From brose at med.wayne.edu Sat Aug 1 03:42:48 2009 From: brose at med.wayne.edu (Rose, Bobby) Date: Sat Aug 1 03:43:16 2009 Subject: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity Message-ID: I have a ruleset for Is Definitely Not Spam and everything works fine except if that that address sends a message with more recipients than what is set for Ignore Spam Whitelist If Recipients Exceed. In that case, the message seems to get blacklisted. If the entry is removed from the whitelist ruleset, then the issue doesn't occur (but I'll still see the log entry saying that ignored whitelist. Has anyone else noticed this or is it just me and I have to keep digging for the reason? Thanks -=Bobby ________________________________ This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090731/9659089c/attachment.html From brose at med.wayne.edu Sat Aug 1 03:43:10 2009 From: brose at med.wayne.edu (Rose, Bobby) Date: Sat Aug 1 03:43:33 2009 Subject: MailScanner and Mailwatch 1.04 bug Message-ID: When a message is both detected as a virus and high scoring spam, Mailscanner seems to drop the virus report when the info is passed onto Mailwatch.pm. The virusinfected flag is passed but not the reports. Both virus and spam reports appear in the maillogs ok so this->{reports} must be set at some point. But it's just not getting passed on to the MailWatch.pm I threw in some debug stuff in Mailwatch.pm just to see if the info was getting that far and it's not. Any suggestions? ________________________________ This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090731/8727c1c7/attachment.html From davejones70 at gmail.com Sat Aug 1 03:57:29 2009 From: davejones70 at gmail.com (Dave Jones) Date: Sat Aug 1 03:57:40 2009 Subject: lstat() failed on: /mnt/ramdisk/... Message-ID: <67a55ed50907311957r3b0abfa8w85f06bbfe99e36e4@mail.gmail.com> >From June 24th: http://thread.gmane.org/gmane.mail.virus.mailscanner/71122/focus=71160 >> lstat() failed on: /mnt/ramdisk/31166/n5NC95S6028227/tnef.31166 > >Which version of MailScanner are you running? If you're using a version >< 4.76.24, and you only have tnef.* in your lstat errors, this is a >known bug. Upgrading to the latest MailScanner release will fix it (or >at least >= 4.76.24), as the tnef processing has been updated to correct >the permission errors. > >(see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for >reference, and "16 Fixed permissions and ownership problems with data >extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 >from http://www.mailscanner.info/ChangeLog). > > Cheers, >-Joshua I upgraded MailScanner to version 4.77.10-1 a few weeks ago and still have thousands of these errors in the maillog. I also changed my ramdisk to tmpfs (and rebooted to remove the ramdisk from memory). Is there something else that I could have wrong? -- Dave Jones From uxbod at splatnix.net Sat Aug 1 08:23:24 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Aug 1 08:23:52 2009 Subject: New beta release 4.78.3 -- "spam-viruses" In-Reply-To: Message-ID: <57875.221249111404870.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: > I have just released a new beta, the first in quite a while. > > This has one major re-arrangement done to it, in that the virus > scanning > is now done *before* the spam checking, instead of after it as it has > > always been in the past. This results in you virus-scanning all the > spam > you are about to delete, but for virtually all virus scanners the cost > > of scanning a few extra files is very minimal compared to the cost of > > running SpamAssassin on them anyway. So it won't make much difference > to > the speed at all. And you have the advantage that you won't be > spam-scanning viruses any more. > > The need for this is because... > > I have introduced a solution to the issue of what I am calling > "spam-viruses" which are messages detected as being spam by your > *virus* > scanner. At least ClamAV and F-Prot can do this now. Automatically > deleting mail which a third-party ClamAV signature database thinks is > > probably spam is not a very good idea, as there are false alarms which > > have bitten most of us in the past. > > So what you want is a way of assigning a spam score to different > "spam-viruses" so you can use the signature databases to varying > effect, > depending on what you think of their reliability. Some of the ClamAV > databases have far more false alarms (false positives) than others, as > > documented here: > http://www.sanesecurity.net/databases.htm > > So now a list of all the "spam-viruses" found in a message will be put > > in a new message header before the message is passed to SpamAssassin, > so > you can do everything from simply assigning a score if the header > exists > at all, to assigning different scores to different spam-viruses as you > > like. You can make it as simple or as complex as you choose. I have > given you a sample rule to start from in spam.assassin.prefs.conf. > > So you need to do 2 other things: > 1. Set the name of the header used for this: see the "Spam-Virus > Header" > setting in MailScanner.conf. > 2. Define what virus names are actually spam-viruses. See the "Virus > Names Which Are Spam" setting in MailScanner.conf. > > The second of those is given very simply. No regular expressions or > anything complicated like that, sorry. > You give a space-separated list of strings which are the names of the > > spam-viruses. > You can use the "*" wildcard character to mean "any number of zero or > > more characters", just like you do in filenames. You can use several > "*" > wildcards in each string, of course. > Other than that the string will be matched against the whole virus > name, > with a case sensitive match. > If you want to match just a sub-string of the virus name, put a "*" at > > the start and end of the string, such as in "*UNOFFICIAL*" for > example. > Two simple examples are "HTML/*" and "Sane*UNOFFICIAL" which are > hopefully both self-explanatory. > > For more information about these 2 settings, see the MailScanner.conf > file. > > I think this keeps the configuration nice and simple for most people, > > but allows the 0.1% of wizards to build really complex setups. > > If you strongly disagree with the way I have done it, please do let me > > know, this is only a beta so I can easily change it at this point > without upsetting anyone. :-) > > Hopefully you will find this a useful new feature, and that the cost > of > the code re-arrangement is not too high. > > Have a good weekend, and please let me know if you have any "issues" > with any of it! > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > I am sure the 0.1% of wizards will be hitting Amazon and sending something your way Jules ... Great work this is exactly what I needed :) Time to build up the new server and get installing :D Best Regards, -- SplatNIX IT Services :: Innovation through collaboration From uxbod at splatnix.net Sat Aug 1 16:37:59 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Aug 1 16:38:44 2009 Subject: Help on new install please ? Message-ID: <29925743.321249141079643.JavaMail.root@office.splatnix.net> Hi, Just installing a new mini-itx server with CentOS 5.3. Should I go with Julians Clam/SA tarball or use the repo ? Best Regards, -- SplatNIX IT Services :: Innovation through collaboration From maxsec at gmail.com Sat Aug 1 19:35:12 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sat Aug 1 19:35:22 2009 Subject: lstat() failed on: /mnt/ramdisk/... In-Reply-To: <67a55ed50907311957r3b0abfa8w85f06bbfe99e36e4@mail.gmail.com> References: <67a55ed50907311957r3b0abfa8w85f06bbfe99e36e4@mail.gmail.com> Message-ID: <72cf361e0908011135v7c64eb01k43968793ba89a674@mail.gmail.com> try changing the type of tnef scanner, if the external binary change it to the internal one and/or vice versa -- Martin Hepworth Oxford, UK 2009/8/1 Dave Jones > >From June 24th: > > http://thread.gmane.org/gmane.mail.virus.mailscanner/71122/focus=71160 > > >> lstat() failed on: /mnt/ramdisk/31166/n5NC95S6028227/tnef.31166 > > > >Which version of MailScanner are you running? If you're using a version > >< 4.76.24, and you only have tnef.* in your lstat errors, this is a > >known bug. Upgrading to the latest MailScanner release will fix it (or > >at least >= 4.76.24), as the tnef processing has been updated to correct > >the permission errors. > > > >(see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for > >reference, and "16 Fixed permissions and ownership problems with data > >extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 > >from http://www.mailscanner.info/ChangeLog). > > > > Cheers, > >-Joshua > > I upgraded MailScanner to version 4.77.10-1 a few weeks ago and still > have thousands of these errors in the maillog. > > I also changed my ramdisk to tmpfs (and rebooted to remove the ramdisk > from memory). > > Is there something else that I could have wrong? > > -- > Dave Jones > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090801/b1286ece/attachment.html From alex at rtpty.com Sat Aug 1 20:52:53 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Aug 1 20:53:04 2009 Subject: Help on new install please ? In-Reply-To: <29925743.321249141079643.JavaMail.root@office.splatnix.net> References: <29925743.321249141079643.JavaMail.root@office.splatnix.net> Message-ID: They're both good. I prefer the tarball, but using the repo gets clamd out of the way in an easier fashion, IMHO. On Aug 1, 2009, at 10:37 AM, --[ UxBoD ]-- wrote: > Just installing a new mini-itx server with CentOS 5.3. Should I go > with Julians Clam/SA tarball or use the repo ? -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From MailScanner at ecs.soton.ac.uk Sun Aug 2 12:48:47 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Aug 2 12:49:06 2009 Subject: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity In-Reply-To: References: <4A757D1F.6060707@ecs.soton.ac.uk> Message-ID: On 01/08/2009 03:42, Rose, Bobby wrote: > > I have a ruleset for Is Definitely Not Spam and everything works fine > except if that that address sends a message with more recipients than > what is set for Ignore Spam Whitelist If Recipients Exceed. In that > case, the message seems to get blacklisted. If the entry is removed > from the whitelist ruleset, then the issue doesn?t occur (but I?ll > still see the log entry saying that ignored whitelist. > So you're saying that the "Is Definitely Not Spam" is ignored if the message has more recipients than set in "Ignore Spam Whitelist If Recipients Exceed"? In that case, that is exactly what it is meant to do. "Is Definitely Not Spam" is the "Spam Whitelist" the other option is talking about. > Has anyone else noticed this or is it just me and I have to keep > digging for the reason? > > Thanks > > -=Bobby > > > ------------------------------------------------------------------------ > This document may include proprietary and confidential information of > Wayne State University Physician Group and may only be read by those > person(s) to whom it is addressed. If you have received this e-mail > message in error, please notify us immediately. This document may not > be reproduced, copied, distributed, published, modified or furnished > to third parties, without prior written consent of Wayne State > University Physician Group. Thank you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sun Aug 2 12:52:25 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Aug 2 12:52:49 2009 Subject: Help on new install please ? In-Reply-To: <29925743.321249141079643.JavaMail.root@office.splatnix.net> References: <29925743.321249141079643.JavaMail.root@office.splatnix.net> <4A757DF9.3010103@ecs.soton.ac.uk> Message-ID: I tend to use SA from my tarball, and ClamAV from http://packages.sw.be/clamav which is an RPM repository. That way MailScanner gets SA the way it wants, but you get clamd and stuff too. The install.sh for my tarball will ask you if you want to install ClamAV, just say no and tell it the path to clamscan when it asks for it. On 01/08/2009 16:37, --[ UxBoD ]-- wrote: > Hi, > > Just installing a new mini-itx server with CentOS 5.3. Should I go with Julians Clam/SA tarball or use the repo ? > > Best Regards, > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Sun Aug 2 15:27:39 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun Aug 2 15:27:56 2009 Subject: Question about Spear.Phishing.Rules script Message-ID: I am running the Spear.Phishing.Rules.v2.04 script. Recently I noticed a message: Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... in the script output. If I try to visit that URL with a browser, I get a "not found". I noticed this once before; I think the URL may have been (from my browser history), but I can't verify this as all the week 28 files seem to be gone now. My questions are: Is it normal for a file to be missing or does this indicate a problem? If the other time really was emails.2009-28.227, is the 227 significant or a coincidence? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Sun Aug 2 16:11:28 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Aug 2 16:11:52 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: References: <4A75ACA0.8040701@ecs.soton.ac.uk> Message-ID: Wipe the cache (under /var/cache somewhere, it's in the script), and run it again. On 02/08/2009 15:27, Mark Sapiro wrote: > I am running the Spear.Phishing.Rules.v2.04 script. > > Recently I noticed a message: > > Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... > > in the script output. If I try to visit that URL with a browser, I get > a "not found". I noticed this once before; I think the URL may have > been (from my browser > history), but I can't verify this as all the week 28 files seem to be > gone now. > > My questions are: > > Is it normal for a file to be missing or does this indicate a problem? > > If the other time really was emails.2009-28.227, is the 227 significant > or a coincidence? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Sun Aug 2 16:35:06 2009 From: brose at med.wayne.edu (Rose, Bobby) Date: Sun Aug 2 16:35:27 2009 Subject: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity In-Reply-To: References: <4A757D1F.6060707@ecs.soton.ac.uk> Message-ID: I've been trying to duplicate this without success. The issue is that there is this domain and network segment that is in my whitelist rules file. If that domain send an email with more than 20 recipients, the whitelist is ignore which I know is the way it works and I'm fine with that. But what is odd is that the email is just labeled as blacklisted, no SA checks or anything, just blacklisted. But neither the domain or the IP nor the sender is any blacklist rules file nor in a per-user blacklist entry in the mailwatch blacklist table. I don't have access to the remote mailsystem which is on our class-B network here at the university. But the tests that I've done on my own have been to disable the whitelist rule and sent an email with a single recipient with a return address from that domain. It's scanned and isn't blacklisted. During this time of having them out of the whitelist, my domain has received a couple emails (single recipients) from their domain/senders and the same server and they aren't blacklisted either. I also lowered the Ignore Spam Whitelist If Recipients Exceed option to 1 and tried sending to two addesses in my domain using a return address from that domain and that test email goes thru fine and also isn't blacklisted) I'm not using any spam lists checks in MailScanner since that's either done by the MTA or SA. But even if I was, I would have seen blacklisted for them while I had them unwhitelisted. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Sunday, August 02, 2009 7:49 AM To: MailScanner discussion Subject: Re: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity On 01/08/2009 03:42, Rose, Bobby wrote: > > I have a ruleset for Is Definitely Not Spam and everything works fine > except if that that address sends a message with more recipients than > what is set for Ignore Spam Whitelist If Recipients Exceed. In that > case, the message seems to get blacklisted. If the entry is removed > from the whitelist ruleset, then the issue doesn't occur (but I'll > still see the log entry saying that ignored whitelist. > So you're saying that the "Is Definitely Not Spam" is ignored if the message has more recipients than set in "Ignore Spam Whitelist If Recipients Exceed"? In that case, that is exactly what it is meant to do. "Is Definitely Not Spam" is the "Spam Whitelist" the other option is talking about. > Has anyone else noticed this or is it just me and I have to keep > digging for the reason? > > Thanks > > -=Bobby > > > ------------------------------------------------------------------------ > This document may include proprietary and confidential information of > Wayne State University Physician Group and may only be read by those > person(s) to whom it is addressed. If you have received this e-mail > message in error, please notify us immediately. This document may not > be reproduced, copied, distributed, published, modified or furnished > to third parties, without prior written consent of Wayne State > University Physician Group. Thank you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. From mark at msapiro.net Sun Aug 2 16:46:33 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun Aug 2 16:46:51 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: Message-ID: Jules Field wrote: >Wipe the cache (under /var/cache somewhere, it's in the script), and run >it again. I did that and it retrieved all the files http://www.mailscanner.tv/emails.2009-30.1 through http://www.mailscanner.tv/emails.2009-30.232 and rebuilt the cache, but I still get Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... Note that this file really doesn't exist. As I said, if I try to get it in a browser, I get a 404 - not found. >On 02/08/2009 15:27, Mark Sapiro wrote: >> I am running the Spear.Phishing.Rules.v2.04 script. >> >> Recently I noticed a message: >> >> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >> >> in the script output. If I try to visit that URL with a browser, I get >> a "not found". I noticed this once before; I think the URL may have >> been (from my browser >> history), but I can't verify this as all the week 28 files seem to be >> gone now. >> >> My questions are: >> >> Is it normal for a file to be missing or does this indicate a problem? >> >> If the other time really was emails.2009-28.227, is the 227 significant >> or a coincidence? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Sun Aug 2 18:51:39 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Aug 2 18:51:59 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: References: <4A75D22B.8070707@ecs.soton.ac.uk> Message-ID: On 02/08/2009 16:46, Mark Sapiro wrote: > Jules Field wrote: > > >> Wipe the cache (under /var/cache somewhere, it's in the script), and run >> it again. >> > > I did that and it retrieved all the files > http://www.mailscanner.tv/emails.2009-30.1 through > http://www.mailscanner.tv/emails.2009-30.232 and rebuilt the cache, > but I still get > > Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... > > Note that this file really doesn't exist. As I said, if I try to get it > in a browser, I get a 404 - not found. > Interesting. If the script continues to get the files after this one, then I wouldn't worry about it too much, the .227 will probably reset to .1 tomorrow anyway! :-) > > >> On 02/08/2009 15:27, Mark Sapiro wrote: >> >>> I am running the Spear.Phishing.Rules.v2.04 script. >>> >>> Recently I noticed a message: >>> >>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >>> >>> in the script output. If I try to visit that URL with a browser, I get >>> a "not found". I noticed this once before; I think the URL may have >>> been (from my browser >>> history), but I can't verify this as all the week 28 files seem to be >>> gone now. >>> >>> My questions are: >>> >>> Is it normal for a file to be missing or does this indicate a problem? >>> >>> If the other time really was emails.2009-28.227, is the 227 significant >>> or a coincidence? >>> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From brose at med.wayne.edu Mon Aug 3 01:09:12 2009 From: brose at med.wayne.edu (Rose, Bobby) Date: Mon Aug 3 01:09:35 2009 Subject: MailScanner and Mailwatch 1.04 bug In-Reply-To: References: Message-ID: Ok I found the solution/discussion at http://mailwatch.sourceforge.net/doku.php?id=mailwatch:tipandtricks:bettervirusstats It's odd though. If Keep Spam And MCP Archive Clean is no , a virus scan is still occurring in MailScanner so it's odd that that data is only available to the custom logging function when set to yes. If MailScanner is logging the infection in the maillogs, then it would seem that it has the info stored at that point. Maybe this is a non issue with the new beta version since av scanning is before spamscanning. From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Friday, July 31, 2009 10:43 PM To: mailscanner@lists.mailscanner.info Subject: MailScanner and Mailwatch 1.04 bug When a message is both detected as a virus and high scoring spam, Mailscanner seems to drop the virus report when the info is passed onto Mailwatch.pm. The virusinfected flag is passed but not the reports. Both virus and spam reports appear in the maillogs ok so this->{reports} must be set at some point. But it's just not getting passed on to the MailWatch.pm I threw in some debug stuff in Mailwatch.pm just to see if the info was getting that far and it's not. Any suggestions? ________________________________ This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. ________________________________ This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090802/fb630549/attachment.html From ichmagmuell at bornefeld-ettmann.de Mon Aug 3 10:35:05 2009 From: ichmagmuell at bornefeld-ettmann.de (Ralph Bornefeld-Ettmann) Date: Mon Aug 3 10:40:14 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: References: <4A75D22B.8070707@ecs.soton.ac.uk> Message-ID: Jules Field schrieb: > > > On 02/08/2009 16:46, Mark Sapiro wrote: >> Jules Field wrote: >> >> >>> Wipe the cache (under /var/cache somewhere, it's in the script), and run >>> it again. >>> >> >> I did that and it retrieved all the files >> http://www.mailscanner.tv/emails.2009-30.1 through >> http://www.mailscanner.tv/emails.2009-30.232 and rebuilt the cache, >> but I still get >> >> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >> >> Note that this file really doesn't exist. As I said, if I try to get it >> in a browser, I get a 404 - not found. >> > Interesting. If the script continues to get the files after this one, > then I wouldn't worry about it too much, the .227 will probably reset to > .1 tomorrow anyway! :-) >> >> >>> On 02/08/2009 15:27, Mark Sapiro wrote: >>> >>>> I am running the Spear.Phishing.Rules.v2.04 script. >>>> >>>> Recently I noticed a message: >>>> >>>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >>>> >>>> in the script output. If I try to visit that URL with a browser, I get >>>> a "not found". I noticed this once before; I think the URL may have >>>> been (from my browser >>>> history), but I can't verify this as all the week 28 files seem to be >>>> gone now. >>>> >>>> My questions are: >>>> >>>> Is it normal for a file to be missing or does this indicate a problem? >>>> >>>> If the other time really was emails.2009-28.227, is the 227 significant >>>> or a coincidence? >>>> >> > > Jules > It seems the .227 is the problem. As suggested in some answer above I am using a mirror for my systems. Starting with 2009-24 I found on my mirror : 24.1 - 24.252 25.1 - 25.236 26.1 - 26.254 27.1 - 27.183 28.1 - 28.242 -> no .227! (missing between 2009-07-19 04:21 and 07:11) 29.1 - 29.249 -> no .227! (missing between 2009-07-25 00:22 and 06:54) 30.1 - 30.237 -> no .227! (missing between 2009-08-02 08:22 and 09:43) When I did a wget on these files I received a 404 error. Ralph From uxbod at splatnix.net Mon Aug 3 10:58:56 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Aug 3 10:59:35 2009 Subject: Permissions Issue ? Message-ID: <17043623.121249293536928.JavaMail.root@office.splatnix.net> Hi, Am getting the following error :- Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. ERROR :: /var/spool/MailScanner/incoming/27836 but cannot seem to track it down. I have setup MailScanner.conf with the following :- Run As User = postfix Run As Group = postfix Incoming Work User = clamav Incoming Work Group = clamav Incoming Work Permissions = 0644 Any ideas please as I thought from running before they are right ? Best Regards, -- SplatNIX IT Services :: Innovation through collaboration -- This message has been scanned for viruses and dangerous content by SplatNIX IT Services, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Aug 3 12:06:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Aug 3 12:07:29 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: References: <4A75D22B.8070707@ecs.soton.ac.uk> <4A76C4CF.90402@ecs.soton.ac.uk> Message-ID: On 03/08/2009 10:35, Ralph Bornefeld-Ettmann wrote: > > Jules Field schrieb: >> >> >> On 02/08/2009 16:46, Mark Sapiro wrote: >>> Jules Field wrote: >>> >>>> Wipe the cache (under /var/cache somewhere, it's in the script), >>>> and run >>>> it again. >>> >>> I did that and it retrieved all the files >>> http://www.mailscanner.tv/emails.2009-30.1 through >>> http://www.mailscanner.tv/emails.2009-30.232 and rebuilt the cache, >>> but I still get >>> >>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >>> >>> Note that this file really doesn't exist. As I said, if I try to get it >>> in a browser, I get a 404 - not found. >> Interesting. If the script continues to get the files after this one, >> then I wouldn't worry about it too much, the .227 will probably reset >> to .1 tomorrow anyway! :-) >>> >>>> On 02/08/2009 15:27, Mark Sapiro wrote: >>>>> I am running the Spear.Phishing.Rules.v2.04 script. >>>>> >>>>> Recently I noticed a message: >>>>> >>>>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at >>>>> ... >>>>> >>>>> in the script output. If I try to visit that URL with a browser, I >>>>> get >>>>> a "not found". I noticed this once before; I think the URL may have >>>>> been (from my browser >>>>> history), but I can't verify this as all the week 28 files seem to be >>>>> gone now. >>>>> >>>>> My questions are: >>>>> >>>>> Is it normal for a file to be missing or does this indicate a >>>>> problem? >>>>> >>>>> If the other time really was emails.2009-28.227, is the 227 >>>>> significant >>>>> or a coincidence? >> >> Jules >> > > It seems the .227 is the problem. > As suggested in some answer above I am using a mirror for my systems. > Starting with 2009-24 I found on my mirror : > 24.1 - 24.252 > 25.1 - 25.236 > 26.1 - 26.254 > 27.1 - 27.183 > 28.1 - 28.242 -> no .227! (missing between 2009-07-19 04:21 and 07:11) > 29.1 - 29.249 -> no .227! (missing between 2009-07-25 00:22 and 06:54) > 30.1 - 30.237 -> no .227! (missing between 2009-08-02 08:22 and 09:43) > > When I did a wget on these files I received a 404 error. Weird. I've changed it to restart every day instead of every week. Should avoid the problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Aug 3 12:09:15 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Aug 3 12:09:38 2009 Subject: Permissions Issue ? In-Reply-To: <17043623.121249293536928.JavaMail.root@office.splatnix.net> References: <17043623.121249293536928.JavaMail.root@office.splatnix.net> <4A76C55B.4070301@ecs.soton.ac.uk> Message-ID: I think your postfix's home directory is /var/spool/MailScanner/incoming. You need to point it somewhere else such as /var/spool/postfix (but make sure you create /var/spool/postfix correctly first). Your razor installation is writing ~/.razor/razor-agent.log in the MailScanner incoming work area, and it's creating it with tight permissions. It shouldn't be in there at all. On 03/08/2009 10:58, --[ UxBoD ]-- wrote: > Hi, > > Am getting the following error :- > > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. ERROR :: /var/spool/MailScanner/incoming/27836 > > but cannot seem to track it down. I have setup MailScanner.conf with the following :- > > Run As User = postfix > Run As Group = postfix > Incoming Work User = clamav > Incoming Work Group = clamav > Incoming Work Permissions = 0644 > > Any ideas please as I thought from running before they are right ? > > Best Regards, > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From uxbod at splatnix.net Mon Aug 3 12:23:55 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Aug 3 12:24:15 2009 Subject: Permissions Issue ? In-Reply-To: Message-ID: <14600540.01249298635595.JavaMail.root@office.splatnix.net> ----- "Julian Field" wrote: > I think your postfix's home directory is > /var/spool/MailScanner/incoming. > > You need to point it somewhere else such as /var/spool/postfix (but > make > sure you create /var/spool/postfix correctly first). > Your razor installation is writing ~/.razor/razor-agent.log in the > MailScanner incoming work area, and it's creating it with tight > permissions. It shouldn't be in there at all. > > On 03/08/2009 10:58, --[ UxBoD ]-- wrote: > > Hi, > > > > Am getting the following error :- > > > > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. > ERROR :: /var/spool/MailScanner/incoming/27836 > > > > but cannot seem to track it down. I have setup MailScanner.conf > with the following :- > > > > Run As User = postfix > > Run As Group = postfix > > Incoming Work User = clamav > > Incoming Work Group = clamav > > Incoming Work Permissions = 0644 > > > > Any ideas please as I thought from running before they are right ? > > > > Best Regards, > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your > boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > Hmmm Jules, grep postfix /etc/passwd postfix:x:89:89::/var/spool/postfix:/sbin/nologin Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Dir = /var/spool/MailScanner/incoming Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Lockfile Dir = /var/spool/MailScanner/incoming/Locks Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration From MailScanner at ecs.soton.ac.uk Mon Aug 3 12:39:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Aug 3 12:40:15 2009 Subject: Permissions Issue ? In-Reply-To: <14600540.01249298635595.JavaMail.root@office.splatnix.net> References: <14600540.01249298635595.JavaMail.root@office.splatnix.net> <4A76CC8B.4030407@ecs.soton.ac.uk> Message-ID: On 03/08/2009 12:23, --[ UxBoD ]-- wrote: > ----- "Julian Field" wrote: > > >> I think your postfix's home directory is >> /var/spool/MailScanner/incoming. >> >> You need to point it somewhere else such as /var/spool/postfix (but >> make >> sure you create /var/spool/postfix correctly first). >> Your razor installation is writing ~/.razor/razor-agent.log in the >> MailScanner incoming work area, and it's creating it with tight >> permissions. It shouldn't be in there at all. >> >> On 03/08/2009 10:58, --[ UxBoD ]-- wrote: >> >>> Hi, >>> >>> Am getting the following error :- >>> >>> Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. >>> >> ERROR :: /var/spool/MailScanner/incoming/27836 >> >>> but cannot seem to track it down. I have setup MailScanner.conf >>> >> with the following :- >> >>> Run As User = postfix >>> Run As Group = postfix >>> Incoming Work User = clamav >>> Incoming Work Group = clamav >>> Incoming Work Permissions = 0644 >>> >>> Any ideas please as I thought from running before they are right ? >>> >>> Best Regards, >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> > Hmmm Jules, > > grep postfix /etc/passwd > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > > Outgoing Queue Dir = /var/spool/postfix/incoming > Incoming Work Dir = /var/spool/MailScanner/incoming > Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db > SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db > SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Lockfile Dir = /var/spool/MailScanner/incoming/Locks > In which case delete "/var/spool/MailScanner/incoming/.razor". Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Mon Aug 3 12:49:56 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Aug 3 12:50:06 2009 Subject: Permissions Issue ? In-Reply-To: <14600540.01249298635595.JavaMail.root@office.splatnix.net> References: <14600540.01249298635595.JavaMail.root@office.splatnix.net> Message-ID: <223f97700908030449u2ec5c9dbrc66687c9e56a7aca@mail.gmail.com> 2009/8/3 --[ UxBoD ]-- : > ----- "Julian Field" wrote: > >> I think your postfix's home directory is >> /var/spool/MailScanner/incoming. >> >> You need to point it somewhere else such as /var/spool/postfix (but >> make >> sure you create /var/spool/postfix correctly first). >> Your razor installation is writing ~/.razor/razor-agent.log in the >> MailScanner incoming work area, and it's creating it with tight >> permissions. It shouldn't be in there at all. >> >> On 03/08/2009 10:58, --[ UxBoD ]-- wrote: >> > Hi, >> > >> > Am getting the following error :- >> > >> > Clamd::ERROR:: UNKNOWN CLAMD RETURN ./razor-agent.log/Access denied. >> ERROR :: /var/spool/MailScanner/incoming/27836 >> > >> > but cannot seem to track it down. ?I have setup MailScanner.conf >> with the following :- >> > >> > Run As User = postfix >> > Run As Group = postfix >> > Incoming Work User = clamav Above should be postfix, since clamd would be OK with only group access... And I'd set trhat to 0660, not 0644 (might still work with that:-). >> > Incoming Work Group = clamav >> > Incoming Work Permissions = 0644 >> > >> > Any ideas please as I thought from running before they are right ? >> > >> > Best Regards, >> > Another thought is that this seems to be a "misplaced" razor agent log file, so doublecheck that you've configured razor correctly (so that it knows where to put that, and athat that place is writable to postfix (the user)). Cheers -- -- Glenn >> > >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your >> boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> > Hmmm Jules, > > grep postfix /etc/passwd > postfix:x:89:89::/var/spool/postfix:/sbin/nologin > > Outgoing Queue Dir = /var/spool/postfix/incoming > Incoming Work Dir = /var/spool/MailScanner/incoming > Processing Attempts Database = /var/spool/MailScanner/incoming/Processing.db > SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db > SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp > Lockfile Dir = /var/spool/MailScanner/incoming/Locks > > > Best Regards, > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From mailscanner at barendse.to Mon Aug 3 15:47:21 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Mon Aug 3 15:47:34 2009 Subject: Russian Text = Executable? In-Reply-To: <7744a2840907031118u42115451o308de6004812c820@mail.gmail.com> References: <7744a2840907020906rc4077adt848ee24ccefd45e8@mail.gmail.com> <223f97700907030101he93b8f3nad4fc312f4b8b93d@mail.gmail.com> <7744a2840907031118u42115451o308de6004812c820@mail.gmail.com> Message-ID: On Fri, 3 Jul 2009, Richard Bollinger wrote: > Here's the patch I applied: > --- ../msdos.FCS 2009-07-03 13:55:06.000000000 -0400 > +++ file-5.03/magic/Magdir/msdos 2009-07-03 14:05:25.000000000 -0400 > @@ -286,7 +286,7 @@ > # but it isn't feasible to match all COM files since there must be at least > # two dozen different one-byte "magics". > # test too generic ? > -0 byte 0xe9 DOS executable (COM) > +##0 byte 0xe9 DOS executable (COM) > >0x1FE leshort 0xAA55 \b, boot code > >6 string SFX\ of\ LHarc (%s) > 0 belong 0xffffffff DOS executable (device driver) > @@ -311,13 +311,13 @@ > >>>77 string <\x5B > >>>>77 string x \b, name: %.8s > # test too generic ? > -0 byte 0x8c DOS executable (COM) > +##0 byte 0x8c DOS executable (COM) > # updated by Joerg Jenderek at Oct 2008 > 0 ulelong 0xffff10eb DR-DOS executable (COM) > # byte 0xeb conflicts with "sequent" magic leshort 0xn2eb > 0 ubeshort&0xeb8d >0xeb00 > # DR-DOS STACKER.COM SCREATE.SYS missed > ->0 byte 0xeb DOS executable (COM) > +##>0 byte 0xeb DOS executable (COM) > >>0x1FE leshort 0xAA55 \b, boot code > >>85 string UPX \b, UPX compressed > >>4 string \ $ARX \b, ARX self-extracting archive > Suffering from the same problem. How and where should this patch be applied? Any chance of the patch making it into MailScanner? Thanks! From glenn.steen at gmail.com Mon Aug 3 16:16:39 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Mon Aug 3 16:16:49 2009 Subject: Russian Text = Executable? In-Reply-To: References: <7744a2840907020906rc4077adt848ee24ccefd45e8@mail.gmail.com> <223f97700907030101he93b8f3nad4fc312f4b8b93d@mail.gmail.com> <7744a2840907031118u42115451o308de6004812c820@mail.gmail.com> Message-ID: <223f97700908030816l684ebbe2ya0b5f9e68fd40231@mail.gmail.com> 2009/8/3 Remco Barendse : > On Fri, 3 Jul 2009, Richard Bollinger wrote: > >> Here's the patch I applied: >> --- ../msdos.FCS ? ? ? ?2009-07-03 13:55:06.000000000 -0400 >> +++ file-5.03/magic/Magdir/msdos ? ? ? ?2009-07-03 14:05:25.000000000 >> -0400 >> @@ -286,7 +286,7 @@ >> # but it isn't feasible to match all COM files since there must be at >> least >> # two dozen different one-byte "magics". >> # test too generic ? >> -0 ? ? ?byte ? ? ? ? ? ?0xe9 ? ? ? ? ? ?DOS executable (COM) >> +##0 ? ?byte ? ? ? ? ? ?0xe9 ? ? ? ? ? ?DOS executable (COM) >> >0x1FE leshort ? ? ? ? 0xAA55 ? ? ? ? ?\b, boot code >> >6 ? ? string ? ? ? ? ?SFX\ of\ LHarc ?(%s) >> 0 ? ? ?belong ?0xffffffff ? ? ? ? ? ? ?DOS executable (device driver) >> @@ -311,13 +311,13 @@ >> >>>77 ?string ?<\x5B >> >>>>77 string ?x ? ? ? ? ? ? ? ? ? ? ? \b, name: %.8s >> # test too generic ? >> -0 ? ? ?byte ? ? ? ? ? ?0x8c ? ? ? ? ? ?DOS executable (COM) >> +##0 ? ?byte ? ? ? ? ? ?0x8c ? ? ? ? ? ?DOS executable (COM) >> # updated by Joerg Jenderek at Oct 2008 >> 0 ? ? ?ulelong ? ? ? ? 0xffff10eb ? ? ?DR-DOS executable (COM) >> # byte 0xeb conflicts with "sequent" magic leshort 0xn2eb >> 0 ? ? ?ubeshort&0xeb8d >0xeb00 >> # DR-DOS STACKER.COM SCREATE.SYS missed >> ->0 ? ? byte ? ? ? ? ? ?0xeb ? ? ? ? ? ?DOS executable (COM) >> +##>0 ? byte ? ? ? ? ? ?0xeb ? ? ? ? ? ?DOS executable (COM) >> >>0x1FE leshort ? ? ? ? ? ? ? ?0xAA55 ? ? ? ? ?\b, boot code >> >>85 ? string ? ? ? ? ?UPX ? ? ? ? ? ? \b, UPX compressed >> >>4 ? ?string ? ? ? ? ?\ $ARX ? ? ? ? ?\b, ARX self-extracting archive >> > > > Suffering from the same problem. How and where should this patch be applied? > ?Any chance of the patch making it into MailScanner? Seems to be against the resulting magic file, or possibly from an unpacked source tarball. You can just as easily do the edits manually on your magic file (likely in /usr/share/misc/file ... it is the file called "magic". When you're done, just run "file -C" to "compile" the magic.mgc file. Only bother, and the reason it is a good idea to use a patch file like this, is that updates to the file package risk reverting your work. > Thanks! Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Mon Aug 3 16:18:06 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Aug 3 16:18:15 2009 Subject: Russian Text = Executable? In-Reply-To: References: <7744a2840907020906rc4077adt848ee24ccefd45e8@mail.gmail.com> <223f97700907030101he93b8f3nad4fc312f4b8b93d@mail.gmail.com> <7744a2840907031118u42115451o308de6004812c820@mail.gmail.com> Message-ID: <4A76FFAE.1060303@alexb.ch> On 8/3/2009 4:47 PM, Remco Barendse wrote: > On Fri, 3 Jul 2009, Richard Bollinger wrote: > >> Here's the patch I applied: >> --- ../msdos.FCS 2009-07-03 13:55:06.000000000 -0400 >> +++ file-5.03/magic/Magdir/msdos 2009-07-03 14:05:25.000000000 >> -0400 >> @@ -286,7 +286,7 @@ >> # but it isn't feasible to match all COM files since there must be at >> least >> # two dozen different one-byte "magics". >> # test too generic ? >> -0 byte 0xe9 DOS executable (COM) >> +##0 byte 0xe9 DOS executable (COM) >> >0x1FE leshort 0xAA55 \b, boot code >> >6 string SFX\ of\ LHarc (%s) >> 0 belong 0xffffffff DOS executable (device driver) >> @@ -311,13 +311,13 @@ >> >>>77 string <\x5B >> >>>>77 string x \b, name: %.8s >> # test too generic ? >> -0 byte 0x8c DOS executable (COM) >> +##0 byte 0x8c DOS executable (COM) >> # updated by Joerg Jenderek at Oct 2008 >> 0 ulelong 0xffff10eb DR-DOS executable (COM) >> # byte 0xeb conflicts with "sequent" magic leshort 0xn2eb >> 0 ubeshort&0xeb8d >0xeb00 >> # DR-DOS STACKER.COM SCREATE.SYS missed >> ->0 byte 0xeb DOS executable (COM) >> +##>0 byte 0xeb DOS executable (COM) >> >>0x1FE leshort 0xAA55 \b, boot code >> >>85 string UPX \b, UPX compressed >> >>4 string \ $ARX \b, ARX self-extracting archive >> > > > Suffering from the same problem. How and where should this patch be > applied? Any chance of the patch making it into MailScanner? this has nothing to do with MailScanner and doesn't affect all distros. Submitting to distro/package mantainers is the safe way to get it fixed for good. From drnick at physics.byu.edu Mon Aug 3 17:34:59 2009 From: drnick at physics.byu.edu (Blatter, Nicholas) Date: Mon Aug 3 17:35:13 2009 Subject: Custom function for 'Required SpamAssassin Score' runs multiple times for each message Message-ID: <5DC600B80DB6EE4BAB1D631E14FBADCCFF8521@bohr.physics.byu.edu> I have been working on a new install of MailScanner and have run into a potential problem when using a custom function for the 'Required SpamAssassin Score' setting. The custom function is a modified version of the SQLSpamScore function written by Julian Field. It allows our users to customize their SA spam score via the web and appears to be working correctly except that MailScanner seems to be running the function several times for each message that the server receives. I've modified the function to be more verbose and have it write the current message ID and SQL result to the log every time the main function is called. I'm seeing the same MailScanner instance (same pid each time) call the function 4 times, each time with the exact same message ID and SQL result. The number of times doesn't seem to be dependant upon the number of MailScanner children. I hope this isn't too much of a stupid question, but I searched around and couldn't see a reason that the custom function would be called more than once. I am also using SQL-based functions for many other config options (Spam Checks, Is Definitely (Not) Spam, etc) and have no such problems with those. Thanks for your time, Nick From uxbod at splatnix.net Mon Aug 3 12:44:24 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Aug 3 17:37:29 2009 Subject: New beta release 4.78.3 -- "spam-viruses" In-Reply-To: <57875.221249111404870.JavaMail.root@office.splatnix.net> Message-ID: <22541220.51249299864358.JavaMail.root@office.splatnix.net> Hey Jules, It works a absolute treat! Not really noticed any performance issues neither; as expected ;) It works as it says on the tin :) Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration From MailScanner at ecs.soton.ac.uk Mon Aug 3 18:21:23 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 3 18:22:02 2009 Subject: New beta release 4.78.3 -- "spam-viruses" In-Reply-To: <22541220.51249299864358.JavaMail.root@office.splatnix.net> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> Message-ID: Cool. Glad to hear that. But please do check that all the quarantining and so on is working exactly the way you expect it to. Cheers, Jules. On 03/08/2009 12:44, --[ UxBoD ]-- wrote: > Hey Jules, > > It works a absolute treat! Not really noticed any performance issues neither; as expected ;) It works as it says on the tin :) > > Best Regards, > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Aug 3 18:29:10 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 3 18:29:32 2009 Subject: Custom function for 'Required SpamAssassin Score' runs multiple times for each message In-Reply-To: <5DC600B80DB6EE4BAB1D631E14FBADCCFF8521@bohr.physics.byu.edu> References: <5DC600B80DB6EE4BAB1D631E14FBADCCFF8521@bohr.physics.byu.edu> <4A771E66.9020601@ecs.soton.ac.uk> Message-ID: Some of the MailScanner.conf settings are looked up more than once. This is necessary. All you need to do in your Custom Function is add a fast-expiring cache for your results data. This is dead easy to do in Perl (a hash containing a map from message-id to result, and a hash containing a map from message-id to expiry time, a few seconds into the future (e.g. $expiry{$id} = time+10;). If you get a lookup for message $id then you look to see if time>$expiry{$id}. If it's not then the cache is valid and you return $mycache{$id}, and if it has expired then you delete $mycache{$id} and work it out from fresh. Very easy to code and gives you a very fast lookup. That's why I have never worried about it, Perl is a perfect language to implement a cache in about 5 lines of code, so I leave you to do it if you need to. Sometimes you find it will actually always look up your value for the *same* message 5 times in a row, and not look it up for any other message in between, even if there is a large message batch. In that case all you need to store is the id of the last message and the result you calculated. If the id is the same as last time, return the previously-calculated result, else work it out and store it for next time. That's even simpler to code. But do ensure you check what happens when the message batch size > 1, so you know whether a cache is needed, or just a simple "did we just work that value out?" question. Jules. On 03/08/2009 17:34, Blatter, Nicholas wrote: > I have been working on a new install of MailScanner and have run into a > potential problem when using a custom function for the 'Required > SpamAssassin Score' setting. > > The custom function is a modified version of the SQLSpamScore function > written by Julian Field. It allows our users to customize their SA spam > score via the web and appears to be working correctly except that > MailScanner seems to be running the function several times for each > message that the server receives. > > I've modified the function to be more verbose and have it write the > current message ID and SQL result to the log every time the main > function is called. I'm seeing the same MailScanner instance (same pid > each time) call the function 4 times, each time with the exact same > message ID and SQL result. The number of times doesn't seem to be > dependant upon the number of MailScanner children. > > I hope this isn't too much of a stupid question, but I searched around > and couldn't see a reason that the custom function would be called more > than once. I am also using SQL-based functions for many other config > options (Spam Checks, Is Definitely (Not) Spam, etc) and have no such > problems with those. > > Thanks for your time, > > Nick > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Mon Aug 3 19:00:18 2009 From: mike at mlrw.com (Mike Wallace) Date: Mon Aug 3 19:00:30 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: <17E1BEA7-DB34-413A-9A5C-5FE74CF7D94B@mlrw.com> References: <17E1BEA7-DB34-413A-9A5C-5FE74CF7D94B@mlrw.com> Message-ID: <36EA49DF-BA25-4EDD-9CDD-2A8F1D368A22@mlrw.com> The reason I ask is that I want to run sa-stats to figure out what sa rules are being used. I'm not a Perl expert so I would prefer to not have to modify it to handle MailScanner's "Log Spam = yes" details in maillog. Or, is there an equivalent tool that will use the existing format? Thanks. Mike On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: > Is there anyway to have MailScanner generate Spamassassin syslog > output? > > I tried using the "Log Spam" setting in MailScanner but it logs to > maillog and not a separate log file that the Spamassassin log tools > use. > > Thanks. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From MailScanner at ecs.soton.ac.uk Mon Aug 3 19:30:36 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 3 19:31:03 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: <36EA49DF-BA25-4EDD-9CDD-2A8F1D368A22@mlrw.com> References: <17E1BEA7-DB34-413A-9A5C-5FE74CF7D94B@mlrw.com> <36EA49DF-BA25-4EDD-9CDD-2A8F1D368A22@mlrw.com> <4A772CCC.5010003@ecs.soton.ac.uk> Message-ID: You can find out what SA rules are being used by doing a "MailScanner --debug --debug-sa". That will print the list of rules files it uses. They are the same for every message. On 03/08/2009 19:00, Mike Wallace wrote: > The reason I ask is that I want to run sa-stats to figure out what sa > rules are being used. > > I'm not a Perl expert so I would prefer to not have to modify it to > handle MailScanner's "Log Spam = yes" details in maillog. > > Or, is there an equivalent tool that will use the existing format? > > Thanks. > > Mike > > > On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: > >> Is there anyway to have MailScanner generate Spamassassin syslog output? >> >> I tried using the "Log Spam" setting in MailScanner but it logs to >> maillog and not a separate log file that the Spamassassin log tools use. >> >> Thanks. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From logs at comp-wiz.com Mon Aug 3 19:43:14 2009 From: logs at comp-wiz.com (Logs) Date: Mon Aug 3 19:43:22 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> Message-ID: <026001ca146a$42662600$c7327200$@com> Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: error: Failed dependencies: tnef >= 1.1.1 is needed by mailscanner-4.77.10-1.noarch Any ideas? Vern -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Aug 3 20:12:06 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 3 20:12:26 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <026001ca146a$42662600$c7327200$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A773686.4040200@ecs.soton.ac.uk> Message-ID: But the version shipped with MailScanner is 1.4.5 which satisfies the requirement. How did you install MailScanner? How did you install tnef? On 03/08/2009 19:43, Logs wrote: > Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: > > error: Failed dependencies: > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > Any ideas? > > Vern > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Mon Aug 3 20:39:54 2009 From: mike at mlrw.com (Mike Wallace) Date: Mon Aug 3 20:40:05 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: Message-ID: <27117689.191249328394150.JavaMail.root@zimbra.mlrw.com> Julian I am not looking at what rules are used, I am looking for what rules are triggered. The sa-stats program is found at http://www.rulesemporium.com/programs/sa-stats.txt Here is the a Sample Output with the type of information I am looking to collect. --------------------- Time Spent Running SA: 1.68 hours Time Spent Processing Spam: 0.29 hours Time Spent Processing Ham: 1.39 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 824 77.07 88.13 74.20 2 RAZOR2_CHECK 772 19.61 82.57 3.32 3 RAZOR2_CF_RANGE_51_100 753 18.21 80.53 2.08 4 RAZOR2_CF_RANGE_E8_51_100 713 17.19 76.26 1.91 5 URIBL_BLACK 652 16.03 69.73 2.13 6 MIME_HTML_ONLY 609 29.64 65.13 20.45 This type of report is helpful for tuning sa rules. Thanks. Mike ----- Original Message ----- From: "Jules Field" To: "MailScanner discussion" Sent: Monday, August 3, 2009 2:30:36 PM GMT -05:00 US/Canada Eastern Subject: Re: Spamassassin Syslog Functionality You can find out what SA rules are being used by doing a "MailScanner --debug --debug-sa". That will print the list of rules files it uses. They are the same for every message. On 03/08/2009 19:00, Mike Wallace wrote: > The reason I ask is that I want to run sa-stats to figure out what sa > rules are being used. > > I'm not a Perl expert so I would prefer to not have to modify it to > handle MailScanner's "Log Spam = yes" details in maillog. > > Or, is there an equivalent tool that will use the existing format? > > Thanks. > > Mike > > > On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: > >> Is there anyway to have MailScanner generate Spamassassin syslog output? >> >> I tried using the "Log Spam" setting in MailScanner but it logs to >> maillog and not a separate log file that the Spamassassin log tools use. >> >> Thanks. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090803/39e4e7d2/attachment.html From MailScanner at ecs.soton.ac.uk Mon Aug 3 21:10:11 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 3 21:10:32 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: <27117689.191249328394150.JavaMail.root@zimbra.mlrw.com> References: <27117689.191249328394150.JavaMail.root@zimbra.mlrw.com> <4A774423.9020802@ecs.soton.ac.uk> Message-ID: In which case try the Spam Actions = attachment spam action, or the settings Detailed Spam Report = yes Always Include SpamAssassin Report = yes in MailScanner.conf. Putting in both the "Always" and "Detailed" settings will result in you always getting a list of the rules triggered, whether it was found to be spam or not. On 03/08/2009 20:39, Mike Wallace wrote: > Julian I am not looking at what rules are used, I am looking for what > rules are triggered. The sa-stats program is found at > http://www.rulesemporium.com/programs/sa-stats.txt > > Here is the a Sample Output with the type of information I am looking > to collect. > --------------------- > > Time Spent Running SA: 1.68 hours > Time Spent Processing Spam: 0.29 hours > Time Spent Processing Ham: 1.39 hours > > TOP SPAM RULES FIRED > ---------------------------------------------------------------------- > RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM > ---------------------------------------------------------------------- > 1 HTML_MESSAGE 824 77.07 88.13 74.20 > 2 RAZOR2_CHECK 772 19.61 82.57 3.32 > 3 RAZOR2_CF_RANGE_51_100 753 18.21 80.53 2.08 > 4 RAZOR2_CF_RANGE_E8_51_100 713 17.19 76.26 1.91 > 5 URIBL_BLACK 652 16.03 69.73 2.13 > 6 MIME_HTML_ONLY 609 29.64 65.13 20.45 > > This type of report is helpful for tuning sa rules. > > Thanks. > > Mike > > ----- Original Message ----- > From: "Jules Field" > To: "MailScanner discussion" > Sent: Monday, August 3, 2009 2:30:36 PM GMT -05:00 US/Canada Eastern > Subject: Re: Spamassassin Syslog Functionality > > You can find out what SA rules are being used by doing a "MailScanner > --debug --debug-sa". > That will print the list of rules files it uses. They are the same for > every message. > > On 03/08/2009 19:00, Mike Wallace wrote: > > The reason I ask is that I want to run sa-stats to figure out what sa > > rules are being used. > > > > I'm not a Perl expert so I would prefer to not have to modify it to > > handle MailScanner's "Log Spam = yes" details in maillog. > > > > Or, is there an equivalent tool that will use the existing format? > > > > Thanks. > > > > Mike > > > > > > On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: > > > >> Is there anyway to have MailScanner generate Spamassassin syslog > output? > >> > >> I tried using the "Log Spam" setting in MailScanner but it logs to > >> maillog and not a separate log file that the Spamassassin log tools > use. > >> > >> Thanks. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> This message has been scanned for viruses and dangerous content by > >> MailScanner, and is believed to be clean. > >> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Mon Aug 3 22:17:41 2009 From: mike at mlrw.com (Mike Wallace) Date: Mon Aug 3 22:17:55 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: <24180257.401249334254060.JavaMail.root@zimbra.mlrw.com> Message-ID: <10955625.421249334261888.JavaMail.root@zimbra.mlrw.com> Here are the relevant parameters from my configuration: Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Actions = forward spam@mlrw.com header "X-mlrw-MailScanner-Spam-Status: Yes" High Scoring Spam Actions = forward spam@mlrw.com header "X-mlrw-MailScanner-High-Spam-Status: Yes" (This will change to drop once I feel that I get no High Score False Positives) Non Spam Actions = deliver header "X-mlrw-MailScanner-Spam-Status: No" Log Spam = yes Log Non Spam = yes I have a couple of ideas. Could I add a custom function to " Spam Actions", " High Scoring Spam Actions" and " Non Spam Actions" to extract the spam score into a spam log file in addition to what they are doing now? or Could I use "SpamAssassin Rule Actions" to extract the spam score into a spam log file? or Since I am using postfix, could I have it extract the sa info before it delivers the message? I just want to implement the easiest solution with either minimal or preferably no code development on my part. Or do you know of anything like sa-stats that can use the output from MailScanner as is? Mike ----- Original Message ----- From: "Jules Field" To: "MailScanner discussion" Sent: Monday, August 3, 2009 4:10:11 PM GMT -05:00 US/Canada Eastern Subject: Re: Spamassassin Syslog Functionality In which case try the Spam Actions = attachment spam action, or the settings Detailed Spam Report = yes Always Include SpamAssassin Report = yes in MailScanner.conf. Putting in both the "Always" and "Detailed" settings will result in you always getting a list of the rules triggered, whether it was found to be spam or not. On 03/08/2009 20:39, Mike Wallace wrote: > Julian I am not looking at what rules are used, I am looking for what > rules are triggered. The sa-stats program is found at > http://www.rulesemporium.com/programs/sa-stats.txt > > Here is the a Sample Output with the type of information I am looking > to collect. > --------------------- > > Time Spent Running SA: 1.68 hours > Time Spent Processing Spam: 0.29 hours > Time Spent Processing Ham: 1.39 hours > > TOP SPAM RULES FIRED > ---------------------------------------------------------------------- > RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM > ---------------------------------------------------------------------- > 1 HTML_MESSAGE 824 77.07 88.13 74.20 > 2 RAZOR2_CHECK 772 19.61 82.57 3.32 > 3 RAZOR2_CF_RANGE_51_100 753 18.21 80.53 2.08 > 4 RAZOR2_CF_RANGE_E8_51_100 713 17.19 76.26 1.91 > 5 URIBL_BLACK 652 16.03 69.73 2.13 > 6 MIME_HTML_ONLY 609 29.64 65.13 20.45 > > This type of report is helpful for tuning sa rules. > > Thanks. > > Mike > > ----- Original Message ----- > From: "Jules Field" > To: "MailScanner discussion" > Sent: Monday, August 3, 2009 2:30:36 PM GMT -05:00 US/Canada Eastern > Subject: Re: Spamassassin Syslog Functionality > > You can find out what SA rules are being used by doing a "MailScanner > --debug --debug-sa". > That will print the list of rules files it uses. They are the same for > every message. > > On 03/08/2009 19:00, Mike Wallace wrote: > > The reason I ask is that I want to run sa-stats to figure out what sa > > rules are being used. > > > > I'm not a Perl expert so I would prefer to not have to modify it to > > handle MailScanner's "Log Spam = yes" details in maillog. > > > > Or, is there an equivalent tool that will use the existing format? > > > > Thanks. > > > > Mike > > > > > > On Jul 31, 2009, at 3:54 PM, Mike Wallace wrote: > > > >> Is there anyway to have MailScanner generate Spamassassin syslog > output? > >> > >> I tried using the "Log Spam" setting in MailScanner but it logs to > >> maillog and not a separate log file that the Spamassassin log tools > use. > >> > >> Thanks. > >> > >> -- > >> MailScanner mailing list > >> mailscanner@lists.mailscanner.info > >> http://lists.mailscanner.info/mailman/listinfo/mailscanner > >> > >> Before posting, read http://wiki.mailscanner.info/posting > >> > >> Support MailScanner development - buy the book off the website! > >> This message has been scanned for viruses and dangerous content by > >> MailScanner, and is believed to be clean. > >> > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090803/eefc5056/attachment-0001.html From logs at comp-wiz.com Mon Aug 3 22:19:42 2009 From: logs at comp-wiz.com (Logs) Date: Mon Aug 3 22:19:51 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A773686.4040200@ecs.soton.ac.uk> Message-ID: <02e201ca1480$1e1eb9e0$5a5c2da0$@com> I downloaded the MailScanner for RedHat, unzipped, untarred and used ./install.sh -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Monday, August 03, 2009 3:12 PM To: MailScanner discussion Subject: Re: Fedora Core 11 & Mailscanner Install Fails But the version shipped with MailScanner is 1.4.5 which satisfies the requirement. How did you install MailScanner? How did you install tnef? On 03/08/2009 19:43, Logs wrote: > Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: > > error: Failed dependencies: > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > Any ideas? > > Vern > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From logs at comp-wiz.com Mon Aug 3 22:51:16 2009 From: logs at comp-wiz.com (Logs) Date: Mon Aug 3 22:51:24 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A773686.4040200@ecs.soton.ac.uk> Message-ID: <02ef01ca1484$870104f0$95030ed0$@com> OK, so now I went and downloaded the latest rpm of tnef and the install went through, however, MailScanner hangs on startup. :( -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Monday, August 03, 2009 3:12 PM To: MailScanner discussion Subject: Re: Fedora Core 11 & Mailscanner Install Fails But the version shipped with MailScanner is 1.4.5 which satisfies the requirement. How did you install MailScanner? How did you install tnef? On 03/08/2009 19:43, Logs wrote: > Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: > > error: Failed dependencies: > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > Any ideas? > > Vern > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From jonas at vrt.dk Tue Aug 4 08:35:36 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 4 08:35:46 2009 Subject: Spamassassin Syslog Functionality In-Reply-To: <27117689.191249328394150.JavaMail.root@zimbra.mlrw.com> References: <27117689.191249328394150.JavaMail.root@zimbra.mlrw.com> Message-ID: <000f01ca14d6$28569440$7903bcc0$@dk> Hi Mike (Julian) In case you did not know, Mailwatch has more or less the same stats, I don?t know if that?s an option for you, but besides providing all sorts of other great things, it also provides the precise same stats as the sa-stats utility appears to. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Mike Wallace Sent: 3. august 2009 21:40 To: MailScanner discussion Subject: Re: Spamassassin Syslog Functionality Julian I am not looking at what rules are used, I am looking for what rules are triggered. The sa-stats program is found at http://www.rulesemporium.com/programs/sa-stats.txt -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090804/7ab139b7/attachment.html From maxsec at gmail.com Tue Aug 4 08:49:54 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Aug 4 08:50:03 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <02ef01ca1484$870104f0$95030ed0$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A773686.4040200@ecs.soton.ac.uk> <02ef01ca1484$870104f0$95030ed0$@com> Message-ID: <72cf361e0908040049v697c62d4v2c7b92d16019e1c1@mail.gmail.com> run a debug session and it should give lots of clues MailScanner --debug --debug-sa (I presume you've setup MailScanner.conf as required!) -- Martin Hepworth Oxford, UK 2009/8/3 Logs > OK, so now I went and downloaded the latest rpm of tnef and the install > went through, however, MailScanner hangs on startup. :( > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Monday, August 03, 2009 3:12 PM > To: MailScanner discussion > Subject: Re: Fedora Core 11 & Mailscanner Install Fails > > But the version shipped with MailScanner is 1.4.5 which satisfies the > requirement. > How did you install MailScanner? How did you install tnef? > > On 03/08/2009 19:43, Logs wrote: > > Getting the following error when trying to install the latest version of > MailScanner on a newly installed Fedora Core 11 box: > > > > error: Failed dependencies: > > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > > > Any ideas? > > > > Vern > > > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content at comp-wiz.com, and is > believed to be clean. > > > -- > This message has been scanned for viruses and > dangerous content at comp-wiz.com, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090804/f8c072d0/attachment.html From MailScanner at ecs.soton.ac.uk Tue Aug 4 08:59:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 4 08:59:27 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <02ef01ca1484$870104f0$95030ed0$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A773686.4040200@ecs.soton.ac.uk> <02ef01ca1484$870104f0$95030ed0$@com> <4A77EA48.9050002@ecs.soton.ac.uk> Message-ID: In which case do a "MailScanner --lint". Loads of people have used that same tarball as you and not had any problems at all, so I don't quite understand why you're having trouble. The only thing I can think of is problems caused by Fedora 11. On 03/08/2009 22:51, Logs wrote: > OK, so now I went and downloaded the latest rpm of tnef and the install went through, however, MailScanner hangs on startup. :( > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Monday, August 03, 2009 3:12 PM > To: MailScanner discussion > Subject: Re: Fedora Core 11& Mailscanner Install Fails > > But the version shipped with MailScanner is 1.4.5 which satisfies the > requirement. > How did you install MailScanner? How did you install tnef? > > On 03/08/2009 19:43, Logs wrote: > >> Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: >> >> error: Failed dependencies: >> tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch >> >> Any ideas? >> >> Vern >> >> >> >> > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 4 12:05:47 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 4 12:06:12 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <026001ca146a$42662600$c7327200$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> Message-ID: Please try out MailScanner 4.78.6-1 which I have just put on the website. It should install just fine on Fedora Core 11. Cheers, Jules. On 03/08/2009 19:43, Logs wrote: > Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: > > error: Failed dependencies: > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > Any ideas? > > Vern > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From logs at comp-wiz.com Tue Aug 4 14:47:19 2009 From: logs at comp-wiz.com (Logs) Date: Tue Aug 4 14:47:32 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> Message-ID: <044101ca150a$163d68e0$42b83aa0$@com> Looks like the same thing... Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl /usr/lib/MailScanner) at /usr/sbin/MailScanner line 91. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. [ OK ] Unless you think I should stay with Fedora Core 11 I am more than willing to reinstall FC10, in fact I was just about to do that when you sent off your last email. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, August 04, 2009 7:06 AM To: MailScanner discussion Subject: Re: Fedora Core 11 & Mailscanner Install Fails Please try out MailScanner 4.78.6-1 which I have just put on the website. It should install just fine on Fedora Core 11. Cheers, Jules. On 03/08/2009 19:43, Logs wrote: > Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: > > error: Failed dependencies: > tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch > > Any ideas? > > Vern > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 4 16:14:54 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 4 16:15:16 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <044101ca150a$163d68e0$42b83aa0$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> Message-ID: I have just done an installation of MailScanner 4.78.6-1 on a fully-patched Fedora 11 system, and both "MailScanner --lint" and "MailScanner -v" work just fine. What does "MailScanner -v" produce on your system? Can you try running the "./install.sh" again, and see what it says about Filesys::Df please? Jules. On 04/08/2009 14:47, Logs wrote: > Looks like the same thing... > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl /usr/lib/MailScanner) at /usr/sbin/MailScanner line 91. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. > [ OK ] > > Unless you think I should stay with Fedora Core 11 I am more than willing to reinstall FC10, in fact I was just about to do that when you sent off your last email. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, August 04, 2009 7:06 AM > To: MailScanner discussion > Subject: Re: Fedora Core 11& Mailscanner Install Fails > > Please try out MailScanner 4.78.6-1 which I have just put on the website. > It should install just fine on Fedora Core 11. > > Cheers, > Jules. > > On 03/08/2009 19:43, Logs wrote: > >> Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: >> >> error: Failed dependencies: >> tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch >> >> Any ideas? >> >> Vern >> >> >> >> > Jules > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ichmagmuell at bornefeld-ettmann.de Tue Aug 4 16:24:20 2009 From: ichmagmuell at bornefeld-ettmann.de (Ralph Bornefeld-Ettmann) Date: Tue Aug 4 16:24:43 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <044101ca150a$163d68e0$42b83aa0$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> Message-ID: Logs schrieb: > Looks like the same thing... > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl /usr/lib/MailScanner) at /usr/sbin/MailScanner line 91. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. > [ OK ] > > Unless you think I should stay with Fedora Core 11 I am more than willing to reinstall FC10, in fact I was just about to do that when you sent off your last email. > The error seems to tell what is missing. The perl module Filesys::DiskFree seems to be missing. Ralph > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, August 04, 2009 7:06 AM > To: MailScanner discussion > Subject: Re: Fedora Core 11 & Mailscanner Install Fails > > Please try out MailScanner 4.78.6-1 which I have just put on the website. > It should install just fine on Fedora Core 11. > > Cheers, > Jules. > > On 03/08/2009 19:43, Logs wrote: >> Getting the following error when trying to install the latest version of MailScanner on a newly installed Fedora Core 11 box: >> >> error: Failed dependencies: >> tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch >> >> Any ideas? >> >> Vern >> >> >> > > Jules > From raymond at prolocation.net Tue Aug 4 16:24:47 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Tue Aug 4 16:24:56 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> Message-ID: Hi! > I have just done an installation of MailScanner 4.78.6-1 on a fully-patched > Fedora 11 system, and both "MailScanner --lint" and "MailScanner -v" work > just fine. > > What does "MailScanner -v" produce on your system? > Can you try running the "./install.sh" again, and see what it says about > Filesys::Df please? >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: Can't locate Filesys/Df.pm in @INC (@INC >> contains: /usr/lib/MailScanner >> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi >> /usr/local/lib/perl5/site_perl/5.10.0 >> /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 >> /usr/lib/perl5/site_perl /usr/lib/MailScanner) at /usr/sbin/MailScanner >> line 91. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. Try the MailScanner install with the rpm -e stuff disabled in the install script. If i do this with MailScanner current on a Fedora 11 it breaks the complete install. It will remove a lot of perl packages before it starts installing (rpm -e) and then you get stuff like this. You can install Filesys via yum but after a MailScanner install run they are gone and stuff is broken. The rpm -e isnt ok Jules :) Bye, Raymond. From ichmagmuell at bornefeld-ettmann.de Tue Aug 4 16:27:04 2009 From: ichmagmuell at bornefeld-ettmann.de (Ralph Bornefeld-Ettmann) Date: Tue Aug 4 16:30:15 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> Message-ID: Ralph Bornefeld-Ettmann schrieb: > Logs schrieb: >> Looks like the same thing... >> >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: Can't locate Filesys/Df.pm in @INC (@INC >> contains: /usr/lib/MailScanner >> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi >> /usr/local/lib/perl5/site_perl/5.10.0 >> /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi >> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl >> /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 >> /usr/lib/perl5/site_perl /usr/lib/MailScanner) at >> /usr/sbin/MailScanner line 91. >> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. >> [ OK ] >> >> Unless you think I should stay with Fedora Core 11 I am more than >> willing to reinstall FC10, in fact I was just about to do that when >> you sent off your last email. >> > > The error seems to tell what is missing. > The perl module Filesys::DiskFree seems to be missing. sorry - missed the line - Filesys::Df is the correct one... > > Ralph > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >> Julian Field >> Sent: Tuesday, August 04, 2009 7:06 AM >> To: MailScanner discussion >> Subject: Re: Fedora Core 11 & Mailscanner Install Fails >> >> Please try out MailScanner 4.78.6-1 which I have just put on the website. >> It should install just fine on Fedora Core 11. >> >> Cheers, >> Jules. >> >> On 03/08/2009 19:43, Logs wrote: >>> Getting the following error when trying to install the latest version >>> of MailScanner on a newly installed Fedora Core 11 box: >>> >>> error: Failed dependencies: >>> tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch >>> >>> Any ideas? >>> >>> Vern >>> >>> >>> >> >> Jules >> > From davejones70 at gmail.com Tue Aug 4 17:47:36 2009 From: davejones70 at gmail.com (Dave Jones) Date: Tue Aug 4 17:47:45 2009 Subject: lstat() failed on: /mnt/ramdisk/... (Martin Hepworth) Message-ID: <67a55ed50908040947s78e262d5n25dfb9bf6d980dc4@mail.gmail.com> >try changing the type of tnef scanner, if the external binary change it to >the internal one and/or vice versa I changed it from external to internal and the problem is resolved. Thanks for your help Martin. Now the problem I have is some messages (one or two per hour out of roughly 10 thousand) are now killing MailScanner so I am getting user complaints about receiving that notification instead of the email that was sent. I have disabled TNEF for now until I can figure out what is wrong with these emails. I will search the archives for any ideas and to become more familiar with this new DOS detection feature. >From what I can tell so far, I think the problem is coming from older Outlook clients. >-- >Martin Hepworth >Oxford, UK >2009/8/1 Dave Jones >> >From June 24th: >> >> http://thread.gmane.org/gmane.mail.virus.mailscanner/71122/focus=71160 >> >> >> lstat() failed on: /mnt/ramdisk/31166/n5NC95S6028227/tnef.31166 >> > >> >Which version of MailScanner are you running? If you're using a version >> >< 4.76.24, and you only have tnef.* in your lstat errors, this is a >> >known bug. Upgrading to the latest MailScanner release will fix it (or >> >at least >= 4.76.24), as the tnef processing has been updated to correct >> >the permission errors. >> > >> >(see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for >> >reference, and "16 Fixed permissions and ownership problems with data >> >extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 >> >from http://www.mailscanner.info/ChangeLog). >> > >> > Cheers, >> >-Joshua >> >> I upgraded MailScanner to version 4.77.10-1 a few weeks ago and still >> have thousands of these errors in the maillog. -- Dave Jones From MailScanner at ecs.soton.ac.uk Tue Aug 4 19:07:39 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 4 19:08:01 2009 Subject: lstat() failed on: /mnt/ramdisk/... (Martin Hepworth) In-Reply-To: <67a55ed50908040947s78e262d5n25dfb9bf6d980dc4@mail.gmail.com> References: <67a55ed50908040947s78e262d5n25dfb9bf6d980dc4@mail.gmail.com> <4A7878EB.3020909@ecs.soton.ac.uk> Message-ID: On 04/08/2009 17:47, Dave Jones wrote: >> try changing the type of tnef scanner, if the external binary change it to >> the internal one and/or vice versa >> > I changed it from external to internal and the problem is resolved. > Thanks for your help Martin. > > Now the problem I have is some messages (one or two per hour out of > roughly 10 thousand) are now killing MailScanner Recent versions of MailScanner have denial-of-service protection systems in them so that individual messages cannot kill MailScanner. Look for the string "Processing Attempts" in MailScanner.conf and you will find the settings that control it. > so I am getting user > complaints about receiving that notification instead of the email > that was sent. I have disabled TNEF for now until I can figure out > what is wrong with these emails. I will search the archives for any > ideas and to become more familiar with this new DOS detection > feature. > > > From what I can tell so far, I think the problem is coming from older > Outlook clients. > > >> -- >> Martin Hepworth >> Oxford, UK >> > >> 2009/8/1 Dave Jones >> > >>> > From June 24th: >>> >>> http://thread.gmane.org/gmane.mail.virus.mailscanner/71122/focus=71160 >>> >>> >>>>> lstat() failed on: /mnt/ramdisk/31166/n5NC95S6028227/tnef.31166 >>>>> >>>> Which version of MailScanner are you running? If you're using a version >>>> < 4.76.24, and you only have tnef.* in your lstat errors, this is a >>>> known bug. Upgrading to the latest MailScanner release will fix it (or >>>> at least>= 4.76.24), as the tnef processing has been updated to correct >>>> the permission errors. >>>> >>>> (see http://www.bluequartz.us/phpBB2/viewtopic.php?t=87165 for >>>> reference, and "16 Fixed permissions and ownership problems with data >>>> extracted from TNEF winmail.dat attachments." under fixes of 4.76.24-3 >>>> >>> >from http://www.mailscanner.info/ChangeLog). >>> >>>> Cheers, >>>> -Joshua >>>> >>> I upgraded MailScanner to version 4.77.10-1 a few weeks ago and still >>> have thousands of these errors in the maillog. >>> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 4 19:18:47 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 4 19:19:09 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> Message-ID: On 04/08/2009 16:24, Raymond Dijkxhoorn wrote: > Hi! > >> I have just done an installation of MailScanner 4.78.6-1 on a >> fully-patched Fedora 11 system, and both "MailScanner --lint" and >> "MailScanner -v" work just fine. >> >> What does "MailScanner -v" produce on your system? >> Can you try running the "./install.sh" again, and see what it says >> about Filesys::Df please? > >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: Can't locate Filesys/Df.pm in @INC >>> (@INC contains: /usr/lib/MailScanner >>> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi >>> /usr/local/lib/perl5/site_perl/5.10.0 >>> /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi >>> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl >>> /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 >>> /usr/lib/perl5/site_perl /usr/lib/MailScanner) at >>> /usr/sbin/MailScanner line 91. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. > > Try the MailScanner install with the rpm -e stuff disabled in the > install script. But that is only triggered if the version of MailScanner currently installed is less than 4.76.11. Are you upgrading from a version before 4.76.11? > > If i do this with MailScanner current on a Fedora 11 it breaks the > complete install. It will remove a lot of perl packages before it > starts installing (rpm -e) and then you get stuff like this. Because the RPMs are totally different beyond 4.76.11 than they were before it, so the old ones have to be removed to force the installation of the new ones. Otherwise you won't be able to "yum upgrade" your system due to clashes between some of the perl-* RPMs and the perl RPM itself. 4.76.11 was the point at which I fixed all of that, so earlier ones have to be removed. > > You can install Filesys via yum but after a MailScanner install run > they are gone and stuff is broken. > > The rpm -e isnt ok Jules :) But the new Filesys::Df installs just fine on Fedora 11, so I fail to see why it would be a problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 4 19:19:54 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 4 19:20:15 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A787BCA.9000609@ecs.soton.ac.uk> Message-ID: On 04/08/2009 16:27, Ralph Bornefeld-Ettmann wrote: > Ralph Bornefeld-Ettmann schrieb: >> Logs schrieb: >>> Looks like the same thing... >>> >>> Starting MailScanner daemons: >>> incoming sendmail: [ OK ] >>> outgoing sendmail: [ OK ] >>> MailScanner: Can't locate Filesys/Df.pm in @INC (@INC >>> contains: /usr/lib/MailScanner >>> /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi >>> /usr/local/lib/perl5/site_perl/5.10.0 >>> /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi >>> /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl >>> /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 >>> /usr/lib/perl5/site_perl /usr/lib/MailScanner) at >>> /usr/sbin/MailScanner line 91. >>> BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. >>> [ OK ] >>> >>> Unless you think I should stay with Fedora Core 11 I am more than >>> willing to reinstall FC10, in fact I was just about to do that when >>> you sent off your last email. >>> >> >> The error seems to tell what is missing. >> The perl module Filesys::DiskFree seems to be missing. > > sorry - missed the line - Filesys::Df is the correct one... Do you have the install.log from the installation? If so, please send it to me (gzipped, off-list). Without it, I cannot see what actually happened. >> >>> -----Original Message----- >>> From: mailscanner-bounces@lists.mailscanner.info >>> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of >>> Julian Field >>> Sent: Tuesday, August 04, 2009 7:06 AM >>> To: MailScanner discussion >>> Subject: Re: Fedora Core 11 & Mailscanner Install Fails >>> >>> Please try out MailScanner 4.78.6-1 which I have just put on the >>> website. >>> It should install just fine on Fedora Core 11. >>> >>> Cheers, >>> Jules. >>> >>> On 03/08/2009 19:43, Logs wrote: >>>> Getting the following error when trying to install the latest >>>> version of MailScanner on a newly installed Fedora Core 11 box: >>>> >>>> error: Failed dependencies: >>>> tnef>= 1.1.1 is needed by mailscanner-4.77.10-1.noarch >>>> >>>> Any ideas? >>>> >>>> Vern >>>> >>>> >>> >>> Jules >>> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From itdept at fractalweb.com Tue Aug 4 20:55:26 2009 From: itdept at fractalweb.com (Chris Yuzik) Date: Tue Aug 4 20:55:43 2009 Subject: use MailScanner as gateway Message-ID: <3286FE21C3AD427B8D6AF870D12C3B7B@Pandora> Hi everyone, I need to configure our mail server to allow MailScanner/Sendmail/Procmail to act as a gateway in front of an exchange server. I found the instructions in the MailScanner WIKI, but would like to configure our system to reject messages intended for non-existent messages on the exchange server. The gateway server will be at a data center, while the exchange server will be physically in the client's office behind a firewall. Anyone know how to do this? Thanks, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090804/d154c1db/attachment.html From MailScanner at ecs.soton.ac.uk Tue Aug 4 21:32:46 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 4 21:33:05 2009 Subject: use MailScanner as gateway In-Reply-To: <3286FE21C3AD427B8D6AF870D12C3B7B@Pandora> References: <3286FE21C3AD427B8D6AF870D12C3B7B@Pandora> <4A789AEE.1020300@ecs.soton.ac.uk> Message-ID: Look for "milter-ahead" in Google. That will do the job very nicely for you, by calling ahead to the Exchange server to verify recipient addresses before it accepts the message into sendmail on the MailScanner server. On 04/08/2009 20:55, Chris Yuzik wrote: > Hi everyone, > I need to configure our mail server to allow > MailScanner/Sendmail/Procmail to act as a gateway in front of an > exchange server. I found the instructions in the MailScanner WIKI, but > would like to configure our system to reject messages intended for > non-existent messages on the exchange server. The gateway server will > be at a data center, while the exchange server will be physically in > the client's office behind a firewall. Anyone know how to do this? > Thanks, > Chris Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Tue Aug 4 23:39:40 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Tue Aug 4 23:39:48 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> Message-ID: Hi! >> Try the MailScanner install with the rpm -e stuff disabled in the install >> script. > But that is only triggered if the version of MailScanner currently installed > is less than 4.76.11. > Are you upgrading from a version before 4.76.11? The last stable and the last beta. >> If i do this with MailScanner current on a Fedora 11 it breaks the complete >> install. It will remove a lot of perl packages before it starts installing >> (rpm -e) and then you get stuff like this. > Because the RPMs are totally different beyond 4.76.11 than they were before > it, so the old ones have to be removed to force the installation of the new > ones. Otherwise you won't be able to "yum upgrade" your system due to clashes > between some of the perl-* RPMs and the perl RPM itself. 4.76.11 was the > point at which I fixed all of that, so earlier ones have to be removed. Yes but you remove all RPM's every time. And if the install fails you have a broken system. Even cpan doesnt function anymore after a failled install since it simple rpm -e's all it wants :) >> The rpm -e isnt ok Jules :) > But the new Filesys::Df installs just fine on Fedora 11, so I fail to see why > it would be a problem. I have seen dependency issues. You could play one one of the machines where its happening if interested. No problem. Meanwhile i have found my way of fixing it ;) Bye, Raymond. From joost at waversveld.nl Wed Aug 5 08:17:50 2009 From: joost at waversveld.nl (Joost Waversveld) Date: Wed Aug 5 08:19:03 2009 Subject: use MailScanner as gateway In-Reply-To: References: <3286FE21C3AD427B8D6AF870D12C3B7B@Pandora> <4A789AEE.1020300@ecs.soton.ac.uk> Message-ID: <4A79321E.1050000@waversveld.nl> You could also use smf-sav, that will do the same job for free. If you're gonna use smf-sav, don't forget to disable the "Sender Address Verification" part of it. Joost Jules Field wrote: > Look for "milter-ahead" in Google. That will do the job very nicely > for you, by calling ahead to the Exchange server to verify recipient > addresses before it accepts the message into sendmail on the > MailScanner server. > > On 04/08/2009 20:55, Chris Yuzik wrote: >> Hi everyone, >> I need to configure our mail server to allow >> MailScanner/Sendmail/Procmail to act as a gateway in front of an >> exchange server. I found the instructions in the MailScanner WIKI, >> but would like to configure our system to reject messages intended >> for non-existent messages on the exchange server. The gateway server >> will be at a data center, while the exchange server will be >> physically in the client's office behind a firewall. Anyone know how >> to do this? >> Thanks, >> Chris > > Jules > -- Joost Waversveld From MailScanner at ecs.soton.ac.uk Wed Aug 5 09:56:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Aug 5 09:57:09 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> <4A794952.1050806@ecs.soton.ac.uk> Message-ID: On 04/08/2009 23:39, Raymond Dijkxhoorn wrote: > Hi! > >>> Try the MailScanner install with the rpm -e stuff disabled in the >>> install script. > >> But that is only triggered if the version of MailScanner currently >> installed is less than 4.76.11. >> Are you upgrading from a version before 4.76.11? > > The last stable and the last beta. > >>> If i do this with MailScanner current on a Fedora 11 it breaks the >>> complete install. It will remove a lot of perl packages before it >>> starts installing (rpm -e) and then you get stuff like this. > >> Because the RPMs are totally different beyond 4.76.11 than they were >> before it, so the old ones have to be removed to force the >> installation of the new ones. Otherwise you won't be able to "yum >> upgrade" your system due to clashes between some of the perl-* RPMs >> and the perl RPM itself. 4.76.11 was the point at which I fixed all >> of that, so earlier ones have to be removed. > > Yes but you remove all RPM's every time. And if the install fails you > have a broken system. Even cpan doesnt function anymore after a > failled install since it simple rpm -e's all it wants :) I think I have finally worked out a solution to this problem. If I do need to remove an RPM (and sometimes I do), then I only remove the RPM if I installed it in the first place. If it wasn't built as part of a MailScanner installation, it is left well alone. See 4.78.7. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raymond at prolocation.net Wed Aug 5 10:00:56 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Wed Aug 5 10:01:09 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> <4A794952.1050806@ecs.soton.ac.uk> Message-ID: Hi! >> Yes but you remove all RPM's every time. And if the install fails you have >> a broken system. Even cpan doesnt function anymore after a failled install >> since it simple rpm -e's all it wants :) > I think I have finally worked out a solution to this problem. If I do need to > remove an RPM (and sometimes I do), then I only remove the RPM if I installed > it in the first place. If it wasn't built as part of a MailScanner > installation, it is left well alone. > > See 4.78.7. Thanks, will try that one lateron and let you know. Sounds like a much better solution then blindly removing all :-) Bye, Raymond. From alex at rtpty.com Wed Aug 5 12:53:23 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Wed Aug 5 12:53:38 2009 Subject: use MailScanner as gateway In-Reply-To: <4A79321E.1050000@waversveld.nl> References: <3286FE21C3AD427B8D6AF870D12C3B7B@Pandora> <4A789AEE.1020300@ecs.soton.ac.uk> <4A79321E.1050000@waversveld.nl> Message-ID: <304FFBB7-E9EE-449C-A869-EB41676E5AF4@rtpty.com> Which, ironically, was what it was meant to be in the beginning! :D It does both jobs well - although Sender Address Verification has been declining in popularity because it can cause more problems than it solves. On Aug 5, 2009, at 2:17 AM, Joost Waversveld wrote: > don't forget to disable the "Sender Address Verification" part of it. -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From brose at med.wayne.edu Wed Aug 5 14:05:20 2009 From: brose at med.wayne.edu (Rose, Bobby) Date: Wed Aug 5 14:05:42 2009 Subject: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity In-Reply-To: References: <4A757D1F.6060707@ecs.soton.ac.uk> Message-ID: FYI I'm not sure but I think this is resolved since I haven't seen it happen again. The only thing I did was change the spaces to tabs in the whitelist rules file for that rule which consisted of 2 FROM (one subnet and one domain). I didn't think it mattered but it seemed to resolve this issue. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Rose, Bobby Sent: Sunday, August 02, 2009 11:35 AM To: MailScanner discussion Subject: RE: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity I've been trying to duplicate this without success. The issue is that there is this domain and network segment that is in my whitelist rules file. If that domain send an email with more than 20 recipients, the whitelist is ignore which I know is the way it works and I'm fine with that. But what is odd is that the email is just labeled as blacklisted, no SA checks or anything, just blacklisted. But neither the domain or the IP nor the sender is any blacklist rules file nor in a per-user blacklist entry in the mailwatch blacklist table. I don't have access to the remote mailsystem which is on our class-B network here at the university. But the tests that I've done on my own have been to disable the whitelist rule and sent an email with a single recipient with a return address from that domain. It's scanned and isn't blacklisted. During this time of having them out of the whitelist, my domain has received a couple emails (single recipients) from their domain/senders and the same server and they aren't blacklisted either. I also lowered the Ignore Spam Whitelist If Recipients Exceed option to 1 and tried sending to two addesses in my domain using a return address from that domain and that test email goes thru fine and also isn't blacklisted) I'm not using any spam lists checks in MailScanner since that's either done by the MTA or SA. But even if I was, I would have seen blacklisted for them while I had them unwhitelisted. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Sunday, August 02, 2009 7:49 AM To: MailScanner discussion Subject: Re: Is Definitely Not Spam and Ignore Spam Whitelist If Recipients Exceed Options oddity On 01/08/2009 03:42, Rose, Bobby wrote: > > I have a ruleset for Is Definitely Not Spam and everything works fine > except if that that address sends a message with more recipients than > what is set for Ignore Spam Whitelist If Recipients Exceed. In that > case, the message seems to get blacklisted. If the entry is removed > from the whitelist ruleset, then the issue doesn't occur (but I'll > still see the log entry saying that ignored whitelist. > So you're saying that the "Is Definitely Not Spam" is ignored if the message has more recipients than set in "Ignore Spam Whitelist If Recipients Exceed"? In that case, that is exactly what it is meant to do. "Is Definitely Not Spam" is the "Spam Whitelist" the other option is talking about. > Has anyone else noticed this or is it just me and I have to keep > digging for the reason? > > Thanks > > -=Bobby > > > ------------------------------------------------------------------------ > This document may include proprietary and confidential information of > Wayne State University Physician Group and may only be read by those > person(s) to whom it is addressed. If you have received this e-mail > message in error, please notify us immediately. This document may not > be reproduced, copied, distributed, published, modified or furnished > to third parties, without prior written consent of Wayne State > University Physician Group. Thank you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This document may include proprietary and confidential information of Wayne State University Physician Group and may only be read by those person(s) to whom it is addressed. If you have received this e-mail message in error, please notify us immediately. This document may not be reproduced, copied, distributed, published, modified or furnished to third parties, without prior written consent of Wayne State University Physician Group. Thank you. From drnick at physics.byu.edu Wed Aug 5 19:24:12 2009 From: drnick at physics.byu.edu (Blatter, Nicholas) Date: Wed Aug 5 19:24:25 2009 Subject: Custom function for 'Required SpamAssassin Score' runs multiple times for each message In-Reply-To: References: <5DC600B80DB6EE4BAB1D631E14FBADCCFF8521@bohr.physics.byu.edu><4A771E66.9020601@ecs.soton.ac.uk> Message-ID: <5DC600B80DB6EE4BAB1D631E14FBADCC010C75D5@bohr.physics.byu.edu> > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jules Field > Sent: Monday, August 03, 2009 11:29 AM > To: MailScanner discussion > Subject: Re: Custom function for 'Required SpamAssassin Score' runs > multiple times for each message > > Some of the MailScanner.conf settings are looked up more than once. This > is necessary. Thanks for the reply. My biggest concern was the multiple custom function calls -- it's good to know that this is by design and not a problem with my implementation. > All you need to do in your Custom Function is add a fast-expiring cache > for your results data. I'll do that. Thanks again. Nick From drnick at physics.byu.edu Wed Aug 5 22:32:34 2009 From: drnick at physics.byu.edu (Blatter, Nicholas) Date: Wed Aug 5 22:32:47 2009 Subject: Custom Function Scope and Variable Lifetime Message-ID: <5DC600B80DB6EE4BAB1D631E14FBADCC010C7602@bohr.physics.byu.edu> I have been working with writing custom function for MailScanner and have come across an issue with variables and subroutines in one custom function (module) stepping on those in another module. I'm not terribly familiar with Perl, but I imagine this is a result of MailScanner loading all the modules into a single namespace/package/scope. Does this sound correct? When writing custom functions, is there anything you can do to keep the functions separate from each other so that you don't run into name collisions or other problems arising from a shared namespace? Would it work (or even make sense) to have each custom function in it's own Perl package? How would that work when telling MailScanner to load the function? I'm also wondering what the lifetime of 'global' variables (in the custom function module) looks like. Is there just one instance of each module loaded for MailScanner or does each MailScanner child process load an instance of each module (this appears to be the case from watching the logs). Are the global variables in each module shared between the MailScanner children processes or are they separate? Sorry for the noobish questions but I'd like to make sure I'm writing these modules for MailScanner as well as I can. Any tips or suggestions on their organization are appreciated. Thanks for your time, Nick From logs at comp-wiz.com Wed Aug 5 23:21:40 2009 From: logs at comp-wiz.com (Logs) Date: Wed Aug 5 23:21:52 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> <4A794952.1050806@ecs.soton.ac.uk> Message-ID: <009301ca161b$1b370880$51a51980$@com> Okay, so I'm not sure where we are at. I have downloaded and installed the latest Beta, but am still having trouble, so I am not sure what to do from here. -----Original Message----- >> Yes but you remove all RPM's every time. And if the install fails you have >> a broken system. Even cpan doesnt function anymore after a failled install >> since it simple rpm -e's all it wants :) > I think I have finally worked out a solution to this problem. If I do need to > remove an RPM (and sometimes I do), then I only remove the RPM if I installed > it in the first place. If it wasn't built as part of a MailScanner > installation, it is left well alone. > > See 4.78.7. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From logs at comp-wiz.com Wed Aug 5 23:26:48 2009 From: logs at comp-wiz.com (Logs) Date: Wed Aug 5 23:26:58 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <009301ca161b$1b370880$51a51980$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <4A771C93.6010205@ecs.soton.ac.uk> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> <4A794952.1050806@ecs.soton.ac.uk> <00930 1ca161b$1b370880$51a51980$@com> Message-ID: <009401ca161b$d26a4b70$773ee250$@com> Hey missed a couple emails and went back and reread and found that someone said something about Filesys::Df, so I installed from CPAN and it works now. Thanks. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Logs Sent: Wednesday, August 05, 2009 6:22 PM To: 'MailScanner discussion' Subject: RE: Fedora Core 11 & Mailscanner Install Fails Okay, so I'm not sure where we are at. I have downloaded and installed the latest Beta, but am still having trouble, so I am not sure what to do from here. -----Original Message----- >> Yes but you remove all RPM's every time. And if the install fails you have >> a broken system. Even cpan doesnt function anymore after a failled install >> since it simple rpm -e's all it wants :) > I think I have finally worked out a solution to this problem. If I do need to > remove an RPM (and sometimes I do), then I only remove the RPM if I installed > it in the first place. If it wasn't built as part of a MailScanner > installation, it is left well alone. > > See 4.78.7. -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. From zaeem.arshad at gmail.com Thu Aug 6 08:41:34 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Aug 6 08:41:44 2009 Subject: Per domain High Scoring Spam Score Message-ID: <3e1809420908060041r2ebfb4d2i44496e64ed9a8cd5@mail.gmail.com> Hi, My inbound mail server relays for a couple of domains and I'd like to have individual score settings for each domain. So, domain xyz.com may have a required score of 6 but abc.com would have a required score of 7. Is that possible, implemented or outright stupid? Regards -- Zaeem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090806/e17c5ff0/attachment.html From MailScanner at ecs.soton.ac.uk Thu Aug 6 09:24:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 09:24:59 2009 Subject: Custom Function Scope and Variable Lifetime In-Reply-To: <5DC600B80DB6EE4BAB1D631E14FBADCC010C7602@bohr.physics.byu.edu> References: <5DC600B80DB6EE4BAB1D631E14FBADCC010C7602@bohr.physics.byu.edu> <4A7A9347.5030707@ecs.soton.ac.uk> Message-ID: On 05/08/2009 22:32, Blatter, Nicholas wrote: > I have been working with writing custom function for MailScanner and have come across an issue with variables and subroutines in one custom function (module) stepping on those in another module. I'm not terribly familiar with Perl, but I imagine this is a result of MailScanner loading all the modules into a single namespace/package/scope. > > Does this sound correct? Yes, they are all loaded into the same namespace. However, there's nothing stopping you putting variables which are specific for your custom function into their own namespace, just refer to them with the full namespace information, e.g. "$MyCustomFunction::MyVariable = 5;" should work just fine. > When writing custom functions, is there anything you can do to keep the functions separate from each other so that you don't run into name collisions or other problems arising from a shared namespace? Would it work (or even make sense) to have each custom function in it's own Perl package? How would that work when telling MailScanner to load the function? > I would rather not go to the effort of writing that. You can code around it so easily in your Custom Function anyway that it isn't really a problem worth solving. > I'm also wondering what the lifetime of 'global' variables (in the custom function module) looks like. Is there just one instance of each module loaded for MailScanner or does each MailScanner child process load an instance of each module (this appears to be the case from watching the logs). I think you are correct in your interpretation of the logs, the forking happens before the Custom Functions are "require"-d. > Are the global variables in each module shared between the MailScanner children processes or are they separate? > Separate. > Sorry for the noobish questions but I'd like to make sure I'm writing these modules for MailScanner as well as I can. Any tips or suggestions on their organization are appreciated. > No problem. Just put your global variables in your own made-up namespace, as in my little example above. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Aug 6 09:27:44 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 09:28:06 2009 Subject: Per domain High Scoring Spam Score In-Reply-To: <3e1809420908060041r2ebfb4d2i44496e64ed9a8cd5@mail.gmail.com> References: <3e1809420908060041r2ebfb4d2i44496e64ed9a8cd5@mail.gmail.com> <4A7A9400.2060104@ecs.soton.ac.uk> Message-ID: Read all about "rulesets" in /etc/MailScanner/rules/* and in the book, for starters. It's very easy, you'll soon figure it out. As an example for your case below, in MailScanner.conf set Required SpamAssassin Score = %rules-dir%/required.sa.score.rules And then in /etc/MailScanner/rules/required.sa.score.rules set To: *@xyz.com 6 To: *@abc.com 7 Then just do a "service MailScanner reload" and you're away. You can do a lot more than just "*@xyz.com" in the "address pattern". See the docs and examples in /etc/MailScanner/rules/*. Jules. On 06/08/2009 08:41, Zaeem Arshad wrote: > Hi, > > My inbound mail server relays for a couple of domains and I'd like to > have individual score settings for each domain. So, domain xyz.com > may have a required score of 6 but abc.com > would have a required score of 7. Is that possible, > implemented or outright stupid? > > > Regards > > -- > Zaeem Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From zaeem.arshad at gmail.com Thu Aug 6 09:33:04 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Thu Aug 6 09:33:13 2009 Subject: Per domain High Scoring Spam Score In-Reply-To: References: <4A7A9400.2060104@ecs.soton.ac.uk> <3e1809420908060041r2ebfb4d2i44496e64ed9a8cd5@mail.gmail.com> Message-ID: <3e1809420908060133l2a273f79y63ed02df6f1be3b@mail.gmail.com> Fantastic. I know about the rulesets being supported for other options but wasn't sure if they'd work with the required score variable. Thanks a ton. Regards -- Zaeem On Thu, Aug 6, 2009 at 2:27 PM, Julian Field wrote: > Read all about "rulesets" in /etc/MailScanner/rules/* and in the book, for > starters. > It's very easy, you'll soon figure it out. > > As an example for your case below, in MailScanner.conf set > Required SpamAssassin Score = %rules-dir%/required.sa.score.rules > > And then in /etc/MailScanner/rules/required.sa.score.rules set > To: *@xyz.com 6 > To: *@abc.com 7 > > Then just do a "service MailScanner reload" and you're away. > > You can do a lot more than just "*@xyz.com" in the "address pattern". See > the docs and examples in /etc/MailScanner/rules/*. > > Jules. > > On 06/08/2009 08:41, Zaeem Arshad wrote: > >> Hi, >> >> My inbound mail server relays for a couple of domains and I'd like to have >> individual score settings for each domain. So, domain xyz.com < >> http://xyz.com> may have a required score of 6 but abc.com < >> http://abc.com> would have a required score of 7. Is that possible, >> implemented or outright stupid? >> >> >> Regards >> >> -- >> Zaeem >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090806/6e847f65/attachment.html From raymond at prolocation.net Thu Aug 6 10:08:48 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Thu Aug 6 10:08:56 2009 Subject: Fedora Core 11 & Mailscanner Install Fails In-Reply-To: <009301ca161b$1b370880$51a51980$@com> References: <22541220.51249299864358.JavaMail.root@office.splatnix.net> <026001ca146a$42662600$c7327200$@com> <4A78160B.1080801@ecs.soton.ac.uk> <044101ca150a$163d68e0$42b83aa0$@com> <4A78506E.4070702@ecs.soton.ac.uk> <4A787B87.1000909@ecs.soton.ac.uk> <4A794952.1050806@ecs.soton.ac.uk> <009301ca161b$1b370880$51a51980$@com> Message-ID: Hi! > Okay, so I'm not sure where we are at. I have downloaded and installed the > latest Beta, but am still having trouble, so I am not sure what to do from > here. Most likely since you am missing several needed RPM's now to even start the install. We had the same and had to manually install a couple of RPMs before the installer went ok again. You can see this also in your install log .... ? So please post some snippets from that. Bye, Raymond. From MailScanner at ecs.soton.ac.uk Thu Aug 6 10:13:45 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 10:14:04 2009 Subject: Per domain High Scoring Spam Score In-Reply-To: <3e1809420908060133l2a273f79y63ed02df6f1be3b@mail.gmail.com> References: <4A7A9400.2060104@ecs.soton.ac.uk> <3e1809420908060041r2ebfb4d2i44496e64ed9a8cd5@mail.gmail.com> <3e1809420908060133l2a273f79y63ed02df6f1be3b@mail.gmail.com> <4A7A9EC9.9070206@ecs.soton.ac.uk> Message-ID: Every configuration setting in MailScanner.conf says whether it can also be the filename of a ruleset. It's in the last line of the docs immediately above the configuration setting line itself. Virtually all can be rulesets. On 06/08/2009 09:33, Zaeem Arshad wrote: > > Fantastic. I know about the rulesets being supported for other options > but wasn't sure if they'd work with the required score variable. > Thanks a ton. > > > Regards > > -- > Zaeem > > On Thu, Aug 6, 2009 at 2:27 PM, Julian Field > > wrote: > > Read all about "rulesets" in /etc/MailScanner/rules/* and in the > book, for starters. > It's very easy, you'll soon figure it out. > > As an example for your case below, in MailScanner.conf set > Required SpamAssassin Score = %rules-dir%/required.sa.score.rules > > And then in /etc/MailScanner/rules/required.sa.score.rules set > To: *@xyz.com 6 > To: *@abc.com 7 > > Then just do a "service MailScanner reload" and you're away. > > You can do a lot more than just "*@xyz.com " in > the "address pattern". See the docs and examples in > /etc/MailScanner/rules/*. > > Jules. > > > On 06/08/2009 08:41, Zaeem Arshad wrote: > > Hi, > > My inbound mail server relays for a couple of domains and I'd > like to have individual score settings for each domain. So, > domain xyz.com may have a > required score of 6 but abc.com > would have a required score of 7. Is that > possible, implemented or outright stupid? > > > Regards > > -- > Zaeem > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From E.Bloodaxe at gold.ac.uk Thu Aug 6 10:13:34 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Thu Aug 6 10:14:23 2009 Subject: hostname variable in attachment replacement Message-ID: <4A7A9EBE.20100@gold.ac.uk> Is there a way to have a variable in the attachements that replace unacceptable file types and content that expands to the host names. I.e. in stored.filename.message.txt in etc/reports/en I want a line saying File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id so that my sysadmins can see which of the many servers the file is on as the standard reports give them no indication of which server to get the file from. I have tried all the obvious Regards Erik From MailScanner at ecs.soton.ac.uk Thu Aug 6 10:21:42 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 10:22:04 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7A9EBE.20100@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> Message-ID: As clearly shown in the example file supplied in /etc/MailScanner/reports/en/stored.filename.message.txt, Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber (message $id). Note the "$hostname" in the line above. On 06/08/2009 10:13, Erik Bloodaxe wrote: > Is there a way to have a variable in the attachements that replace > unacceptable file types and content that expands to the host names. > > I.e. in stored.filename.message.txt in etc/reports/en > > I want a line saying > > File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id > > so that my sysadmins can see which of the many servers the file is on > as the standard reports give them no indication of which server to get > the file from. > > I have tried all the obvious > > Regards > > Erik > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From E.Bloodaxe at gold.ac.uk Thu Aug 6 11:09:16 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Thu Aug 6 11:10:05 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> Message-ID: <4A7AABCC.9080202@gold.ac.uk> Julian Field wrote: > As clearly shown in the example file supplied in > /etc/MailScanner/reports/en/stored.filename.message.txt, > > Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber > (message $id). > > Note the "$hostname" in the line above. > > On 06/08/2009 10:13, Erik Bloodaxe wrote: >> Is there a way to have a variable in the attachements that replace >> unacceptable file types and content that expands to the host names. >> >> I.e. in stored.filename.message.txt in etc/reports/en >> >> I want a line saying >> >> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >> >> so that my sysadmins can see which of the many servers the file is on >> as the standard reports give them no indication of which server to >> get the file from. >> >> I have tried all the obvious >> >> Regards >> >> Erik >> > > Jules > This does not seem to work - $hostname expands to a blank, the enviroment variable $HOSTNAME is set in the environment for login shells but appears not to be set for system started scripts, very few changes have been made to the default install. This is on RedHat 5. Is there any other way to acheive this? Erik From MailScanner at ecs.soton.ac.uk Thu Aug 6 11:40:36 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 11:41:05 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7AABCC.9080202@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> Message-ID: On 06/08/2009 11:09, Erik Bloodaxe wrote: > Julian Field wrote: >> As clearly shown in the example file supplied in >> /etc/MailScanner/reports/en/stored.filename.message.txt, >> >> Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber >> (message $id). >> >> Note the "$hostname" in the line above. >> >> On 06/08/2009 10:13, Erik Bloodaxe wrote: >>> Is there a way to have a variable in the attachements that replace >>> unacceptable file types and content that expands to the host names. >>> >>> I.e. in stored.filename.message.txt in etc/reports/en >>> >>> I want a line saying >>> >>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>> >>> so that my sysadmins can see which of the many servers the file is >>> on as the standard reports give them no indication of which server >>> to get the file from. >>> >>> I have tried all the obvious >>> >>> Regards >>> >>> Erik >>> >> >> Jules >> > This does not seem to work - $hostname expands to a blank, the > enviroment variable $HOSTNAME is set in the environment for login > shells but appears not to be set for system started scripts, very few > changes have been made to the default install. This is on RedHat 5. Have you set the "Hostname" setting in MailScanner.conf? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Thu Aug 6 11:40:50 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Aug 6 11:41:08 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7AABCC.9080202@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> Erik Bloodaxe wrote: > Julian Field wrote: >> As clearly shown in the example file supplied in >> /etc/MailScanner/reports/en/stored.filename.message.txt, >> >> Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber >> (message $id). >> >> Note the "$hostname" in the line above. >> >> On 06/08/2009 10:13, Erik Bloodaxe wrote: >>> Is there a way to have a variable in the attachements that replace >>> unacceptable file types and content that expands to the host names. >>> >>> I.e. in stored.filename.message.txt in etc/reports/en >>> >>> I want a line saying >>> >>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>> >>> so that my sysadmins can see which of the many servers the file is >>> on as the standard reports give them no indication of which server >>> to get the file from. >>> >>> I have tried all the obvious >>> >>> Regards >>> >>> Erik >>> >> >> Jules >> > This does not seem to work - $hostname expands to a blank, the > enviroment variable $HOSTNAME is set in the environment for login > shells but appears not to be set for system started scripts, very few > changes have been made to the default install. This is on RedHat 5. I see that on CentOS 5.3 too, so it is no just your installation. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From prandal at herefordshire.gov.uk Thu Aug 6 11:49:14 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Thu Aug 6 11:49:32 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk><4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA07598ADF@HC-MBX02.herefordshire.gov.uk> Julian Field wrote: > On 06/08/2009 11:09, Erik Bloodaxe wrote: >> Julian Field wrote: >>> As clearly shown in the example file supplied in >>> /etc/MailScanner/reports/en/stored.filename.message.txt, >>> >>> Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber >>> (message $id). >>> >>> Note the "$hostname" in the line above. >>> >>> On 06/08/2009 10:13, Erik Bloodaxe wrote: >>>> Is there a way to have a variable in the attachements that replace >>>> unacceptable file types and content that expands to the host names. >>>> >>>> I.e. in stored.filename.message.txt in etc/reports/en >>>> >>>> I want a line saying >>>> >>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>> >>>> so that my sysadmins can see which of the many servers the file is >>>> on as the standard reports give them no indication of which server >>>> to get the file from. >>>> >>>> I have tried all the obvious >>>> >>>> Regards >>>> >>>> Erik >>>> >>> >>> Jules >>> >> This does not seem to work - $hostname expands to a blank, the >> enviroment variable $HOSTNAME is set in the environment for login >> shells but appears not to be set for system started scripts, very few >> changes have been made to the default install. This is on RedHat 5. > Have you set the "Hostname" setting in MailScanner.conf? > > Jules Here we have: # Name of this host, or a name like "the MailScanner" if you want to hide # the real hostname. It is used in the Help Desk note contained in the # virus warnings sent to users. # Remember you can use $HOSTNAME in here, so you might want to set it to # Hostname = the %org-name% ($HOSTNAME) MailScanner # This can also be the filename of a ruleset. Hostname = the %org-name% ($HOSTNAME) MailScanner Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From E.Bloodaxe at gold.ac.uk Thu Aug 6 12:27:19 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Thu Aug 6 12:28:05 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> Message-ID: <4A7ABE17.2060005@gold.ac.uk> Julian Field wrote: > > > On 06/08/2009 11:09, Erik Bloodaxe wrote: >> Julian Field wrote: >>> As clearly shown in the example file supplied in >>> /etc/MailScanner/reports/en/stored.filename.message.txt, >>> >>> Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber >>> (message $id). >>> >>> Note the "$hostname" in the line above. >>> >>> On 06/08/2009 10:13, Erik Bloodaxe wrote: >>>> Is there a way to have a variable in the attachements that replace >>>> unacceptable file types and content that expands to the host names. >>>> >>>> I.e. in stored.filename.message.txt in etc/reports/en >>>> >>>> I want a line saying >>>> >>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>> >>>> so that my sysadmins can see which of the many servers the file is >>>> on as the standard reports give them no indication of which server >>>> to get the file from. >>>> >>>> I have tried all the obvious >>>> >>>> Regards >>>> >>>> Erik >>>> >>> >>> Jules >>> >> This does not seem to work - $hostname expands to a blank, the >> enviroment variable $HOSTNAME is set in the environment for login >> shells but appears not to be set for system started scripts, very few >> changes have been made to the default install. This is on RedHat 5. > Have you set the "Hostname" setting in MailScanner.conf? > > Jules > yes: # grep Hostname /opt/MailScanner/etc/MailScanner.conf # definition of "Hostname" for an example. # Hostname = the %org-name% ($HOSTNAME) MailScanner #Hostname = the %org-name% ($HOSTNAME) MailScanner Hostname = the %org-name% MailScanner (on $HOSTNAME) And HOSTNAME cones out as blank. %hostname% does not work either. Erik From MailScanner at ecs.soton.ac.uk Thu Aug 6 13:21:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 13:21:44 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7ABE17.2060005@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> Message-ID: On 06/08/2009 12:27, Erik Bloodaxe wrote: > Julian Field wrote: >> >> >> On 06/08/2009 11:09, Erik Bloodaxe wrote: >>> Julian Field wrote: >>>> As clearly shown in the example file supplied in >>>> /etc/MailScanner/reports/en/stored.filename.message.txt, >>>> >>>> Note to Help Desk: Look on $hostname in $quarantinedir/$datenumber >>>> (message $id). >>>> >>>> Note the "$hostname" in the line above. >>>> >>>> On 06/08/2009 10:13, Erik Bloodaxe wrote: >>>>> Is there a way to have a variable in the attachements that replace >>>>> unacceptable file types and content that expands to the host names. >>>>> >>>>> I.e. in stored.filename.message.txt in etc/reports/en >>>>> >>>>> I want a line saying >>>>> >>>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>>> >>>>> so that my sysadmins can see which of the many servers the file is >>>>> on as the standard reports give them no indication of which server >>>>> to get the file from. >>>>> >>>>> I have tried all the obvious >>>>> >>>>> Regards >>>>> >>>>> Erik >>>>> >>>> >>>> Jules >>>> >>> This does not seem to work - $hostname expands to a blank, the >>> enviroment variable $HOSTNAME is set in the environment for login >>> shells but appears not to be set for system started scripts, very >>> few changes have been made to the default install. This is on >>> RedHat 5. >> Have you set the "Hostname" setting in MailScanner.conf? >> >> Jules >> > yes: > > # grep Hostname /opt/MailScanner/etc/MailScanner.conf > # definition of "Hostname" for an example. > # Hostname = the %org-name% ($HOSTNAME) MailScanner > #Hostname = the %org-name% ($HOSTNAME) MailScanner > Hostname = the %org-name% MailScanner (on $HOSTNAME) > > And HOSTNAME cones out as blank. Unfortunate. > %hostname% does not work either. Why would it? It's not documented anywhere because it doesn't exist. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From E.Bloodaxe at gold.ac.uk Thu Aug 6 14:24:49 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Thu Aug 6 14:25:38 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> Message-ID: <4A7AD9A1.1060402@gold.ac.uk> Julian Field wrote: >> >> >> # grep Hostname /opt/MailScanner/etc/MailScanner.conf >> # definition of "Hostname" for an example. >> # Hostname = the %org-name% ($HOSTNAME) MailScanner >> #Hostname = the %org-name% ($HOSTNAME) MailScanner >> Hostname = the %org-name% MailScanner (on $HOSTNAME) >> >> And HOSTNAME cones out as blank. > Unfortunate. Am I to conclude that there is no solution then? Erik >> %hostname% does not work either. > Why would it? It's not documented anywhere because it doesn't exist. > > Jules > From MailScanner at ecs.soton.ac.uk Thu Aug 6 14:42:15 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 14:42:39 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7AD9A1.1060402@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <4A7ADDB7.9080400@ecs.soton.ac.uk> Message-ID: On 06/08/2009 14:24, Erik Bloodaxe wrote: > Julian Field wrote: >>> >>> >>> # grep Hostname /opt/MailScanner/etc/MailScanner.conf >>> # definition of "Hostname" for an example. >>> # Hostname = the %org-name% ($HOSTNAME) MailScanner >>> #Hostname = the %org-name% ($HOSTNAME) MailScanner >>> Hostname = the %org-name% MailScanner (on $HOSTNAME) >>> >>> And HOSTNAME cones out as blank. >> Unfortunate. > Am I to conclude that there is no solution then? If "$HOSTNAME" in MailScanner.conf comes out blank, then you'll have to set it in the MailScanner.conf file by hand (or by your own install/config script or whatever of course). Just had a look at the code, and ${KEYWORD} and $KEYWORD are translated into $ENV{KEYWORD}, so if $HOSTNAME is set in your environment variables when you start MailScanner, $HOSTNAME or ${HOSTNAME} will both work in your MailScanner.conf. If you need to use some other shell variable $FOOBAR, then you can use any old ${FOOBAR} or $FOOBAR in MailScanner.conf as you choose. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Thu Aug 6 15:16:04 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Aug 6 15:16:18 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7AD9A1.1060402@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> Message-ID: There is always a solution. Except for death and taxes. On Aug 6, 2009, at 8:24 AM, Erik Bloodaxe wrote: >>> And HOSTNAME cones out as blank. >> Unfortunate. > Am I to conclude that there is no solution then? > > Erik -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From uxbod at splatnix.net Thu Aug 6 15:26:56 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Thu Aug 6 15:27:18 2009 Subject: [OT] Which is your AV product of choice ? Message-ID: <27722183.2151249568816785.JavaMail.root@office.splatnix.net> Hi, Just wondering which ones you use to get a understanding of the most common ones. I am at the moment using :- ClamAV Avast! Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090806/2115c15e/attachment.html From glenn.steen at gmail.com Thu Aug 6 15:53:35 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Aug 6 15:53:44 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7AD9A1.1060402@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> Message-ID: <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> 2009/8/6 Erik Bloodaxe : > Julian Field wrote: >>> >>> >>> # grep Hostname /opt/MailScanner/etc/MailScanner.conf >>> # definition of "Hostname" for an example. >>> # Hostname = the %org-name% ($HOSTNAME) MailScanner >>> #Hostname = the %org-name% ($HOSTNAME) MailScanner >>> Hostname = the %org-name% MailScanner (on $HOSTNAME) >>> >>> And HOSTNAME cones out as blank. >> >> Unfortunate. > > Am I to conclude that there is no solution then? > > Erik Erik, I suspect you may not have set your host(s) name(s) correctly (inferred from your first comment). Setting it can differ a bit depending on the rc-scripts involved, but on most RH-type installs you either have to correctly set up nsswitch.cnf (and friends, for yp/NIS "disabed" systems:-) or the /etc/sysconfig/network file (simply put a line with HOSTNAME= in there). If you haven't done that, gethostbyname or gethostname will fail to return the name and thus give the result you see. An alternative (if CentOS 5.3 has changed things in a drastic way:-) would be to call hostname (see the manpage) in /etc/rc.local, but... This has been like this for ages, so I suspect you wouldn't need to. Having either the NIS stuff correct, or the file (if you don't use NIS for this), will make some appropriate rc-script run the hostname command for you upon reboot... So, as usual, you don't really need reboot, just fix the config and run the command by hand. As usual, especially when I'm fresh back from vacation, I might be totally wrong;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From t.d.lee at durham.ac.uk Thu Aug 6 16:21:00 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Thu Aug 6 16:21:26 2009 Subject: hostname variable in attachment replacement In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> Message-ID: On Thu, 6 Aug 2009, Randal, Phil wrote: > Erik Bloodaxe wrote: > [...] >>>> Is there a way to have a variable in the attachements that replace >>>> unacceptable file types and content that expands to the host names. >>>> >>>> I.e. in stored.filename.message.txt in etc/reports/en >>>> >>>> I want a line saying >>>> >>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>> >>>> so that my sysadmins can see which of the many servers the file is >>>> on as the standard reports give them no indication of which server >>>> to get the file from. >>>> >>>> I have tried all the obvious > [...] > I see that on CentOS 5.3 too, so it is no just your installation. Dare I say "me, too"? I seem to recall reporting this (empty 'HOSTNAME') a few years ago. We're now on CentOS 5.3 with MS 4.76.24, and a configuration that tries not to change things unnecessarily. Still seeing it (although our MS configuration only rarely invokes pathways that need it.) I get the feeling that the _intended_ behaviour is for MS's "HOSTNAME" variable to try to inherit a default value from somewhere (i.e. to try to avoid being empty). This intention might be the result of "uname -n" or similar, and probably for a shell HOSTNAME variable, if any, to override it. Fair enough. Indeed, when I ssh to a box, there is such a variable present on such a login. But I suspect that, on a reasonably "out of the box" Fedora/CentOS/Redhat installation, by the time "/etc/init.d" is starting MS, neither is HOSTNAME yet set, nor is MS getting it from executing "uname -n" (or similar). Shouldn't the startup algorithm be something like (pseudo-perl): $HOSTNAME = if $ENV{'HOSTNAME'} was set then $ENV{'HOSTNAME'} else `uname -n`; # i.e. inherit env.var. HOSTNAME # else fall back to using system hostname Sorry that's so vague. But I hope it helps. Jules: could you (a) confirm the intention (for HOSTNAME to be non-empty) (b) outline the intended algorithm to achieve that at "/etc/init.d"-driven startup? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From glenn.steen at gmail.com Thu Aug 6 16:23:49 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Aug 6 16:23:58 2009 Subject: hostname variable in attachment replacement In-Reply-To: <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> Message-ID: <223f97700908060823r380bb1e3r8f066a8015caa8ae@mail.gmail.com> 2009/8/6 Glenn Steen : > 2009/8/6 Erik Bloodaxe : >> Julian Field wrote: >>>> >>>> >>>> # grep Hostname /opt/MailScanner/etc/MailScanner.conf >>>> # definition of "Hostname" for an example. >>>> # Hostname = the %org-name% ($HOSTNAME) MailScanner >>>> #Hostname = the %org-name% ($HOSTNAME) MailScanner >>>> Hostname = the %org-name% MailScanner (on $HOSTNAME) >>>> >>>> And HOSTNAME cones out as blank. >>> >>> Unfortunate. >> >> Am I to conclude that there is no solution then? >> >> Erik > > Erik, > I suspect you may not have set your host(s) name(s) correctly > (inferred from your first comment). Setting it can differ a bit > depending on the rc-scripts involved, but on most RH-type installs you > either have to correctly set up nsswitch.cnf (and friends, for yp/NIS > "disabed" systems:-) or the /etc/sysconfig/network file (simply put a > line with HOSTNAME= in there). If you haven't done > that, gethostbyname or gethostname will ?fail to return the name and > thus give the result you see. > An alternative (if CentOS 5.3 has changed things in a drastic way:-) > would be to call hostname (see the manpage) in /etc/rc.local, but... > This has been like this for ages, so I suspect you wouldn't need to. > > Having either the NIS stuff correct, or the file (if you don't use NIS > for this), will make some appropriate rc-script run the hostname > command for you upon reboot... So, as usual, you don't really need > reboot, just fix the config and run the command by hand. > > As usual, especially when I'm fresh back from vacation, I might be > totally wrong;-). > Cheers Another thing that might be happening could be the order of the init scripts being a bit ... unfortunate. See that hostname isn't set after MailScanner starts:) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Thu Aug 6 16:28:03 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Aug 6 16:28:12 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> Message-ID: <223f97700908060828v32b15aa1r57139d2988bfa4d3@mail.gmail.com> 2009/8/6 David Lee : > On Thu, 6 Aug 2009, Randal, Phil wrote: > >> Erik Bloodaxe wrote: >> [...] >>>>> >>>>> Is there a way to have a variable in the attachements that replace >>>>> unacceptable file types and content that expands to the host names. >>>>> >>>>> I.e. in stored.filename.message.txt in etc/reports/en >>>>> >>>>> I want a line saying >>>>> >>>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>>> >>>>> so that my sysadmins can see which of the many servers the file is >>>>> on as the standard reports give them no indication of which server >>>>> to get the file from. >>>>> >>>>> I have tried all the obvious >> >> [...] >> I see that on CentOS 5.3 too, so it is no just your installation. > > Dare I say "me, too"? > > I seem to recall reporting this (empty 'HOSTNAME') a few years ago. We're > now on CentOS 5.3 with MS 4.76.24, and a configuration that tries not to > change things unnecessarily. ?Still seeing it (although our MS configuration > only rarely invokes pathways that need it.) > > I get the feeling that the _intended_ behaviour is for MS's "HOSTNAME" > variable to try to inherit a default value from somewhere (i.e. to try to > avoid being empty). > > This intention might be the result of "uname -n" or similar, and probably > for a shell HOSTNAME variable, if any, to override it. ?Fair enough. Indeed, > when I ssh to a box, there is such a variable present on such a login. > > But I suspect that, on a reasonably "out of the box" Fedora/CentOS/Redhat > installation, by the time "/etc/init.d" is starting MS, neither is HOSTNAME > yet set, nor is MS getting it from executing "uname -n" (or similar). > > Shouldn't the startup algorithm be something like (pseudo-perl): > > ? $HOSTNAME = if $ENV{'HOSTNAME'} was set > ? ? ? ? ? ? ? then $ENV{'HOSTNAME'} > ? ? ? ? ? ? ? else `uname -n`; > ? ? ? ? ? ? ? # i.e. inherit env.var. HOSTNAME > ? ? ? ? ? ? ? # else fall back to using system hostname > > Sorry that's so vague. ?But I hope it helps. > > > Jules: could you (a) confirm the intention (for HOSTNAME to be non-empty) > (b) outline the intended algorithm to achieve that at "/etc/init.d"-driven > startup? > Ok, so what do you have in your /etc/sysconfig/network file? On my RH siblings (mandriva of diverse age:-), setting this cures any name-related problems like these... So I would be very surprised if this was a generic RH problem. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From alex at rtpty.com Thu Aug 6 16:28:28 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Aug 6 16:28:42 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> Message-ID: <3E678004-828D-4F89-82AB-D4C19E3FC1F7@rtpty.com> Wisest solution so far. Knowing Jules... Cue the new beta in 5... 4... 3... - just kidding! :D On Aug 6, 2009, at 10:21 AM, David Lee wrote: > But I suspect that, on a reasonably "out of the box" Fedora/CentOS/ > Redhat installation, by the time "/etc/init.d" is starting MS, > neither is HOSTNAME yet set, nor is MS getting it from executing > "uname -n" (or similar). > > Shouldn't the startup algorithm be something like (pseudo-perl): > > $HOSTNAME = if $ENV{'HOSTNAME'} was set > then $ENV{'HOSTNAME'} > else `uname -n`; > # i.e. inherit env.var. HOSTNAME > # else fall back to using system hostname > > Sorry that's so vague. But I hope it helps. > -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From MailScanner at ecs.soton.ac.uk Thu Aug 6 16:36:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 6 16:36:31 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk> <4A7AF866.90202@ecs.soton.ac.uk> Message-ID: On 06/08/2009 16:21, David Lee wrote: > On Thu, 6 Aug 2009, Randal, Phil wrote: > >> Erik Bloodaxe wrote: >> [...] >>>>> Is there a way to have a variable in the attachements that replace >>>>> unacceptable file types and content that expands to the host names. >>>>> >>>>> I.e. in stored.filename.message.txt in etc/reports/en >>>>> >>>>> I want a line saying >>>>> >>>>> File is in: $(HOSTNAME) in $quarantinedir/$datenumber/$id >>>>> >>>>> so that my sysadmins can see which of the many servers the file is >>>>> on as the standard reports give them no indication of which server >>>>> to get the file from. >>>>> >>>>> I have tried all the obvious >> [...] >> I see that on CentOS 5.3 too, so it is no just your installation. > > Dare I say "me, too"? > > I seem to recall reporting this (empty 'HOSTNAME') a few years ago. > We're now on CentOS 5.3 with MS 4.76.24, and a configuration that > tries not to change things unnecessarily. Still seeing it (although > our MS configuration only rarely invokes pathways that need it.) > > I get the feeling that the _intended_ behaviour is for MS's "HOSTNAME" > variable to try to inherit a default value from somewhere (i.e. to try > to avoid being empty). > > This intention might be the result of "uname -n" or similar, and > probably for a shell HOSTNAME variable, if any, to override it. Fair > enough. Indeed, when I ssh to a box, there is such a variable present > on such a login. > > But I suspect that, on a reasonably "out of the box" > Fedora/CentOS/Redhat installation, by the time "/etc/init.d" is > starting MS, neither is HOSTNAME yet set, nor is MS getting it from > executing "uname -n" (or similar). > > Shouldn't the startup algorithm be something like (pseudo-perl): > > $HOSTNAME = if $ENV{'HOSTNAME'} was set > then $ENV{'HOSTNAME'} > else `uname -n`; > # i.e. inherit env.var. HOSTNAME > # else fall back to using system hostname > > Sorry that's so vague. But I hope it helps. > > > Jules: could you (a) confirm the intention (for HOSTNAME to be > non-empty) (b) outline the intended algorithm to achieve that at > "/etc/init.d"-driven startup? It doesn't currently call uname or anything like that at all. If $ENV{'HOSTNAME'} is not set, and you had "Hostname = $HOSTNAME" or similar in your MailScanner.conf, then you will end up with an empty "Hostname" setting. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rpoe at plattesheriff.org Thu Aug 6 20:40:28 2009 From: rpoe at plattesheriff.org (Rob Poe) Date: Thu Aug 6 20:40:44 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <4A72DDB0.9050306@inticon.net.au> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> Message-ID: <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> >>> On 7/31/2009 at 7:04 AM, in message <4A72DDB0.9050306@inticon.net.au>, Nick Brown wrote: > Steve Campbell wrote: >> >> Guess that explains why no one has heard of it. >> >> steve > I was going to say qMail but then the joke would have been on me! I ended up on QMail when I moved to using Plesk. It's really ... cool. I guess. I don't know. There's nowhere to tweak it. That I know of. ;) From richard.siddall at elirion.net Thu Aug 6 21:11:14 2009 From: richard.siddall at elirion.net (Richard Siddall) Date: Thu Aug 6 21:11:54 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> Message-ID: <4A7B38E2.8080302@elirion.net> Rob Poe wrote: > I ended up on QMail when I moved to using Plesk. It's really ... > cool. I guess. I don't know. There's nowhere to tweak it. That I > know of. ;) > Plesk 9 lets you use Postfix. So, you no longer have to put qpsmtpd in front of qmail to get adequate spam rejection. Regards, Richard Siddall From alex at rtpty.com Thu Aug 6 21:26:01 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Aug 6 21:26:14 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> Message-ID: Meh. Back in my day, we used to have to wait a week for e-mail. A local BBS would batch things up and run on the weekend at 2AM when the price for long distance was lower. Uphill. Both ways. In the snow. OTOH, I'd rather have an ancient, stable, rock-solid sendmail than the latest new-fangled postfix - which I've heard causes swapping! :D From glenn.steen at gmail.com Thu Aug 6 21:34:31 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Aug 6 21:34:40 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> Message-ID: <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> 2009/8/6 Alex Neuman van der Hans : > Meh. Back in my day, we used to have to wait a week for e-mail. A local BBS > would batch things up and run on the weekend at 2AM when the price for long > distance was lower. Uphill. Both ways. In the snow. > ... Anyone else but me remember the dreary state of the atlantic line during the mid-80:s? IIRC it was a 19.2 kbps (smoking hot!:-) modem connection... No email over the size of 50KiB was allowed... > OTOH, I'd rather have an ancient, stable, rock-solid sendmail than the > latest new-fangled postfix - which I've heard causes swapping! :D > Um, the swapping is caused by MailScanner, not Postfix ... that just cause message corruption:D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From ms-list at alexb.ch Thu Aug 6 21:44:17 2009 From: ms-list at alexb.ch (Alex Broens) Date: Thu Aug 6 21:44:26 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> Message-ID: <4A7B40A1.70402@alexb.ch> On 8/6/2009 10:34 PM, Glenn Steen wrote: > 2009/8/6 Alex Neuman van der Hans : >> Meh. Back in my day, we used to have to wait a week for e-mail. A local BBS >> would batch things up and run on the weekend at 2AM when the price for long >> distance was lower. Uphill. Both ways. In the snow. >> > .... Anyone else but me remember the dreary state of the atlantic line > during the mid-80:s? IIRC it was a 19.2 kbps (smoking hot!:-) modem > connection... No email over the size of 50KiB was allowed... I ran a Fido gateway for many years...16 nodes... first modems I used for it were 14400 coz 9600 were getting too slow to push demos over the Atlantic. .... those were the days... each email which actually made it thru all the Fido nodes and reached the recipient triggered a celebration. From alex at rtpty.com Thu Aug 6 21:45:17 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Aug 6 21:45:29 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> Message-ID: <34B75E30-E41C-43FA-91EA-47DED142E564@rtpty.com> It's a good thing the good ol' ASCII pr0n was only a few KiB in size! :D On Aug 6, 2009, at 3:34 PM, Glenn Steen wrote: > No email over the size of 50KiB was allowed... -- Alex Neuman van der Hans Reliant Technologies +507 6781-9505 +507 202-1525 alex@rtpty.com Skype: alexneuman From prandal at herefordshire.gov.uk Fri Aug 7 08:07:08 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Aug 7 08:07:32 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA07598AD6@HC-MBX02.herefordshire.gov.uk><4A7AF866.90202@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA076A2994@HC-MBX02.herefordshire.gov.uk> Julian Field wrote: > On 06/08/2009 16:21, David Lee wrote: >> Dare I say "me, too"? >> >> I seem to recall reporting this (empty 'HOSTNAME') a few years ago. >> We're now on CentOS 5.3 with MS 4.76.24, and a configuration that >> tries not to change things unnecessarily. Still seeing it (although >> our MS configuration only rarely invokes pathways that need it.) >> >> I get the feeling that the _intended_ behaviour is for MS's >> "HOSTNAME" variable to try to inherit a default value from somewhere >> (i.e. to try to avoid being empty). >> >> This intention might be the result of "uname -n" or similar, and >> probably for a shell HOSTNAME variable, if any, to override it. Fair >> enough. Indeed, when I ssh to a box, there is such a variable >> present on such a login. >> >> But I suspect that, on a reasonably "out of the box" >> Fedora/CentOS/Redhat installation, by the time "/etc/init.d" is >> starting MS, neither is HOSTNAME yet set, nor is MS getting it from >> executing "uname -n" (or similar). >> >> Shouldn't the startup algorithm be something like (pseudo-perl): >> >> $HOSTNAME = if $ENV{'HOSTNAME'} was set >> then $ENV{'HOSTNAME'} >> else `uname -n`; >> # i.e. inherit env.var. HOSTNAME >> # else fall back to using system hostname >> >> Sorry that's so vague. But I hope it helps. >> >> >> Jules: could you (a) confirm the intention (for HOSTNAME to be >> non-empty) (b) outline the intended algorithm to achieve that at >> "/etc/init.d"-driven startup? > It doesn't currently call uname or anything like that at all. If > $ENV{'HOSTNAME'} is not set, and you had "Hostname = $HOSTNAME" or > similar in your MailScanner.conf, then you will end up with an empty > "Hostname" setting. > > Jules Well, it is set on my boxes, and not messed with in the init scripts, so I'm still at a loss. Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From jonas at vrt.dk Fri Aug 7 08:47:56 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri Aug 7 08:48:09 2009 Subject: [OT] Which is your AV product of choice ? In-Reply-To: <27722183.2151249568816785.JavaMail.root@office.splatnix.net> References: <27722183.2151249568816785.JavaMail.root@office.splatnix.net> Message-ID: <000d01ca1733$60f0b880$22d22980$@dk> We?re using ClamAV ESET Nod32 F-Secure (Which includes kaspersky?s engine/patterns) Quite satisfied with all of them. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: 6. august 2009 16:27 To: mailscanner@lists.mailscanner.info Subject: [OT] Which is your AV product of choice ? Hi, Just wondering which ones you use to get a understanding of the most common ones. I am at the moment using :- ClamAV Avast! Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/fdb74fa7/attachment.html From micoots at yahoo.com Fri Aug 7 09:51:32 2009 From: micoots at yahoo.com (Michael Mansour) Date: Fri Aug 7 09:51:42 2009 Subject: hostname variable in attachment replacement Message-ID: <385165.50683.qm@web33303.mail.mud.yahoo.com> Hi, --- On Fri, 7/8/09, Randal, Phil wrote: > From: Randal, Phil > Subject: RE: hostname variable in attachment replacement > To: "MailScanner discussion" > Received: Friday, 7 August, 2009, 5:07 PM > Julian Field wrote: > > On 06/08/2009 16:21, David Lee wrote: > >> Dare I say "me, too"? > >> > >> I seem to recall reporting this (empty 'HOSTNAME') > a few years ago. > >> We're now on CentOS 5.3 with MS 4.76.24, and a > configuration that > >> tries not to change things unnecessarily.? > Still seeing it (although > >> our MS configuration only rarely invokes pathways > that need it.) > >> > >> I get the feeling that the _intended_ behaviour is > for MS's > >> "HOSTNAME" variable to try to inherit a default > value from somewhere > >> (i.e. to try to avoid being empty). > >> > >> This intention might be the result of "uname -n" > or similar, and > >> probably for a shell HOSTNAME variable, if any, to > override it.? Fair > >> enough. Indeed, when I ssh to a box, there is such > a variable > >> present on such a login. > >> > >> But I suspect that, on a reasonably "out of the > box" > >> Fedora/CentOS/Redhat installation, by the time > "/etc/init.d" is > >> starting MS, neither is HOSTNAME yet set, nor is > MS getting it from > >> executing "uname -n" (or similar). > >> > >> Shouldn't the startup algorithm be something like > (pseudo-perl): > >> > >>? ? $HOSTNAME = if $ENV{'HOSTNAME'} was > set > >>? ? ? ? ? ? ? > ? then $ENV{'HOSTNAME'} > >>? ? ? ? ? ? ? > ? else `uname -n`; > >>? ? ? ? ? ? ? > ? # i.e. inherit env.var. HOSTNAME > >>? ? ? ? ? ? ? > ? # else fall back to using system hostname > >> > >> Sorry that's so vague.? But I hope it helps. > >> > >> > >> Jules: could you (a) confirm the intention (for > HOSTNAME to be > >> non-empty) (b) outline the intended algorithm to > achieve that at > >> "/etc/init.d"-driven startup? > > It doesn't currently call uname or anything like that > at all. If > > $ENV{'HOSTNAME'} is not set, and you had "Hostname = > $HOSTNAME" or > > similar in your MailScanner.conf, then you will end up > with an empty > > "Hostname" setting.??? > > > > Jules > > Well, it is set on my boxes, and not messed with in the > init scripts, so > I'm still at a loss. I did some trouble-shooting (and querying in this list) some year(s) ago too on this very same behaviour and was never able to solve it. Looking at my setup now, I have a ruleset for Hostname = %rules-dir%/hostnames.rules and in there I have various items with the default being: FromOrTo: default the %org-name% ($HOSTNAME) Mailscanner But as I said, the $HOSTNAME has never worked in the reports. I also use RHEL 4/5 derivative servers. Regards, Michael. > Phil > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | > I.C.T. > Services Division Thorn Office Centre, Rotherwas, Hereford, > HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files > are those of > the individual and not necessarily those of Herefordshire > Council. > > This e-mail and any attached files are confidential and > intended solely > for the use of the addressee. This communication may > contain material > protected by law from being passed on. If you are not the > intended > recipient and have received this e-mail in error, you are > advised that > any use, dissemination, forwarding, printing or copying of > this e-mail > is strictly prohibited. If you have received this e-mail in > error > please contact the sender immediately and destroy all > copies of it.? ? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From micoots at yahoo.com Fri Aug 7 10:05:22 2009 From: micoots at yahoo.com (Michael Mansour) Date: Fri Aug 7 10:05:32 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <4A7B40A1.70402@alexb.ch> Message-ID: <103140.53987.qm@web33301.mail.mud.yahoo.com> Hi, --- On Fri, 7/8/09, Alex Broens wrote: > From: Alex Broens > Subject: Re: [OT] new sendmail release, ever? > To: "MailScanner discussion" > Received: Friday, 7 August, 2009, 6:44 AM > On 8/6/2009 10:34 PM, Glenn Steen > wrote: > > 2009/8/6 Alex Neuman van der Hans : > >> Meh. Back in my day, we used to have to wait a > week for e-mail. A local BBS > >> would batch things up and run on the weekend at > 2AM when the price for long > >> distance was lower. Uphill. Both ways. In the > snow. > >> > > .... Anyone else but me remember the dreary state of > the atlantic line > > during the mid-80:s? IIRC it was a 19.2 kbps (smoking > hot!:-) modem > > connection... No email over the size of 50KiB was > allowed... > > I ran a Fido gateway for many years...16 nodes... first > modems I used for it were 14400 coz 9600 were getting too > slow to push demos over the Atlantic. I go even further back than that. I ran a 27 node (yes 27 phones lines) BBS system in Australia which would, among other things, run the Fido gateway also. I started the service with (too) many 2400bps modems and went up from there. Prior to that I was enjoying the testing of a 300bps boat anhor (yes it was that big) modem before waiting for the faster 1200bps ones which would autonegotiate line speed. Phew. NPGX BBS (maybe a google of it will still show something) was the system. I was also the official Australian Apogee games hub (remember Duke Nukem? Commander Keen ;), among others) where I'd pull down releases from Asia (arrghh the phone bills) and have BBS's from Australia and New Zealand pick the releases up from me. Started with "Remote Access" BBS and ended with "Worldgroup BBS". Those were the days :) interestingly, I still run NPGX, 15 years old this year as it evolved from a BBS to ISP to Web and email hosting provider, which is what it does today. Anyone remember what a Network shim was? ;) Regards, Michael. > .... those were the days... each email which actually made > it thru all the Fido nodes and reached the recipient > triggered a celebration. > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From Jens.Potthast at innovation.uni-bremen.de Fri Aug 7 12:17:03 2009 From: Jens.Potthast at innovation.uni-bremen.de (Jens Potthast) Date: Fri Aug 7 12:17:23 2009 Subject: mailscanner-mrtg: ERROR: mail, spam and virus counters not fully initialised. Message-ID: <43B096B9CDFA4736A0D9B354D415E4C6@innovation.unibremen.de> Somehow I can't get this to work. What I did: - installed mailscanner-mrtg 0.11.00 (runs ok, only a minor bug with 'uptime' dir not found) - installed mailscanner-mrtg from cvs over existing 0.11.00 installation Now I get this "ERROR: mail, spam and virus counters not fully initialised." thing. Guess it has something to do with spamdeleted (being 'u'). And here is all the stuff, I forgot to mention (shame on me! :-)): MailScanner 4.77 is running on CentOS 5.3 with postfix 2.3.3. Can anyone help, please? Regards, Jens -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5510 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/fd8d3c00/smime.bin From logs at comp-wiz.com Fri Aug 7 13:35:52 2009 From: logs at comp-wiz.com (Logs) Date: Fri Aug 7 13:36:07 2009 Subject: Best Install For Mail Server Message-ID: <06eb01ca175b$99f08520$cdd18f60$@com> I have been using MailScanner for a long time and do like the results I get but am always confused as to what exactly is the best install. I typically always use Fedora Core with ClamAV, pyzor, razor and spamassassin. Am I missing something? If yes, what? What could I really do to lock out SPAM from getting into this box? Thanks -- This message has been scanned for viruses and dangerous content at comp-wiz.com, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/d5d44469/attachment.html From MailScanner at ecs.soton.ac.uk Fri Aug 7 13:37:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Aug 7 13:37:50 2009 Subject: hostname variable in attachment replacement In-Reply-To: <385165.50683.qm@web33303.mail.mud.yahoo.com> References: <385165.50683.qm@web33303.mail.mud.yahoo.com> <4A7C2006.6090908@ecs.soton.ac.uk> Message-ID: On 07/08/2009 09:51, Michael Mansour wrote: > Hi, > > --- On Fri, 7/8/09, Randal, Phil wrote: > > >> From: Randal, Phil >> Subject: RE: hostname variable in attachment replacement >> To: "MailScanner discussion" >> Received: Friday, 7 August, 2009, 5:07 PM >> Julian Field wrote: >> >>> On 06/08/2009 16:21, David Lee wrote: >>> >>>> Dare I say "me, too"? >>>> >>>> I seem to recall reporting this (empty 'HOSTNAME') >>>> >> a few years ago. >> >>>> We're now on CentOS 5.3 with MS 4.76.24, and a >>>> >> configuration that >> >>>> tries not to change things unnecessarily. >>>> >> Still seeing it (although >> >>>> our MS configuration only rarely invokes pathways >>>> >> that need it.) >> >>>> I get the feeling that the _intended_ behaviour is >>>> >> for MS's >> >>>> "HOSTNAME" variable to try to inherit a default >>>> >> value from somewhere >> >>>> (i.e. to try to avoid being empty). >>>> >>>> This intention might be the result of "uname -n" >>>> >> or similar, and >> >>>> probably for a shell HOSTNAME variable, if any, to >>>> >> override it. Fair >> >>>> enough. Indeed, when I ssh to a box, there is such >>>> >> a variable >> >>>> present on such a login. >>>> >>>> But I suspect that, on a reasonably "out of the >>>> >> box" >> >>>> Fedora/CentOS/Redhat installation, by the time >>>> >> "/etc/init.d" is >> >>>> starting MS, neither is HOSTNAME yet set, nor is >>>> >> MS getting it from >> >>>> executing "uname -n" (or similar). >>>> >>>> Shouldn't the startup algorithm be something like >>>> >> (pseudo-perl): >> >>>> $HOSTNAME = if $ENV{'HOSTNAME'} was >>>> >> set >> >>>> >>>> >> then $ENV{'HOSTNAME'} >> >>>> >>>> >> else `uname -n`; >> >>>> >>>> >> # i.e. inherit env.var. HOSTNAME >> >>>> >>>> >> # else fall back to using system hostname >> >>>> Sorry that's so vague. But I hope it helps. >>>> >>>> >>>> Jules: could you (a) confirm the intention (for >>>> >> HOSTNAME to be >> >>>> non-empty) (b) outline the intended algorithm to >>>> >> achieve that at >> >>>> "/etc/init.d"-driven startup? >>>> >>> It doesn't currently call uname or anything like that >>> >> at all. If >> >>> $ENV{'HOSTNAME'} is not set, and you had "Hostname = >>> >> $HOSTNAME" or >> >>> similar in your MailScanner.conf, then you will end up >>> >> with an empty >> >>> "Hostname" setting. >>> >>> Jules >>> >> Well, it is set on my boxes, and not messed with in the >> init scripts, so >> I'm still at a loss. >> > I did some trouble-shooting (and querying in this list) some year(s) ago too on this very same behaviour and was never able to solve it. > > Looking at my setup now, I have a ruleset for Hostname = %rules-dir%/hostnames.rules and in there I have various items with the default being: > > FromOrTo: default the %org-name% ($HOSTNAME) Mailscanner > > But as I said, the $HOSTNAME has never worked in the reports. > "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. But "$hostname" should work in the reports. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Aug 7 13:41:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Aug 7 13:41:40 2009 Subject: Best Install For Mail Server In-Reply-To: <06eb01ca175b$99f08520$cdd18f60$@com> References: <06eb01ca175b$99f08520$cdd18f60$@com> <4A7C20EF.9080409@ecs.soton.ac.uk> Message-ID: Read this, it contains pretty much all the stuff you need to setup. http://www.mailscanner.info/gettingthebest.html On 07/08/2009 13:35, Logs wrote: > > I have been using MailScanner for a long time and do like the results > I get but am always confused as to what exactly is the best install. I > typically always use Fedora Core with ClamAV, pyzor, razor and > spamassassin. Am I missing something? If yes, what? What could I > really do to lock out SPAM from getting into this box? > > Thanks > > > -- > This message has been scanned for viruses and > dangerous content at *www.comp-wiz.com* , > and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jtp at jtpage.net Fri Aug 7 14:09:05 2009 From: jtp at jtpage.net (Jeffry Page) Date: Fri Aug 7 14:09:19 2009 Subject: Best Install For Mail Server In-Reply-To: References: <06eb01ca175b$99f08520$cdd18f60$@com> <4A7C20EF.9080409@ecs.soton.ac.uk> Message-ID: <013101ca1760$3e26a620$ba73f260$@net> I just found this the other day and added some of the pointers on that guide and it really helped. Sign up for the barracudacentral.org RBL and block it at the MTA level and you will see a lot less mail coming in. It was scary at first, but it is blocking all the known spam mail servers from even connecting to mine, so its great. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, August 07, 2009 7:41 AM To: MailScanner discussion Subject: Re: Best Install For Mail Server Read this, it contains pretty much all the stuff you need to setup. http://www.mailscanner.info/gettingthebest.html On 07/08/2009 13:35, Logs wrote: > > I have been using MailScanner for a long time and do like the results > I get but am always confused as to what exactly is the best install. I > typically always use Fedora Core with ClamAV, pyzor, razor and > spamassassin. Am I missing something? If yes, what? What could I > really do to lock out SPAM from getting into this box? > > Thanks > > > -- > This message has been scanned for viruses and > dangerous content at *www.comp-wiz.com* , > and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From prandal at herefordshire.gov.uk Fri Aug 7 14:29:10 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Aug 7 14:29:26 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> Julian Field wrote: > "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. > But "$hostname" should work in the reports. > > Jules But it doesn't seem to. It is a low priority for me at the moment, and my test box is a VM at home, so it will take me a while to figure out what's going on. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. From E.Bloodaxe at gold.ac.uk Fri Aug 7 14:46:39 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Fri Aug 7 14:47:34 2009 Subject: hostname variable in attachment replacement In-Reply-To: <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AA0A6.2030101@ecs.soton.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> Message-ID: <4A7C303F.6060904@gold.ac.uk> Glenn Steen wrote: > 2009/8/6 Erik Bloodaxe : > >> Julian Field wrote: >> >>>> # grep Hostname /opt/MailScanner/etc/MailScanner.conf >>>> # definition of "Hostname" for an example. >>>> # Hostname = the %org-name% ($HOSTNAME) MailScanner >>>> #Hostname = the %org-name% ($HOSTNAME) MailScanner >>>> Hostname = the %org-name% MailScanner (on $HOSTNAME) >>>> >>>> And HOSTNAME cones out as blank. >>>> >>> Unfortunate. >>> >> Am I to conclude that there is no solution then? >> >> Erik >> > > Erik, > I suspect you may not have set your host(s) name(s) correctly > (inferred from your first comment). Setting it can differ a bit > depending on the rc-scripts involved, but on most RH-type installs you > either have to correctly set up nsswitch.cnf (and friends, for yp/NIS > "disabed" systems:-) or the /etc/sysconfig/network file (simply put a > line with HOSTNAME= in there). If you haven't done > that, gethostbyname or gethostname will fail to return the name and > thus give the result you see. > An alternative (if CentOS 5.3 has changed things in a drastic way:-) > would be to call hostname (see the manpage) in /etc/rc.local, but... > This has been like this for ages, so I suspect you wouldn't need to. > > Having either the NIS stuff correct, or the file (if you don't use NIS > for this), will make some appropriate rc-script run the hostname > command for you upon reboot... So, as usual, you don't really need > reboot, just fix the config and run the command by hand. > > As usual, especially when I'm fresh back from vacation, I might be > totally wrong;-). > Cheers > the hostname command produces the right output so the hostname was set up correctly during install. Curiously uname -a and hostname work despite HOSTNAME=localdomain.localhost in /etc/sysconfig/network. This is a realy simple standard out of the box RH install. I solved it as suggested by adding a HOSTNAME=`/bin/hostname` export HOSTNAME to the start up script, but this should work out of the box. I suspect this is related to the various diffrent notions of domain and host name under Linux (solaris is simpler here) on the box the dns domain name is set but the domiain name not! Erik -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/24c12f68/attachment.html From shuttlebox at gmail.com Fri Aug 7 14:54:43 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Aug 7 14:55:11 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7C303F.6060904@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> <4A7C303F.6060904@gold.ac.uk> Message-ID: <625385e30908070654n6b5bf76by23b9762b185cfd70@mail.gmail.com> On Fri, Aug 7, 2009 at 3:46 PM, Erik Bloodaxe wrote: > I solved it as suggested by adding a > HOSTNAME=`/bin/hostname` > export HOSTNAME > > to the start up script, but this should work out of the box. I do the same on my systems (Solaris and RH/CentOS). -- /peter From glenn.steen at gmail.com Fri Aug 7 15:19:18 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Aug 7 15:19:27 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A7C303F.6060904@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> <4A7C303F.6060904@gold.ac.uk> Message-ID: <223f97700908070719o3e126405s2a9e87b93d6b7e87@mail.gmail.com> 2009/8/7 Erik Bloodaxe : > Glenn Steen wrote: > > 2009/8/6 Erik Bloodaxe : > > > Julian Field wrote: > > > # grep Hostname /opt/MailScanner/etc/MailScanner.conf > # definition of "Hostname" for an example. > # Hostname = the %org-name% ($HOSTNAME) MailScanner > #Hostname = the %org-name% ($HOSTNAME) MailScanner > Hostname = the %org-name% MailScanner (on $HOSTNAME) > > And HOSTNAME cones out as blank. > > > Unfortunate. > > > Am I to conclude that there is no solution then? > > Erik > > > Erik, > I suspect you may not have set your host(s) name(s) correctly > (inferred from your first comment). Setting it can differ a bit > depending on the rc-scripts involved, but on most RH-type installs you > either have to correctly set up nsswitch.cnf (and friends, for yp/NIS > "disabed" systems:-) or the /etc/sysconfig/network file (simply put a > line with HOSTNAME= in there). If you haven't done > that, gethostbyname or gethostname will fail to return the name and > thus give the result you see. > An alternative (if CentOS 5.3 has changed things in a drastic way:-) > would be to call hostname (see the manpage) in /etc/rc.local, but... > This has been like this for ages, so I suspect you wouldn't need to. > > Having either the NIS stuff correct, or the file (if you don't use NIS > for this), will make some appropriate rc-script run the hostname > command for you upon reboot... So, as usual, you don't really need > reboot, just fix the config and run the command by hand. > > As usual, especially when I'm fresh back from vacation, I might be > totally wrong;-). > Cheers > > > the hostname command produces the right output so the hostname was set up > correctly during install. > Curiously uname -a and hostname work despite HOSTNAME=localdomain.localhost > in /etc/sysconfig/network. > > This is a realy simple standard out of the box RH install. > Weird. I just checked a CentOS 5 VM vs. my Mandriva setup, and the hostname setup is exactly the same. I know for certain that the Mandriva one works. But then, I do tend to make sure the /etc/sysconfig/network file is correct, so that anything that would source it get the HOSTNAME setting right, and make sure that I have valid entries for the interfaces (loopback and real NICs) in /etc/hosts (and have lookup order set to hosts first, then dns), to make sure nothing like this can happen. > I solved it as suggested by adding a > HOSTNAME=`/bin/hostname` > export HOSTNAME > > to the start up script, but this should work out of the box. > I agree. Could you set it like I outline above, just to see if it makes a difference? > I suspect this is related to the various diffrent notions of domain and host > name under Linux (solaris is simpler here) ... There can be only one!:-) > on the box the dns domain name is set but the domiain name not! > Sounds like it is jumbled then. Try setting it as suggested and do a reboot (perhaps make sure your "login script hack" is disabled). > Erik > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From t.d.lee at durham.ac.uk Fri Aug 7 15:23:12 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Aug 7 15:23:36 2009 Subject: hostname variable in attachment replacement In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> Message-ID: On Fri, 7 Aug 2009, Randal, Phil wrote: > Julian Field wrote: >> "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. >> But "$hostname" should work in the reports. >> >> Jules > > But it doesn't seem to. > > It is a low priority for me at the moment, and my test box is a VM at > home, so it will take me a while to figure out what's going on. > Cheers, > Phil Hmmm... I think there are many of us here on this list who are expecting the variable to have been automatically set prior to the point of use with a reasonable default (e.g. from "uname -n" or "/bin/hostname" or similar) but who are finding it empty/unset. (There may well be others here, for whom a default is being set.) The human expectation and the computer-code reality don't marry up; something somewhere (either human or machine) is going astray. Wouldn't it help if the MS start up code could have something like: if not set/inherited ... then set to something '/bin/hostname'-ish. -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From MailScanner at ecs.soton.ac.uk Fri Aug 7 15:27:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Aug 7 15:27:54 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> Message-ID: On 07/08/2009 15:23, David Lee wrote: > On Fri, 7 Aug 2009, Randal, Phil wrote: > >> Julian Field wrote: >>> "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. >>> But "$hostname" should work in the reports. >>> >>> Jules >> >> But it doesn't seem to. >> >> It is a low priority for me at the moment, and my test box is a VM at >> home, so it will take me a while to figure out what's going on. >> Cheers, >> Phil > > Hmmm... I think there are many of us here on this list who are > expecting the variable to have been automatically set prior to the > point of use with a reasonable default (e.g. from "uname -n" or > "/bin/hostname" or similar) but who are finding it empty/unset. > (There may well be others here, for whom a default is being set.) > > The human expectation and the computer-code reality don't marry up; > something somewhere (either human or machine) is going astray. > > Wouldn't it help if the MS start up code could have something like: > if not set/inherited ... then set to something '/bin/hostname'-ish. I could put it in the init.d script I guess. That would be the right place for it. MailScanner just automatically looks up $ENV{FOOBAR} when it sees $FOOBAR or ${FOOBAR} in the MailScanner.conf file, it doesn't know about the hostname as a special case at all, and I would like to keep it that way. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Aug 7 15:34:41 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Aug 7 15:34:50 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com> <4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> Message-ID: <223f97700908070734o69efef1ekd55e5f2785a5900@mail.gmail.com> 2009/8/7 David Lee : > On Fri, 7 Aug 2009, Randal, Phil wrote: > >> Julian Field wrote: >>> >>> "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. >>> But "$hostname" should work in the reports. >>> >>> Jules >> >> But it doesn't seem to. >> >> It is a low priority for me at the moment, and my test box is a VM at >> home, so it will take me a while to figure out what's going on. >> Cheers, >> Phil > > Hmmm... I think there are many of us here on this list who are expecting the > variable to have been automatically set prior to the point of use with a > reasonable default (e.g. from "uname -n" or "/bin/hostname" or similar) but > who are finding it empty/unset. ?(There may well be others here, for whom a > default is being set.) > > The human expectation and the computer-code reality don't marry up; > something somewhere (either human or machine) is going astray. > > Wouldn't it help if the MS start up code could have something like: > ? if not set/inherited ... then set to something '/bin/hostname'-ish. > > Everyone, Could you please just take a look at the standard MailScanner init script? The second file that get sourced is /etc/sysconfig/network. So the setting of the HOSTNAME variable derives solely from this (taking precedence over any setting in the rc scripts). Sorry for not checking this earlier. Can someone who has this problem corroborate that they have either an empty setting, or no setting at all, for HOSTNAME in that file, or that the setting is just plain wrong? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Aug 7 15:36:49 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Aug 7 15:36:58 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com> <4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> Message-ID: <223f97700908070736y48d0f0f5m79855ad7079a5831@mail.gmail.com> 2009/8/7 Julian Field : > > > On 07/08/2009 15:23, David Lee wrote: >> >> On Fri, 7 Aug 2009, Randal, Phil wrote: >> >>> Julian Field wrote: >>>> >>>> "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. >>>> But "$hostname" should work in the reports. >>>> >>>> Jules >>> >>> But it doesn't seem to. >>> >>> It is a low priority for me at the moment, and my test box is a VM at >>> home, so it will take me a while to figure out what's going on. >>> Cheers, >>> Phil >> >> Hmmm... I think there are many of us here on this list who are expecting >> the variable to have been automatically set prior to the point of use with a >> reasonable default (e.g. from "uname -n" or "/bin/hostname" or similar) but >> who are finding it empty/unset. ?(There may well be others here, for whom a >> default is being set.) >> >> The human expectation and the computer-code reality don't marry up; >> something somewhere (either human or machine) is going astray. >> >> Wouldn't it help if the MS start up code could have something like: >> ? if not set/inherited ... then set to something '/bin/hostname'-ish. > > I could put it in the init.d script I guess. That would be the right place > for it. MailScanner just automatically looks up $ENV{FOOBAR} when it sees > $FOOBAR or ${FOOBAR} in the MailScanner.conf file, it doesn't know about the > hostname as a special case at all, and I would like to keep it that way. > > Jules > Since the /etc/network file get sourced, it is already there. The question is if you might need an "export HOSTNAME" just after it, to make sure the children get it... But then again, if that was needed, my systems wouldn't be working... and they are;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From shuttlebox at gmail.com Fri Aug 7 15:38:13 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Fri Aug 7 15:38:42 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com> <4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> Message-ID: <625385e30908070738i400ff2c1j2a7d0468e5e6e232@mail.gmail.com> On Fri, Aug 7, 2009 at 4:27 PM, Julian Field wrote: > I could put it in the init.d script I guess. That would be the right place > for it. I have used that for the OpenCSW Solaris package with no complaints. -- /peter From t.d.lee at durham.ac.uk Fri Aug 7 15:42:38 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Aug 7 15:43:01 2009 Subject: hostname variable in attachment replacement In-Reply-To: <223f97700908070734o69efef1ekd55e5f2785a5900@mail.gmail.com> References: <385165.50683.qm@web33303.mail.mud.yahoo.com> <4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <223f97700908070734o69efef1ekd55e5f2785a5900@mail.gmail.com> Message-ID: On Fri, 7 Aug 2009, Glenn Steen wrote: > [...] > Could you please just take a look at the standard MailScanner init > script? The second file that get sourced is /etc/sysconfig/network. > > So the setting of the HOSTNAME variable derives solely from this > (taking precedence over any setting in the rc scripts). Sorry for not > checking this earlier. > Can someone who has this problem corroborate that they have either an > empty setting, or no setting at all, for HOSTNAME in that file, or > that the setting is just plain wrong? Ah! Might the "init.d" script be lacking an "export HOSTNAME"? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From t.d.lee at durham.ac.uk Fri Aug 7 15:45:59 2009 From: t.d.lee at durham.ac.uk (David Lee) Date: Fri Aug 7 15:46:22 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> Message-ID: On Fri, 7 Aug 2009, Julian Field wrote: > On 07/08/2009 15:23, David Lee wrote: >> [...] >> Wouldn't it help if the MS start up code could have something like: >> if not set/inherited ... then set to something '/bin/hostname'-ish. > > I could put it in the init.d script I guess. That would be the right place > for it. MailScanner just automatically looks up $ENV{FOOBAR} when it sees > $FOOBAR or ${FOOBAR} in the MailScanner.conf file, it doesn't know about the > hostname as a special case at all, and I would like to keep it that way. Sure. (Interpret my phrase "MS start-up code" as including the init.d script.) Might an "export HOSTNAME" there help? -- : David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : UNIX Team Leader Durham University : : South Road : : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. : From jtp at jtpage.net Fri Aug 7 16:00:36 2009 From: jtp at jtpage.net (Jeffry Page) Date: Fri Aug 7 16:00:49 2009 Subject: mailscanner-mrtg: ERROR: mail, spam and virus counters not fully initialised. In-Reply-To: <43B096B9CDFA4736A0D9B354D415E4C6@innovation.unibremen.de> References: <43B096B9CDFA4736A0D9B354D415E4C6@innovation.unibremen.de> Message-ID: <013b01ca176f$d2809010$7781b030$@net> I saw your post so I checked out the CVS. Decided to upgrade my install also. I found that my spam and virus ratios stopped working so I investigated. Open the Data.pm (default /usr/lib/MailScanner-MRTG/MSMRTG/Data.pm) Need to add "spamdelete" to line 108 so it looks like this: foreach (qw(mailbytes mail spam virus spamdelete)) That fixed it for me. The problem I think happens if you don't "delete" spam. I store all the spam for MailWatch so my spam deleted graph is always going to 0. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jens Potthast Sent: Friday, August 07, 2009 6:17 AM To: mailscanner@lists.mailscanner.info Subject: mailscanner-mrtg: ERROR: mail, spam and virus counters not fully initialised. Somehow I can't get this to work. What I did: - installed mailscanner-mrtg 0.11.00 (runs ok, only a minor bug with 'uptime' dir not found) - installed mailscanner-mrtg from cvs over existing 0.11.00 installation Now I get this "ERROR: mail, spam and virus counters not fully initialised." thing. Guess it has something to do with spamdeleted (being 'u'). And here is all the stuff, I forgot to mention (shame on me! :-)): MailScanner 4.77 is running on CentOS 5.3 with postfix 2.3.3. Can anyone help, please? Regards, Jens -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Fri Aug 7 16:31:21 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Aug 7 16:31:29 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <103140.53987.qm@web33301.mail.mud.yahoo.com> References: <4A7B40A1.70402@alexb.ch> <103140.53987.qm@web33301.mail.mud.yahoo.com> Message-ID: <223f97700908070831o1ddc607dq8c3c1ca997c81ed8@mail.gmail.com> 2009/8/7 Michael Mansour : > Hi, > > --- On Fri, 7/8/09, Alex Broens wrote: > >> From: Alex Broens >> Subject: Re: [OT] new sendmail release, ever? >> To: "MailScanner discussion" >> Received: Friday, 7 August, 2009, 6:44 AM >> On 8/6/2009 10:34 PM, Glenn Steen >> wrote: >> > 2009/8/6 Alex Neuman van der Hans : >> >> Meh. Back in my day, we used to have to wait a >> week for e-mail. A local BBS >> >> would batch things up and run on the weekend at >> 2AM when the price for long >> >> distance was lower. Uphill. Both ways. In the >> snow. >> >> >> > .... Anyone else but me remember the dreary state of >> the atlantic line >> > during the mid-80:s? IIRC it was a 19.2 kbps (smoking >> hot!:-) modem >> > connection... No email over the size of 50KiB was >> allowed... >> >> I ran a Fido gateway for many years...16 nodes... first >> modems I used for it were 14400 coz 9600 were getting too >> slow to push demos over the Atlantic. > > I go even further back than that. I ran a 27 node (yes 27 phones lines) BBS system in Australia which would, among other things, run the Fido gateway also. I started the service with (too) many 2400bps modems and went up from there. Prior to that I was enjoying the testing of a 300bps boat anhor (yes it was that big) modem before waiting for the faster 1200bps ones which would autonegotiate line speed. Phew. > :-) I remember that time too. My "point", if there was one, is that all the "backbones" in europe (mostly universities) shared that splendidly fast beast... Yes, there weren't that many e-mail (or news, for that matter) users, but when it's all down to HDB UUCP... Sigh. And then one got to relive it all in the late 80:s with things like fido and bog-slow BBS:s... I have a particularly fond memory of ordering "the complete cookbook" from alt.gourmand, and receiving about 500 (might've been less, it's been a while:-) 50KiB emails... And then printing it all on a rugged line printer... just to realise I hadn't ordered them with metric measurements (Cups? Oz? WTF!) and had to redo it all. Things weren't better in the past. That'sw why we like reminiscing about it:-). > NPGX BBS (maybe a google of it will still show something) was the system. I was also the official Australian Apogee games hub (remember Duke Nukem? Commander Keen ;), among others) where I'd pull down releases from Asia (arrghh the phone bills) and have BBS's from Australia and New Zealand pick the releases up from me. Started with "Remote Access" BBS and ended with "Worldgroup BBS". > > Those were the days :) interestingly, I still run NPGX, 15 years old this year as it evolved from a BBS to ISP to Web and email hosting provider, which is what it does today. > Yeah. I remember all that too, since some of my earlier employers lacked the correct poison, er, Internet access... So cheapish BBS access was the tune during the late -80:s/early -90:s ... at least here in Sweden:). > Anyone remember what a Network shim was? ;) > :) > Regards, > > Michael. > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From sandrews at andrewscompanies.com Fri Aug 7 17:42:10 2009 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Fri Aug 7 17:42:23 2009 Subject: Header Question Message-ID: <1964AAFBC212F742958F9275BF63DBB0C0CDFF@winchester.andrewscompanies.com> This might be a tad off-topic, but is there any way in sendmail or mailscanner that can remove internal, non-routable, ip addresses from the headers (or fake them with public IP addresses)? Our layout on outbound is exchange to exchange to sendmail/mailscanner on the outbound. We're not scanning spam on outbound. Had trouble with a company called mailwatch.com today that is using some obscure RBL called FIVETEN and if you test a non-route such as 192.168.1.20 against it, it hits, so we showed blacklisted. The snarky thing is this company does this ahead of their customer's options and reporting so they have no knowledge or control over it. Of course, this breaks RFC1918 as I understand it. It was dumb luck that we got a tech on the phone that saw the non-routes and knew that's what was causing it, even though it shouldn't. Any thoughts? Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/728d84d1/attachment-0001.html From maxsec at gmail.com Fri Aug 7 17:54:23 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Aug 7 17:54:33 2009 Subject: Best Install For Mail Server In-Reply-To: <013101ca1760$3e26a620$ba73f260$@net> References: <06eb01ca175b$99f08520$cdd18f60$@com> <4A7C20EF.9080409@ecs.soton.ac.uk> <013101ca1760$3e26a620$ba73f260$@net> Message-ID: <72cf361e0908070954o63a6d35ar83b8daca1a44ec4@mail.gmail.com> I would'nt trust this RBL to reject messasges. It's good, but is known to false positive more than other RBLs. Adding it to spamassassin is OK, but not trusting it 100% IMHO. -- Martin Hepworth Oxford, UK 2009/8/7 Jeffry Page > I just found this the other day and added some of the pointers on that > guide > and it really helped. > > Sign up for the barracudacentral.org RBL and block it at the MTA level and > you will see a lot less mail coming in. It was scary at first, but it is > blocking all the known spam mail servers from even connecting to mine, so > its great. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field > Sent: Friday, August 07, 2009 7:41 AM > To: MailScanner discussion > Subject: Re: Best Install For Mail Server > > Read this, it contains pretty much all the stuff you need to setup. > > http://www.mailscanner.info/gettingthebest.html > > On 07/08/2009 13:35, Logs wrote: > > > > I have been using MailScanner for a long time and do like the results > > I get but am always confused as to what exactly is the best install. I > > typically always use Fedora Core with ClamAV, pyzor, razor and > > spamassassin. Am I missing something? If yes, what? What could I > > really do to lock out SPAM from getting into this box? > > > > Thanks > > > > > > -- > > This message has been scanned for viruses and > > dangerous content at *www.comp-wiz.com* , > > and is > > believed to be clean. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be clean. > > > -------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/9997ed3e/attachment.html From prandal at herefordshire.gov.uk Fri Aug 7 19:39:12 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Aug 7 19:39:30 2009 Subject: Header Question In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0C0CDFF@winchester.andrewscompanies.com> References: <1964AAFBC212F742958F9275BF63DBB0C0CDFF@winchester.andrewscompanies.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFB3@HC-MBX02.herefordshire.gov.uk> You can do it, but, be very careful if you try. Sendmail counts Received headers to detect mail loops; if you remove them some unfortunate emails could loop forever. Cheers, Phil, who tried the same only to encounter the above problem ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Steven Andrews Sent: 07 August 2009 17:42 To: MailScanner discussion Subject: Header Question This might be a tad off-topic, but is there any way in sendmail or mailscanner that can remove internal, non-routable, ip addresses from the headers (or fake them with public IP addresses)? Our layout on outbound is exchange to exchange to sendmail/mailscanner on the outbound. We're not scanning spam on outbound. Had trouble with a company called mailwatch.com today that is using some obscure RBL called FIVETEN and if you test a non-route such as 192.168.1.20 against it, it hits, so we showed blacklisted. The snarky thing is this company does this ahead of their customer's options and reporting so they have no knowledge or control over it. Of course, this breaks RFC1918 as I understand it. It was dumb luck that we got a tech on the phone that saw the non-routes and knew that's what was causing it, even though it shouldn't. Any thoughts? Steven R. Andrews, President Andrews Companies Incorporated Small Business Information Technology Consultants sandrews@andrewscompanies.com Phone: 317.536.1807 "If your only tool is a hammer, every problem looks like a nail." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090807/89054523/attachment.html From prandal at herefordshire.gov.uk Fri Aug 7 19:51:59 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Fri Aug 7 19:52:15 2009 Subject: hostname variable in attachment replacement [fixed!] In-Reply-To: <223f97700908070736y48d0f0f5m79855ad7079a5831@mail.gmail.com> References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk><7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk><4A7C39D4.6000903@ecs.soton.ac.uk> <223f97700908070736y48d0f0f5m79855ad7079a5831@mail.gmail.com> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA03CFB6@HC-MBX02.herefordshire.gov.uk> Hi folks, I had the "export HOSTNAME" idea just as I was leaving work, with no time to test it, but can now confirm after testing that adding the line export HOSTNAME To /etc/init.d/MailScanner along with all the other exports does indeed fix the problem. Cheers, Phil -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Glenn Steen Sent: 07 August 2009 15:37 To: MailScanner discussion Subject: Re: hostname variable in attachment replacement 2009/8/7 Julian Field : > > > On 07/08/2009 15:23, David Lee wrote: >> >> On Fri, 7 Aug 2009, Randal, Phil wrote: >> >>> Julian Field wrote: >>>> >>>> "$HOSTNAME" shouldn't work in the reports, only in MailScanner.conf. >>>> But "$hostname" should work in the reports. >>>> >>>> Jules >>> >>> But it doesn't seem to. >>> >>> It is a low priority for me at the moment, and my test box is a VM >>> at home, so it will take me a while to figure out what's going on. >>> Cheers, >>> Phil >> >> Hmmm... I think there are many of us here on this list who are >> expecting the variable to have been automatically set prior to the >> point of use with a reasonable default (e.g. from "uname -n" or >> "/bin/hostname" or similar) but who are finding it empty/unset. ? >> (There may well be others here, for whom a default is being set.) >> >> The human expectation and the computer-code reality don't marry up; >> something somewhere (either human or machine) is going astray. >> >> Wouldn't it help if the MS start up code could have something like: >> ? if not set/inherited ... then set to something '/bin/hostname'-ish. > > I could put it in the init.d script I guess. That would be the right > place for it. MailScanner just automatically looks up $ENV{FOOBAR} > when it sees $FOOBAR or ${FOOBAR} in the MailScanner.conf file, it > doesn't know about the hostname as a special case at all, and I would like to keep it that way. > > Jules > Since the /etc/network file get sourced, it is already there. The question is if you might need an "export HOSTNAME" just after it, to make sure the children get it... But then again, if that was needed, my systems wouldn't be working... and they are;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From hden at kci.net.nz Fri Aug 7 20:42:35 2009 From: hden at kci.net.nz (hden@kci.net.nz) Date: Fri Aug 7 20:42:48 2009 Subject: Disable Spamassassin Whitelist Message-ID: <49281.222.153.167.233.1249674155.squirrel@webmail.kc.net.nz> Can I please have some confirmation of how to disable spamassassin's whitelisting for current versions .. I have commented out AWL If I add 'use_auto_whitelist 0' I receive a parse error concerning this addition when running spamassassin --lint So, I commented out 'use_auto_whitelist 0' Are these steps the correct ones? Cheers! Dave From ka at pacific.net Fri Aug 7 22:03:04 2009 From: ka at pacific.net (Ken A) Date: Fri Aug 7 22:03:24 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <223f97700908070831o1ddc607dq8c3c1ca997c81ed8@mail.gmail.com> References: <4A7B40A1.70402@alexb.ch> <103140.53987.qm@web33301.mail.mud.yahoo.com> <223f97700908070831o1ddc607dq8c3c1ca997c81ed8@mail.gmail.com> Message-ID: <4A7C9688.7090209@pacific.net> Glenn Steen wrote: > 2009/8/7 Michael Mansour : >> Hi, >> >> --- On Fri, 7/8/09, Alex Broens wrote: >> >>> From: Alex Broens >>> Subject: Re: [OT] new sendmail release, ever? >>> To: "MailScanner discussion" >>> Received: Friday, 7 August, 2009, 6:44 AM >>> On 8/6/2009 10:34 PM, Glenn Steen >>> wrote: >>>> 2009/8/6 Alex Neuman van der Hans : >>>>> Meh. Back in my day, we used to have to wait a >>> week for e-mail. A local BBS >>>>> would batch things up and run on the weekend at >>> 2AM when the price for long >>>>> distance was lower. Uphill. Both ways. In the >>> snow. >>>> .... Anyone else but me remember the dreary state of >>> the atlantic line >>>> during the mid-80:s? IIRC it was a 19.2 kbps (smoking >>> hot!:-) modem >>>> connection... No email over the size of 50KiB was >>> allowed... >>> >>> I ran a Fido gateway for many years...16 nodes... first >>> modems I used for it were 14400 coz 9600 were getting too >>> slow to push demos over the Atlantic. >> I go even further back than that. I ran a 27 node (yes 27 phones lines) BBS system in Australia which would, among other things, run the Fido gateway also. I started the service with (too) many 2400bps modems and went up from there. Prior to that I was enjoying the testing of a 300bps boat anhor (yes it was that big) modem before waiting for the faster 1200bps ones which would autonegotiate line speed. Phew. >> > :-) I remember that time too. My "point", if there was one, is that > all the "backbones" in europe (mostly universities) shared that > splendidly fast beast... Yes, there weren't that many e-mail (or news, > for that matter) users, but when it's all down to HDB UUCP... Sigh. > And then one got to relive it all in the late 80:s with things like > fido and bog-slow BBS:s... > > I have a particularly fond memory of ordering "the complete cookbook" > from alt.gourmand, and receiving about 500 (might've been less, it's > been a while:-) 50KiB emails... And then printing it all on a rugged > line printer... just to realise I hadn't ordered them with metric > measurements (Cups? Oz? WTF!) and had to redo it all. > Things weren't better in the past. That'sw why we like reminiscing about it:-). > >> NPGX BBS (maybe a google of it will still show something) was the system. I was also the official Australian Apogee games hub (remember Duke Nukem? Commander Keen ;), among others) where I'd pull down releases from Asia (arrghh the phone bills) and have BBS's from Australia and New Zealand pick the releases up from me. Started with "Remote Access" BBS and ended with "Worldgroup BBS". >> >> Those were the days :) interestingly, I still run NPGX, 15 years old this year as it evolved from a BBS to ISP to Web and email hosting provider, which is what it does today. >> > Yeah. I remember all that too, since some of my earlier employers > lacked the correct poison, er, Internet access... So cheapish BBS > access was the tune during the late -80:s/early -90:s ... at least > here in Sweden:). Here too. I helped maintain a "First Class" BBS out of our city library basement in the early 90s. It used FCP (first class protocol) itself, but had a uucp gateway out through the ISP I now work for. The ISP had a 128k frame ~1993, and I think there were 4 northern CA ISPs running on that same frame at one point. :-) The modems sure looked nice at night though.. pretty lights. There was also a BBS running on two commodore 64 floppies running out of Mendocino, CA (a few miles from here) called "the wormhole". It ran for many years on those same 2 floppy drives, and was famous in it's day. It was similar, but not related to "the well", out of the bay area. Ken > >> Anyone remember what a Network shim was? ;) >> > :) >> Regards, >> >> Michael. >> > > Cheers -- Ken Anderson Pacific Internet - http://www.pacific.net From MailScanner at ecs.soton.ac.uk Fri Aug 7 22:22:15 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 7 22:22:35 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> <4A7C9B07.7010807@ecs.soton.ac.uk> Message-ID: On 07/08/2009 15:45, David Lee wrote: > On Fri, 7 Aug 2009, Julian Field wrote: > >> On 07/08/2009 15:23, David Lee wrote: >>> [...] >>> Wouldn't it help if the MS start up code could have something like: >>> if not set/inherited ... then set to something '/bin/hostname'-ish. >> >> I could put it in the init.d script I guess. That would be the right >> place for it. MailScanner just automatically looks up $ENV{FOOBAR} >> when it sees $FOOBAR or ${FOOBAR} in the MailScanner.conf file, it >> doesn't know about the hostname as a special case at all, and I would >> like to keep it that way. > > Sure. (Interpret my phrase "MS start-up code" as including the init.d > script.) > > Might an "export HOSTNAME" there help? I have added that and published 4.78.7-2 which includes it in the init.d script for RH/CentOS/etc. systems and also SuSE systems as it cannot do much harm. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Sat Aug 8 02:04:00 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Aug 8 02:04:29 2009 Subject: hostname variable in attachment replacement In-Reply-To: References: <385165.50683.qm@web33303.mail.mud.yahoo.com><4A7C2006.6090908@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA076A2B29@HC-MBX02.herefordshire.gov.uk> <4A7C39D4.6000903@ecs.soton.ac.uk> <4A7C9B07.7010807@ecs.soton.ac.uk> Message-ID: <42D270F3-0648-4264-810C-5F64F3998038@rtpty.com> You're spoiling us, Jules! Keep up the great work! On Aug 7, 2009, at 5:22 PM, Jules Field wrote: > I have added that and published 4.78.7-2 which includes it in the > init.d script for RH/CentOS/etc. systems and also SuSE systems as it > cannot do much harm. From uxbod at splatnix.net Sat Aug 8 09:35:52 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Sat Aug 8 09:36:05 2009 Subject: [OT] MailWatch/PHP Protection In-Reply-To: <580142.2491249720514440.JavaMail.root@office.splatnix.net> Message-ID: <21326880.2521249720552803.JavaMail.root@office.splatnix.net> If any of you are running MailWatch, or even any sort of PHP pages, then this is worth a look at :- http://www.spambotsecurity.com/zbblock.php Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090808/06625cc9/attachment.html From r.cahilig at gmail.com Sat Aug 8 21:37:56 2009 From: r.cahilig at gmail.com (Richard R. Cahilig) Date: Sat Aug 8 20:38:26 2009 Subject: MailScanner did not installed successfully in Fedora 11 Message-ID: <4A7DE224.5030904@gmail.com> Hello, I tried to install MailScanner in my Fedora 11 server but the installation did not went fine. I'm getting a lot of errors like this one below. "Missing file" "Maybe it did not build correctly?" Here is the output of the "MailScanner -v" and "MailScanner --lint" command that I ran. Can't locate Filesys/Df.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/local/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl /usr/lib/MailScanner) at /usr/sbin/MailScanner line 91. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. Please help me. Regards, Richard R. Cahilig From MailScanner at ecs.soton.ac.uk Sat Aug 8 20:57:56 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Aug 8 20:58:16 2009 Subject: MailScanner did not installed successfully in Fedora 11 In-Reply-To: <4A7DE224.5030904@gmail.com> References: <4A7DE224.5030904@gmail.com> <4A7DD8C4.2060009@ecs.soton.ac.uk> Message-ID: On 08/08/2009 21:37, Richard R. Cahilig wrote: > Hello, > > I tried to install MailScanner in my Fedora 11 server but the > installation did not went fine. I'm getting a lot of errors like this > one below. > "Missing file" > "Maybe it did not build correctly?" > > Here is the output of the "MailScanner -v" and "MailScanner --lint" > command that I ran. You need to install the very latest beta, it's the first one in which Fedora 11 is properly supported. Install missing modules, as root, by doing commands like this (example for Filesys/Df you are currently missing) yum install perl-Filesys-Df Do that until "MailScanner -v" works okay and lists all the "required" modules as being present. Then install the latest beta of MailScanner (it won't do any damage) over the top of your current installation, and everything should work properly from then on. > > Can't locate Filesys/Df.pm in @INC (@INC contains: > /usr/lib/MailScanner > /usr/local/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi > /usr/local/lib/perl5/site_perl/5.10.0 > /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl > /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 > /usr/lib/perl5/site_perl /usr/lib/MailScanner) at > /usr/sbin/MailScanner line 91. > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 91. > > Please help me. > > Regards, > > Richard R. Cahilig > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mhw at WittsEnd.com Sun Aug 9 16:45:52 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Sun Aug 9 16:46:10 2009 Subject: [OT] new sendmail release, ever? In-Reply-To: <4A7B40A1.70402@alexb.ch> References: <4A72D851.7080405@inticon.net.au> <4A72DB0B.6060707@cnpapers.com> <4A72DDB0.9050306@inticon.net.au> <4A7AEB5C020000A20000F717@platteco-2.plattesheriff.org> <223f97700908061334j631dfb7cq902aa6e47ce99851@mail.gmail.com> <4A7B40A1.70402@alexb.ch> Message-ID: <1249832752.5733.65.camel@canyon.wittsend.com> On Thu, 2009-08-06 at 22:44 +0200, Alex Broens wrote: > On 8/6/2009 10:34 PM, Glenn Steen wrote: > > 2009/8/6 Alex Neuman van der Hans : > >> Meh. Back in my day, we used to have to wait a week for e-mail. A local BBS > >> would batch things up and run on the weekend at 2AM when the price for long > >> distance was lower. Uphill. Both ways. In the snow. > >> > > .... Anyone else but me remember the dreary state of the atlantic line > > during the mid-80:s? IIRC it was a 19.2 kbps (smoking hot!:-) modem > > connection... No email over the size of 50KiB was allowed... > I ran a Fido gateway for many years...16 nodes... first modems I used > for it were 14400 coz 9600 were getting too slow to push demos over the > Atlantic. My site was one of the "ARNO" (Atlanta Regional Network Organizations) which used uucp mail (bang path anyone) to gateway E-Mail from a couple of Universities, Emory and Georgia Tech, here in Atlanta Georgia out to the broader cloud of uucp sites. One of my connections was to gisatl, the Fido gateway here in this area. I started out with SMail and actually had contributed some patches to SMail 3 in the early days (fixes to some "% hack" bugs). I've also used and deployed MMDF. Anyone remember that behemoth? Sometimes referred to as "Military Mail" because the Military loved it. Arguably the most secure E-Mail package around. It only had a single security advisory in its entire history. QMail has had more (in spite of, or maybe because of, threats and uglyness from DJB). We use to refer to Sendmail as the "bug of the month club" but I use it now. SMail got more complicated and Sendmail got stable and added the m4 configurations and got the performance up on par with Postfix and QMail. I don't think there's a major MTA I haven't deployed and done something with. I've just stuck with Sendmail. > .... those were the days... each email which actually made it thru all > the Fido nodes and reached the recipient triggered a celebration. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090809/23e53964/attachment.bin From hden at kci.net.nz Mon Aug 10 01:12:41 2009 From: hden at kci.net.nz (hden@kci.net.nz) Date: Mon Aug 10 01:12:55 2009 Subject: Help needed with Spamassassin Rule Syntax Message-ID: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> The following spamassassin rule .. header MY_DOMAIN_IN_FROM From =~ /\@mydomain.com$/i works fine when mail comes in 'From: user@mydomain.com', but what/how/where do I need to change the rule to also works when the email uses the following format .. From: AUSER Cheers! Dave From Chris.Russell at knowledgeit.co.uk Mon Aug 10 01:48:23 2009 From: Chris.Russell at knowledgeit.co.uk (Chris Russell) Date: Mon Aug 10 01:48:33 2009 Subject: Best Install For Mail Server In-Reply-To: <72cf361e0908070954o63a6d35ar83b8daca1a44ec4@mail.gmail.com> References: <06eb01ca175b$99f08520$cdd18f60$@com> <4A7C20EF.9080409@ecs.soton.ac.uk> <013101ca1760$3e26a620$ba73f260$@net> <72cf361e0908070954o63a6d35ar83b8daca1a44ec4@mail.gmail.com> Message-ID: <1E130DCA55D169479976824AA6D4DB33214B86AE81@UKNEWK0999SV007.knowledgeit.co.uk> ; I would'nt trust this RBL to reject messasges. It's good, but is known to false positive more than other RBLs. Adding it to spamassassin is ; OK, but not trusting it 100% IMHO. True on any RBL really, you can mitigate the risk though via including a URL in the reject which allows people to request whitelisting. IMHO, user/ip combination greylisting for anything dsl-y is the way to go right now. Cheers, Chris ________________________________ Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/fd8154dd/attachment.html From ms-list at alexb.ch Mon Aug 10 06:48:35 2009 From: ms-list at alexb.ch (Alex Broens) Date: Mon Aug 10 06:48:44 2009 Subject: Help needed with Spamassassin Rule Syntax In-Reply-To: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> References: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> Message-ID: <4A7FB4B3.3030902@alexb.ch> On 8/10/2009 2:12 AM, hden@kci.net.nz wrote: > The following spamassassin rule .. > > header MY_DOMAIN_IN_FROM From =~ /\@mydomain.com$/i > > works fine when mail comes in 'From: user@mydomain.com', but > what/how/where do I need to change the rule to also works when the email > uses the following format .. > > From: AUSER > > Cheers! > Dave header MY_DOMAIN_IN_FROM From =~ /\@example\.com\>?$/i or header MY_DOMAIN_IN_FROM From =~ /\@example\.com/i From Jens.Potthast at innovation.uni-bremen.de Mon Aug 10 08:16:58 2009 From: Jens.Potthast at innovation.uni-bremen.de (Jens Potthast) Date: Mon Aug 10 08:17:13 2009 Subject: AW: mailscanner-mrtg: ERROR: mail, spam and virus counters not fully initialised. In-Reply-To: <013b01ca176f$d2809010$7781b030$@net> References: <43B096B9CDFA4736A0D9B354D415E4C6@innovation.unibremen.de> <013b01ca176f$d2809010$7781b030$@net> Message-ID: That also solved my problem. :-) Thanks a million. Jens >-----Urspr?ngliche Nachricht----- >Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- >bounces@lists.mailscanner.info] Im Auftrag von Jeffry Page >Gesendet: Freitag, 7. August 2009 17:01 >An: 'MailScanner discussion' >Betreff: RE: mailscanner-mrtg: ERROR: mail,spam and virus counters not fully initialised. > >I saw your post so I checked out the CVS. Decided to upgrade my install >also. > >I found that my spam and virus ratios stopped working so I investigated. > >Open the Data.pm (default /usr/lib/MailScanner-MRTG/MSMRTG/Data.pm) > >Need to add "spamdelete" to line 108 so it looks like this: > > foreach (qw(mailbytes mail spam virus spamdelete)) > >That fixed it for me. > >The problem I think happens if you don't "delete" spam. >I store all the spam for MailWatch so my spam deleted graph is always going >to 0. > >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info >[mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jens >Potthast >Sent: Friday, August 07, 2009 6:17 AM >To: mailscanner@lists.mailscanner.info >Subject: mailscanner-mrtg: ERROR: mail, spam and virus counters not fully >initialised. > > > >Somehow I can't get this to work. What I did: >- installed mailscanner-mrtg 0.11.00 (runs ok, only a minor bug with >'uptime' dir not >found) >- installed mailscanner-mrtg from cvs over existing 0.11.00 installation > >Now I get this "ERROR: mail, spam and virus counters not fully initialised." >thing. >Guess it has something to do with spamdeleted (being 'u'). > > >And here is all the stuff, I forgot to mention (shame on me! :-)): >MailScanner 4.77 is running on CentOS 5.3 with postfix 2.3.3. > > >Can anyone help, please? > >Regards, >Jens > > >-------------------- >This message has been scanned for viruses and >dangerous content by MailScanner, and is believed to be clean. > >-- >MailScanner mailing list >mailscanner@lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > >Before posting, read http://wiki.mailscanner.info/posting > >Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5510 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/fc6ffc8a/smime.bin From sandrews at andrewscompanies.com Mon Aug 10 12:11:29 2009 From: sandrews at andrewscompanies.com (Steven Andrews) Date: Mon Aug 10 12:11:41 2009 Subject: [OT] MailWatch/PHP Protection In-Reply-To: <21326880.2521249720552803.JavaMail.root@office.splatnix.net> References: <580142.2491249720514440.JavaMail.root@office.splatnix.net> <21326880.2521249720552803.JavaMail.root@office.splatnix.net> Message-ID: <1964AAFBC212F742958F9275BF63DBB0C0CE0B@winchester.andrewscompanies.com> Awesome job there; post the url that gets you banned from viewing the root of the site as well. ;) From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: Saturday, August 08, 2009 4:36 AM To: mailscanner@lists.mailscanner.info Subject: [OT] MailWatch/PHP Protection If any of you are running MailWatch, or even any sort of PHP pages, then this is worth a look at :- http://www.spambotsecurity.com/zbblock.php Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/64420d69/attachment.html From uxbod at splatnix.net Mon Aug 10 12:40:26 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Aug 10 12:40:49 2009 Subject: [OT] MailWatch/PHP Protection In-Reply-To: <1964AAFBC212F742958F9275BF63DBB0C0CE0B@winchester.andrewscompanies.com> Message-ID: <7007551.361249904425966.JavaMail.root@office.splatnix.net> ??? I can get to it just fine ??? Best Regards, ----- "Steven Andrews" wrote: > > Awesome job there; post the url that gets you banned from viewing the root of the site as well. ;) > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- > Sent: Saturday, August 08, 2009 4:36 AM > To: mailscanner@lists.mailscanner.info > Subject: [OT] MailWatch/PHP Protection If any of you are running MailWatch, or even any sort of PHP pages, then this is worth a look at :- http://www.spambotsecurity.com/zbblock.php > > Best Regards, > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/ba2f7878/attachment.html From E.Bloodaxe at gold.ac.uk Mon Aug 10 17:14:06 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Mon Aug 10 17:15:20 2009 Subject: hostname variable in attachment replacement In-Reply-To: <223f97700908070719o3e126405s2a9e87b93d6b7e87@mail.gmail.com> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> <4A7C303F.6060904@gold.ac.uk> <223f97700908070719o3e126405s2a9e87b93d6b7e87@mail.gmail.com> Message-ID: <4A80474E.6080804@gold.ac.uk> Glenn Steen wrote: >> I solved it as suggested by adding a >> HOSTNAME=`/bin/hostname` >> export HOSTNAME >> >> to the start up script, but this should work out of the box. >> >> > I agree. Could you set it like I outline above, just to see if it > makes a difference? > > It does make the diffrence. >> I suspect this is related to the various diffrent notions of domain and host >> name under Linux (solaris is simpler here) >> > ... There can be only one!:-) > > There is dnsdomainname and domainname which is the nis/YP domainname these can be diffrent. There as discovered is the hostname in /etc/sysconfig/network, which the out of the box install seems to leave as HOSTNAME=localhost.localdomain while domainname returns blank. >> on the box the dns domain name is set but the domiain name not! >> >> > Sounds like it is jumbled then. Try setting it as suggested and do a > reboot (perhaps make sure your "login script hack" is disabled). > > Jumbled is slightly subjective given it is out of the box! Perhaps a RH bug? From my prespective it is fixed. BTW I never said but I am using the TAR version not the RPM! Erik >> Erik >> >> >> > > Cheers > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/78786830/attachment.html From uxbod at splatnix.net Mon Aug 10 17:49:22 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Mon Aug 10 17:49:52 2009 Subject: DKIM Message-ID: <15279903.471249922962959.JavaMail.root@office.splatnix.net> Has anybody used http://dkimproxy.sourceforge.net/ with MS for signing emails ? or do you do this at MTA level ? Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration From MailScanner at ecs.soton.ac.uk Mon Aug 10 18:15:03 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 10 18:15:21 2009 Subject: DKIM In-Reply-To: <15279903.471249922962959.JavaMail.root@office.splatnix.net> References: <15279903.471249922962959.JavaMail.root@office.splatnix.net> <4A805597.4040409@ecs.soton.ac.uk> Message-ID: I do all DKIM stuff at MTA level. Works fine with sendmail. On 10/08/2009 17:49, --[ UxBoD ]-- wrote: > Has anybody used http://dkimproxy.sourceforge.net/ with MS for signing emails ? or do you do this at MTA level ? > > Best Regards, > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mhw at WittsEnd.com Mon Aug 10 18:42:15 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Mon Aug 10 18:42:38 2009 Subject: Configuration suggestion... Message-ID: <1249926135.5733.119.camel@canyon.wittsend.com> Hey all, Julian, I was just in the process of upgrading MailScanner on several machines and had been doing a few other similar things to some other packages and had a thought regarding the configuration file. Right now, we use the configuration upgrade script and some diffing and what not (I'm on an rpm based system - Fedora 10). Maybe this has been brought up in the past and dismissed and maybe there are good reasons for not doing it or may it can be done, I just don't know how... But... What about a separate, site specific, configuration file? Keep the main file with all the default options but then have the admin put customized options in a separate file and not modify the main file? Several other packages I know do it this way and it makes updating so much easier and less error prone. The main file would then have instructions to put customized values into the site file while it still retains all the possible options and their defaults and the detailed instructions. The admin can make the site file as complex or as simple as he likes. Updates then merely require a check that the main file has not been alter and then a simple replacement. Value checks and warnings could still be applied but then it would be to both the main and site specific file. Maybe make the configuration file(s) a colon separated string, like a PATH, with the last value read from any of them holding precedence. Yes, there is the possibility that the user might have some incompatible option in a site file that could cause a version skew problem. Given the normal tunable parameters, this would seem pretty unlikely and could be caught in the update check for default files. It would certainly make packaging for a distribution much easier and updates much more convenient for the system administrator. Just a thought. