? If you think your document is important then you wrong yourself
by adding it to another thread beause it will be hidden for those who
use a threaded email client and do not care about the VBA32 thread.
But feel free to ignore a good hint on getting an anouncement more
visible on a mailinglist. It feels like a waste to publish a document
and then hide the announcement.
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIGqTRBvzDRVjxmYERAkKaAJ0YaUDSXd667nhWDeRrH+O1eAwH8QCeM2YT
v3VuYmrluVS/Awi/PQ5Qk48=
=e/+z
-----END PGP SIGNATURE-----
From peter at farrows.org Fri May 2 09:14:52 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May 2 09:15:53 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481AA4D3.7000802@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com> <481A2102.2020108@vanderkooij.org> <481A508A.20405@farrows.org>
<481AA4D3.7000802@vanderkooij.org>
Message-ID: <481ACD7C.3090805@farrows.org>
Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Farrow wrote:
> | Hugo van der Kooij wrote:
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Mohammed Alli wrote:
> |> | Guys,
> |> |
> |> | I've published my tutorial, The Perfect SpamSnake, on
> HowToForge.org,
> |>
> |> For a publisher it would have been nice if you had not hijacked a
> thread
> |> to announce it:
> |>
> | Get a life mate, can't you just say thanks for once.
>
> I'm not your mate. Let's get that clear.
>
> But if you prefer to hide announcements away then why bother to announce
> at all? If you think your document is important then you wrong yourself
> by adding it to another thread beause it will be hidden for those who
> use a threaded email client and do not care about the VBA32 thread.
>
> But feel free to ignore a good hint on getting an anouncement more
> visible on a mailinglist. It feels like a waste to publish a document
> and then hide the announcement.
>
> Hugo.
>
Nope, your not my mate, you are too busy pulling diamonds out of your arse.
Everyone saw the comment, it got exposure, but you had chip in with a
comment like that, then to compound the issue you won't let it drop,
with a further wasted comment like this above. I am surpised you
managed to hold your tongue at Res's top posting, can't believe you let
that one slip by...
I think Res' comment says it all..
>>I cant stand these self appointed net-cops! moronic tossers, the lot
of em.
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
From peter at farrows.org Fri May 2 09:19:31 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May 2 09:19:54 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To: <481AA4D3.7000802@vanderkooij.org>
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com> <481A2102.2020108@vanderkooij.org> <481A508A.20405@farrows.org>
<481AA4D3.7000802@vanderkooij.org>
Message-ID: <481ACE93.2020601@farrows.org>
Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter Farrow wrote:
> | Hugo van der Kooij wrote:
> |> -----BEGIN PGP SIGNED MESSAGE-----
> |> Hash: SHA1
> |>
> |> Mohammed Alli wrote:
> |> | Guys,
> |> |
> |> | I've published my tutorial, The Perfect SpamSnake, on
> HowToForge.org,
> |>
> |> For a publisher it would have been nice if you had not hijacked a
> thread
> |> to announce it:
> |>
> | Get a life mate, can't you just say thanks for once.
>
> I'm not your mate. Let's get that clear.
>
> But if you prefer to hide announcements away then why bother to announce
> at all? If you think your document is important then you wrong yourself
> by adding it to another thread beause it will be hidden for those who
> use a threaded email client and do not care about the VBA32 thread.
>
> But feel free to ignore a good hint on getting an anouncement more
> visible on a mailinglist. It feels like a waste to publish a document
> and then hide the announcement.
>
> Hugo.
>
> - --
> hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> A: Yes.
> >Q: Are you sure?
> >>A: Because it reverses the logical flow of conversation.
> >>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFIGqTRBvzDRVjxmYERAkKaAJ0YaUDSXd667nhWDeRrH+O1eAwH8QCeM2YT
> v3VuYmrluVS/Awi/PQ5Qk48=
> =e/+z
> -----END PGP SIGNATURE-----
BTW, you didn't see that comment from Res' because it was sent to me,
just thought I would share it with you so you understand how you come
across sometimes, take it on board, and make yourself a better person
for it...
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
From shuttlebox at gmail.com Fri May 2 10:02:42 2008
From: shuttlebox at gmail.com (shuttlebox)
Date: Fri May 2 10:03:17 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
Message-ID: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
On Fri, May 2, 2008 at 10:19 AM, Peter Farrow wrote:
> BTW, you didn't see that comment from Res' because it was sent to me, just
> thought I would share it with you so you understand how you come across
> sometimes, take it on board, and make yourself a better person for it...
Maybe you shouldn't use Res as an example. :-) A guy who got in so
much trouble on this list he asked to be removed from it himself and
the wish was granted, then he subscribed again to lurk and posts
privately to people which all in all is kind of silly if you ask me.
In my mind Hugo is very reasonable compared to what I have read from
Res. After all, this list is populated by e-mail admins, if they are
"educated" about top-posting, how threading works and my favorite -
trimming replies, they might influence their users and we will have a
better world. :-)
--
/peter
From peter at farrows.org Fri May 2 10:12:38 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May 2 10:13:31 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
Message-ID: <481ADB06.2050206@farrows.org>
shuttlebox wrote:
> On Fri, May 2, 2008 at 10:19 AM, Peter Farrow wrote:
>
>> BTW, you didn't see that comment from Res' because it was sent to me, just
>> thought I would share it with you so you understand how you come across
>> sometimes, take it on board, and make yourself a better person for it...
>>
>
> Maybe you shouldn't use Res as an example. :-) A guy who got in so
> much trouble on this list he asked to be removed from it himself and
> the wish was granted, then he subscribed again to lurk and posts
> privately to people which all in all is kind of silly if you ask me.
> In my mind Hugo is very reasonable compared to what I have read from
> Res. After all, this list is populated by e-mail admins, if they are
> "educated" about top-posting, how threading works and my favorite -
> trimming replies, they might influence their users and we will have a
> better world. :-)
>
>
I agree, but Hugo's reply just pressed my button, far too much tied up
with protocol, rather than just saying thanks.
If you constantly nit-pick over what really are irrellevances you end
with a mailing list tied up with discussions about posting, how to post,
how not to post etc etc, and it becomes worthless, rather like a
playground argument over who said what.
This list is already diluted far too much with self appointed net-cops,
and that really had to be said. Given the same set of circumstances and
looking back, my only regret is that I wasn't harder on Hugo first time
round. Res' comment seems right on the money in the case...
--
horizontal ruler
Peter Farrow
Inexcom Logo
Inexcom Ltd
Office: 08450 949 747
Fax: 01249 461 548
Mobile: 07799605617
Skype: peter_farrow
Web: www.inexcom.co.uk
Registered in England and Wales, number:05598456
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
-------------- next part --------------
Skipped content of type multipart/related
From jan-peter at koopmann.eu Fri May 2 10:23:58 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Fri May 2 10:25:15 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To:
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com> <481A2102.2020108@vanderkooij.org> <481A508A.20405@farrows.org><481AA4D3.7000802@vanderkooij.org>
Message-ID:
Hi guys,
> Nope, your not my mate, you are too busy pulling diamonds out of your
arse.
Oh come on. There are things you should not do on a mailing list:
- Steal threats
- Be rude
- top post
- tons of other stuff
- use 20 line long disclaimers esp. with completely useless contents
like (if you read this in error, wipe your memory)
Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
out the error Mohammed did (I agree a more polite way could have done
the trick even better). Thanks to Peter for trying to tell Hugo how he
comes across in times. Now let's all be friends again. :-)
>I think Res' comment says it all..
> >>I cant stand these self appointed net-cops! moronic tossers, the lot
of em.
Add "publish private comments to the mailing list" to the list. .-) I
agree, self appointed net-cops can be a pain in the ass. I know, I
sometimes try to be one myself. But honestly, people top posting, being
rude etc. can be annoying as well to others. So let's all try to
concentrate and behave a bit on mailing lists and this one in
particular. While Hugo might have been a bit harsh in making his valid
point, he is a valuable member of the list so don't kill him for it. .-)
Kind regards and a nice relaxing weekend to all of you,
JP
From peter at farrows.org Fri May 2 10:58:26 2008
From: peter at farrows.org (Peter Farrow)
Date: Fri May 2 10:59:30 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
In-Reply-To:
References: <4819A73F.80104@vanderkooij.org> <481A0029.5050003@ecs.soton.ac.uk> <3B1A431BDA34C54581BE43253BC1BD9364FCBA@exchange.computerrents.com> <481A2102.2020108@vanderkooij.org> <481A508A.20405@farrows.org><481AA4D3.7000802@vanderkooij.org>
Message-ID: <481AE5C2.4020408@farrows.org>
Koopmann, Jan-Peter wrote:
> Hi guys,
>
>
>> Nope, your not my mate, you are too busy pulling diamonds out of your
>>
> arse.
>
> Oh come on. There are things you should not do on a mailing list:
>
> - Steal threats
> - Be rude
> - top post
> - tons of other stuff
> - use 20 line long disclaimers esp. with completely useless contents
> like (if you read this in error, wipe your memory)
>
> Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
> out the error Mohammed did (I agree a more polite way could have done
> the trick even better). Thanks to Peter for trying to tell Hugo how he
> comes across in times. Now let's all be friends again. :-)
>
>
>
>> I think Res' comment says it all..
>>
>
>
>>>> I cant stand these self appointed net-cops! moronic tossers, the lot
>>>>
> of em.
>
> Add "publish private comments to the mailing list" to the list. .-) I
> agree, self appointed net-cops can be a pain in the ass. I know, I
> sometimes try to be one myself. But honestly, people top posting, being
> rude etc. can be annoying as well to others. So let's all try to
> concentrate and behave a bit on mailing lists and this one in
> particular. While Hugo might have been a bit harsh in making his valid
> point, he is a valuable member of the list so don't kill him for it. .-)
>
> Kind regards and a nice relaxing weekend to all of you,
> JP
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
Well said,
I agree 150%
Apologies to Hugo,
:-)
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/92f56d49/attachment.html
From gerard at seibercom.net Fri May 2 11:31:28 2008
From: gerard at seibercom.net (Gerard)
Date: Fri May 2 11:32:20 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <481ADB06.2050206@farrows.org>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
<481ADB06.2050206@farrows.org>
Message-ID: <20080502063128.5ec8fad7@scorpio>
On Fri, 02 May 2008 10:12:38 +0100
Peter Farrow wrote:
> shuttlebox wrote:
> > On Fri, May 2, 2008 at 10:19 AM, Peter Farrow
> > wrote:
> >> BTW, you didn't see that comment from Res' because it was sent to
> >> me, just thought I would share it with you so you understand how
> >> you come across sometimes, take it on board, and make yourself a
> >> better person for it...
> >
> > Maybe you shouldn't use Res as an example. :-) A guy who got in so
> > much trouble on this list he asked to be removed from it himself and
> > the wish was granted, then he subscribed again to lurk and posts
> > privately to people which all in all is kind of silly if you ask me.
> > In my mind Hugo is very reasonable compared to what I have read from
> > Res. After all, this list is populated by e-mail admins, if they are
> > "educated" about top-posting, how threading works and my favorite -
> > trimming replies, they might influence their users and we will have
> > a better world. :-)
> >
> >
> I agree, but Hugo's reply just pressed my button, far too much tied
> up with protocol, rather than just saying thanks.
>
> If you constantly nit-pick over what really are irrellevances you end
> with a mailing list tied up with discussions about posting, how to
> post, how not to post etc etc, and it becomes worthless, rather like
> a playground argument over who said what.
>
> This list is already diluted far too much with self appointed
> net-cops, and that really had to be said. Given the same set of
> circumstances and looking back, my only regret is that I wasn't
> harder on Hugo first time round. Res' comment seems right on the
> money in the case...
It has always been my opinion that the best place to start is at the
beginning. You cannot write a book successfully until you have mastered
the art of spelling, grammar, etc. Fast forwarding to 'forum postings'
would reveal that in order to post effectively a user should have the
necessary skills to properly format and present his data. The failure to
post in a logical and well understood manner, is in my humble opinion,
not effective. It actually has the effect of turning a potentially
useful post into a m?lange of indecipherable rantings.
Just my 2?.
--
Gerard
gerard@seibercom.net
Pollyanna's Educational Constant: The hyperactive child is never absent.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/c4fc3135/signature.bin
From MailScanner at ecs.soton.ac.uk Fri May 2 11:52:40 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 2 11:53:39 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <319379.60969.qm@web33308.mail.mud.yahoo.com>
References: <319379.60969.qm@web33308.mail.mud.yahoo.com>
Message-ID: <481AF278.6090601@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Mansour wrote:
> Hi,
>
> I'd like to separate the quarantined spam directory
> for "normal" spam and high scoring spam ie. the
> directory:
>
> /var/spool/MailScanner/quarantine//spam
>
> which contains both normal spam and high scoring spam.
> I'd like to put the high scoring spam in an area of
> it's own.
>
> Which is the best way to do this? or should I just use
> a default rule to forward all high scoring spam an
> another email address or "archive" for processing.
>
With the latest stable version, you can store different levels of spam
in any arbitrary directory you like. Check out the new comments just
about "Spam Actions" in MailScanner.conf.
> Thanks.
>
> Michael.
>
>
>
> Get the name you always wanted with the new y7mail email address.
> www.yahoo7.com.au/y7mail
>
>
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIGvJ8EfZZRxQVtlQRAixGAKCA3o6p7i2ersvdjzaJJXqhUOMjFACcC7PI
IedKXWK0wiWrZ3XH3USvTeQ=
=K9En
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From malli at mcrirents.com Fri May 2 12:58:11 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Fri May 2 12:58:43 2008
Subject: The Perfect SpamSnake - Ubuntu 8.04 TLS
Message-ID: <001901c8ac54$47ea3ba4$0d00a8c0@computerrents.com>
Guys,
Please excuse my ignorance as this is the first time for me on a mailing list of any kind. I don't know your procedures but will pick them up quickly. I'm sorry for the trouble I've caused.
MO
-----Original Message-----
From: "Peter Farrow"
To: "MailScanner discussion"
Sent: 5/2/08 7:03 AM
Subject: Re: The Perfect SpamSnake - Ubuntu 8.04 TLS
Koopmann, Jan-Peter wrote:
> Hi guys,
>
>
>> Nope, your not my mate, you are too busy pulling diamonds out of your
>>
> arse.
