{Disarmed} Watermarking not working
BlaaT 0001
blaat0001 at gmail.com
Fri Oct 31 10:28:56 GMT 2008
Our failover host is running on MailScanner-4.71.10-1 and is showing the
exact same behaviour. The only difference between our primaire node and
failover node is the MailScanner version.
The fix for watermarking has not made a difference on our machines
unfortunately.
Thanks for the reply.
On Fri, Oct 31, 2008 at 10:48 AM, Martin.Hepworth <
martinh at solidstatelogic.com> wrote:
> Hi
>
> there was a fix for watermarking in 4.71.6, but as Julian's about to pop
> out a new stable in the 48 hours mught be worth hanging on for that,.
>
> also I don't see the watermark in the header that messagelabs rejected.
> looks like they are bouncing not rejecting..
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> ------------------------------
> *From:* mailscanner-bounces at lists.mailscanner.info [mailto:
> mailscanner-bounces at lists.mailscanner.info] *On Behalf Of *BlaaT 0001
> *Sent:* 31 October 2008 09:39
> *To:* MailScanner discussion
> *Subject:* {Disarmed} Watermarking not working
>
> Hello all,
>
> I'm still having problems using watermarking. My MailScanner settings
> related to watermarking are:
>
> Use Watermarking = yes
> Add Watermark = %rules-dir%/add.watermark.rules
> Check Watermarks With No Sender =
> %rules-dir%/check.watermarks.with.no.sender.rules
> Treat Invalid Watermarks With No Sender as Spam = 20
> Check Watermarks To Skip Spam Checks = no
> Watermark Secret = ***************
> Watermark Lifetime = 604800
> Watermark Header = X-%org-name%-WM:
>
> We add a watermark on outgoing mail, and we check incoming mail on
> watermarks (using the rulesets).
>
> Every "no sender" mail gets marked by the watermarking feature, from the
> logfile:
>
> Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390
> had bad watermark, added 20 to spam score
> Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390
> from *MailScanner warning: numerical links are often malicious:*194.106.220.35<http://194.106.220.35>() to ourdomain.tld is spam (no watermark or sender address), SpamAssassin
> (score=0, vereist 20, autolearn=disabled)
>
> This was a legit bounce mail, a response to a mail send from our
> MailScanner machine with a watermark attached.
>
> This is the full message:
>
> ----------------------------------------------------------------
>
> Received: from mail91.messagelabs.com (mail91.messagelabs.com [*MailScanner
> warning: numerical links are often malicious:* 194.106.220.35<http://194.106.220.35>
> ])
> by mailscan02.ourdomain.tld (Postfix) with ESMTP id 720DF48F44B
> for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:26 +0100 (CET)
> X-VirusChecked: Checked
> X-Msg-Ref: server-7.tower-91.messagelabs.com!1225438765!40564331!1
> X-StarScan-Version: 5.5.12.14.2; banners=-,-,-
> X-Originating-IP: [*MailScanner warning: numerical links are often
> malicious:* 77.94.249.25 <http://77.94.249.25>]
> X-SpamReason: No, hits=0.0 required=7.0 tests=
> Received: (qmail 30403 invoked from network); 31 Oct 2008 07:39:25 -0000
> Received: from net3-nl-smtp-01.vevida.net (HELO net3-nl-smtp-01.vevida.net)
> (*MailScanner warning: numerical links are often malicious:* 77.94.249.25<http://77.94.249.25>
> )
> by server-7.tower-91.messagelabs.com with AES256-SHA encrypted SMTP; 31
> Oct 2008 07:39:25 -0000
> Received: from net3-nl-mail-02.vevida.net (net3-nl-mail-02.vevida.net [*MailScanner
> warning: numerical links are often malicious:* 77.94.249.24<http://77.94.249.24>
> ])
> by net3-nl-smtp-01.vevida.net (Postfix) with ESMTP id 3976B2EC542
> for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
> Received: by net3-nl-mail-02.vevida.net (Postfix, from userid 8)
> id 3793E35002B; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
> Message-ID: <dovecot-1225438765-217569-0 at net3-nl-mail-02.vevida.net>
> Date: Fri, 31 Oct 2008 08:39:25 +0100
> From: Mail Delivery Subsystem <postmaster at vevida.net>
> To: <ra.user at ourdomain.tld>
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=disposition-notification;
> boundary="21397/net3-nl-mail-02.vevida.net"
> Subject: Automatically rejected mail
> Auto-Submitted: auto-replied (rejected)
> Precedence: bulk
>
> This is a MIME-encapsulated message
>
> --21397/net3-nl-mail-02.vevida.net
> Content-Type: text/plain; charset=utf-8
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> Your message to <newz at raar-nieuws.nl> was automatically rejected:
> Quota exceeded
> --21397/net3-nl-mail-02.vevida.net
> Content-Type: message/disposition-notification
>
> Reporting-UA: net3-nl-mail-02.vevida.net; Dovecot Mail Delivery Agent
> Final-Recipient: rfc822; newz at raar-nieuws.nl
> Original-Message-ID:
> <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
