{Disarmed} Watermarking not working
Martin.Hepworth
martinh at solidstatelogic.com
Fri Oct 31 09:48:13 GMT 2008
Hi
there was a fix for watermarking in 4.71.6, but as Julian's about to pop out a new stable in the 48 hours mught be worth hanging on for that,.
also I don't see the watermark in the header that messagelabs rejected. looks like they are bouncing not rejecting..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
_____
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of BlaaT 0001
Sent: 31 October 2008 09:39
To: MailScanner discussion
Subject: {Disarmed} Watermarking not working
Hello all,
I'm still having problems using watermarking. My MailScanner settings related to watermarking are:
Use Watermarking = yes
Add Watermark = %rules-dir%/add.watermark.rules
Check Watermarks With No Sender = %rules-dir%/check.watermarks.with.no.sender.rules
Treat Invalid Watermarks With No Sender as Spam = 20
Check Watermarks To Skip Spam Checks = no
Watermark Secret = ***************
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-WM:
We add a watermark on outgoing mail, and we check incoming mail on watermarks (using the rulesets).
Every "no sender" mail gets marked by the watermarking feature, from the logfile:
Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390 had bad watermark, added 20 to spam score
Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390 from <http://194.106.220.35> MailScanner warning: numerical links are often malicious: 194.106.220.35 () to ourdomain.tld is spam (no watermark or sender address), SpamAssassin (score=0, vereist 20, autolearn=disabled)
This was a legit bounce mail, a response to a mail send from our MailScanner machine with a watermark attached.
This is the full message:
----------------------------------------------------------------
Received: from mail91.messagelabs.com (mail91.messagelabs.com [ <http://194.106.220.35> MailScanner warning: numerical links are often malicious: 194.106.220.35])
by mailscan02.ourdomain.tld (Postfix) with ESMTP id 720DF48F44B
for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:26 +0100 (CET)
X-VirusChecked: Checked
X-Msg-Ref: server-7.tower-91.messagelabs.com!1225438765!40564331!1
X-StarScan-Version: 5.5.12.14.2; banners=-,-,-
X-Originating-IP: [ <http://77.94.249.25> MailScanner warning: numerical links are often malicious: 77.94.249.25]
X-SpamReason: No, hits=0.0 required=7.0 tests=
Received: (qmail 30403 invoked from network); 31 Oct 2008 07:39:25 -0000
Received: from net3-nl-smtp-01.vevida.net (HELO net3-nl-smtp-01.vevida.net) ( <http://77.94.249.25> MailScanner warning: numerical links are often malicious: 77.94.249.25)
by server-7.tower-91.messagelabs.com with AES256-SHA encrypted SMTP; 31 Oct 2008 07:39:25 -0000
Received: from net3-nl-mail-02.vevida.net (net3-nl-mail-02.vevida.net [ <http://77.94.249.24> MailScanner warning: numerical links are often malicious: 77.94.249.24])
by net3-nl-smtp-01.vevida.net (Postfix) with ESMTP id 3976B2EC542
for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
Received: by net3-nl-mail-02.vevida.net (Postfix, from userid 8)
id 3793E35002B; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
Message-ID: <dovecot-1225438765-217569-0 at net3-nl-mail-02.vevida.net>
Date: Fri, 31 Oct 2008 08:39:25 +0100
From: Mail Delivery Subsystem <postmaster at vevida.net>
To: <ra.user at ourdomain.tld>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=disposition-notification;
boundary="21397/net3-nl-mail-02.vevida.net"
Subject: Automatically rejected mail
Auto-Submitted: auto-replied (rejected)
Precedence: bulk
This is a MIME-encapsulated message
--21397/net3-nl-mail-02.vevida.net
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Your message to <newz at raar-nieuws.nl> was automatically rejected:
Quota exceeded
--21397/net3-nl-mail-02.vevida.net
Content-Type: message/disposition-notification
Reporting-UA: net3-nl-mail-02.vevida.net; Dovecot Mail Delivery Agent
Final-Recipient: rfc822; newz at raar-nieuws.nl
Original-Message-ID: <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
Disposition: automatic-action/MDN-sent-automatically; deleted
--21397/net3-nl-mail-02.vevida.net
Content-Type: message/rfc822
Return-Path: <ra.user at ourdomain.tld>