>
> Oh come on. There are things you should not do on a mailing list:
>
> - Steal threats
> - Be rude
> - top post
> - tons of other stuff
> - use 20 line long disclaimers esp. with completely useless contents
> like (if you read this in error, wipe your memory)
>
> Thanks Mohammed for the work you have done. Thanks to Hugo for pointing
> out the error Mohammed did (I agree a more polite way could have done
> the trick even better). Thanks to Peter for trying to tell Hugo how he
> comes across in times. Now let's all be friends again. :-)
>
>
>
>> I think Res' comment says it all..
>>
>
>
>>>> I cant stand these self appointed net-cops! moronic tossers, the lot
>>>>
> of em.
>
> Add "publish private comments to the mailing list" to the list. .-) I
> agree, self appointed net-cops can be a pain in the ass. I know, I
> sometimes try to be one myself. But honestly, people top posting, being
> rude etc. can be annoying as well to others. So let's all try to
> concentrate and behave a bit on mailing lists and this one in
> particular. While Hugo might have been a bit harsh in making his valid
> point, he is a valuable member of the list so don't kill him for it. .-)
>
> Kind regards and a nice relaxing weekend to all of you,
> JP
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
Well said,
I agree 150%
Apologies to Hugo,
:-)
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
From ssilva at sgvwater.com Fri May 2 18:43:45 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Fri May 2 18:45:39 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <481ADB06.2050206@farrows.org>
References: <625385e30805020202j5fb9391bp3120669401a2da0b@mail.gmail.com>
<481ADB06.2050206@farrows.org>
Message-ID:
on 5-2-2008 2:12 AM Peter Farrow spake the following:
> shuttlebox wrote:
>> On Fri, May 2, 2008 at 10:19 AM, Peter Farrow wrote:
>>
>>> BTW, you didn't see that comment from Res' because it was sent to me, just
>>> thought I would share it with you so you understand how you come across
>>> sometimes, take it on board, and make yourself a better person for it...
>>>
>>
>> Maybe you shouldn't use Res as an example. :-) A guy who got in so
>> much trouble on this list he asked to be removed from it himself and
>> the wish was granted, then he subscribed again to lurk and posts
>> privately to people which all in all is kind of silly if you ask me.
>> In my mind Hugo is very reasonable compared to what I have read from
>> Res. After all, this list is populated by e-mail admins, if they are
>> "educated" about top-posting, how threading works and my favorite -
>> trimming replies, they might influence their users and we will have a
>> better world. :-)
>>
>>
> I agree, but Hugo's reply just pressed my button, far too much tied up
> with protocol, rather than just saying thanks.
>
> If you constantly nit-pick over what really are irrellevances you end
> with a mailing list tied up with discussions about posting, how to post,
> how not to post etc etc, and it becomes worthless, rather like a
> playground argument over who said what.
>
> This list is already diluted far too much with self appointed net-cops,
> and that really had to be said. Given the same set of circumstances and
> looking back, my only regret is that I wasn't harder on Hugo first time
> round. Res' comment seems right on the money in the case...
>
> --
I suppose making a comment on the graphic signature will just start the fire
again, so I won't do it. ;-P
Disclaimer:
The above comment was just a poor attempt at humor. You are free to keep your
comments and angry responses to yourself!
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/ca6757f9/signature.bin
From Neal at Morgan-Systems.com Fri May 2 19:35:37 2008
From: Neal at Morgan-Systems.com (Neal Morgan)
Date: Fri May 2 19:36:47 2008
Subject: OT: Netiquette Question
Message-ID: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
At this risk of stirring things up, may I ask a dumb question?
One of you made a reference to "snip" - and I was unable to determine
whether you meant this was an example of poor netiquette. If it is,
what is the preferred approach? ...especially when the thread has taken
a turn and much of the original discussion no longer applies? Start a
new thread?
Thanks in advance.
Neal Morgan
From Kevin_Miller at ci.juneau.ak.us Fri May 2 20:07:40 2008
From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller)
Date: Fri May 2 20:07:02 2008
Subject: Netiquette Question
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
Message-ID:
Neal Morgan wrote:
> At this risk of stirring things up, may I ask a dumb question?
>
> One of you made a reference to "snip" - and I was unable to determine
> whether you meant this was an example of poor netiquette. If it is,
> what is the preferred approach? ...especially when the thread has
> taken a turn and much of the original discussion no longer applies?
> Start a new thread?
I've always been of the understanding that when the thread starts
getting long, that the majority of it should be snipped, leaving the bit
that the current post is in response to. Makes it much easier to read.
I'm also of the opinion that if some don't snip, or toppost, or hijack
threads, if that's the worst that happens to me today I'm *waaaay* ahead
of the game. It's not a bad life...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
From arturs at netvision.net.il Fri May 2 20:49:36 2008
From: arturs at netvision.net.il (Arthur Sherman)
Date: Fri May 2 20:50:49 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To:
Message-ID: <026501c8ac8d$a6faa730$6600a8c0@dell>
> > This list is already diluted far too much with self appointed
> > net-cops, and that really had to be said. Given the same set of
Absolutely agree.
I think these net-cops are doing more damage to JF and MS than their
help(??) to the list.
It has to be said: the list turns to be unfriendly!
Best,
--
Arthur Sherman
From MailScanner at ecs.soton.ac.uk Fri May 2 21:26:20 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 2 21:27:13 2008
Subject: Enough already. Was Re: OT: netiquette (was: The Perfect SpamSnake
- Ubuntu 8.04 TLS)
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <481B78EC.4010808@ecs.soton.ac.uk>
Arthur Sherman wrote:
>
Now, now, folks.
Enough of this, guys.
Virtually no-one behaves badly out of neglect or anything wilful. We all
had to start somewhere, and I bet even some of the old-timers (no insult
intended!) on this list have accidentally top-posted or hijacked a
thread earlier in their lives before they learned why it can be a
problem for a few people. I get an awful lot of mail, and I don't mind
people hijacking threads (I don't use threaded views in my mail client)
or occasionally top-posting (I do it myself often enough!).
This list usually runs itself, and very rarely is my intervention
needed, as I try to keep it to a minimum. You folks are normally pretty
well-behaved and in the past I have received comments saying what a
lovely polite list this is. I don't want that to change.
The poor guy who accidentally hijacked a thread at some point in this
conversation didn't do it wilfully, trying to make your life hard or
trying to ensure you didn't see his posting. He did it by mistake, and
we all make them. I have a feeling that English is not his first
language, so he may not have understood what was meant by any criticism
of his posting.
Also, if you don't know that threaded mail clients exist, or you don't
understand what is meant by this strange technical use of the term
"threading", then any explanation will go straight over his head. Think
about that before you criticise people; English ain't the only language
spoken here. I have advised people in the past that if they know more
Spanish than English, then they will get a better response by posting
their question in Spanish as there are quite a few Spanish speakers here
who can help them. No-one complains when a posting is made in Spanish.
So, please, lighten up a bit and try to remember that not only do people
make mistakes, but they might neither know why they have made a mistake
nor understand any criticism you make about them.
Can we please end this whole thread here and now. If you want to comment
on this posting, send your comments to me off-list. I don't want to see
this Subject: line again. I want to see this list go back to the
helpful, constructive, polite and well-behaved place it normally is. I
don't want to see any of this "net-cop" behaviour in future.
Have a nice weekend, get out and enjoy the Spring weather.
Best regards,
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From dave.list at pixelhammer.com Fri May 2 21:28:30 2008
From: dave.list at pixelhammer.com (DAve)
Date: Fri May 2 21:29:12 2008
Subject: OT: netiquette
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <481B796E.6030609@pixelhammer.com>
Arthur Sherman wrote:
>>> This list is already diluted far too much with self appointed
>>> net-cops, and that really had to be said. Given the same set of
>
> Absolutely agree.
> I think these net-cops are doing more damage to JF and MS than their
> help(??) to the list.
> It has to be said: the list turns to be unfriendly!
Can I be a net cop? Do I get a badge? 8^)
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
From davejones70 at gmail.com Fri May 2 21:49:24 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Fri May 2 21:49:59 2008
Subject: MailScanner defunct processes
Message-ID: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>
> Dave Jones wrote:
>> >I have just released the latest stable release of MailScanner, 4.69.
>>
>> >There's quite a lot this month, but the main new features this month
are:
>>
>> >- - Can now extract embedded files from within Microsoft Office
documents
>> >and subject them to all the file tests like any other attachments.
>> FYI, I hope our problem with defunct processes doesn't start popping
>> up all over the place with this new feature. We had to disable this
>> feature to get our MailScanner stable again but use another new
>> feature Julian added for us in this release.
>If you can actually send me an email message which you know causes the
>problem to appear, I can code round it. Last time I asked for this I
>didn't receive anything useful to me.
I am still trying to gather information to send you a message that caused
the defunct process. I had over 600 df files in the inbound queue that I
made a copy of before commenting out the UnpackOle line. Which one would be
the one you need? Would it be the oldest one? Is there some attibute about
the file that I can search for to pinpoint the bad one? Or should I just tgz
all of them and put them on a web server for you?
I apologize for not getting back to you sooner with the needed info. We
have a major site upgrade going live in a few days so I have had to focus on
that.
>> ----SNIP of "Re: MailScanner defunct processes" -----
>> >The only way to disable the Storage_Lite code is to comment out the
>> >calls to sub "ExtractOle" in Message.pm (in
>> >/usr/lib/MailScanner/MailScanner). Otherwise it is automatically used
>> >whenever it sees an attachment which starts with the "magic" strings
>> >that define a Microsoft Office document.
>> I ended up commenting out 2 lines that were a single call to UnpackOle
>> and mail is flowing again with no defunct processes.
>> ----SNIP of "Re: MailScanner defunct processes" -----
>Send me problem-causing messages please. Preferably zipped up and put on
>an http site for me to download, so my MailScanner doesn't also hit
>problems with it.
>Coding round any problems with the OLE unpacker should be pretty easy,
>but I can't do it without any messages that exhibit problems.
>Thanks.
>Jules
--
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080502/359fdec3/attachment.html
From MailScanner at ecs.soton.ac.uk Fri May 2 22:13:06 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 2 22:14:00 2008
Subject: MailScanner defunct processes
In-Reply-To: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>
References: <67a55ed50805021349k2ba031a9u263aa2b5d38ac64@mail.gmail.com>
Message-ID: <481B83E2.4000703@ecs.soton.ac.uk>
Dave Jones wrote:
> > Dave Jones wrote:
> >> >I have just released the latest stable release of MailScanner, 4.69.
> >>
> >> >There's quite a lot this month, but the main new features this
> month are:
> >>
> >> >- - Can now extract embedded files from within Microsoft Office
> documents
> >> >and subject them to all the file tests like any other attachments.
> >> FYI, I hope our problem with defunct processes doesn't start popping
> >> up all over the place with this new feature. We had to disable this
> >> feature to get our MailScanner stable again but use another new
> >> feature Julian added for us in this release.
> >If you can actually send me an email message which you know causes the
> >problem to appear, I can code round it. Last time I asked for this I
> >didn't receive anything useful to me.
>
> I am still trying to gather information to send you a message that
> caused the defunct process. I had over 600 df files in the inbound
> queue that I made a copy of before commenting out the UnpackOle line.
> Which one would be the one you need? Would it be the oldest one?
It will probably be amongst the oldest ones. Don't forget the matching
qf files too!
Make a tar file of a bundle of all the oldest ones. ('ls -tr | head
-100' will give you the 100 oldest files, then you just need to make
sure you have the qf and df for each of these messages, the "-t" means
"sort by date" and the "-r" means "oldest first").
Send me as many as you like, I can soon find the troublesome ones in there,
> Is there some attibute about the file that I can search for to
> pinpoint the bad one? Or should I just tgz all of them and put them on
> a web server for you?
Just give me the lot.
>
> I apologize for not getting back to you sooner with the needed info.
> We have a major site upgrade going live in a few days so I have had to
> focus on that.
No problem. Once I have isolated the problem, I can put out an update
that fixes the problem.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From dyioulos at firstbhph.com Fri May 2 22:14:31 2008
From: dyioulos at firstbhph.com (Dimitri Yioulos)
Date: Fri May 2 22:15:17 2008
Subject: OT: netiquette
In-Reply-To: <481B796E.6030609@pixelhammer.com>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
<481B796E.6030609@pixelhammer.com>
Message-ID: <200805021714.32307.dyioulos@firstbhph.com>
On Friday 02 May 2008 4:28 pm, DAve wrote:
> Arthur Sherman wrote:
> >>> This list is already diluted far too much with self appointed
> >>> net-cops, and that really had to be said. Given the same set of
> >
> > Absolutely agree.
> > I think these net-cops are doing more damage to JF and MS than their
> > help(??) to the list.
> > It has to be said: the list turns to be unfriendly!
>
> Can I be a net cop? Do I get a badge? 8^)
>
>
> --
> In 50 years, our descendants will look back on the early years
> of the internet, and much like we now look back on men with
> rockets on their back and feathers glued to their arms, marvel
> that we had the intelligence to wipe the drool from our chins.
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
Not only a badge, but a box of doughnuts, too! :-)
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From glenn.steen at gmail.com Fri May 2 22:58:33 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri May 2 22:59:08 2008
Subject: OT: Netiquette Question
In-Reply-To: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
References: <7D1CC61717004141A57CA6CA1C8087EC18A431@server-16.MorganSys.net>
Message-ID: <223f97700805021458k6a87ba7cxbdd7939ff759b0e6@mail.gmail.com>
2008/5/2 Neal Morgan :
> At this risk of stirring things up, may I ask a dumb question?
>
> One of you made a reference to "snip" - and I was unable to determine
> whether you meant this was an example of poor netiquette. If it is,
> what is the preferred approach? ...especially when the thread has taken
> a turn and much of the original discussion no longer applies? Start a
> new thread?
If at least marginally on-topic (whatever that may be:-), "snip" out
the parts that don't pply to your reply. ... "snip" refers to the
sound a pair of scissors make as you do the necessary cutting ... But
you knew that:-);-)
If you go off on a tangent, by all means do start a new thread, or
change the subject, to reflect the new direction of the (sub-)thread.
At least ... that's my very humble opinion...
>
> Thanks in advance.
>
> Neal Morgan
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From glenn.steen at gmail.com Fri May 2 23:01:27 2008
From: glenn.steen at gmail.com (Glenn Steen)
Date: Fri May 2 23:02:01 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <026501c8ac8d$a6faa730$6600a8c0@dell>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
Message-ID: <223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
2008/5/2 Arthur Sherman :
> > > This list is already diluted far too much with self appointed
> > > net-cops, and that really had to be said. Given the same set of
>
> Absolutely agree.