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/38ab2410/attachment.bin From MailScanner at ecs.soton.ac.uk Mon Aug 10 19:00:08 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 10 19:00:37 2009 Subject: Configuration suggestion... In-Reply-To: <1249926135.5733.119.camel@canyon.wittsend.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> Message-ID: I don't quite see what that would achieve that the upgrade_MailScanner_conf doesn't. I don't entirely understand your point, sorry. On 10/08/2009 18:42, Michael H. Warfield wrote: > Hey all, Julian, > > I was just in the process of upgrading MailScanner on several machines > and had been doing a few other similar things to some other packages and > had a thought regarding the configuration file. Right now, we use the > configuration upgrade script and some diffing and what not (I'm on an > rpm based system - Fedora 10). > > Maybe this has been brought up in the past and dismissed and maybe > there are good reasons for not doing it or may it can be done, I just > don't know how... But... What about a separate, site specific, > configuration file? Keep the main file with all the default options but > then have the admin put customized options in a separate file and not > modify the main file? > > Several other packages I know do it this way and it makes updating so > much easier and less error prone. The main file would then have > instructions to put customized values into the site file while it still > retains all the possible options and their defaults and the detailed > instructions. The admin can make the site file as complex or as simple > as he likes. Updates then merely require a check that the main file has > not been alter and then a simple replacement. Value checks and warnings > could still be applied but then it would be to both the main and site > specific file. Maybe make the configuration file(s) a colon separated > string, like a PATH, with the last value read from any of them holding > precedence. > > Yes, there is the possibility that the user might have some > incompatible option in a site file that could cause a version skew > problem. Given the normal tunable parameters, this would seem pretty > unlikely and could be caught in the update check for default files. > > It would certainly make packaging for a distribution much easier and > updates much more convenient for the system administrator. > > Just a thought. > > Regards, > Mike > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Mon Aug 10 19:15:54 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Aug 10 19:16:04 2009 Subject: hostname variable in attachment replacement In-Reply-To: <4A80474E.6080804@gold.ac.uk> References: <4A7A9EBE.20100@gold.ac.uk> <4A7AABCC.9080202@gold.ac.uk> <4A7AB324.6020909@ecs.soton.ac.uk> <4A7ABE17.2060005@gold.ac.uk> <4A7ACAC6.9080001@ecs.soton.ac.uk> <4A7AD9A1.1060402@gold.ac.uk> <223f97700908060753h91db832j85fa43235f21f8cb@mail.gmail.com> <4A7C303F.6060904@gold.ac.uk> <223f97700908070719o3e126405s2a9e87b93d6b7e87@mail.gmail.com> <4A80474E.6080804@gold.ac.uk> Message-ID: <88BDF084-A10E-465F-81C0-CA4A4D1DE8C7@rtpty.com> Not a bug, a feature! This is one thing that's come back to bite in the rear more than once, in my experience. Also the weird /etc/hosts file entry that has to be fixed by hand. On Aug 10, 2009, at 11:14 AM, Erik Bloodaxe wrote: > Jumbled is slightly subjective given it is out of the box! Perhaps > a RH bug? From alex at rtpty.com Mon Aug 10 19:16:24 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Aug 10 19:16:35 2009 Subject: DKIM In-Reply-To: References: <15279903.471249922962959.JavaMail.root@office.splatnix.net> <4A805597.4040409@ecs.soton.ac.uk> Message-ID: <0430A54B-FE81-424E-969B-B2AF8360EF87@rtpty.com> Can you recommend a good FAQ/HOWTO? On Aug 10, 2009, at 12:15 PM, Jules Field wrote: > I do all DKIM stuff at MTA level. Works fine with sendmail. From alex at rtpty.com Mon Aug 10 19:21:03 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Aug 10 19:21:14 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> Message-ID: What I think he means to ask is if there could be something like: @include /etc/MailScanner/my.site.conf Where my.site.conf could have site-specific rules. That way, the "global" /etc/MailScanner/MailScanner.conf could have a certain set of values (which would work with your existing upgrade_MailScanner_conf as-is), but then some very site-specific (as opposed to, say, corporate-specific) settings could be "include"d - sort of like some programs already work. Asterisk is one project where, for example, there are a lot of defaults and, depending on context, things can be "include"d. If there is an upgrade to MS, upgrade_MailScanner_conf can take care of new parameters while keeping old ones in the "main" conf file. Creating a "new" instance of MailScanner for the same "corporation" but for a different "site" would only require a "site-specific" conf file to be included. Another way I've seen it done is where the "site-specific" file is the "main" file - and it "includes" a global-settings file that's corporate-wide. On Aug 10, 2009, at 1:00 PM, Jules Field wrote: > I don't quite see what that would achieve that the > upgrade_MailScanner_conf doesn't. > I don't entirely understand your point, sorry. From mhw at WittsEnd.com Mon Aug 10 19:48:24 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Mon Aug 10 19:48:45 2009 Subject: DKIM In-Reply-To: <0430A54B-FE81-424E-969B-B2AF8360EF87@rtpty.com> References: <15279903.471249922962959.JavaMail.root@office.splatnix.net> <4A805597.4040409@ecs.soton.ac.uk> <0430A54B-FE81-424E-969B-B2AF8360EF87@rtpty.com> Message-ID: <1249930105.5733.122.camel@canyon.wittsend.com> On Mon, 2009-08-10 at 13:16 -0500, Alex Neuman van der Hans wrote: > Can you recommend a good FAQ/HOWTO? http://www.elandsys.com/resources/sendmail/dkim.html I'm using the above to begin deployment now. Here's a good site for intro information: http://dkim.org/ > On Aug 10, 2009, at 12:15 PM, Jules Field wrote: > > I do all DKIM stuff at MTA level. Works fine with sendmail. Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/9ce0a333/attachment.bin From mhw at WittsEnd.com Mon Aug 10 19:56:26 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Mon Aug 10 19:56:51 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> Message-ID: <1249930586.5733.130.camel@canyon.wittsend.com> On Mon, 2009-08-10 at 19:00 +0100, Jules Field wrote: > I don't quite see what that would achieve that the > upgrade_MailScanner_conf doesn't. > I don't entirely understand your point, sorry. The point is that upgrade_MailScanner_conf is a PITA. I typically have to have two screens up and refer back and forth while I've got the instructions from one process in one screen and performing the actions in another. The install script tells you to run upgrade_MailScanner_conf, but then it tells you "if you're running an rpm distro do..." cd /etc/MailScanner upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf ... But then that tells you ... then you should do diff -w MailScanner.conf.rpmnew MailScanner.new and check for any differences in values you have not changed yourself. Once you have checked that MailScanner.new contains what you want, you can then save your old one and move the new one into place, using commands like these: mv -f MailScanner.conf MailScanner.old mv -f MailScanner.new MailScanner.conf That's a lot of manual steps that have to be performed each time on each system. Having a site configuration would obviate the need for all of that. You just update the main file which could be easily handled in a simple rpm update like all the other packages do. Mike > On 10/08/2009 18:42, Michael H. Warfield wrote: > > Hey all, Julian, > > > > I was just in the process of upgrading MailScanner on several machines > > and had been doing a few other similar things to some other packages and > > had a thought regarding the configuration file. Right now, we use the > > configuration upgrade script and some diffing and what not (I'm on an > > rpm based system - Fedora 10). > > > > Maybe this has been brought up in the past and dismissed and maybe > > there are good reasons for not doing it or may it can be done, I just > > don't know how... But... What about a separate, site specific, > > configuration file? Keep the main file with all the default options but > > then have the admin put customized options in a separate file and not > > modify the main file? > > > > Several other packages I know do it this way and it makes updating so > > much easier and less error prone. The main file would then have > > instructions to put customized values into the site file while it still > > retains all the possible options and their defaults and the detailed > > instructions. The admin can make the site file as complex or as simple > > as he likes. Updates then merely require a check that the main file has > > not been alter and then a simple replacement. Value checks and warnings > > could still be applied but then it would be to both the main and site > > specific file. Maybe make the configuration file(s) a colon separated > > string, like a PATH, with the last value read from any of them holding > > precedence. > > > > Yes, there is the possibility that the user might have some > > incompatible option in a site file that could cause a version skew > > problem. Given the normal tunable parameters, this would seem pretty > > unlikely and could be caught in the update check for default files. > > > > It would certainly make packaging for a distribution much easier and > > updates much more convenient for the system administrator. > > > > Just a thought. > > > > Regards, > > Mike > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/db63b3ea/attachment.bin From mhw at WittsEnd.com Mon Aug 10 20:02:14 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Mon Aug 10 20:02:28 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> Message-ID: <1249930934.5733.134.camel@canyon.wittsend.com> On Mon, 2009-08-10 at 13:21 -0500, Alex Neuman van der Hans wrote: > What I think he means to ask is if there could be something like: > > @include /etc/MailScanner/my.site.conf Yeah, that's a really good point. Probably, a lot more packages implement this in the form of included files than in the form of string listed option files. That's a very good point. I use that with OpenSWAN and BIND and a whole bunch of others that require a lot of custom configurations. Those even then allow forms like... @included /etc/MailScanner/conf/* > Where my.site.conf could have site-specific rules. That way, the > "global" /etc/MailScanner/MailScanner.conf could have a certain set of > values (which would work with your existing upgrade_MailScanner_conf > as-is), but then some very site-specific (as opposed to, say, > corporate-specific) settings could be "include"d - sort of like some > programs already work. > Asterisk is one project where, for example, there are a lot of > defaults and, depending on context, things can be "include"d. If there > is an upgrade to MS, upgrade_MailScanner_conf can take care of new > parameters while keeping old ones in the "main" conf file. Creating a > "new" instance of MailScanner for the same "corporation" but for a > different "site" would only require a "site-specific" conf file to be > included. Yeah, Asterisk is another excellent example here. > Another way I've seen it done is where the "site-specific" file is the > "main" file - and it "includes" a global-settings file that's > corporate-wide. Yup. Lots of ways to accomplish the same idea. > On Aug 10, 2009, at 1:00 PM, Jules Field wrote: > > > I don't quite see what that would achieve that the > > upgrade_MailScanner_conf doesn't. > > I don't entirely understand your point, sorry. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/e519de60/attachment.bin From maxsec at gmail.com Mon Aug 10 20:03:40 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Aug 10 20:03:55 2009 Subject: Configuration suggestion... In-Reply-To: <1249930586.5733.130.camel@canyon.wittsend.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> Message-ID: <72cf361e0908101203v34a9419dn321e2037dd20f93d@mail.gmail.com> or just write the process down in a wiki/web page and then copy paste or have a script to do the whole lot. 2009/8/10 Michael H. Warfield > On Mon, 2009-08-10 at 19:00 +0100, Jules Field wrote: > > I don't quite see what that would achieve that the > > upgrade_MailScanner_conf doesn't. > > I don't entirely understand your point, sorry. > > The point is that upgrade_MailScanner_conf is a PITA. I typically > have > to have two screens up and refer back and forth while I've got the > instructions from one process in one screen and performing the actions > in another. > > The install script tells you to run upgrade_MailScanner_conf, but > then > it tells you "if you're running an rpm distro do..." > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > > MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > ... But then that tells you ... > > then you should do > diff -w MailScanner.conf.rpmnew MailScanner.new > and check for any differences in values you have not changed yourself. > > > Once you have checked that MailScanner.new contains what > you want, you can then save your old one and move the new > one into place, using commands like these: > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > That's a lot of manual steps that have to be performed each time on > each system. Having a site configuration would obviate the need for all > of that. You just update the main file which could be easily handled in > a simple rpm update like all the other packages do. > > Mike > > > On 10/08/2009 18:42, Michael H. Warfield wrote: > > > Hey all, Julian, > > > > > > I was just in the process of upgrading MailScanner on several > machines > > > and had been doing a few other similar things to some other packages > and > > > had a thought regarding the configuration file. Right now, we use the > > > configuration upgrade script and some diffing and what not (I'm on an > > > rpm based system - Fedora 10). > > > > > > Maybe this has been brought up in the past and dismissed and maybe > > > there are good reasons for not doing it or may it can be done, I just > > > don't know how... But... What about a separate, site specific, > > > configuration file? Keep the main file with all the default options > but > > > then have the admin put customized options in a separate file and not > > > modify the main file? > > > > > > Several other packages I know do it this way and it makes updating > so > > > much easier and less error prone. The main file would then have > > > instructions to put customized values into the site file while it still > > > retains all the possible options and their defaults and the detailed > > > instructions. The admin can make the site file as complex or as simple > > > as he likes. Updates then merely require a check that the main file > has > > > not been alter and then a simple replacement. Value checks and > warnings > > > could still be applied but then it would be to both the main and site > > > specific file. Maybe make the configuration file(s) a colon separated > > > string, like a PATH, with the last value read from any of them holding > > > precedence. > > > > > > Yes, there is the possibility that the user might have some > > > incompatible option in a site file that could cause a version skew > > > problem. Given the normal tunable parameters, this would seem pretty > > > unlikely and could be caught in the update check for default files. > > > > > > It would certainly make packaging for a distribution much easier > and > > > updates much more convenient for the system administrator. > > > > > > Just a thought. > > > > > > Regards, > > > Mike > > > > > > > Jules > > > > -- > > Julian Field MEng CITP CEng > > www.MailScanner.info > > Buy the MailScanner book at www.MailScanner.info/store > > > > Need help customising MailScanner? > > Contact me! > > Need help fixing or optimising your systems? > > Contact me! > > Need help getting you started solving new requirements from your boss? > > Contact me! > > > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com > /\/\|=mhw=|\/\/ | (678) 463-0932 | > http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of > all > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090810/a506a711/attachment.html From hden at kci.net.nz Tue Aug 11 00:42:27 2009 From: hden at kci.net.nz (hden@kci.net.nz) Date: Tue Aug 11 00:42:40 2009 Subject: Advice needed with Whitelist Rules In-Reply-To: <4A7FB4B3.3030902@alexb.ch> References: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> <4A7FB4B3.3030902@alexb.ch> Message-ID: <51261.222.154.232.180.1249947747.squirrel@webmail.kc.net.nz> Although this appears very similar to my recent help request [resolved now, thanks Alex], it is in fact totally seperate. I'm trying to track why some email that should be whitelisted at times isn't. In my whitelist rules, I want to whitelist email from anyone from a certain domain, so in whitelist rules have .. From: thisdomain.co.nz yes Question, would this also whitelist email where the 'From' field in the email header is in the following format? .. From: Bill Smith and, if not, what needs changing? Cheers! Dave From jonas at vrt.dk Tue Aug 11 09:08:44 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 11 09:08:57 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> Message-ID: <003c01ca1a5a$f23fb280$d6bf1780$@dk> > I don't quite see what that would achieve that the > upgrade_MailScanner_conf doesn't. > I don't entirely understand your point, sorry. > For what its worth I'd like to see something along the lines Michael describes as well. As Martin writes, atm. you more or less have to write everything down as instructions if you don?t want to re-invent the wheel every time you upgrade, or maybe write a script that does it (a script which would probably need updating when something is changed in the installation method) So my 5 cents would be that it would make most sence for the installer to somehow make it easier to upgrade MailScanner. I mean we are blessed with a project which is routinely updated, and not just minor skipable updates but great additions to functions and what not, so I think people running MailScanner upgrade quite a lot (or at least it would they would benefit if they do) I can only speak for myself, but I often put of upgrading because I find it to be an overly complex process, that makes me revisit a lot of stuff every time I have to do it. So I normally only do it once every 6 months or so. As I said the above is just my take on it, so no offence to anybody :) Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From MailScanner at ecs.soton.ac.uk Tue Aug 11 09:13:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 09:13:52 2009 Subject: Configuration suggestion... In-Reply-To: <1249930586.5733.130.camel@canyon.wittsend.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <4A81282E.7090509@ecs.soton.ac.uk> Message-ID: On 10/08/2009 19:56, Michael H. Warfield wrote: > On Mon, 2009-08-10 at 19:00 +0100, Jules Field wrote: > >> I don't quite see what that would achieve that the >> upgrade_MailScanner_conf doesn't. >> I don't entirely understand your point, sorry. >> > The point is that upgrade_MailScanner_conf is a PITA. I typically have > to have two screens up and refer back and forth while I've got the > instructions from one process in one screen and performing the actions > in another. > Sorry, I always thought it was rather neat, in that it copies over all your old settings, puts all the comments in the right place and so on. Damn site easier than just having what most packages give you, which is your old file and a new "default unconfigured" file where you have to merge the two by hand to create your new one. Adding "include" files means that I need to allow settings to be over-written by later instances of the same setting, and I need to keep track of a whole stack of nested "include" files. Currently it will complain if it sees the same setting twice, but I would have to disable that, which I'm not keen on doing. And in the nested "include" file handling, I've got to do loop detection and other nasties so you can't trivially break it. Most sensible people who have multiple servers always document upgrade instructions like this so you can just follow some noddy guide you wrote rather than trying to be sure you didn't miss anything each time when you get distracted by the phone ringing in the middle of it all. And you just cut and paste your instructions :-) > The install script tells you to run upgrade_MailScanner_conf, but then > it tells you "if you're running an rpm distro do..." > > cd /etc/MailScanner > upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew> MailScanner.new > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > ... But then that tells you ... > > then you should do > diff -w MailScanner.conf.rpmnew MailScanner.new > and check for any differences in values you have not changed yourself. > My instructions are fine for beginners in my view. They can add the "diff -w" step into their process, I'm sure it's not *that* confusing. If you already know what you're doing, like you, then you can skip the bits of the instructions that you know you don't need. Occasionally I do change default values of things, and so *may* overwrite your previous setting. If you don't know about that, it could be a nasty surprise. Hence the added extra step. > > Once you have checked that MailScanner.new contains what > you want, you can then save your old one and move the new > one into place, using commands like these: > mv -f MailScanner.conf MailScanner.old > mv -f MailScanner.new MailScanner.conf > > That's a lot of manual steps that have to be performed each time on > each system. That's why God invented cut and paste. > Having a site configuration would obviate the need for all > of that. You just update the main file which could be easily handled in > a simple rpm update like all the other packages do. > I could just do an upgrade_MailScanner_conf; mv; mv in the RPM instead, that would remove the whole exercise from your hands. I just thought many people might like the opportunity to do it by hand so they get to see it working. I'm not against you or anything like that, I just wanted to present my side of the situation too, to see what you think. It's not only your opinion that matters, I need input from others before I change any of this too. Implementing nested include files is non-trivial. > Mike > > >> On 10/08/2009 18:42, Michael H. Warfield wrote: >> >>> Hey all, Julian, >>> >>> I was just in the process of upgrading MailScanner on several machines >>> and had been doing a few other similar things to some other packages and >>> had a thought regarding the configuration file. Right now, we use the >>> configuration upgrade script and some diffing and what not (I'm on an >>> rpm based system - Fedora 10). >>> >>> Maybe this has been brought up in the past and dismissed and maybe >>> there are good reasons for not doing it or may it can be done, I just >>> don't know how... But... What about a separate, site specific, >>> configuration file? Keep the main file with all the default options but >>> then have the admin put customized options in a separate file and not >>> modify the main file? >>> >>> Several other packages I know do it this way and it makes updating so >>> much easier and less error prone. The main file would then have >>> instructions to put customized values into the site file while it still >>> retains all the possible options and their defaults and the detailed >>> instructions. The admin can make the site file as complex or as simple >>> as he likes. Updates then merely require a check that the main file has >>> not been alter and then a simple replacement. Value checks and warnings >>> could still be applied but then it would be to both the main and site >>> specific file. Maybe make the configuration file(s) a colon separated >>> string, like a PATH, with the last value read from any of them holding >>> precedence. >>> >>> Yes, there is the possibility that the user might have some >>> incompatible option in a site file that could cause a version skew >>> problem. Given the normal tunable parameters, this would seem pretty >>> unlikely and could be caught in the update check for default files. >>> >>> It would certainly make packaging for a distribution much easier and >>> updates much more convenient for the system administrator. >>> >>> Just a thought. >>> >>> Regards, >>> Mike >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 11 09:16:29 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 09:16:55 2009 Subject: Advice needed with Whitelist Rules In-Reply-To: <51261.222.154.232.180.1249947747.squirrel@webmail.kc.net.nz> References: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> <4A7FB4B3.3030902@alexb.ch> <51261.222.154.232.180.1249947747.squirrel@webmail.kc.net.nz> <4A8128DD.2030308@ecs.soton.ac.uk> Message-ID: On 11/08/2009 00:42, hden@kci.net.nz wrote: > Although this appears very similar to my recent help request [resolved > now, thanks Alex], it is in fact totally seperate. > > I'm trying to track why some email that should be whitelisted at times isn't. > > In my whitelist rules, I want to whitelist email from anyone from a > certain domain, so in whitelist rules have .. > > From: thisdomain.co.nz yes > > Question, would this also whitelist email where the 'From' field in the > email header is in the following format? .. > The spam.whitelist.rules (as supplied it applies a ruleset to "Is Definitely Not Spam") works on the envelope sender and not the "From:" header at all, so the syntax of the "From:" header is irrelevant. The envelope sender address is just the user@domain.com section, with no surrounding junk, so your spam whitelist entry should work. Check that's where the mail is actually coming from! You can add the Envelope From Address to the headers in MailScanner.conf so you can see for definite what it's being set to, just look for "Envelope" and you'll soon find the option. Jules. > From: Bill Smith > > and, if not, what needs changing? > > Cheers! > Dave > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Tue Aug 11 09:43:38 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Tue Aug 11 09:44:07 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> Message-ID: <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> On Tue, Aug 11, 2009 at 10:13 AM, Julian Field wrote: > Adding "include" files means that I need to allow settings to be > over-written by later instances of the same setting, and I need to keep > track of a whole stack of nested "include" files. Currently it will complain > if it sees the same setting twice, but I would have to disable that, which > I'm not keen on doing. And in the nested "include" file handling, I've got > to do loop detection and other nasties so you can't trivially break it. You could use MailScanner.conf as the master and the only one allowed to include other files. Then just let settings override each other. That's simple and good enough in my opinion, I doubt anyone _really_ needs nesting. -- /peter From glenn.steen at gmail.com Tue Aug 11 10:13:06 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Aug 11 10:13:15 2009 Subject: Configuration suggestion... In-Reply-To: <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> Message-ID: <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> 2009/8/11 shuttlebox : > On Tue, Aug 11, 2009 at 10:13 AM, Julian > Field wrote: >> Adding "include" files means that I need to allow settings to be >> over-written by later instances of the same setting, and I need to keep >> track of a whole stack of nested "include" files. Currently it will complain >> if it sees the same setting twice, but I would have to disable that, which >> I'm not keen on doing. And in the nested "include" file handling, I've got >> to do loop detection and other nasties so you can't trivially break it. > > You could use MailScanner.conf as the master and the only one allowed > to include other files. Then just let settings override each other. > That's simple and good enough in my opinion, I doubt anyone _really_ > needs nesting. > I rather doubt anyone *really* needs includes either. The upgrade process is very fast and simple IMO, and this isn't one of the trickier parts. I further wouldn't want the upgrade script to run automatically, but that might be just me:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at ecs.soton.ac.uk Tue Aug 11 10:30:57 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 10:31:21 2009 Subject: Configuration suggestion... In-Reply-To: <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> <4A813A51.4020207@ecs.soton.ac.uk> Message-ID: On 11/08/2009 10:13, Glenn Steen wrote: > 2009/8/11 shuttlebox: > >> On Tue, Aug 11, 2009 at 10:13 AM, Julian >> Field wrote: >> >>> Adding "include" files means that I need to allow settings to be >>> over-written by later instances of the same setting, and I need to keep >>> track of a whole stack of nested "include" files. Currently it will complain >>> if it sees the same setting twice, but I would have to disable that, which >>> I'm not keen on doing. And in the nested "include" file handling, I've got >>> to do loop detection and other nasties so you can't trivially break it. >>> >> You could use MailScanner.conf as the master and the only one allowed >> to include other files. Then just let settings override each other. >> That's simple and good enough in my opinion, I doubt anyone _really_ >> needs nesting. >> >> > I rather doubt anyone *really* needs includes either. The upgrade > process is very fast and simple IMO, and this isn't one of the > trickier parts. > I further wouldn't want the upgrade script to run automatically, but > that might be just me:-) > Well, you now have fully nested "include" lines, which also support wildcards. A sample valid line is include /etc/MailScanner/conf/*.conf Included files can include arbitrary numbers of other include files, and so on. Even the upgrade_MailScanner_conf file should cope with the new syntax, and will just upgrade the MailScanner.conf file it is given on the command-line, it will not follow include paths. 4.78.8-1 is where it's all at :-) Happier now? ;-> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Tue Aug 11 12:15:57 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Aug 11 12:16:08 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> <4A813A51.4020207@ecs.soton.ac.uk> <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> Message-ID: <72cf361e0908110415l648dd078tb422b5203ff2637b@mail.gmail.com> Jules so If I have multiple config files with the same option set, which one 'wins'? Is this some by ascii codes and the highest one will win? -- Martin Hepworth Oxford, UK 2009/8/11 Julian Field > > > On 11/08/2009 10:13, Glenn Steen wrote: > >> 2009/8/11 shuttlebox: >> >> >>> On Tue, Aug 11, 2009 at 10:13 AM, Julian >>> Field wrote: >>> >>> >>>> Adding "include" files means that I need to allow settings to be >>>> over-written by later instances of the same setting, and I need to keep >>>> track of a whole stack of nested "include" files. Currently it will >>>> complain >>>> if it sees the same setting twice, but I would have to disable that, >>>> which >>>> I'm not keen on doing. And in the nested "include" file handling, I've >>>> got >>>> to do loop detection and other nasties so you can't trivially break it. >>>> >>>> >>> You could use MailScanner.conf as the master and the only one allowed >>> to include other files. Then just let settings override each other. >>> That's simple and good enough in my opinion, I doubt anyone _really_ >>> needs nesting. >>> >>> >>> >> I rather doubt anyone *really* needs includes either. The upgrade >> process is very fast and simple IMO, and this isn't one of the >> trickier parts. >> I further wouldn't want the upgrade script to run automatically, but >> that might be just me:-) >> >> > Well, you now have fully nested "include" lines, which also support > wildcards. A sample valid line is > include /etc/MailScanner/conf/*.conf > Included files can include arbitrary numbers of other include files, and so > on. > > Even the upgrade_MailScanner_conf file should cope with the new syntax, and > will just upgrade the MailScanner.conf file it is given on the command-line, > it will not follow include paths. > > 4.78.8-1 is where it's all at :-) > > Happier now? ;-> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090811/4003b0e1/attachment.html From MailScanner at ecs.soton.ac.uk Tue Aug 11 12:25:44 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 12:26:11 2009 Subject: Configuration suggestion... In-Reply-To: <72cf361e0908110415l648dd078tb422b5203ff2637b@mail.gmail.