Delivered-To: newz at raar-nieuws.nl
Received: from net3-nl-mx-03.vevida.net (net3-nl-mx-03.vevida.net [ <http://77.94.249.31> MailScanner warning: numerical links are often malicious: 77.94.249.31])
by net3-nl-mail-02.vevida.net (Postfix) with ESMTP id 332F8350029
for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: No, score=0.202 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1,
HTML_MESSAGE=0.001, UNPARSEABLE_RELAY=0.001, VBOUNCE_MESSAGE=0.1]
Received: from mail.ourdomain.tld (mail.ourdomain.tld [our.ip.add.ress])
by net3-nl-mx-03.vevida.net (Postfix) with ESMTP id 38DB8976BC
for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:24 +0100 (CET)
Received: from sgmg.ourdomain.tld (sgmg.ourdomain.tld [ <http://10.2.10.109> MailScanner warning: numerical links are often malicious: 10.2.10.109])
by mailscan02.ourdomain.tld (Postfix) with ESMTP id B76B148F448
Received: (from smtpd at 127.0.0.1) by sgmg.prdf.nl (8.13.8/8.13.8)
id m9V7dJj1022834 for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:19 +0100
Received: from unknown [ <http://10.2.10.114> MailScanner warning: numerical links are often malicious: 10.2.10.114] by gateway id /processing/kwlCeRw3; Fri Oct 31 08:39:19 2008
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Out of Office AutoReply: RaaR - muziek op zondag - Jazz au Foyer
Date: Fri, 31 Oct 2008 08:39:18 +0100
Message-ID: <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: RaaR - muziek op zondag - Jazz au Foyer
Thread-Index: Ack7K8SpBsNSNiAkRmq5jBTFlWpQiwAAAOPO
From: "User, R" <ra.user at ourdomain.tld>
To: "RaaR eten & drinken" <newz at raar-nieuws.nl>
Content-class: urn:content-classes:message
X-ORG-WM: 1226043563.0392 at OUzi9liSBFaJtjtI7nMePQ
X-ORG: Clean
----------------------------------------------------------------
We're using a third party to scan our email and forward it to us. We use MailScanner to filter out marked messages (spam header), we don't do much spam-scanning ourselves, just the default SpamAssassin ruleset without any dns checks. All our outgoing mail is relayed through the MailScanner machine and then delivered directly to the receiver's mailserver.
We're using Postfix 2.5.1 as a MTA on an OpenBSD 4.3 machine.
-bash-3.2# /opt/MailScanner/bin/MailScanner -v
Running on
OpenBSD mailscan02.ourdomain.tld 4.3 GENERIC#698 i386
This is Perl version 5.008008 (5.8.8)
This is MailScanner version 4.70.7
Module versions are:
1.00 AnyDBM_File
1.23 Archive::Zip
0.21 bignum
1.04 Carp
2.008 Compress::Zlib
1.119 Convert::BinHex
0.17 Convert::TNEF
2.121_08 Data::Dumper
2.27 Date::Parse
1.00 DirHandle
1.05 Fcntl
2.74 File::Basename
2.09 File::Copy
2.01 FileHandle
1.08 File::Path
0.19 File::Temp
0.90 Filesys::Df
1.35 HTML::Entities
3.56 HTML::Parser
2.37 HTML::TokeParser
1.23 IO
1.14 IO::File
1.13 IO::Pipe
2.02 Mail::Header
1.86 Math::BigInt
0.19 Math::BigRat
3.07 MIME::Base64
5.425 MIME::Decoder
5.425 MIME::Decoder::UU
5.425 MIME::Head
5.425 MIME::Parser
3.07 MIME::QuotedPrint
5.425 MIME::Tools
0.11 Net::CIDR
1.25 Net::IP
0.16 OLE::Storage_Lite
1.04 Pod::Escapes
3.05 Pod::Simple
1.09 POSIX
1.19 Scalar::Util
1.78 Socket
2.16 Storable
1.4 Sys::Hostname::Long
0.18 Sys::Syslog
1.26 Test::Pod
0.7 Test::Simple
1.9707 Time::HiRes
1.02 Time::localtime
Optional module versions are:
1.36 Archive::Tar
0.21 bignum
missing Business::ISBN
missing Business::ISBN::Data
missing Data::Dump
1.814 DB_File
1.14 DBD::SQLite
1.59 DBI
1.14 Digest
1.01 Digest::HMAC
2.36 Digest::MD5
2.11 Digest::SHA1
missing Encode::Detect
missing Error
missing ExtUtils::CBuilder
missing ExtUtils::ParseXS
2.36 Getopt::Long
missing Inline
1.08 IO::String
1.08 IO::Zlib
missing IP::Country
missing Mail::ClamAV
3.002004 Mail::SpamAssassin
missing Mail::SPF
1.999001 Mail::SPF::Query
missing Module::Build
0.20 Net::CIDR::Lite
0.63 Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
missing NetAddr::IP
missing Parse::RecDescent
missing SAVI
2.64 Test::Harness
missing Test::Manifest
1.95 Text::Balanced
1.35 URI
missing version
missing YAML
What could be causing this? Why isn't watermarking working properly?
Any help is much appreciated!
Cheers.
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081031/8718bce9/attachment.html
More information about the MailScanner
mailing list