> I think these net-cops are doing more damage to JF and MS than their
> help(??) to the list.
> It has to be said: the list turns to be unfriendly!
>
>
> Best,
Not *that* bad a bunch, now are we really???!?!!?:-)
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
From MailScanner at ecs.soton.ac.uk Fri May 2 23:36:27 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Fri May 2 23:37:23 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To: <223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
References: <026501c8ac8d$a6faa730$6600a8c0@dell>
<223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
Message-ID: <481B976B.7080201@ecs.soton.ac.uk>
Glenn Steen wrote:
> 2008/5/2 Arthur Sherman :
>
>>>> This list is already diluted far too much with self appointed
>>>>
>> > > net-cops, and that really had to be said. Given the same set of
>>
>> Absolutely agree.
>> I think these net-cops are doing more damage to JF and MS than their
>> help(??) to the list.
>> It has to be said: the list turns to be unfriendly!
>>
>>
>> Best,
>>
>
> Not *that* bad a bunch, now are we really???!?!!?:-)
>
Come on guys, that's enough for this thread. I don't want to have to say
it again :-)
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From roland at inbox4u.de Sat May 3 08:58:29 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Sat May 3 08:59:42 2008
Subject: The Perfect SpamSnake - thank you!
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
Hi All,
to return to the original Thread:
Although I was missing some settings, which I use, this How-To is very good and when reading the manual you realize, that the contributor has made an effort to complete it.
So: Thank you to the contributor, the manual is very good for beginners, even if they do not use Ubuntu.
Regards,
Roland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080503/52b1be21/attachment.html
From arturs at netvision.net.il Sat May 3 10:30:46 2008
From: arturs at netvision.net.il (Arthur Sherman)
Date: Sat May 3 10:31:32 2008
Subject: OT: netiquette
In-Reply-To: <200805021714.32307.dyioulos@firstbhph.com>
Message-ID: <007901c8ad00$5e0c5190$6600a8c0@dell>
> > Can I be a net cop? Do I get a badge? 8^)
>
> Not only a badge, but a box of doughnuts, too! :-)
>
I'd like a doughnut too, please!
:))
Best,
--
Arthur Sherman
From micoots at yahoo.com Sat May 3 10:50:57 2008
From: micoots at yahoo.com (Michael Mansour)
Date: Sat May 3 10:51:48 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <481AF278.6090601@ecs.soton.ac.uk>
Message-ID: <952652.77332.qm@web33305.mail.mud.yahoo.com>
Hi Jules,
--- Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael Mansour wrote:
> > Hi,
> >
> > I'd like to separate the quarantined spam
> directory
> > for "normal" spam and high scoring spam ie. the
> > directory:
> >
> > /var/spool/MailScanner/quarantine//spam
> >
> > which contains both normal spam and high scoring
> spam.
> > I'd like to put the high scoring spam in an area
> of
> > it's own.
> >
> > Which is the best way to do this? or should I just
> use
> > a default rule to forward all high scoring spam an
> > another email address or "archive" for processing.
> >
> With the latest stable version, you can store
> different levels of spam
> in any arbitrary directory you like. Check out the
> new comments just
> about "Spam Actions" in MailScanner.conf.
I read this bit:
# store- - store the message in
the
as meaning I can specify:
FromOrTo: default
store-/var/spool/MailScanner/quarantine//highscoringspam/
??
I also use MailWatch, so am wondering how this new
path would impact MailWatch's link on the bottom of
its Message Detail view?
Thanks.
Michael.
Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/y7mail
From MailScanner at ecs.soton.ac.uk Sat May 3 11:16:07 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sat May 3 11:17:01 2008
Subject: High Scoring Spam quarantine directory
In-Reply-To: <952652.77332.qm@web33305.mail.mud.yahoo.com>
References: <952652.77332.qm@web33305.mail.mud.yahoo.com>
Message-ID: <481C3B67.6000300@ecs.soton.ac.uk>
Michael Mansour wrote:
> Hi Jules,
>
> --- Julian Field wrote:
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Michael Mansour wrote:
>>
>>> Hi,
>>>
>>> I'd like to separate the quarantined spam
>>>
>> directory
>>
>>> for "normal" spam and high scoring spam ie. the
>>> directory:
>>>
>>> /var/spool/MailScanner/quarantine//spam
>>>
>>> which contains both normal spam and high scoring
>>>
>> spam.
>>
>>> I'd like to put the high scoring spam in an area
>>>
>> of
>>
>>> it's own.
>>>
>>> Which is the best way to do this? or should I just
>>>
>> use
>>
>>> a default rule to forward all high scoring spam an
>>> another email address or "archive" for processing.
>>>
>>>
>> With the latest stable version, you can store
>> different levels of spam
>> in any arbitrary directory you like. Check out the
>> new comments just
>> about "Spam Actions" in MailScanner.conf.
>>
>
> I read this bit:
>
> # store- - store the message in
> the
>
> as meaning I can specify:
>
> FromOrTo: default
> store-/var/spool/MailScanner/quarantine//highscoringspam/
>
That's not how you specify the date, read the comments. But otherwise, yes.
> ??
>
> I also use MailWatch, so am wondering how this new
> path would impact MailWatch's link on the bottom of
> its Message Detail view?
>
Not a clue, sorry.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From jan-peter at koopmann.eu Sat May 3 11:26:28 2008
From: jan-peter at koopmann.eu (Koopmann, Jan-Peter)
Date: Sat May 3 11:27:36 2008
Subject: OT: netiquette (was: The Perfect SpamSnake - Ubuntu 8.04 TLS)
In-Reply-To:
References:
<026501c8ac8d$a6faa730$6600a8c0@dell><223f97700805021501se05868dl9aad6eea3e7ccadd@mail.gmail.com>
Message-ID:
> Come on guys, that's enough for this thread. I don't want to have to
say
> it again :-)
Was that not a bit rude? *ducking* :-)
From mikael at syska.dk Sat May 3 16:04:31 2008
From: mikael at syska.dk (Mikael Syska)
Date: Sat May 3 16:05:32 2008
Subject: The Perfect SpamSnake - thank you!
In-Reply-To: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
References: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
Message-ID: <6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>
Hi,
On Sat, May 3, 2008 at 9:58 AM, Ehle, Roland wrote:
> to return to the original Thread:
>
>
>
> Although I was missing some settings, which I use, this How-To is very good
> and when reading the manual you realize, that the contributor has made an
> effort to complete it.
Well, havent followed all threads on this list ... but what "how-to"
are you talking about, since I guess there are lots of them online
.... ?
> So: Thank you to the contributor, the manual is very good for beginners,
> even if they do not use Ubuntu.
>
>
> Regards,
>
> Roland
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
best regards
Mikael Syska
From roland at inbox4u.de Sat May 3 17:30:03 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Sat May 3 17:30:50 2008
Subject: AW: The Perfect SpamSnake - thank you!
In-Reply-To: <6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>
References: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A6@ts-dc2.TS-Webarts.local>
<6beca9db0805030804s4d6c1beaw53f1ac8d5af9fafb@mail.gmail.com>
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394A9@ts-dc2.TS-Webarts.local>
Hi Michael,
> Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> Gesendet: Samstag, 3. Mai 2008 17:05
>
[...]
> Well, havent followed all threads on this list ... but what "how-to"
> are you talking about, since I guess there are lots of them online
> .... ?
http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04
Regards,
Roland
From MailScanner at ecs.soton.ac.uk Sun May 4 15:35:50 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Sun May 4 15:36:56 2008
Subject: 4.69.9 and Word document unpacking problems
Message-ID: <481DC9C6.8050905@ecs.soton.ac.uk>
I have just updated the stable 4.69 release to 4.69.9.
Upgrade if you are having problems with some Word (and other OLE)
documents causing "PPS Error" messages when they are unpacked.
This update should resolve this problem.
Thanks folks!
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From rob at kettle.org.uk Mon May 5 07:31:11 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Mon May 5 07:31:58 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481DC9C6.8050905@ecs.soton.ac.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk>
Message-ID: <481EA9AF.3000603@kettle.org.uk>
Julian Field wrote:
> I have just updated the stable 4.69 release to 4.69.9.
> Upgrade if you are having problems with some Word (and other OLE)
> documents causing "PPS Error" messages when they are unpacked.
> This update should resolve this problem.
>
> Thanks folks!
>
> Jules
>
Hi,
after upgrading to this version I get the following error approx hourly:
/usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
regards
Rob
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From rob at kettle.org.uk Mon May 5 08:40:58 2008
From: rob at kettle.org.uk (Rob Kettle)
Date: Mon May 5 08:41:40 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481EA9AF.3000603@kettle.org.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk> <481EA9AF.3000603@kettle.org.uk>
Message-ID: <481EBA0A.4070106@kettle.org.uk>
>
> Julian Field wrote:
>
>> I have just updated the stable 4.69 release to 4.69.9.
>> Upgrade if you are having problems with some Word (and other OLE)
>> documents causing "PPS Error" messages when they are unpacked.
>> This update should resolve this problem.
>>
>> Thanks folks!
>>
>> Jules
>>
>>
> Hi,
>
> after upgrading to this version I get the following error approx hourly:
>
> /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
>
> regards
> Rob
>
>
>
forgot to say.... simply commenting out the vba32 line in /etc/MailScanner/virus.scanners.conf fixed the error.
Looks like the config to check the new vba32 has been added but not the wrapper to do the updates as yet.
Rob
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From john at tradoc.fr Mon May 5 09:34:39 2008
From: john at tradoc.fr (John Wilcock)
Date: Mon May 5 09:35:25 2008
Subject: Watermarking action problem?
Message-ID: <481EC69F.2090808@tradoc.fr>
Just received a genuine out-of-office reply that was sent with a null
sender, but didn't quote the original message and hence the watermark.
MS correctly added 5 points to the spam score, but this should not have
been enough for the message to be considered as spam. (-1.5 + 5 = +3.5,
with a threshold of 5) However, it still took the spam action rather
than the nonspam action for the message.
This is with MS 4.67.6 (the latest gentoo ebuild), and the changelog
doesn't mention any watermarking-related changes since.
The relevant MailScanner.conf settings are:
Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = 5
Required SpamAssassin Score = 5
Spam Actions = %rules-dir%/spam.actions.rules
Non Spam Actions = %rules-dir%/non.spam.actions.rules
These rules files hit defaults for this message, which are
(spam)
FromOrTo: default store deliver header "X-Spam-Flag: YES"
(nonspam)
FromOrTo: default store deliver
Log extract:
May 5 10:09:43 ns0 MailScanner[940]: Message D1EE98084.515BE had bad
watermark, added 5 to spam score
May 5 10:09:44 ns0 MailScanner[940]: Message D1EE98084.515BE from
212.227.15.27 () to tradoc.fr is spam, SpamAssassin (not cached,
score=-1.5, required 5, autolearn=not spam, BAYES_00 -1.50,
SPF_HELO_PASS -0.00, UNPARSEABLE_RELAY 0.00)
May 5 10:09:44 ns0 MailScanner[940]: Spam Actions: message
D1EE98084.515BE actions are store,deliver,header
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk Mon May 5 11:20:48 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Mon May 5 11:21:43 2008
Subject: 4.69.9 and Word document unpacking problems
In-Reply-To: <481EBA0A.4070106@kettle.org.uk>
References: <481DC9C6.8050905@ecs.soton.ac.uk> <481EA9AF.3000603@kettle.org.uk>
<481EBA0A.4070106@kettle.org.uk>
Message-ID: <481EDF80.3090101@ecs.soton.ac.uk>
Rob Kettle wrote:
>> Julian Field wrote:
>>
>>
>>> I have just updated the stable 4.69 release to 4.69.9.
>>> Upgrade if you are having problems with some Word (and other OLE)
>>> documents causing "PPS Error" messages when they are unpacked.
>>> This update should resolve this problem.
>>>
>>> Thanks folks!
>>>
>>> Jules
>>>
>>>
>>>
>> Hi,
>>
>> after upgrading to this version I get the following error approx hourly:
>>
>> /usr/sbin/update_virus_scanners: line 39: /usr/lib/MailScanner/vba32-wrapper: No such file or directory
>>
>> regards
>> Rob
>>
>>
>>
>>
> forgot to say.... simply commenting out the vba32 line in /etc/MailScanner/virus.scanners.conf fixed the error.
>
> Looks like the config to check the new vba32 has been added but not the wrapper to do the updates as yet.
>
Bother. Just released 4.69.9-2 which should resolve this minor issue.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From mailscanner at lists.mailscanner.info Mon May 5 11:55:58 2008
From: mailscanner at lists.mailscanner.info (VIAGRA ® Official Site)
Date: Mon May 5 11:56:12 2008
Subject: Dear mailscanner@lists.mailscanner.info May 83% 0FF
Message-ID: <20080505092609.5598.qmail@comp3>
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/41cf8152/attachment.html
From p.katzmann at thiesen.com Mon May 5 09:23:43 2008
From: p.katzmann at thiesen.com (Peter Katzmann)
Date: Mon May 5 13:02:20 2008
Subject: Problem with 4.69.9-1 Opensuse 10.3 , Module error
Message-ID: <481EC40F.5000105@thiesen.com>
Hello List,
I installed the new Version without any problems but when i tried to
start it the follwing messages appears and Mailscanner quits.
peter
is only avaliable with the XS version at
/usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9.
Compilation failed in require at
/usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
BEGIN failed--compilation aborted at
/usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
Compilation failed in require at
/usr/lib/MailScanner/MailScanner/Message.pm line 48.
BEGIN failed--compilation aborted at
/usr/lib/MailScanner/MailScanner/Message.pm line 48.
Compilation failed in require at /usr/sbin/MailScanner line 80.
BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From velda.midanovic at trezor.sr.gov.yu Mon May 5 13:04:20 2008
From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic)
Date: Mon May 5 13:08:52 2008
Subject: MailScanner and SquirrelMail problems
Message-ID: <000801c8aea8$2cae0540$860a0fc0$@midanovic@trezor.sr.gov.yu>
I have a Red Hat 4 U5 setup with MailScanner and Clam AV working perfectly.
BUT
When I try to add a webmail (SquirrelMail) to the mix, it alll falls down.