> Disposition: automatic-action/MDN-sent-automatically; deleted
>
> --21397/net3-nl-mail-02.vevida.net
> Content-Type: message/rfc822
>
> Return-Path: <ra.user at ourdomain.tld>
> Delivered-To: newz at raar-nieuws.nl
> Received: from net3-nl-mx-03.vevida.net (net3-nl-mx-03.vevida.net [*MailScanner
> warning: numerical links are often malicious:* 77.94.249.31<http://77.94.249.31>
> ])
> by net3-nl-mail-02.vevida.net (Postfix) with ESMTP id 332F8350029
> for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
> X-Virus-Scanned: amavisd-new at vevida.net
> X-Spam-Status: No, score=0.202 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1,
> HTML_MESSAGE=0.001, UNPARSEABLE_RELAY=0.001, VBOUNCE_MESSAGE=0.1]
> Received: from mail.ourdomain.tld (mail.ourdomain.tld [our.ip.add.ress])
> by net3-nl-mx-03.vevida.net (Postfix) with ESMTP id 38DB8976BC
> for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:24 +0100 (CET)
> Received: from sgmg.ourdomain.tld (sgmg.ourdomain.tld [*MailScanner
> warning: numerical links are often malicious:* 10.2.10.109<http://10.2.10.109>
> ])
> by mailscan02.ourdomain.tld (Postfix) with ESMTP id B76B148F448
> Received: (from smtpd at 127.0.0.1) by sgmg.prdf.nl (8.13.8/8.13.8)
> id m9V7dJj1022834 for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008
> 08:39:19 +0100
> Received: from unknown [*MailScanner warning: numerical links are often
> malicious:* 10.2.10.114 <http://10.2.10.114>] by gateway id
> /processing/kwlCeRw3; Fri Oct 31 08:39:19 2008
> MIME-Version: 1.0
> X-MimeOLE: Produced By Microsoft Exchange V6.5
> Subject: Out of Office AutoReply: RaaR - muziek op zondag - Jazz au Foyer
> Date: Fri, 31 Oct 2008 08:39:18 +0100
> Message-ID:
> <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: RaaR - muziek op zondag - Jazz au Foyer
> Thread-Index: Ack7K8SpBsNSNiAkRmq5jBTFlWpQiwAAAOPO
> From: "User, R" <ra.user at ourdomain.tld>
> To: "RaaR eten & drinken" <newz at raar-nieuws.nl>
> Content-class: urn:content-classes:message
> X-ORG-WM: 1226043563.0392 at OUzi9liSBFaJtjtI7nMePQ
> X-ORG: Clean
> ----------------------------------------------------------------
>
> We're using a third party to scan our email and forward it to us. We use
> MailScanner to filter out marked messages (spam header), we don't do much
> spam-scanning ourselves, just the default SpamAssassin ruleset without any
> dns checks. All our outgoing mail is relayed through the MailScanner machine
> and then delivered directly to the receiver's mailserver.
>
> We're using Postfix 2.5.1 as a MTA on an OpenBSD 4.3 machine.
>
> -bash-3.2# /opt/MailScanner/bin/MailScanner -v
> Running on
> OpenBSD mailscan02.ourdomain.tld 4.3 GENERIC#698 i386
> This is Perl version 5.008008 (5.8.8)
>
> This is MailScanner version 4.70.7
> Module versions are:
> 1.00 AnyDBM_File
> 1.23 Archive::Zip
> 0.21 bignum
> 1.04 Carp
> 2.008 Compress::Zlib
> 1.119 Convert::BinHex
> 0.17 Convert::TNEF
> 2.121_08 Data::Dumper
> 2.27 Date::Parse
> 1.00 DirHandle
> 1.05 Fcntl
> 2.74 File::Basename
> 2.09 File::Copy
> 2.01 FileHandle
> 1.08 File::Path
> 0.19 File::Temp
> 0.90 Filesys::Df
> 1.35 HTML::Entities
> 3.56 HTML::Parser
> 2.37 HTML::TokeParser
> 1.23 IO
> 1.14 IO::File
> 1.13 IO::Pipe
> 2.02 Mail::Header
> 1.86 Math::BigInt
> 0.19 Math::BigRat
> 3.07 MIME::Base64
> 5.425 MIME::Decoder
> 5.425 MIME::Decoder::UU
> 5.425 MIME::Head
> 5.425 MIME::Parser
> 3.07 MIME::QuotedPrint
> 5.425 MIME::Tools
> 0.11 Net::CIDR
> 1.25 Net::IP
> 0.16 OLE::Storage_Lite
> 1.04 Pod::Escapes
> 3.05 Pod::Simple
> 1.09 POSIX
> 1.19 Scalar::Util
> 1.78 Socket
> 2.16 Storable
> 1.4 Sys::Hostname::Long
> 0.18 Sys::Syslog
> 1.26 Test::Pod
> 0.7 Test::Simple
> 1.9707 Time::HiRes
> 1.02 Time::localtime
>
> Optional module versions are:
> 1.36 Archive::Tar
> 0.21 bignum
> missing Business::ISBN
> missing Business::ISBN::Data
> missing Data::Dump
> 1.814 DB_File
> 1.14 DBD::SQLite
> 1.59 DBI
> 1.14 Digest
> 1.01 Digest::HMAC
> 2.36 Digest::MD5
> 2.11 Digest::SHA1
> missing Encode::Detect
> missing Error
> missing ExtUtils::CBuilder
> missing ExtUtils::ParseXS
> 2.36 Getopt::Long
> missing Inline
> 1.08 IO::String
> 1.08 IO::Zlib
> missing IP::Country
> missing Mail::ClamAV
> 3.002004 Mail::SpamAssassin
> missing Mail::SPF
> 1.999001 Mail::SPF::Query
> missing Module::Build
> 0.20 Net::CIDR::Lite
> 0.63 Net::DNS
> missing Net::DNS::Resolver::Programmable
> missing Net::LDAP
> missing NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 2.64 Test::Harness
> missing Test::Manifest
> 1.95 Text::Balanced
> 1.35 URI
> missing version
> missing YAML
>
> What could be causing this? Why isn't watermarking working properly?
> Any help is much appreciated!
>
> Cheers.
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081031/fc4828b5/attachment.html
More information about the MailScanner
mailing list