I can log into the webmail, but when I try to send a mail through it I get
such things in my maillog :
****************
MailScanner[6486]: Cannot read queue directory /var/spool/mqueue.in
---
MailScanner[6491]: User's home directory /var/www is not writable
MailScanner[6491]: You need to set the "SpamAssassin User State Dir" to a
directory that the "Run As User" can write to
---
MailScanner [6491]: Using SpamAssassin results cache
MailScanner[6491]: Could not create SpamAssassin cache database
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
---
And I have to restart the server to get it running OK again.
Any ideas?
Best from Velda
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/fe1a631a/attachment.html
From p.katzmann at thiesen.com Mon May 5 13:18:47 2008
From: p.katzmann at thiesen.com (Peter Katzmann)
Date: Mon May 5 13:19:46 2008
Subject: Problem with 4.69.9-1 Opensuse 10.3 , Module error
In-Reply-To: <481EC40F.5000105@thiesen.com>
References: <481EC40F.5000105@thiesen.com>
Message-ID: <481EFB27.4060900@thiesen.com>
Hello Again,
i have found a way to resolve this issue:
downloading scalar and recompile and install it with xs
remove all compress and zlib installations inside perl and run an
update on cpan and then it seems working fine
peter
Peter Katzmann wrote:
> Hello List,
> I installed the new Version without any problems but when i tried to
> start it the follwing messages appears and Mailscanner quits.
>
> peter
>
> is only avaliable with the XS version at
> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm line 9.
> Compilation failed in require at
> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
> BEGIN failed--compilation aborted at
> /usr/lib/perl5/site_perl/5.8.8/Archive/Zip.pm line 11.
> Compilation failed in require at
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
> BEGIN failed--compilation aborted at
> /usr/lib/MailScanner/MailScanner/Message.pm line 48.
> Compilation failed in require at /usr/sbin/MailScanner line 80.
> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 80.
>
>
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From velda.midanovic at trezor.sr.gov.yu Mon May 5 15:02:52 2008
From: velda.midanovic at trezor.sr.gov.yu (Velda Midanovic)
Date: Mon May 5 15:07:08 2008
Subject: MailScanner and SquirrelMail problems
Message-ID: <000d01c8aeb8$bbdff010$339fd030$@midanovic@trezor.sr.gov.yu>
Sorry for the bother.
I solved the problem.
Did not configure OK the /usr/share/squirrelmail/config.php
Now things are OK.
Best
Velda
From: Velda Midanovic [mailto:velda.midanovic@trezor.sr.gov.yu]
Sent: Monday, May 05, 2008 2:04 PM
To: 'mailscanner@lists.mailscanner.info'
Subject: MailScanner and SquirrelMail problems
I have a Red Hat 4 U5 setup with MailScanner and Clam AV working perfectly.
BUT
When I try to add a webmail (SquirrelMail) to the mix, it alll falls down.
I can log into the webmail, but when I try to send a mail through it I get
such things in my maillog :
****************
MailScanner[6486]: Cannot read queue directory /var/spool/mqueue.in
---
MailScanner[6491]: User's home directory /var/www is not writable
MailScanner[6491]: You need to set the "SpamAssassin User State Dir" to a
directory that the "Run As User" can write to
---
MailScanner [6491]: Using SpamAssassin results cache
MailScanner[6491]: Could not create SpamAssassin cache database
/var/spool/MailScanner/incoming/SpamAssassin.cache.db
---
And I have to restart the server to get it running OK again.
Any ideas?
Best from Velda
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/7dfa036c/attachment.html
From ismail at ismailozatay.net Mon May 5 16:51:47 2008
From: ismail at ismailozatay.net (Ismail OZATAY)
Date: Mon May 5 16:52:31 2008
Subject: Using MCP
References: <000d01c8aeb8$bbdff010$339fd030$@midanovic@trezor.sr.gov.yu>
Message-ID: <01c001c8aec7$eceeff70$65cba8c0@pc>
Hello ;
i have just enabled mcp in mailscanner.conf file and added some rules in 10_example.cf file like this ;
header RULE1 Subject =~ /Undelivered Mail Returned to Sender/i
describe RULE1 Block1
score RULE1 10
header RULE2 Subject =~ /Mail delivery failed: returning message to sender/i
describe RULE2 Block2
score RULE2 10
header RULE3 Subject =~ /Returned mail/i
describe RULE3 Block3
score RULE3 10
if i write full of the subject, mcp works good but i want to write only a part of the subject like RULE3.how can use this syntax ?
Thanks
ismail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/0a02f7ac/attachment.html
From rpoe at plattesheriff.org Mon May 5 17:34:08 2008
From: rpoe at plattesheriff.org (Rob Poe)
Date: Mon May 5 17:35:09 2008
Subject: Requiring RFC Compliance -- Tagging for MS ?
Message-ID: <481EF0B0.65ED.00A2.0@plattesheriff.org>
I had my MTA's set to require that forward and reverse DNS is set up properly, however the amount of brain dead sysadmins who do NOT set their Forward <-> Reverse DNS is staggering.
It *DID* reduce the spam amounts significantly, however the collateral damage was just too great.
Does anyone know how to make Sendmail tag in the header, so as to provide a scoring method for SA ?
From eric.noel at ouvaton.org Mon May 5 23:59:51 2008
From: eric.noel at ouvaton.org (=?ISO-8859-1?Q?=C9ric_No=EBl?=)
Date: Tue May 6 00:00:26 2008
Subject: spamassasin (maybe) make all disapear...!!
Message-ID: <481F9167.5010608@ouvaton.org>
Hello,
I has installed mailscanner on my new ubuntu-server 8.04
I had problems.....the spam does not appear in mailbox ( with a kind of
{mail? )
But nospam mail are ok. I had the
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
On the end of each mail
I folow these tutorial:
https://help.ubuntu.com/community/MailScanner
In MailScanner.conf i had:
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"
Wher could i start now to resolve this problem?
Thanks
Eric Noel
From ssilva at sgvwater.com Tue May 6 00:18:32 2008
From: ssilva at sgvwater.com (Scott Silva)
Date: Tue May 6 00:19:23 2008
Subject: spamassasin (maybe) make all disapear...!!
In-Reply-To: <481F9167.5010608@ouvaton.org>
References: <481F9167.5010608@ouvaton.org>
Message-ID:
on 5-5-2008 3:59 PM ? spake the following:
> Hello,
>
> I has installed mailscanner on my new ubuntu-server 8.04
>
> I had problems.....the spam does not appear in mailbox ( with a kind of
> {mail? )
> But nospam mail are ok. I had the
>
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> On the end of each mail
>
>
> I folow these tutorial:
>
> https://help.ubuntu.com/community/MailScanner
>
> In MailScanner.conf i had:
> Spam Actions = deliver header "X-Spam-Status: Yes"
> High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"
>
> Wher could i start now to resolve this problem?
>
> Thanks
>
> Eric Noel
Try this howto and see if it has any additional info;
http://howtoforge.org/the-perfect-spamsnake-ubuntu-8.04
On a side note, it looks like the postfix people got to the Ubuntu hosted
howto mentioned by the OP. It starts with an anti Mailscanner rant.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080505/b4130535/signature.bin
From jlmiller at mmtnetworks.com.au Tue May 6 07:04:55 2008
From: jlmiller at mmtnetworks.com.au (Jon Miller)
Date: Tue May 6 07:07:46 2008
Subject: (no subject)
Message-ID: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>
I have a problem where some of the spam is not spam although it's marked.
The problem is although I can release it, the mail and attachments are
merged into a single email. How do I tell MailScanner to keep the email and
attachment intact, e.g separate or in their original state.?
I also use Spamassassin, and mailwatch.
Regards,
Jon L. Miller, MCNE CNE CCNA
Director
MMT Networks Pty Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/5e3ed8f4/attachment.html
From john at tradoc.fr Tue May 6 09:58:55 2008
From: john at tradoc.fr (John Wilcock)
Date: Tue May 6 09:59:39 2008
Subject: Watermarking action problem?
In-Reply-To: <481EC69F.2090808@tradoc.fr>
References: <481EC69F.2090808@tradoc.fr>
Message-ID: <48201DCF.4040506@tradoc.fr>
John Wilcock a ?crit :
> Just received a genuine out-of-office reply that was sent with a null
> sender, but didn't quote the original message and hence the watermark.
>
> MS correctly added 5 points to the spam score, but this should not have
> been enough for the message to be considered as spam. (-1.5 + 5 = +3.5,
> with a threshold of 5) However, it still took the spam action rather
> than the nonspam action for the message.
Conversely, I just received a piece of spam with a null sender and (of
course) no watermark. MS again correctly added points to the spam score.
This time they should have been enough to push the message over the high
spam threshold, but MS still took the ordinary spam action, not the high
spam action.
Any ideas?
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
From MailScanner at ecs.soton.ac.uk Tue May 6 10:01:24 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 10:02:23 2008
Subject: (no subject)
In-Reply-To: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>
References: <006a01c8af3f$1b252a00$820aa8c0@jonsdesk>
Message-ID: <48201E64.9020106@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jon Miller wrote:
>
> I have a problem where some of the spam is not spam although it?s
> marked. The problem is although I can release it, the mail and
> attachments are merged into a single email. How do I tell MailScanner
> to keep the email and attachment intact, e.g separate or in their
> original state.?
>
Set this in MailScanner.conf:
Quarantine Whole Messages As Queue Files = yes
> I also use Spamassassin, and mailwatch.
>
> Regards,
>
> Jon L. Miller, MCNE CNE CCNA
>
> Director
>
> MMT Networks Pty Ltd
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: windows-1252
wj8DBQFIIB5rEfZZRxQVtlQRAqytAJ9MU4VE2ro1oNFlqSMaKySaJWSfjwCgw/iC
lt8LIWBqrFZKCTzzL1MPeig=
=C1Bw
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From philippe at beau.nom.fr Tue May 6 12:33:24 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May 6 12:33:04 2008
Subject: Problem running MailScanner & MailWatch
Message-ID: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Hi everybody,
So at first, thanks Julian for your daily work around MailScanner, it's a
great product :)
I have some shit since sometimes, and i don't arrive to solve this. It
seems to appear when i activate the logging with MailWatch. So i would
like an external advice on my configuration :
- OS is Centos r5
- Perl release is 5.10.0
- MySQL was downgraded from 5.0.22 to 4.1.22
- MailScanner is Version number in MailScanner.conf (4.68.8) is correct.
-> MailScanner --lint is okay
but when i launch MailScanner with Logging & MailWatch activated, i have
this error message :
Could not use Custom Function code
MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
Make sure the module is correct with perl -wc at
/usr/lib/MailScanner/MailScanner/Config.pm line 873
And it seems to have some dead process with "Compressing attachments".
I try in the past to upgrade the release of MailScanner, but i have more
and more shits and i don't arrive to have a clean process. Can you help me
with this ?
Best regards
Philippe,
From martinh at solidstatelogic.com Tue May 6 12:52:54 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Tue May 6 12:53:52 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
Philippe
What happens if you run logging or mailwatch on their own?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have more
> and more shits and i don't arrive to have a clean process. Can you help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
From malli at mcrirents.com Tue May 6 14:44:50 2008
From: malli at mcrirents.com (Mohammed Alli)
Date: Tue May 6 13:44:42 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
<44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
Message-ID: <3B1A431BDA34C54581BE43253BC1BD9364FCCA@exchange.computerrents.com>
-----Original Message-----
From: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of
Martin.Hepworth
Sent: Tuesday, May 06, 2008 6:53 AM
To: MailScanner discussion
Subject: RE: Problem running MailScanner & MailWatch
Philippe
What happens if you run logging or mailwatch on their own?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner,
it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is
correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i
have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be
"eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have
more
> and more shits and i don't arrive to have a clean process. Can you
help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
It could be a missing package such as DBD-MySQL. Try that.
Regards,
MO
From MailScanner at ecs.soton.ac.uk Tue May 6 13:48:01 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 13:48:56 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <48205381.2070600@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philippe BEAU wrote:
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
Thanks!
> And it seems to have some dead process with "Compressing attachments".
>
Make sure you have these both set in MailScanner.conf :
Debug = no
Debug SpamAssassin = no
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIFOIEfZZRxQVtlQRAvapAKDpxuzQB4FyHeipnlGAViGWu7hVVACgk28j
f+JS64YYxu9u6QZa9Ijxj/c=
=+/ky
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From Phil.Udel at SalemCorp.com Tue May 6 14:04:13 2008
From: Phil.Udel at SalemCorp.com (Phil Udel)
Date: Tue May 6 14:04:54 2008
Subject: Word Document and themeManager.x10.rel
Message-ID: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
HI everyone.
Strange thing was reported to me today. a User is getting a "Warning:
E-mail viruses detected" when he sends a Word Document.
How can I change the filename.rules.conf to allow ONLY these hidden
extensions.
themeManager.x10.rel
themeManager.x11.rel
themeManager.x12.rel
themeManager.x13.rel
This is the complete error:
One or more of the attachments (28784.doc, themeManager.x12.rel,
themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc, 1020.doc,
themeManager.x11.rel) are on the list of unacceptable attachments for this
site and will not have been delivered.
Consider renaming the files to avoid this constraint.
The virus detector said this about the message:
Report: Report: MailScanner: Attempt to hide real filename extension
(themeManager.x12.rel)
Report: MailScanner: Attempt to hide real filename extension
(themeManager.x10.rel)
Report: MailScanner: Attempt to hide real filename extension
(themeManager.x13.rel)
Report: MailScanner: Attempt to hide real filename extension
(themeManager.x11.rel)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/168f25ed/attachment.html
From roland at inbox4u.de Tue May 6 14:09:39 2008
From: roland at inbox4u.de (Ehle, Roland)
Date: Tue May 6 14:14:31 2008
Subject: AW: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <9A519AA4E4FCED4582DCCAEFE0E0C6F998BB6394BB@ts-dc2.TS-Webarts.local>
Hi Philippe,
your probably did not copy the MailWatchLogging.pm into the CustomFunctions directory (see MailWatch Installation documentation)
Regards,
Roland
> -----Urspr?ngliche Nachricht-----
> Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] Im Auftrag von Philippe BEAU
> Gesendet: Dienstag, 6. Mai 2008 13:33
> An: mailscanner@lists.mailscanner.info
> Betreff: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's
> a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is
> correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i
> have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be
> "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have
> more
> and more shits and i don't arrive to have a clean process. Can you help
> me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
From philippe at beau.nom.fr Tue May 6 14:32:37 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May 6 14:33:12 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <48205381.2070600@ecs.soton.ac.uk>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
<48205381.2070600@ecs.soton.ac.uk>
Message-ID: <005801c8af7d$a681db00$f3859100$@nom.fr>
Hi Julian,
Already done :(
Regards,
-----Message d'origine-----
De?: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] De la part de Julian
Field
Envoy??: mardi 6 mai 2008 14:48
??: MailScanner discussion
Objet?: Re: Problem running MailScanner & MailWatch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philippe BEAU wrote:
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
Thanks!
> And it seems to have some dead process with "Compressing attachments".
>
Make sure you have these both set in MailScanner.conf :
Debug = no
Debug SpamAssassin = no
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIFOIEfZZRxQVtlQRAvapAKDpxuzQB4FyHeipnlGAViGWu7hVVACgk28j
f+JS64YYxu9u6QZa9Ijxj/c=
=+/ky
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
From philippe at beau.nom.fr Tue May 6 14:33:22 2008
From: philippe at beau.nom.fr (Philippe BEAU)
Date: Tue May 6 14:33:32 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
<44f3b7b4b74f754880585686dde70ea0@solidstatelogic.com>
Message-ID: <005901c8af7d$c181c820$44855860$@nom.fr>
Hi Martin,
Sorry, i don't understand what you want to mean. Can you explain me more
detailed ?
Thanks for your patience, I'm only French guy :)
Philippe,
-----Message d'origine-----
De?: mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] De la part de
Martin.Hepworth
Envoy??: mardi 6 mai 2008 13:53
??: MailScanner discussion
Objet?: RE: Problem running MailScanner & MailWatch
Philippe
What happens if you run logging or mailwatch on their own?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Philippe BEAU
> Sent: 06 May 2008 12:33
> To: mailscanner@lists.mailscanner.info
> Subject: Problem running MailScanner & MailWatch
>
> Hi everybody,
>
> So at first, thanks Julian for your daily work around MailScanner, it's a
> great product :)
>
> I have some shit since sometimes, and i don't arrive to solve this. It
> seems to appear when i activate the logging with MailWatch. So i would
> like an external advice on my configuration :
>
> - OS is Centos r5
> - Perl release is 5.10.0
> - MySQL was downgraded from 5.0.22 to 4.1.22
> - MailScanner is Version number in MailScanner.conf (4.68.8) is correct.
>
> -> MailScanner --lint is okay
>
> but when i launch MailScanner with Logging & MailWatch activated, i have
> this error message :
>
> Could not use Custom Function code
> MailScanner::CustomConfig::InitMailWatchLogging, it could not be "eval"ed.
> Make sure the module is correct with perl -wc at
> /usr/lib/MailScanner/MailScanner/Config.pm line 873
>
> And it seems to have some dead process with "Compressing attachments".
>
> I try in the past to upgrade the release of MailScanner, but i have more
> and more shits and i don't arrive to have a clean process. Can you help me
> with this ?
>
> Best regards
>
> Philippe,
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
--
MailScanner mailing list
mailscanner@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
From MailScanner at ecs.soton.ac.uk Tue May 6 14:50:26 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 14:51:37 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
Message-ID: <48206222.7010400@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have this near the top of my filename.rules.conf file:
# Allow Office 2007 docs
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.rtf$ - -
Remember to separate each "word" of each line with a tab character and
not just spaces. This is the one and only instance where tab characters
are actually important.
Phil Udel wrote:
> HI everyone.
> Strange thing was reported to me today. a User is getting a "Warning:
> E-mail viruses detected" when he sends a Word Document.
>
> How can I change the filename.rules.conf to allow ONLY these hidden
> extensions.
> themeManager.x10.rel
> themeManager.x11.rel
> themeManager.x12.rel
> themeManager.x13.rel
>
>
> This is the complete error:
>
> One or more of the attachments (28784.doc, themeManager.x12.rel,
> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc,
> 1020.doc, themeManager.x11.rel) are on the list of unacceptable
> attachments for this site and will not have been delivered.
>
> Consider renaming the files to avoid this constraint.
>
> The virus detector said this about the message:
>
> Report: Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x12.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x10.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x13.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x11.rel)
>
>
>
>
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIGIsEfZZRxQVtlQRAlFDAJ4nPzpk15Ic2NO4q6P5XmUf45F2UACgwfKW
q7mi5fmGXJ2URHgyOF/Nh+o=
=giaT
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From campbell at cnpapers.com Tue May 6 15:11:09 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May 6 15:12:02 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
Message-ID: <482066FD.2050806@cnpapers.com>
Phil Udel wrote:
> HI everyone.
> Strange thing was reported to me today. a User is getting a "Warning:
> E-mail viruses detected" when he sends a Word Document.
>
> How can I change the filename.rules.conf to allow ONLY these hidden
> extensions.
> themeManager.x10.rel
> themeManager.x11.rel
> themeManager.x12.rel
> themeManager.x13.rel
>
>
> This is the complete error:
>
> One or more of the attachments (28784.doc, themeManager.x12.rel,
> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc,
> 1020.doc, themeManager.x11.rel) are on the list of unacceptable
> attachments for this site and will not have been delivered.
>
> Consider renaming the files to avoid this constraint.
>
> The virus detector said this about the message:
>
> Report: Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x12.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x10.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x13.rel)
>
> Report: MailScanner: Attempt to hide real filename extension
> (themeManager.x11.rel)
>
>
Check your filename rules (might be filename.rules.conf) and search for
the string "Attempt to hide real filename extension". Comment the line
out and reload/restart Mailscanner. This used to be a Microsoft
exploitable vulnerability. You shouldn't need it now, as best as I can
recall, unless you are running old stuff.
I could be wrong.
Steve Campbell
From campbell at cnpapers.com Tue May 6 15:14:00 2008
From: campbell at cnpapers.com (Steve Campbell)
Date: Tue May 6 15:14:44 2008
Subject: Word Document and themeManager.x10.rel
In-Reply-To: <48206222.7010400@ecs.soton.ac.uk>
References: <02a501c8af79$aefcdd10$6102a8c0@salemcorp.com>
<48206222.7010400@ecs.soton.ac.uk>
Message-ID: <482067A8.4040608@cnpapers.com>
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have this near the top of my filename.rules.conf file:
>
> # Allow Office 2007 docs
> allow \.xml\d*\.rel$ - -
> allow \.x\d+\.rel$ - -
> allow \.rtf$ - -
>
> Remember to separate each "word" of each line with a tab character and
> not just spaces. This is the one and only instance where tab characters
> are actually important.
>
> Phil Udel wrote:
>
>> HI everyone.
>> Strange thing was reported to me today. a User is getting a "Warning:
>> E-mail viruses detected" when he sends a Word Document.
>>
>> How can I change the filename.rules.conf to allow ONLY these hidden
>> extensions.
>> themeManager.x10.rel
>> themeManager.x11.rel
>> themeManager.x12.rel
>> themeManager.x13.rel
>>
>>
>> This is the complete error:
>>
>> One or more of the attachments (28784.doc, themeManager.x12.rel,
>> themeManager.x10.rel, 4640.doc, themeManager.x13.rel, 7504.doc,
>> 1020.doc, themeManager.x11.rel) are on the list of unacceptable
>> attachments for this site and will not have been delivered.
>>
>> Consider renaming the files to avoid this constraint.
>>
>> The virus detector said this about the message:
>>
>> Report: Report: MailScanner: Attempt to hide real filename extension
>> (themeManager.x12.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension
>> (themeManager.x10.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension
>> (themeManager.x13.rel)
>>
>> Report: MailScanner: Attempt to hide real filename extension
>> (themeManager.x11.rel)
>>
>>
>>
As I mentioned, I could be wrong.
Steve
>>
>>
>>
>
> Jules
>
> - --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.2 (Build 3005)
> Comment: Use Enigmail to decrypt or check this message is legitimate
> Charset: ISO-8859-1
>
> wj8DBQFIIGIsEfZZRxQVtlQRAlFDAJ4nPzpk15Ic2NO4q6P5XmUf45F2UACgwfKW
> q7mi5fmGXJ2URHgyOF/Nh+o=
> =giaT
> -----END PGP SIGNATURE-----
>
>
From dom at vbi.vt.edu Tue May 6 16:16:16 2008
From: dom at vbi.vt.edu (Dominik L. Borkowski)
Date: Tue May 6 16:16:59 2008
Subject: unable to process certain attachments
Message-ID: <200805061116.16560.dom@vbi.vt.edu>
Hello,
Recently we've encountered a few e-mails which were 'stuck' in our queues for
a few days, mailscanner was never able to process them fully. Below you'll
find a description of one of those e-mails. We would appreciate any insight
as to how we may be able to fix this problem.
Each message would have the innocent log error (from address hashed out):
May 2 12:49:03 almaren MailScanner[21605]: Message m41GREcK020606 from
198.82.162.213 (XXXXX@XXXXXX.XXX) to vbi.vt.edu is too big for spam
checks (4715006 > 2000000 bytes)
The issue was that it would never go through, and mailscanner would attempt to
process it for days, every few minutes. When running Mailscanner with --debug
option, we got this error:
Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line 3168
Upon closer inspection, we found the message in our sendmail's mqueue.in:
s -la mqueue.in/
total 4608
drwxr-xr-x 2 root root 52 May 2 13:56 ./
drwxr-xr-x 5 root root 67 May 2 14:04 ../
-rw------- 1 root smmsp 4711318 May 1 12:27 dfm41GREcK020606
-rw------- 1 root smmsp 3688 May 1 12:27 qfm41GREcK020606
The message seems to contain only 8 attachments:
# grep filename dfm41GREcK020606
Content-disposition: attachment; filename=Figure1.jpg
Content-disposition: attachment; filename="Measkit Draft_latest.doc"
Content-disposition: attachment; filename=Table1.doc
Content-disposition: attachment; filename=Figure2.pdf
Content-disposition: attachment; filename=Figure3.pdf
Content-disposition: attachment; filename=Figure4.pdf
Content-disposition: attachment; filename=Figure5.pdf
Content-disposition: attachment; filename="Measkit Supplementary Material.doc"
While looking at the mailscanner's spool directory (thread responsible for
processing this given message), we found a bit more:
# ls -la mailscanner/
total 3696
drwxr-xr-x 2 root root 4096 May 2 13:56 ./
drwxr-xr-x 5 root root 67 May 2 14:04 ../
-rw------- 1 root root 310 Jan 1 1980 .rel
-rw------- 1 root root 310 Jan 1 1980 .rels
-rw------- 1 root root 540 Jan 1 1980 .xml
-rw------- 1 root root 540 Jan 1 1980 1.xml
-rw------- 1 root root 34423 May 2 12:47 Figure1.jpg
-rw------- 1 root root 326283 May 2 12:47 Figure2.pdf
-rw------- 1 root root 273733 May 2 12:47 Figure3.pdf
-rw------- 1 root root 281037 May 2 12:47 Figure4.pdf
-rw------- 1 root root 259256 May 2 12:47 Figure5.pdf
-rw------- 1 root root 774144 May 2 12:47 Measkit\ Draft_latest.doc
-rw------- 1 root root 1026048 May 2 12:47 Measkit\ Supplementary\
Material.doc
-rw------- 1 root root 27108 May 2 12:47 Ole10Native
-rw------- 1 root root 52548 May 2 12:47 Ole10Native1
-rw------- 1 root root 12708 May 2 12:47 Ole10Native2
-rw------- 1 root root 57028 May 2 12:47 Ole10Native3
-rw------- 1 root root 53828 May 2 12:47 Ole10Native4
-rw------- 1 root root 3044 May 2 12:47 Ole10Native5
-rw------- 1 root root 11556 May 2 12:47 Ole10Native6
-rw------- 1 root root 507392 May 2 12:47 Table1.doc
-rw------- 1 root root 2023 May 2 12:47 msg-22314-1.txt
-rw------- 1 root root 2870 May 2 12:47 msg-22314-2.html
-rw------- 1 root root 6992 Jan 1 1980 theme1.xml
-rw------- 1 root root 6992 Jan 1 1980 theme11.xml
-rw------- 1 root root 283 Jan 1 1980 themeManager.x.rel
-rw------- 1 root root 138 Jan 1 1980 themeManager.xml
-rw------- 1 root root 283 Jan 1 1980 themeManager.xml.rels
-rw------- 1 root root 138 Jan 1 1980 themeManager1.xml
-rw------- 1 root root 0 May 2 12:47 \336i
I guess we have few questions:
1) How come there are so many additional files in the mailscanner's spool dir
2) What can we do to replicate the expansion of all the attachments
3) What causes mailscanner to break in Message.pm
Our setup includes:
- MailScanner 4.69.8
- Sendmail 8.13.7
- tnef 1.4.3
- perl 5.8.5 (modules up to date)
Any hints/suggestions would be greatly appreciated.
--
Dominik L. Borkowski - Senior Systems Administrator
Virginia Bioinformatics Institute - www.vbi.vt.edu
From MailScanner at ecs.soton.ac.uk Tue May 6 16:47:13 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 16:48:10 2008
Subject: unable to process certain attachments
In-Reply-To: <200805061116.16560.dom@vbi.vt.edu>
References: <200805061116.16560.dom@vbi.vt.edu>
Message-ID: <48207D81.2060509@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dominik L. Borkowski wrote:
> Hello,
> Recently we've encountered a few e-mails which were 'stuck' in our queues for
> a few days, mailscanner was never able to process them fully. Below you'll
> find a description of one of those e-mails. We would appreciate any insight
> as to how we may be able to fix this problem.
>
>
> Each message would have the innocent log error (from address hashed out):
>
> May 2 12:49:03 almaren MailScanner[21605]: Message m41GREcK020606 from
> 198.82.162.213 (XXXXX@XXXXXX.XXX) to vbi.vt.edu is too big for spam
> checks (4715006 > 2000000 bytes)
>
> The issue was that it would never go through, and mailscanner would attempt to
> process it for days, every few minutes. When running Mailscanner with --debug
> option, we got this error:
>
> Negative length at /opt/MailScanner/lib/MailScanner/Message.pm line 3168
>
Download the very latest version of 4.69.9-3 and you will find this
problem has gone away.
> I guess we have few questions:
>
> 1) How come there are so many additional files in the mailscanner's spool dir
>
A docx file is actually a zip file containing all the bits that make up
the document, so MailScanner has unpacked it like any other zip file.
All the OleNative files are the embedded files extracted from the OLE
document structure which can be used in there.
> 2) What can we do to replicate the expansion of all the attachments
>
You can't, there aren't any command-line utilities that do all the work
of MailScanner in this extraction. You can see a lot of it with "unzip
- -v blahblah.docx".
> 3) What causes mailscanner to break in Message.pm
>
A bug which I have already fixed.
>
> Our setup includes:
> - MailScanner 4.69.8
> - Sendmail 8.13.7
> - tnef 1.4.3
> - perl 5.8.5 (modules up to date)
>
> Any hints/suggestions would be greatly appreciated.
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIH2FEfZZRxQVtlQRAqn5AJ9t0D6VOAZ4StC7jMRdAJa9I1DGMwCgjKN2
pe4RcDFmVc7RO/OmFTBO0Z8=
=mEG7
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From lists at tippingmar.com Tue May 6 18:23:32 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Tue May 6 18:24:23 2008
Subject: Watermarking action problem?
In-Reply-To: <48201DCF.4040506@tradoc.fr>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
Message-ID: <48209414.2030407@tippingmar.com>
John Wilcock wrote:
> John Wilcock a ?crit :
>> Just received a genuine out-of-office reply that was sent with a null
>> sender, but didn't quote the original message and hence the watermark.
>>
>> MS correctly added 5 points to the spam score, but this should not
>> have been enough for the message to be considered as spam. (-1.5 + 5
>> = +3.5, with a threshold of 5) However, it still took the spam action
>> rather than the nonspam action for the message.
>
> Conversely, I just received a piece of spam with a null sender and (of
> course) no watermark. MS again correctly added points to the spam
> score. This time they should have been enough to push the message over
> the high spam threshold, but MS still took the ordinary spam action,
> not the high spam action.
>
In my case, legitimate bounce messages quoting the original message
containing my server's watermark are tagged as having bad watermarks.
Have you seen that happen?
Mark
From davejones70 at gmail.com Tue May 6 18:24:27 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Tue May 6 18:25:02 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>
Is there a way to make a rule conditional on a body content? Would an SA
rule be required to get a hit on that score then take different action?
What I am trying to do it only append the inline HTML signature only on the
first outbound email for a particular domain. Currently the HTML signature
is getting appended to the bottom of all outbound email (for my test email
address) so if the email originates from the outside and I reply, then _my
signature_ is being appended to the original bottom that _was not mine_.
So I need to find a way to detect and append the inline HTML signature only
to the first outbound email from my domain. Can this be done with some
advanced rules based on SA scoring?
I have searched with various keywords in the mailing list archive with no
success.
--
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080506/d1a3b6ff/attachment.html
From dom at vbi.vt.edu Tue May 6 18:41:34 2008
From: dom at vbi.vt.edu (Dominik L. Borkowski)
Date: Tue May 6 18:42:12 2008
Subject: unable to process certain attachments
In-Reply-To: <48207D81.2060509@ecs.soton.ac.uk>
References: <200805061116.16560.dom@vbi.vt.edu>
<48207D81.2060509@ecs.soton.ac.uk>
Message-ID: <200805061341.34620.dom@vbi.vt.edu>
On Tuesday 06 May 2008 11:47:13 Julian Field wrote:
>
> Download the very latest version of 4.69.9-3 and you will find this
> problem has gone away.
Yep, that fixed it. Thank you for the prompt response.
> A docx file is actually a zip file containing all the bits that make up
> the document, so MailScanner has unpacked it like any other zip file.
> All the OleNative files are the embedded files extracted from the OLE
> document structure which can be used in there.
That would explain it, we actually assumed it was a regular .doc file based on
the extension, rather than further analysis.
Thanks again,
sincerely
--
Dominik L. Borkowski - Senior Systems Administrator
Virginia Bioinformatics Institute - www.vbi.vt.edu
From MailScanner at ecs.soton.ac.uk Tue May 6 18:58:42 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 18:59:33 2008
Subject: Watermarking action problem?
In-Reply-To: <48209414.2030407@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
<48209414.2030407@tippingmar.com>
Message-ID: <48209C52.2020200@ecs.soton.ac.uk>
Mark Nienberg wrote:
> John Wilcock wrote:
>> John Wilcock a ?crit :
>>> Just received a genuine out-of-office reply that was sent with a
>>> null sender, but didn't quote the original message and hence the
>>> watermark.
>>>
>>> MS correctly added 5 points to the spam score, but this should not
>>> have been enough for the message to be considered as spam. (-1.5 + 5
>>> = +3.5, with a threshold of 5) However, it still took the spam
>>> action rather than the nonspam action for the message.
>>
>> Conversely, I just received a piece of spam with a null sender and
>> (of course) no watermark. MS again correctly added points to the spam
>> score. This time they should have been enough to push the message
>> over the high spam threshold, but MS still took the ordinary spam
>> action, not the high spam action.
I'll take a look at that.
>>
> In my case, legitimate bounce messages quoting the original message
> containing my server's watermark are tagged as having bad watermarks.
> Have you seen that happen?
Is this watermark in the quoted headers? If in the quoted headers, was
there any attached original body of the message?
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Tue May 6 19:42:39 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 19:43:38 2008
Subject: Watermarking action problem?
In-Reply-To: <48209414.2030407@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr>
<48209414.2030407@tippingmar.com>
Message-ID: <4820A69F.6000205@ecs.soton.ac.uk>
Mark Nienberg wrote:
> John Wilcock wrote:
>> John Wilcock a ?crit :
>>> Just received a genuine out-of-office reply that was sent with a
>>> null sender, but didn't quote the original message and hence the
>>> watermark.
>>>
>>> MS correctly added 5 points to the spam score, but this should not
>>> have been enough for the message to be considered as spam. (-1.5 + 5
>>> = +3.5, with a threshold of 5) However, it still took the spam
>>> action rather than the nonspam action for the message.
I can't find this one either, sorry. :-(
>>
>> Conversely, I just received a piece of spam with a null sender and
>> (of course) no watermark. MS again correctly added points to the spam
>> score. This time they should have been enough to push the message
>> over the high spam threshold, but MS still took the ordinary spam
>> action, not the high spam action.
>>
> In my case, legitimate bounce messages quoting the original message
> containing my server's watermark are tagged as having bad watermarks.
> Have you seen that happen?
>
> Mark
Please can you send me a badly-behaved message demonstrating this
problem (with the watermark), and all your Watermark settings, including
the Secret. Given that lot I should be able to work out why it's going
wrong.
I've just re-created a message bounce by hand, and it worked out just
fine. So I can't reproduce it yet :-(
Not doing well here...
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Tue May 6 19:49:49 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 19:50:23 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>
References: <67a55ed50805061024t4bfb0359i892d39d54b27b39c@mail.gmail.com>
Message-ID: <4820A84D.2020605@ecs.soton.ac.uk>
It's in the latest releases. Here's the relevant chunk from
MailScanner.conf:
# This option can be used to stop any duplication of en email signature
# appearing in the HTML of an email message. It looks for the "alt"
# attribute in the tag specifying the image to be inserted int the
# HTML signature. If you want to use this option without inserting an image
# into the signature, simply specify an tag without a "src" attribute.
#
# If the "alt" tag appears, and contains the word "MailScanner" and the
# word "Signature" and the %org-name% you specified at the top of this file,
# then the message is considered to already be signed. If this option is
# also set to "yes", then it will not be signed again. Multiple image
# signatures at the bottom of a message can make the message very large and
# ugly once it has been replied to a couple of times.
# This can also be the filename of a ruleset.
Allow Multiple HTML Signatures = no
This should do exactly what you're looking for. If it doesn't then let
me know and I'll see what adjustments can be made.
Dave Jones wrote:
> Is there a way to make a rule conditional on a body content? Would an
> SA rule be required to get a hit on that score then take different action?
>
> What I am trying to do it only append the inline HTML signature only
> on the first outbound email for a particular domain. Currently the
> HTML signature is getting appended to the bottom of all outbound email
> (for my test email address) so if the email originates from the
> outside and I reply, then _my signature_ is being appended to the
> original bottom that _was not mine_.
>
> So I need to find a way to detect and append the inline HTML signature
> only to the first outbound email from my domain. Can this be done
> with some advanced rules based on SA scoring?
>
> I have searched with various keywords in the mailing list archive with
> no success.
>
> --
> Dave Jones
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Tue May 6 19:52:45 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Tue May 6 19:53:34 2008
Subject: unable to process certain attachments
In-Reply-To: <200805061341.34620.dom@vbi.vt.edu>
References: <200805061116.16560.dom@vbi.vt.edu> <48207D81.2060509@ecs.soton.ac.uk>
<200805061341.34620.dom@vbi.vt.edu>
Message-ID: <4820A8FD.8060000@ecs.soton.ac.uk>
Dominik L. Borkowski wrote:
> On Tuesday 06 May 2008 11:47:13 Julian Field wrote:
>
>> Download the very latest version of 4.69.9-3 and you will find this
>> problem has gone away.
>>
>
> Yep, that fixed it. Thank you for the prompt response.
>
>
>> A docx file is actually a zip file containing all the bits that make up
>> the document, so MailScanner has unpacked it like any other zip file.
>> All the OleNative files are the embedded files extracted from the OLE
>> document structure which can be used in there.
>>
>
> That would explain it, we actually assumed it was a regular .doc file based on
> the extension, rather than further analysis.
>
> Thanks again,
> sincerely
>
Any chance you could send me a copy of the docx file that was causing
the "Negative" error message please? Either in an email (off-list) or
put it on a http site somewhere and send me the URL. I would like to see
what's exactly wrong with my code that pulls out the OleNative objects.
There's clearly some more bits to the format that my code doesn't quite
understand.
The current code works okay, but clearly doesn't manage to extract all
the files it could. So it could be further improved.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From lists at tippingmar.com Tue May 6 22:34:48 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Tue May 6 22:35:35 2008
Subject: Watermarking action problem?
In-Reply-To: <48209C52.2020200@ecs.soton.ac.uk>
References: <481EC69F.2090808@tradoc.fr>
<48201DCF.4040506@tradoc.fr> <48209414.2030407@tippingmar.com>
<48209C52.2020200@ecs.soton.ac.uk>
Message-ID: <4820CEF8.7060705@tippingmar.com>
Julian Field wrote:
> Mark Nienberg wrote:
>> In my case, legitimate bounce messages quoting the original message
>> containing my server's watermark are tagged as having bad
>> watermarks. Have you seen that happen?
> Is this watermark in the quoted headers? If in the quoted headers, was
> there any attached original body of the message?
>
Pardon, I didn't mean to hijack this thread. The original message was
attached and it contains the watermark.
The details with an example are in the original thread:
http://article.gmane.org/gmane.mail.virus.mailscanner/63214
Mark
From hvdkooij at vanderkooij.org Tue May 6 22:48:10 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Tue May 6 22:48:56 2008
Subject: Problem running MailScanner & MailWatch
In-Reply-To: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
References: <64981.217.167.186.50.1210073604.squirrel@www.choup.net>
Message-ID: <4820D21A.4030301@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Philippe BEAU wrote:
| So at first, thanks Julian for your daily work around MailScanner, it's a
| great product :)
|
| I have some shit since sometimes, and i don't arrive to solve this. It
| seems to appear when i activate the logging with MailWatch. So i would
| like an external advice on my configuration :
|
| - OS is Centos r5
| - Perl release is 5.10.0
Just where did you obtain this perl version? Centos 5 ships with perl
5.8 and I am curious if you have a pressing need for this perl version
on your MailScanner box.
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIINIYBvzDRVjxmYERArmJAJ9EMDPKTAw68VLzYWTgI1EXGxplLgCguNlI
0cBpxN7I2M2zHz+B/WxFW6o=
=EC9v
-----END PGP SIGNATURE-----
From test at remedial-teacher.nl Wed May 7 10:21:24 2008
From: test at remedial-teacher.nl (Test)
Date: Wed May 7 10:24:07 2008
Subject: MailWatch Not logging non-spam possible ?
Message-ID: <20080507112112.F9CD.EE63E960@remedial-teacher.nl>
Is it possible to prevent MailWatch from logging non-spam to mysql ?
--
Test
From stef at aoc-uk.com Wed May 7 10:39:49 2008
From: stef at aoc-uk.com (Stef Morrell)
Date: Wed May 7 10:40:38 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To:
References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> <4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>
Message-ID: <200805070940.m479e1E7018876@safir.blacknight.ie>
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info
> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
> Of Hugo van der Kooij
> Sent: 14 April 2008 06:47
>
> Well. I am not a wiki kind of person. So I just added it to
> my MailScanner page:
> http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD
>
Do you perchance have a similar method whereby one can bypass email
*from* certain senders?
Now I know in this day and age of forged addressing this has potential
drawbacks but it would save me a pile of rulewriting in MS.
Thanks
Stef
Stefan Morrell | Operations Director
Tel: 0845 3452820 | Alpha Omega Computers Ltd
Fax: 0845 3452830 | Incorporating Level 5 Internet
stef@aoc-uk.com | stef@l5net.net
Alpha Omega Computers Ltd, Unit 57, BBTC, Grange Road, Batley, WF17 6ER.
Registered in England No. 3867142. VAT No. GB734421454
From MailScanner at ecs.soton.ac.uk Wed May 7 11:08:55 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 11:09:49 2008
Subject: Watermarking action problem?
In-Reply-To: <4820CEF8.7060705@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr> <48209414.2030407@tippingmar.com> <48209C52.2020200@ecs.soton.ac.uk>
<4820CEF8.7060705@tippingmar.com>
Message-ID: <48217FB7.9050505@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Nienberg wrote:
> Julian Field wrote:
>> Mark Nienberg wrote:
>>> In my case, legitimate bounce messages quoting the original message
>>> containing my server's watermark are tagged as having bad
>>> watermarks. Have you seen that happen?
>> Is this watermark in the quoted headers? If in the quoted headers,
>> was there any attached original body of the message?
>>
> Pardon, I didn't mean to hijack this thread. The original message was
> attached and it contains the watermark. The details with an example
> are in the original thread:
>
> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>
> Mark
Sorry, that's no use. Without the original sender details and everything
there as originally given in the message, I can't test the watermark at
all. Sorry.
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIX+5EfZZRxQVtlQRAhhqAKC8WLIu9Sq9JyXLr6irR71ZsgmD9wCgp4s9
XuBu0hJAat5jhasoxhJxsfo=
=DNbJ
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From davejones70 at gmail.com Wed May 7 12:16:59 2008
From: davejones70 at gmail.com (Dave Jones)
Date: Wed May 7 12:17:35 2008
Subject: Conditional rule based on content information
Message-ID: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
>It's in the latest releases. Here's the relevant chunk from
>MailScanner.conf:
># This option can be used to stop any duplication of en email signature
># appearing in the HTML of an email message. It looks for the "alt"
># attribute in the tag specifying the image to be inserted int the
># HTML signature. If you want to use this option without inserting an image
># into the signature, simply specify an tag without a "src"
attribute.
>#
># If the "alt" tag appears, and contains the word "MailScanner" and the
># word "Signature" and the %org-name% you specified at the top of this
file,
># then the message is considered to already be signed. If this option is
># also set to "yes", then it will not be signed again. Multiple image
># signatures at the bottom of a message can make the message very large and
># ugly once it has been replied to a couple of times.
># This can also be the filename of a ruleset.
>Allow Multiple HTML Signatures = no
>This should do exactly what you're looking for. If it doesn't then let
>me know and I'll see what adjustments can be made.
You added this feature for me and it is working great. We are only getting
one signature. If we send the first email out, then everything looks great
-- our logo/slogan is appended to the bottom of our email. The situation I
am trying to prevent is when the first email is sent inbound and we
reply/forward causing our logo/slogan to be added to the bottom of the
original external person's email. It makes things appear that
xyz.com(external company) has our
abc.com logo/slogan.
All I need now it to be able to detect an original email based on something
in the headers or body so I can make the signature rule conditional on this.
>Dave Jones wrote:
>> Is there a way to make a rule conditional on a body content? Would an
>> SA rule be required to get a hit on that score then take different
action?
>>
>> What I am trying to do it only append the inline HTML signature only
>> on the first outbound email for a particular domain. Currently the
>> HTML signature is getting appended to the bottom of all outbound email
>> (for my test email address) so if the email originates from the
>> outside and I reply, then _my signature_ is being appended to the
>> original bottom that _was not mine_.
>>
>> So I need to find a way to detect and append the inline HTML signature
>> only to the first outbound email from my domain. Can this be done
>> with some advanced rules based on SA scoring?
>>
>> I have searched with various keywords in the mailing list archive with
>> no success.
>>
>> --
.> Dave Jones
>Jules
--
Dave Jones
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/f10d6cf8/attachment.html
From pedro.hoffmann at gmail.com Wed May 7 13:32:58 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed May 7 13:33:34 2008
Subject: Mailscanner changing the size of attachment
Message-ID: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Hello.
I'm using Mailscanner, postfix, and spamassassin.
I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner. but
it blocks my e-mail saying that the file exceeds the maximum size.
I enter in quarantine and it shows up almost 50MB the file.
Why mailscanner changed the size of file?
When downloading the file it says the real size.
Already try to uencode the message. But file size stay the same. It was a
.doc file with a few images on it.
Thanks al!
Regards
Pedro Bordin Hoffmann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/5a790a2e/attachment.html
From MailScanner at ecs.soton.ac.uk Wed May 7 14:05:14 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 14:06:14 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
Message-ID: <4821A90A.1070802@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Jones wrote:
> >It's in the latest releases. Here's the relevant chunk from
> >MailScanner.conf:
>
> ># This option can be used to stop any duplication of en email signature
> ># appearing in the HTML of an email message. It looks for the "alt"
> ># attribute in the tag specifying the image to be inserted int the
> ># HTML signature. If you want to use this option without inserting an
> image
> ># into the signature, simply specify an tag without a "src"
> attribute.
> >#
> ># If the "alt" tag appears, and contains the word "MailScanner" and the
> ># word "Signature" and the %org-name% you specified at the top of
> this file,
> ># then the message is considered to already be signed. If this option is
> ># also set to "yes", then it will not be signed again. Multiple image
> ># signatures at the bottom of a message can make the message very
> large and
> ># ugly once it has been replied to a couple of times.
> ># This can also be the filename of a ruleset.
> >Allow Multiple HTML Signatures = no
>
> >This should do exactly what you're looking for. If it doesn't then let
> >me know and I'll see what adjustments can be made.
> You added this feature for me and it is working great. We are only
> getting one signature. If we send the first email out, then
> everything looks great -- our logo/slogan is appended to the bottom of
> our email. The situation I am trying to prevent is when the first
> email is sent inbound and we reply/forward causing our logo/slogan to
> be added to the bottom of the original external person's email. It
> makes things appear that xyz.com (external company)
> has our abc.com logo/slogan.
>
> All I need now it to be able to detect an original email based on
> something in the headers or body so I can make the signature rule
> conditional on this.
Can you work out a way of doing this? I already look through the body
looking for my signature. How can I work out if the message doesn't
belong to me but still not sign it?
I can't figure this one out, sorry.
>
> >Dave Jones wrote:
> >> Is there a way to make a rule conditional on a body content? Would an
> >> SA rule be required to get a hit on that score then take different
> action?
> >>
> >> What I am trying to do it only append the inline HTML signature only
> >> on the first outbound email for a particular domain. Currently the
> >> HTML signature is getting appended to the bottom of all outbound email
> >> (for my test email address) so if the email originates from the
> >> outside and I reply, then _my signature_ is being appended to the
> >> original bottom that _was not mine_.
> >>
> >> So I need to find a way to detect and append the inline HTML signature
> >> only to the first outbound email from my domain. Can this be done
> >> with some advanced rules based on SA scoring?
> >>
> >> I have searched with various keywords in the mailing list archive with
> >> no success.
> >>
> >> --
> .> Dave Jones
>
> >Jules
>
> --
> Dave Jones
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIakOEfZZRxQVtlQRAs3kAJ9lunqBxR8MjIWTvKAn20wKX2QJ4gCg06wc
WPimnJ9tWTEtHg+4dvDO2p0=
=FdcE
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From MailScanner at ecs.soton.ac.uk Wed May 7 14:06:07 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 14:06:34 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4821A93E.3040909@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pedro Bordin Hoffmann - [M]orpheus wrote:
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in
> Mailscanner. but it blocks my e-mail saying that the file exceeds the
> maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
That is to be expected. Binary files are Base64-encoded when added to
emails, which causes about a 4/3rds growth in size.
>
> Why mailscanner changed the size of file?
> When downloading the file it says the real size.
>
> Already try to uencode the message. But file size stay the same. It
> was a .doc file with a few images on it.
>
> Thanks al!
>
> Regards
> Pedro Bordin Hoffmann
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIalFEfZZRxQVtlQRAnIbAJ9ND9/dxwKrFfrqbYa+Zprdi9xEyQCfe6n8
I8pS8jkLC7wFi032s3k7vgA=
=jrx7
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From martinh at solidstatelogic.com Wed May 7 14:12:30 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed May 7 14:13:05 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <078715b17183654ba486a5617712c7c5@solidstatelogic.com>
Pedro
The 'file' may be 36GB but in order to get into and email you need to encode it. This adds 50% to the file, so a 36GB file will end up as a 54GB email.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Pedro Bordin Hoffmann -
> [M]orpheus
> Sent: 07 May 2008 13:33
> To: mailscanner@lists.mailscanner.info
> Subject: Mailscanner changing the size of attachment
>
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
> but it blocks my e-mail saying that the file exceeds the maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
> When downloading the file it says the real size.
>
> Already try to uencode the message. But file size stay the same. It was a
> .doc file with a few images on it.
>
> Thanks al!
>
> Regards
> Pedro Bordin Hoffmann
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
From theodrake at comcast.net Wed May 7 14:31:55 2008
From: theodrake at comcast.net (Ed)
Date: Wed May 7 14:32:49 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4821AF4B.2020300@comcast.net>
Pedro Bordin Hoffmann - [M]orpheus wrote:
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in
> Mailscanner. but it blocks my e-mail saying that the file exceeds the
> maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
This isn't caused by Mailscanner its just the effect of sending a binary
file using SMTP.
From pedro.hoffmann at gmail.com Wed May 7 15:27:38 2008
From: pedro.hoffmann at gmail.com (Pedro Bordin Hoffmann - [M]orpheus)
Date: Wed May 7 15:28:13 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <4821AF4B.2020300@comcast.net>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
<4821AF4B.2020300@comcast.net>
Message-ID: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
So the answer is becouse it encode the messages?
Is there a way to fix it?
Will he always change de real file size?
thanks
2008/5/7 Ed :
> Pedro Bordin Hoffmann - [M]orpheus wrote:
>
> > Hello.
> >
> > I'm using Mailscanner, postfix, and spamassassin.
> >
> > I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
> > but it blocks my e-mail saying that the file exceeds the maximum size.
> > I enter in quarantine and it shows up almost 50MB the file.
> >
> > Why mailscanner changed the size of file?
> >
> This isn't caused by Mailscanner its just the effect of sending a binary
> file using SMTP.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080507/66505194/attachment.html
From martinh at solidstatelogic.com Wed May 7 15:44:27 2008
From: martinh at solidstatelogic.com (Martin.Hepworth)
Date: Wed May 7 15:45:04 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
Message-ID:
This is how files are transmitted my email. You have to convert 'binary' files into ascii which is how email works.
Therefore the file 'grows' by 50% when in an email.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-
> bounces@lists.mailscanner.info] On Behalf Of Pedro Bordin Hoffmann -
> [M]orpheus
> Sent: 07 May 2008 15:28
> To: MailScanner discussion
> Subject: Re: Mailscanner changing the size of attachment
>
> So the answer is becouse it encode the messages?
> Is there a way to fix it?
>
> Will he always change de real file size?
>
> thanks
>
> 2008/5/7 Ed :
>
>
> Pedro Bordin Hoffmann - [M]orpheus wrote:
>
>
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in
> Mailscanner. but it blocks my e-mail saying that the file exceeds the
> maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
>
>
> This isn't caused by Mailscanner its just the effect of sending a
> binary file using SMTP.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
From MailScanner at ecs.soton.ac.uk Wed May 7 15:55:54 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 15:56:59 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com> <4821AF4B.2020300@comcast.net>
<21be6cae0805070727l39a58c38le06aa33c5089a96b@mail.gmail.com>
Message-ID: <4821C2FA.3040504@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pedro Bordin Hoffmann - [M]orpheus wrote:
> So the answer is becouse it encode the messages?
Yes.
> Is there a way to fix it?
No. That's how email works. Get used to it :-)
>
> Will he always change de real file size?
>
> thanks
> 2008/5/7 Ed >:
>
> Pedro Bordin Hoffmann - [M]orpheus wrote:
>
> Hello.
>
> I'm using Mailscanner, postfix, and spamassassin.
>
> I attached a file with 36 MB, and I have limit of 40 MB in
> Mailscanner. but it blocks my e-mail saying that the file
> exceeds the maximum size.
> I enter in quarantine and it shows up almost 50MB the file.
>
> Why mailscanner changed the size of file?
>
> This isn't caused by Mailscanner its just the effect of sending a
> binary file using SMTP.
>
>
> --
> MailScanner mailing list
> mailscanner@lists.mailscanner.info
>
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIcMAEfZZRxQVtlQRAiWBAKDU/+64rmw/tJZKU8SUA4NBJdd7mwCfbK72
yJkf11jSspHG0DH18nQu3b0=
=GDP/
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From dstraka at caspercollege.edu Wed May 7 17:27:34 2008
From: dstraka at caspercollege.edu (Daniel Straka)
Date: Wed May 7 17:28:25 2008
Subject: Will Watermarking Stop Backscatter?
References: <482182550200000000028138@gw.caspercollege.edu>
<482182C5020000000002813A@gw.caspercollege.edu>
<482182D4020000000002813C@gw.caspercollege.edu>
<482182EB020000000002813E@gw.caspercollege.edu>
<4821831C0200000000028140@gw.caspercollege.edu>
<4821837F0200000000028142@gw.caspercollege.edu>
<482184160200000000028145@gw.caspercollege.edu>
Message-ID: <48218415.61A4.0000.0@caspercollege.edu>
Backscatter is becoming a real nuisance here. Can I stop it with MailScanner? I did a "backscatter" search on the MS wiki but that yielded nothing. How are all of you dealing with backscatter?
I've read some comments from the list and I'm trying to decipher if watermarking will stop backscatter. It sounds hit-n-miss from the recent list postings. Was it added as a feature to stop backscatter? How does MailScanner know if a message is a bounce or not?
Thanks in advance...
--
Dan Straka
Systems Coordinator
Casper College
www.caspercollege.edu ( http://www.caspercollege.edu/ )
From spamlists at coders.co.uk Wed May 7 17:41:23 2008
From: spamlists at coders.co.uk (Matt Hampton)
Date: Wed May 7 17:43:06 2008
Subject: Conditional rule based on content information
In-Reply-To: <4821A90A.1070802@ecs.soton.ac.uk>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
<4821A90A.1070802@ecs.soton.ac.uk>
Message-ID: <4821DBB3.8020405@coders.co.uk>
Julian Field wrote:
> Can you work out a way of doing this? I already look through the body
> looking for my signature. How can I work out if the message doesn't
> belong to me but still not sign it?
> I can't figure this one out, sorry.
>
Jules - can you not do a simple test for "in-reply-to"?
matt
From blazek at lake-coe.k12.ca.us Wed May 7 17:55:45 2008
From: blazek at lake-coe.k12.ca.us (King, Blaze)
Date: Wed May 7 17:56:21 2008
Subject: Blacklist by subject
In-Reply-To: <48218415.61A4.0000.0@caspercollege.edu>
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu>
<48218415.61A4.0000.0@caspercollege.edu>
Message-ID:
I think this ability was added in a recent release, but now I can't find
it in the changelogs... I need to blacklist by subject. I'm running
MailScanner 4.67.3. Is that function added in one of the newer
versions?
Blaze King
Lake County Office of Education
From MailScanner at ecs.soton.ac.uk Wed May 7 18:33:38 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 18:34:34 2008
Subject: Blacklist by subject
In-Reply-To:
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu> <48218415.61A4.0000.0@caspercollege.edu>
Message-ID: <4821E7F2.9060100@ecs.soton.ac.uk>
King, Blaze wrote:
> I think this ability was added in a recent release, but now I can't find
> it in the changelogs... I need to blacklist by subject. I'm running
> MailScanner 4.67.3. Is that function added in one of the newer
> versions?
>
You can do this with a SpamAssassin rule to detect the subject keywords
you're looking for, and then use the "SpamAssassin Rule Actions" setting
in MailScanner.conf to make those rules cause the "delete" or
"not-deliver" action.
Hopefully that's enough to get you started!
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From lists at tippingmar.com Wed May 7 20:05:29 2008
From: lists at tippingmar.com (Mark Nienberg)
Date: Wed May 7 20:06:14 2008
Subject: Watermarking action problem?
In-Reply-To: <48217FB7.9050505@ecs.soton.ac.uk>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr> <48209414.2030407@tippingmar.com> <48209C52.2020200@ecs.soton.ac.uk> <4820CEF8.7060705@tippingmar.com>
<48217FB7.9050505@ecs.soton.ac.uk>
Message-ID: <4821FD79.5000304@tippingmar.com>
Julian Field wrote:
>
>> Pardon, I didn't mean to hijack this thread. The original message was
>> attached and it contains the watermark. The details with an example
>> are in the original thread:
>>
>> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>>
>> Mark
>>
> Sorry, that's no use. Without the original sender details and everything
> there as originally given in the message, I can't test the watermark at
> all. Sorry.
>
>
It is reproducible for me if I send to a bad address at certain
domains. Would you mind sending a message to
somebadaddress at arup dot com
and see if you trigger the bad watermark test?
Thanks,
Mark
From MailScanner at ecs.soton.ac.uk Wed May 7 21:41:10 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Wed May 7 21:42:10 2008
Subject: Watermarking action problem?
In-Reply-To: <4821FD79.5000304@tippingmar.com>
References: <481EC69F.2090808@tradoc.fr> <48201DCF.4040506@tradoc.fr> <48209414.2030407@tippingmar.com> <48209C52.2020200@ecs.soton.ac.uk> <4820CEF8.7060705@tippingmar.com> <48217FB7.9050505@ecs.soton.ac.uk>
<4821FD79.5000304@tippingmar.com>
Message-ID: <482213E6.8080305@ecs.soton.ac.uk>
Mark Nienberg wrote:
> Julian Field wrote:
>>
>>> Pardon, I didn't mean to hijack this thread. The original message
>>> was attached and it contains the watermark. The details with an
>>> example are in the original thread:
>>>
>>> http://article.gmane.org/gmane.mail.virus.mailscanner/63214
>>>
>>> Mark
>>>
>> Sorry, that's no use. Without the original sender details and
>> everything there as originally given in the message, I can't test the
>> watermark at all. Sorry.
>>
>>
> It is reproducible for me if I send to a bad address at certain
> domains. Would you mind sending a message to
>
> somebadaddress at arup dot com
>
> and see if you trigger the bad watermark test?
Sure.
>
> Thanks,
> Mark
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules@Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From hvdkooij at vanderkooij.org Thu May 8 06:50:22 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 8 06:51:07 2008
Subject: MS+Postfix, Selective HOLD
In-Reply-To: <200805070940.m479e1E7018876@safir.blacknight.ie>
References: <47F88A2D.9060508@vanderkooij.org> <223f97700804061238jd43245bhb766df569190555f@mail.gmail.com> <48005D32.3040802@vanderkooij.org> <223f97700804120759o7d47f9c2pd56c6ea00cc9040@mail.gmail.com> <223f97700804120801v71b8a995x17e0273d1ac268ab@mail.gmail.com> <48012788.8070401@vanderkooij.org> <223f97700804121623r7d25cf35oc8df5bc9ca17ce70@mail.gmail.com> <4801CE96.8060202@vanderkooij.org><223f97700804130312r26f8b461h4f06142aa3212754@mail.gmail.com>
<200805070940.m479e1E7018876@safir.blacknight.ie>
Message-ID: <4822949E.70106@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stef Morrell wrote:
|> -----Original Message-----
|> From: mailscanner-bounces@lists.mailscanner.info
|> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf
|> Of Hugo van der Kooij
|> Sent: 14 April 2008 06:47
|>
|> Well. I am not a wiki kind of person. So I just added it to
|> my MailScanner page:
|> http://hugo.vanderkooij.org/email/mailscanner.htm#HOLD
|>
|
| Do you perchance have a similar method whereby one can bypass email
| *from* certain senders?
Any access list you put in there with a OK instead of a HOLD will do the
trick.
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIIpSdBvzDRVjxmYERAhueAJ0WfxKicTk93l8dWwxawArYye7lLwCgsye+
mjFNppxdZBZn6AzP+Be0ZcU=
=1SIX
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org Thu May 8 06:54:06 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 8 06:54:17 2008
Subject: Mailscanner changing the size of attachment
In-Reply-To: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
References: <21be6cae0805070532l7958c07x6674543fa9569ded@mail.gmail.com>
Message-ID: <4822957E.3050304@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pedro Bordin Hoffmann - [M]orpheus wrote:
| Hello.
|
| I'm using Mailscanner, postfix, and spamassassin.
|
| I attached a file with 36 MB, and I have limit of 40 MB in Mailscanner.
| but it blocks my e-mail saying that the file exceeds the maximum size.
| I enter in quarantine and it shows up almost 50MB the file.
|
| Why mailscanner changed the size of file?
| When downloading the file it says the real size.
|
| Already try to uencode the message. But file size stay the same. It was
| a .doc file with a few images on it.
The following article is mandatory reading material:
http://email.about.com/cs/standards/a/base64_encoding.htm
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIIpV9BvzDRVjxmYERAvdpAKCNm2b5IGFOxxOkhsEnfwaTOwvJXgCfWKRC
oXwAQ14x7p32cEwVuRPkXS4=
=+OH9
-----END PGP SIGNATURE-----
From hvdkooij at vanderkooij.org Thu May 8 06:57:47 2008
From: hvdkooij at vanderkooij.org (Hugo van der Kooij)
Date: Thu May 8 06:57:56 2008
Subject: Blacklist by subject
In-Reply-To:
References: <482182550200000000028138@gw.caspercollege.edu><482182C5020000000002813A@gw.caspercollege.edu><482182D4020000000002813C@gw.caspercollege.edu><482182EB020000000002813E@gw.caspercollege.edu><4821831C0200000000028140@gw.caspercollege.edu><4821837F0200000000028142@gw.caspercollege.edu><482184160200000000028145@gw.caspercollege.edu> <48218415.61A4.0000.0@caspercollege.edu>
Message-ID: <4822965B.5030803@vanderkooij.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
King, Blaze wrote:
| I think this ability was added in a recent release, but now I can't find
| it in the changelogs... I need to blacklist by subject. I'm running
| MailScanner 4.67.3. Is that function added in one of the newer
| versions?
If you run postfix you can also do this in the MTA. I kill everything
that contains subject headers with charactersets I am un able to read
anyway.
Hugo.
- --
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIIpZZBvzDRVjxmYERAvdzAJ4woGg9Ak/iksLfya5kk8ftDT2pEgCfWGOG
HPbcjgyF+A7KqALWtRDyiQk=
=QwDq
-----END PGP SIGNATURE-----
From MailScanner at ecs.soton.ac.uk Thu May 8 10:26:34 2008
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu May 8 10:27:33 2008
Subject: Conditional rule based on content information
In-Reply-To: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
References: <67a55ed50805070416w7e47ff46nfe2d9d84b9c0b9cc@mail.gmail.com>
Message-ID: <4822C74A.4020808@ecs.soton.ac.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Jones wrote:
> >It's in the latest releases. Here's the relevant chunk from
> >MailScanner.conf:
>
> ># This option can be used to stop any duplication of en email signature
> ># appearing in the HTML of an email message. It looks for the "alt"
> ># attribute in the tag specifying the image to be inserted int the
> ># HTML signature. If you want to use this option without inserting an
> image
> ># into the signature, simply specify an tag without a "src"
> attribute.
> >#
> ># If the "alt" tag appears, and contains the word "MailScanner" and the
> ># word "Signature" and the %org-name% you specified at the top of
> this file,
> ># then the message is considered to already be signed. If this option is
> ># also set to "yes", then it will not be signed again. Multiple image
> ># signatures at the bottom of a message can make the message very
> large and
> ># ugly once it has been replied to a couple of times.
> ># This can also be the filename of a ruleset.
> >Allow Multiple HTML Signatures = no
>
> >This should do exactly what you're looking for. If it doesn't then let
> >me know and I'll see what adjustments can be made.
> You added this feature for me and it is working great. We are only
> getting one signature. If we send the first email out, then
> everything looks great -- our logo/slogan is appended to the bottom of
> our email. The situation I am trying to prevent is when the first
> email is sent inbound and we reply/forward causing our logo/slogan to
> be added to the bottom of the original external person's email. It
> makes things appear that xyz.com (external company)
> has our abc.com logo/slogan.
>
> All I need now it to be able to detect an original email based on
> something in the headers or body so I can make the signature rule
> conditional on this.
I've done this for you. You give it a list of header names. If it finds
any of them in the headers of the message, it decides it's actually a
reply and won't attach the HTML signature to it. Is that okay?
>
> >Dave Jones wrote:
> >> Is there a way to make a rule conditional on a body content? Would an
> >> SA rule be required to get a hit on that score then take different
> action?
> >>
> >> What I am trying to do it only append the inline HTML signature only
> >> on the first outbound email for a particular domain. Currently the
> >> HTML signature is getting appended to the bottom of all outbound email
> >> (for my test email address) so if the email originates from the
> >> outside and I reply, then _my signature_ is being appended to the
> >> original bottom that _was not mine_.
> >>
> >> So I need to find a way to detect and append the inline HTML signature
> >> only to the first outbound email from my domain. Can this be done
> >> with some advanced rules based on SA scoring?
> >>
> >> I have searched with various keywords in the mailing list archive with
> >> no success.
> >>
> >> --
> .> Dave Jones
>
> >Jules
>
> --
> Dave Jones
Jules
- --
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1
wj8DBQFIIsdLEfZZRxQVtlQRAuYTAKD8McOaXald/DIz55Zu4N/jQ9QsTwCffdKs
r1bbaJXusO4sFn7TfEh40pA=
=E4vm
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
From jlmiller at mmtnetworks.com.au Thu May 8 12:22:19 2008
From: jlmiller at mmtnetworks.com.au (Jon L. Miller)
Date: Thu May 8 12:23:13 2008
Subject: attachments embedded in mail
Message-ID: <2470.202.89.176.40.1210245739.squirrel@webmail.mmtnetworks.com.au>
For some reason whenever an email is marked as SPAM it's attachment is
embedded in the mail. When we discover a false postive and go to release
it through MailWatch the enduser has an unreadable email. Is there a
setting that can keep the attachments as they were originally? I store
the SPAM for up to 14 days before I delete them.
example:
mail:/var/spool/MailScanner/quarantine/20080507/spam# cat
66E29150006.782A7 | more
C? 5488117 670 2
0T1210140966 418440Acreate_time=1210140966Arew
rite_context=remoteSrancore@iinet.net.auA!log_client_address=203.153.242.20A*log_message_origin=unknown[203.15
3.242.20]A$log_helo_name=pmx.mmtnetworks.com.auAlog_protocol_name=ESMTPAclient_name=unknownA-reverse_client_na
me=242.20-dslgw.amnet.net.auAclient_address=203.153.242.20A
helo_name=pmx.mmtnetworks.com.auAclient_address_ty
pe=2A0dsn_orig_rcpt=rfc822;soniaf@sothertons-wa.com.auOoniaf@sothertons-wa.com.auRoniaf@sothertons-wa.com.au
A0dsn_orig_rcpt=rfc822;Stacey@sothertons-wa.com.auOtacey@sothertons-wa.com.auRtacey@sothertons-wa.com.auMN@R
eceived: from pmx.mmtnetworks.com.au (unknown [203.153.242.20])N@ by
mail.mmtnetworks.com.au (Postfix) w
ith ESMTP id 66E29150006;N& Wed, 7 May 2008 14:16:06 +0800
(WST)NqReceived: from outbound.icp-qv1-irony-o
ut1.iinet.net.au (outbound.icp-qv1-irony-out1.iinet.net.au
[203.59.1.108])NH by pmx.mmtnetworks.com.au (8.1
3.8/8.13.8) with ESMTP id m475nHpZ031839;N Wed, 7 May 2008 13:49:18
+0800N% (envelope-from rancore
@iinet.net.au)N1X-IronPort-AV: E=Sophos;i="4.27,446,1204470000"; N&
d="qbb'?scan'208,217";a="325419110"NN*Reply-To: "Rancor
e" N&From: "Rancore" N2To:
"Stacey Dymock" ,N- "Sonia" NSubject: TUSCOM
GROUPN$Date: Wed, 7 May 2008 13:31:19 +
0800NOrganization: Rancore Pty LtdNMIME-Version: 1.0NContent-Type:
multipart/mixed;N5 boundary="----=_NextPa
X-Priority: 3NX-MSMail-Priority: NormalN2X-Mailer: Microsoft Outlook
Express 6.00.2900.3138N8X-MimeOLE: Produc
ed By Microsoft MimeOLE V6.00.2900.3198NZX-PMX-Version: 5.4.2.338381,
Antispam-Engine: 2.6.0.325393, Antispam-
Data: 2008.5.6.113753NX-PMX-Spam: Gauge=IIIIIIII, Probability=8%,
Report='HTML_90_100 0.1, HTML_NO_HTTP 0.1, B
ODY_SIZE_10000_PLUS 0, USER_AGENT_OE 0, __CT 0, __CTYPE_HAS_BOUNDARY 0,
__CTYPE_MULTIPART 0, __FRAUD_419_SUBJ_
ALLCAPS 0, __HAS_MSGID 0, __HAS_MSMAIL_PRI 0, __HAS_X_MAILER 0,
__HAS_X_PRIORITY 0, __LINES_OF_YELLING 0, __MI
ME_HTML 0, __MIME_VERSION 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0,
__USER_AGENT_MS_GENERIC 0'NN,This is a multi
-part message in MIME
format.NN+------=_NextPart_000_002B_01C8B046.A21A6FE0N$Content-Type:
multipart/alternati
ve;N5
boundary="----=_NextPart_001_002C_01C8B046.A21A6FE0"NNN+------=_NextPart_001_002C_01C8B046.A21A6FE0NCo
ntent-Type: text/plain;N
charset="iso-8859-1"N+Content-Transfer-Encoding: quoted-printableNNREGARDS
KA
MALN+------=_NextPart_001_002C_01C8B046.A21A6FE0NContent-Type: text/html;N
charset="iso-8859-1"N+Content-
Transfer-Encoding: quoted-printableNN>N^L<
HEAD>N7N:NNNN0REGARDS =N
KAMAL