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> <4A813A51.4020207@ecs.soton.ac.uk> <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> <72cf361e0908110415l648dd078tb422b5203ff2637b@mail.gmail.com> <4A815538.6070101@ecs.soton.ac.uk> Message-ID: On 11/08/2009 12:15, Martin Hepworth wrote: > Jules > > so If I have multiple config files with the same option set, which one > 'wins'? Is this some by ascii codes and the highest one will win? I'll make it so it sorts *.conf by ascii sequence, that sounds the most sensible as it's the same as "ls" order. Thanks for raising that one. It may be what it's doing by default anyway, but I'll enforce it. Jules. > > -- > Martin Hepworth > Oxford, UK > 2009/8/11 Julian Field > > > > > On 11/08/2009 10:13, Glenn Steen wrote: > > 2009/8/11 shuttlebox >: > > On Tue, Aug 11, 2009 at 10:13 AM, Julian > Field > wrote: > > Adding "include" files means that I need to allow > settings to be > over-written by later instances of the same setting, > and I need to keep > track of a whole stack of nested "include" files. > Currently it will complain > if it sees the same setting twice, but I would have to > disable that, which > I'm not keen on doing. And in the nested "include" > file handling, I've got > to do loop detection and other nasties so you can't > trivially break it. > > You could use MailScanner.conf as the master and the only > one allowed > to include other files. Then just let settings override > each other. > That's simple and good enough in my opinion, I doubt > anyone _really_ > needs nesting. > > > I rather doubt anyone *really* needs includes either. The upgrade > process is very fast and simple IMO, and this isn't one of the > trickier parts. > I further wouldn't want the upgrade script to run > automatically, but > that might be just me:-) > > Well, you now have fully nested "include" lines, which also > support wildcards. A sample valid line is > include /etc/MailScanner/conf/*.conf > Included files can include arbitrary numbers of other include > files, and so on. > > Even the upgrade_MailScanner_conf file should cope with the new > syntax, and will just upgrade the MailScanner.conf file it is > given on the command-line, it will not follow include paths. > > 4.78.8-1 is where it's all at :-) > > Happier now? ;-> > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 11 12:28:28 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 12:28:52 2009 Subject: Configuration suggestion... In-Reply-To: <72cf361e0908110415l648dd078tb422b5203ff2637b@mail.gmail.com> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com> <4A813A51.4020207@ecs.soton.ac.uk> <223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com> <72cf361e0908110415l648dd078tb422b5203ff2637b@mail.gmail.com> <4A8155DC.2010305@ecs.soton.ac.uk> Message-ID: The diff is simple. In line 1968 of Config.pm, add "sort " just before "@newfiles" so it reads for my $newfile (sort @newfiles) { It will be in the next release. On 11/08/2009 12:15, Martin Hepworth wrote: > Jules > > so If I have multiple config files with the same option set, which one > 'wins'? Is this some by ascii codes and the highest one will win? > > -- > Martin Hepworth > Oxford, UK > 2009/8/11 Julian Field > > > > > On 11/08/2009 10:13, Glenn Steen wrote: > > 2009/8/11 shuttlebox >: > > On Tue, Aug 11, 2009 at 10:13 AM, Julian > Field > wrote: > > Adding "include" files means that I need to allow > settings to be > over-written by later instances of the same setting, > and I need to keep > track of a whole stack of nested "include" files. > Currently it will complain > if it sees the same setting twice, but I would have to > disable that, which > I'm not keen on doing. And in the nested "include" > file handling, I've got > to do loop detection and other nasties so you can't > trivially break it. > > You could use MailScanner.conf as the master and the only > one allowed > to include other files. Then just let settings override > each other. > That's simple and good enough in my opinion, I doubt > anyone _really_ > needs nesting. > > > I rather doubt anyone *really* needs includes either. The upgrade > process is very fast and simple IMO, and this isn't one of the > trickier parts. > I further wouldn't want the upgrade script to run > automatically, but > that might be just me:-) > > Well, you now have fully nested "include" lines, which also > support wildcards. A sample valid line is > include /etc/MailScanner/conf/*.conf > Included files can include arbitrary numbers of other include > files, and so on. > > Even the upgrade_MailScanner_conf file should cope with the new > syntax, and will just upgrade the MailScanner.conf file it is > given on the command-line, it will not follow include paths. > > 4.78.8-1 is where it's all at :-) > > Happier now? ;-> > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Aug 11 14:13:27 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Aug 11 14:13:43 2009 Subject: DKIM In-Reply-To: <15279903.471249922962959.JavaMail.root@office.splatnix.net> References: <15279903.471249922962959.JavaMail.root@office.splatnix.net> Message-ID: <6D6CF849B3FB4E36B621B8C8BB9B0572@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD ]-- Sent: Monday, August 10, 2009 12:49 PM To: mailscanner@lists.mailscanner.info Subject: DKIM > Has anybody used http://dkimproxy.sourceforge.net/ with MS for signing > emails ? or do you do this at MTA level ? > > Best Regards, > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! Must be signed by the last entity to touch it or the signature would be invalid Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rcooper at dwford.com Tue Aug 11 14:28:48 2009 From: rcooper at dwford.com (Rick Cooper) Date: Tue Aug 11 14:29:01 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com><223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com><4A813A51.4020207@ecs.soton.ac.uk> Message-ID: <12185B99095547FC95ABAF029251FE1D@SAHOMELT> ----Original Message---- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, August 11, 2009 5:31 AM To: MailScanner discussion Subject: Re: Configuration suggestion... > On 11/08/2009 10:13, Glenn Steen wrote: >> 2009/8/11 shuttlebox: >> >>> On Tue, Aug 11, 2009 at 10:13 AM, Julian >>> Field wrote: >>> >>>> Adding "include" files means that I need to allow settings to be >>>> over-written by later instances of the same setting, and I need to keep >>>> track of a whole stack of nested "include" files. Currently it will >>>> complain if it sees the same setting twice, but I would have to >>>> disable that, which I'm not keen on doing. And in the nested "include" >>>> file handling, I've got to do loop detection and other nasties so you >>>> can't trivially break it. >>>> >>> You could use MailScanner.conf as the master and the only one allowed >>> to include other files. Then just let settings override each other. >>> That's simple and good enough in my opinion, I doubt anyone _really_ >>> needs nesting. >>> >>> >> I rather doubt anyone *really* needs includes either. The upgrade >> process is very fast and simple IMO, and this isn't one of the trickier >> parts. I further wouldn't want the upgrade script to run automatically, >> but that might be just me:-) >> > Well, you now have fully nested "include" lines, which also support > wildcards. A sample valid line is > include /etc/MailScanner/conf/*.conf > Included files can include arbitrary numbers of other include files, and > so on. > > Even the upgrade_MailScanner_conf file should cope with the new syntax, > and will just upgrade the MailScanner.conf file it is given on the > command-line, it will not follow include paths. > > 4.78.8-1 is where it's all at :-) > > Happier now? ;-> > > Jules I don't know how you implemented it but you might want to include a hard coded max nested limit just in case someone includes a file that includes a predecessor. Exim uses something similar to prevent a run away in recursive calls to acls and, I believe, nested includes. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 11 14:35:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 11 14:35:41 2009 Subject: Configuration suggestion... In-Reply-To: <12185B99095547FC95ABAF029251FE1D@SAHOMELT> References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <4A81282E.7090509@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <625385e30908110143wcbd1e35m7b156d205f9092a@mail.gmail.com><223f97700908110213m35867b87i8caa861ff7e59a8b@mail.gmail.com><4A813A51.4020207@ecs.soton.ac.uk> <12185B99095547FC95ABAF029251FE1D@SAHOMELT> <4A81739A.3050700@ecs.soton.ac.uk> Message-ID: On 11/08/2009 14:28, Rick Cooper wrote: > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian > Field Sent: Tuesday, August 11, 2009 5:31 AM To: MailScanner discussion > Subject: Re: Configuration suggestion... > > >> On 11/08/2009 10:13, Glenn Steen wrote: >> >>> 2009/8/11 shuttlebox: >>> >>> >>>> On Tue, Aug 11, 2009 at 10:13 AM, Julian >>>> Field wrote: >>>> >>>> >>>>> Adding "include" files means that I need to allow settings to be >>>>> over-written by later instances of the same setting, and I need to keep >>>>> track of a whole stack of nested "include" files. Currently it will >>>>> complain if it sees the same setting twice, but I would have to >>>>> disable that, which I'm not keen on doing. And in the nested "include" >>>>> file handling, I've got to do loop detection and other nasties so you >>>>> can't trivially break it. >>>>> >>>>> >>>> You could use MailScanner.conf as the master and the only one allowed >>>> to include other files. Then just let settings override each other. >>>> That's simple and good enough in my opinion, I doubt anyone _really_ >>>> needs nesting. >>>> >>>> >>>> >>> I rather doubt anyone *really* needs includes either. The upgrade >>> process is very fast and simple IMO, and this isn't one of the trickier >>> parts. I further wouldn't want the upgrade script to run automatically, >>> but that might be just me:-) >>> >>> >> Well, you now have fully nested "include" lines, which also support >> wildcards. A sample valid line is >> include /etc/MailScanner/conf/*.conf >> Included files can include arbitrary numbers of other include files, and >> so on. >> >> Even the upgrade_MailScanner_conf file should cope with the new syntax, >> and will just upgrade the MailScanner.conf file it is given on the >> command-line, it will not follow include paths. >> >> 4.78.8-1 is where it's all at :-) >> >> Happier now? ;-> >> >> Jules >> > I don't know how you implemented it but you might want to include a hard > coded max nested limit just in case someone includes a file that includes a > predecessor. Exim uses something similar to prevent a run away in recursive > calls to acls and, I believe, nested includes. > What an ugly solution. :-( I keep track of every file that has been read so far, and ignore any file I have already read. Solves the loops problem totally without imposing any arbitrary depth limit. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mhw at WittsEnd.com Tue Aug 11 15:32:19 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Tue Aug 11 15:32:36 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <4A81282E.7090509@ecs.soton.ac.uk> Message-ID: <1250001139.5733.166.camel@canyon.wittsend.com> Hey Julian, On Tue, 2009-08-11 at 09:13 +0100, Julian Field wrote: > On 10/08/2009 19:56, Michael H. Warfield wrote: > > On Mon, 2009-08-10 at 19:00 +0100, Jules Field wrote: > > > >> I don't quite see what that would achieve that the > >> upgrade_MailScanner_conf doesn't. > >> I don't entirely understand your point, sorry. > >> > > The point is that upgrade_MailScanner_conf is a PITA. I typically have > > to have two screens up and refer back and forth while I've got the > > instructions from one process in one screen and performing the actions > > in another. > > > Sorry, I always thought it was rather neat, in that it copies over all > your old settings, puts all the comments in the right place and so on. > Damn site easier than just having what most packages give you, which is > your old file and a new "default unconfigured" file where you have to > merge the two by hand to create your new one. A lot of packages have addressed that in different ways. > Adding "include" files means that I need to allow settings to be > over-written by later instances of the same setting, and I need to keep > track of a whole stack of nested "include" files. Currently it will > complain if it sees the same setting twice, but I would have to disable > that, which I'm not keen on doing. And in the nested "include" file > handling, I've got to do loop detection and other nasties so you can't > trivially break it. True. > Most sensible people who have multiple servers always document upgrade > instructions like this so you can just follow some noddy guide you wrote > rather than trying to be sure you didn't miss anything each time when > you get distracted by the phone ringing in the middle of it all. And you > just cut and paste your instructions :-) Hmmm... Can I have some of those sensible people to work in our IT departments? They seem to be rather scarce. At least around here. Only problem is that I would probably have a hard time getting them hired... : - Snip... > I'm not against you or anything like that, I just wanted to present my > side of the situation too, to see what you think. It's not only your > opinion that matters, I need input from others before I change any of > this too. Oh, exactly! That's why I said "suggestion" and "just a thought". I didn't see anything in the archives and I couldn't tell if any of this had been considered before or what the reasoning was. I was interested in prompting a discussion. And I got that nicely. Some of the other comments were excellent alternatives that I've also seen. I was rather surprised to see a solution pop out of the woodwork. > Implementing nested include files is non-trivial. > > Mike : - Snip I look forward to playing with the new stuff. > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090811/ab9d97e3/attachment.bin From mhw at WittsEnd.com Tue Aug 11 15:41:01 2009 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Tue Aug 11 15:41:11 2009 Subject: DKIM In-Reply-To: <6D6CF849B3FB4E36B621B8C8BB9B0572@SAHOMELT> References: <15279903.471249922962959.JavaMail.root@office.splatnix.net> <6D6CF849B3FB4E36B621B8C8BB9B0572@SAHOMELT> Message-ID: <1250001661.5733.175.camel@canyon.wittsend.com> On Tue, 2009-08-11 at 09:13 -0400, Rick Cooper wrote: > ----Original Message---- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of --[ UxBoD > ]-- Sent: Monday, August 10, 2009 12:49 PM To: > mailscanner@lists.mailscanner.info Subject: DKIM > > > Has anybody used http://dkimproxy.sourceforge.net/ with MS for signing > > emails ? or do you do this at MTA level ? > > > > Best Regards, > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > > > SplatNIX IT Services :: Innovation through collaboration > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > Must be signed by the last entity to touch it or the signature would be > invalid Not really, although I guess that partly depends on what you mean by "to touch it". That's actually touted as the bigest advantage of DKIM over SPF. DKIM can even work through mailing lists without any extra tricks. The signatures are on certain message attributes which should not be tampered with by an MTA or other intermediary and should remain invariant from MUA to MUA. There is even an option for either "simple" verification (strict) or a more relaxed verification that uses message canonicalization (normalize line endings, white space, word wrapping, header wrapping) to deal with some levels of non-compliant modification. It's far FAR more forgiving than, say, PGP/Mime in that regard. Even MailScanner can break PGP/Mime if you have certain options turned on and it rewrites the Mime structure (refer to discussions on this list a few years back about that one). > Rick Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090811/bf5f6dbd/attachment.bin From raubvogel at gmail.com Tue Aug 11 18:33:10 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Aug 11 18:33:22 2009 Subject: No bayesian for me? Message-ID: <4A81AB56.9020306@gmail.com> Ok, I thought I knew how to setup bayesian under mailscanner. I went to spam.assassin.prefs.conf and added # Bayesian filter use_bayes 1 use_bayes_rules 1 bayes_path /var/spool/MailScanner/bayes/bayes bayes_auto_learn 1 bayes_file_mode 0640 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 bayes_ignore_header X-monetra-com-MailScanner bayes_ignore_header X-monetra-com-MailScanner-SpamCheck bayes_ignore_header X-monetra-com-MailScanner-SpamScore bayes_ignore_header X-monetra-com-MailScanner-Information lock_method flock use_auto_whitelist 0 But I am getting emails whose header seem to indicate the bayesian filter is not present: X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=4.464, required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, MISSING_MIMEOLE 0.00, MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) X-MailScanner-SpamScore: **** X-MailScanner-Envelope-From: promolx1@tutopia.com Subject: -Soluciones para tiempo y asistencia- X-Spam-Status: No Anything I could be missing? I believe there is a way to ask mailscanner if it has bayesian but I can't remember it. From maxsec at gmail.com Tue Aug 11 18:44:34 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Aug 11 18:44:43 2009 Subject: No bayesian for me? In-Reply-To: <4A81AB56.9020306@gmail.com> References: <4A81AB56.9020306@gmail.com> Message-ID: <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> you prob haven't for a valid bayes DB yet (one wiith 200 spam and 200 ham). also the autowhitelist isn't turned off using the "use_auto_whitelist 0" line anymore - remove the pluging from the V310.pre file -- Martin Hepworth Oxford, UK 2009/8/11 Mauricio Tavares > Ok, I thought I knew how to setup bayesian under mailscanner. I > went to spam.assassin.prefs.conf and added > > # Bayesian filter > use_bayes 1 > use_bayes_rules 1 > bayes_path /var/spool/MailScanner/bayes/bayes > bayes_auto_learn 1 > bayes_file_mode 0640 > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 12.0 > bayes_ignore_header X-monetra-com-MailScanner > bayes_ignore_header X-monetra-com-MailScanner-SpamCheck > bayes_ignore_header X-monetra-com-MailScanner-SpamScore > bayes_ignore_header X-monetra-com-MailScanner-Information > > lock_method flock > use_auto_whitelist 0 > > But I am getting emails whose header seem to indicate the bayesian filter > is not present: > > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=4.464, > required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, > MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, MISSING_MIMEOLE 0.00, > MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) > X-MailScanner-SpamScore: **** > X-MailScanner-Envelope-From: promolx1@tutopia.com > Subject: -Soluciones para tiempo y asistencia- > X-Spam-Status: No > > Anything I could be missing? I believe there is a way to ask mailscanner if > it has bayesian but I can't remember it. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090811/9dba44fa/attachment.html From raubvogel at gmail.com Tue Aug 11 19:30:06 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Aug 11 19:30:18 2009 Subject: No bayesian for me? Message-ID: <4A81B8AE.2000208@gmail.com> Ok, I thought I knew how to setup bayesian under mailscanner. I went to spam.assassin.prefs.conf and added # Bayesian filter use_bayes 1 use_bayes_rules 1 bayes_path /var/spool/MailScanner/bayes/bayes bayes_auto_learn 1 bayes_file_mode 0640 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 bayes_ignore_header X-monetra-com-MailScanner bayes_ignore_header X-monetra-com-MailScanner-SpamCheck bayes_ignore_header X-monetra-com-MailScanner-SpamScore bayes_ignore_header X-monetra-com-MailScanner-Information lock_method flock use_auto_whitelist 0 But I am getting emails whose header seem to indicate the bayesian filter is not present: X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=4.464, required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, MISSING_MIMEOLE 0.00, MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) X-MailScanner-SpamScore: **** X-MailScanner-Envelope-From: promolx1@tutopia.com Subject: -Soluciones para tiempo y asistencia- X-Spam-Status: No Anything I could be missing? I believe there is a way to ask mailscanner if it has bayesian but I can't remember it. From raubvogel at gmail.com Tue Aug 11 20:21:03 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Aug 11 20:21:18 2009 Subject: No bayesian for me? In-Reply-To: <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> Message-ID: <4A81C49F.2080805@gmail.com> Martin Hepworth wrote: > you prob haven't for a valid bayes DB yet (one wiith 200 spam and 200 ham). > I am not sure. Last week I fed sa-learn some 3K pieces of nice spam and ham. It seemed then to be working; here is an excerpt for a properly identified spam from the 9th: Date: Sun, 9 Aug 2009 20:38:33 +0300 X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=9.892, required 4.7, BAYES_95 3.00, HTML_IMAGE_ONLY_28 1.56, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL 0.91, RDNS_NONE 0.10, URI_HEX 0.37) X-MailScanner-SpamScore: ********* X-MailScanner-Envelope-From: gnawenoc@tulimpimpim.com.br X-Spam-Status: Yes As you can see, the bayesian filter is there in all of its glory. But yesterday and today it has gone missing. > also the autowhitelist isn't turned off using the "use_auto_whitelist 0" > line anymore - remove the pluging from the V310.pre file > Thanks! > -- > Martin Hepworth > Oxford, UK > > 2009/8/11 Mauricio Tavares > > > Ok, I thought I knew how to setup bayesian under mailscanner. > I went to spam.assassin.prefs.conf and added > > # Bayesian filter > use_bayes 1 > use_bayes_rules 1 > bayes_path /var/spool/MailScanner/bayes/bayes > bayes_auto_learn 1 > bayes_file_mode 0640 > bayes_auto_learn_threshold_nonspam 0.1 > bayes_auto_learn_threshold_spam 12.0 > bayes_ignore_header X-monetra-com-MailScanner > bayes_ignore_header X-monetra-com-MailScanner-SpamCheck > bayes_ignore_header X-monetra-com-MailScanner-SpamScore > bayes_ignore_header X-monetra-com-MailScanner-Information > > lock_method flock > use_auto_whitelist 0 > > But I am getting emails whose header seem to indicate the bayesian > filter is not present: > > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=4.464, > required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, > MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, > MISSING_MIMEOLE 0.00, > MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) > X-MailScanner-SpamScore: **** > X-MailScanner-Envelope-From: promolx1@tutopia.com > > Subject: -Soluciones para tiempo y asistencia- > X-Spam-Status: No > > Anything I could be missing? I believe there is a way to ask > mailscanner if it has bayesian but I can't remember it. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > From hden at kci.net.nz Tue Aug 11 21:39:12 2009 From: hden at kci.net.nz (hden@kci.net.nz) Date: Tue Aug 11 21:39:24 2009 Subject: Advice needed with Whitelist Rules In-Reply-To: References: <60848.222.154.232.180.1249863161.squirrel@webmail.kc.net.nz> <4A7FB4B3.3030902@alexb.ch> <51261.222.154.232.180.1249947747.squirrel@webmail.kc.net.nz> <4A8128DD.2030308@ecs.soton.ac.uk> Message-ID: <39352.222.154.232.180.1250023152.squirrel@webmail.kc.net.nz> Ahhhh! checking the envelope sender address and comparing it to the From address in the header nailed the reason why the email wasn't being whitelisted. ... They're not the same! Thanks > > On 11/08/2009 00:42, hden@kci.net.nz wrote: >> Although this appears very similar to my recent help request [resolved >> now, thanks Alex], it is in fact totally seperate. >> >> I'm trying to track why some email that should be whitelisted at times >> isn't. >> [SNIP] > The spam.whitelist.rules (as supplied it applies a ruleset to "Is > Definitely Not Spam") works on the envelope sender and not the "From:" > header at all, [SNIP] > Jules. From MailScanner at ecs.soton.ac.uk Tue Aug 11 21:53:47 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 11 21:54:10 2009 Subject: No bayesian for me? In-Reply-To: <4A81C49F.2080805@gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> Message-ID: Did you run sa-learn as the same user you run MailScanner as? ("Run As User" in MailScanner.conf). Otherwise your Bayes database you've been training will be in the wrong place. On 11/08/2009 20:21, Mauricio Tavares wrote: > Martin Hepworth wrote: >> you prob haven't for a valid bayes DB yet (one wiith 200 spam and 200 >> ham). >> > I am not sure. Last week I fed sa-learn some 3K pieces of nice > spam and ham. It seemed then to be working; here is an excerpt for a > properly identified spam from the 9th: > > Date: Sun, 9 Aug 2009 20:38:33 +0300 > X-MailScanner: Found to be clean > X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=9.892, > required 4.7, BAYES_95 3.00, HTML_IMAGE_ONLY_28 1.56, > HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 > 0.50, > RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL > 0.91, > RDNS_NONE 0.10, URI_HEX 0.37) > X-MailScanner-SpamScore: ********* > X-MailScanner-Envelope-From: gnawenoc@tulimpimpim.com.br > X-Spam-Status: Yes > > As you can see, the bayesian filter is there in all of its glory. But > yesterday and today it has gone missing. > >> also the autowhitelist isn't turned off using the "use_auto_whitelist >> 0" line anymore - remove the pluging from the V310.pre file >> > Thanks! >> -- >> Martin Hepworth >> Oxford, UK >> >> 2009/8/11 Mauricio Tavares > > >> >> Ok, I thought I knew how to setup bayesian under mailscanner. >> I went to spam.assassin.prefs.conf and added >> >> # Bayesian filter >> use_bayes 1 >> use_bayes_rules 1 >> bayes_path /var/spool/MailScanner/bayes/bayes >> bayes_auto_learn 1 >> bayes_file_mode 0640 >> bayes_auto_learn_threshold_nonspam 0.1 >> bayes_auto_learn_threshold_spam 12.0 >> bayes_ignore_header X-monetra-com-MailScanner >> bayes_ignore_header X-monetra-com-MailScanner-SpamCheck >> bayes_ignore_header X-monetra-com-MailScanner-SpamScore >> bayes_ignore_header X-monetra-com-MailScanner-Information >> >> lock_method flock >> use_auto_whitelist 0 >> >> But I am getting emails whose header seem to indicate the bayesian >> filter is not present: >> >> X-MailScanner: Found to be clean >> X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, >> score=4.464, >> required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, >> MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, >> MISSING_MIMEOLE 0.00, >> MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) >> X-MailScanner-SpamScore: **** >> X-MailScanner-Envelope-From: promolx1@tutopia.com >> >> Subject: -Soluciones para tiempo y asistencia- >> X-Spam-Status: No >> >> Anything I could be missing? I believe there is a way to ask >> mailscanner if it has bayesian but I can't remember it. >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Wed Aug 12 00:07:01 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Aug 12 00:07:18 2009 Subject: No bayesian for me? In-Reply-To: References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> Message-ID: <4A81F995.8010402@gmail.com> Jules Field wrote: > Did you run sa-learn as the same user you run MailScanner as? ("Run As > User" in MailScanner.conf). Otherwise your Bayes database you've been > training will be in the wrong place. > I see your point. I was indeed running sa-learn as root, not as postfix, which should be the user MailScanner runs as. So, I guess I should run it then as postfix. Now, should I delete the root-created database? Also, where will it save the database at? > On 11/08/2009 20:21, Mauricio Tavares wrote: >> Martin Hepworth wrote: >>> you prob haven't for a valid bayes DB yet (one wiith 200 spam and 200 >>> ham). >>> >> I am not sure. Last week I fed sa-learn some 3K pieces of nice >> spam and ham. It seemed then to be working; here is an excerpt for a >> properly identified spam from the 9th: >> >> Date: Sun, 9 Aug 2009 20:38:33 +0300 >> X-MailScanner: Found to be clean >> X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=9.892, >> required 4.7, BAYES_95 3.00, HTML_IMAGE_ONLY_28 1.56, >> HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.46, RAZOR2_CF_RANGE_51_100 >> 0.50, >> RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, RCVD_IN_PBL >> 0.91, >> RDNS_NONE 0.10, URI_HEX 0.37) >> X-MailScanner-SpamScore: ********* >> X-MailScanner-Envelope-From: gnawenoc@tulimpimpim.com.br >> X-Spam-Status: Yes >> >> As you can see, the bayesian filter is there in all of its glory. But >> yesterday and today it has gone missing. >> >>> also the autowhitelist isn't turned off using the "use_auto_whitelist >>> 0" line anymore - remove the pluging from the V310.pre file >>> >> Thanks! >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> 2009/8/11 Mauricio Tavares >> > >>> >>> Ok, I thought I knew how to setup bayesian under mailscanner. >>> I went to spam.assassin.prefs.conf and added >>> >>> # Bayesian filter >>> use_bayes 1 >>> use_bayes_rules 1 >>> bayes_path /var/spool/MailScanner/bayes/bayes >>> bayes_auto_learn 1 >>> bayes_file_mode 0640 >>> bayes_auto_learn_threshold_nonspam 0.1 >>> bayes_auto_learn_threshold_spam 12.0 >>> bayes_ignore_header X-monetra-com-MailScanner >>> bayes_ignore_header X-monetra-com-MailScanner-SpamCheck >>> bayes_ignore_header X-monetra-com-MailScanner-SpamScore >>> bayes_ignore_header X-monetra-com-MailScanner-Information >>> >>> lock_method flock >>> use_auto_whitelist 0 >>> >>> But I am getting emails whose header seem to indicate the bayesian >>> filter is not present: >>> >>> X-MailScanner: Found to be clean >>> X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, >>> score=4.464, >>> required 4.7, HTML_MESSAGE 0.90, INVALID_DATE 0.50, >>> MIME_HTML_MOSTLY 0.00, MIME_QP_LONG_LINE 1.82, >>> MISSING_MIMEOLE 0.00, >>> MPART_ALT_DIFF 1.14, RDNS_DYNAMIC 0.10) >>> X-MailScanner-SpamScore: **** >>> X-MailScanner-Envelope-From: promolx1@tutopia.com >>> >>> Subject: -Soluciones para tiempo y asistencia- >>> X-Spam-Status: No >>> >>> Anything I could be missing? I believe there is a way to ask >>> mailscanner if it has bayesian but I can't remember it. >>> -- MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >>> >>> >> > > Jules > From glenn.steen at gmail.com Wed Aug 12 09:15:10 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Aug 12 09:15:20 2009 Subject: No bayesian for me? In-Reply-To: <4A81F995.8010402@gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> Message-ID: <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> 2009/8/12 Mauricio Tavares : > Jules Field wrote: >> >> Did you run sa-learn as the same user you run MailScanner as? ("Run As >> User" in MailScanner.conf). Otherwise your Bayes database you've been >> training will be in the wrong place. >> > ? ? ? ?I see your point. I was indeed running sa-learn as root, not as > postfix, which should be the user MailScanner runs as. So, I guess I should > run it then as postfix. Now, should I delete the root-created database? > Also, where will it save the database at? > You should delete the one for root, if it resides in roots home directory, since that will be no help at all... Or move it. But I see you have configured it to reside somewhere sane, so all you need do is make it all owned by postfix. If you also use MailWatch, you'll need make the apache users group the "group owner" for the base directory and all the files, and set the GID bit for the directory (/var/spool/MailScanner/bayes in your case), so that any new files get the correct group ownership. Once you've done that, things should start cooking:-). One more thing: Always run your tests (spamassassin --lint and stuff like that) as your postfix user, to avoid some subleties that might otherwise bite. Since you aim to disable the score averager (AWL), you don't have fix those perms/ownerships... Just comment out the loadplugin. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Wed Aug 12 10:31:51 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Aug 12 10:32:19 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? Message-ID: <14064087.881250069511833.JavaMail.root@office.splatnix.net> If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would like to give it a try then let me know. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/e487e258/attachment.html From raubvogel at gmail.com Wed Aug 12 14:43:38 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Aug 12 14:43:51 2009 Subject: No bayesian for me? In-Reply-To: <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> Message-ID: <4A82C70A.4050004@gmail.com> Glenn Steen wrote: > 2009/8/12 Mauricio Tavares : >> Jules Field wrote: >>> Did you run sa-learn as the same user you run MailScanner as? ("Run As >>> User" in MailScanner.conf). Otherwise your Bayes database you've been >>> training will be in the wrong place. >>> >> I see your point. I was indeed running sa-learn as root, not as >> postfix, which should be the user MailScanner runs as. So, I guess I should >> run it then as postfix. Now, should I delete the root-created database? >> Also, where will it save the database at? >> > You should delete the one for root, if it resides in roots home > directory, since that will be no help at all... Or move it. But I see > you have configured it to reside somewhere sane, so all you need do is > make it all owned by postfix. Here is an update: I wrote a script that through all the virtual email accounts (/var/spool/vmail/domain.com) and scanned the spam (placed in the .Spam folder) and the ham (placed in all the other mail folders). Since I am running it as postfix:postfix and that directory is owned by virtual:virtual, I did not get everyone. Is there a way to let the postfix-owned script check all the mails in the virtual-owned ones? Make postfix part of the virtual group? I think that is what the sticky bit is for, right? In any case, here is the output: postfix@mail /etc/postfix $ sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 1837 0 non-token data: nspam 0.000 0 179092 0 non-token data: nham 0.000 0 3104505 0 non-token data: ntokens 0.000 0 1053729759 0 non-token data: oldest atime 0.000 0 1250081652 0 non-token data: newest atime 0.000 0 1250081434 0 non-token data: last journal sync atime 0.000 0 1250034247 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count postfix@mail /etc/postfix $ As you can see, there is a lot more ham than spam. I wonder how much harm would that cause in my bayesian filtering... > If you also use MailWatch, you'll need make the apache users group the > "group owner" for the base directory and all the files, and set the > GID bit for the directory (/var/spool/MailScanner/bayes in your case), > so that any new files get the correct group ownership. Once you've > done that, things should start cooking:-). Thanks for the suggestion! If I ever use MailWatch, I will try to remember to use that. =) > One more thing: Always run your tests (spamassassin --lint and stuff > like that) as your postfix user, to avoid some subleties that might > otherwise bite. postfix@mail /etc/postfix $ spamassassin --lint [19591] warn: config: warning: score set for non-existent rule WANTS_CREDIT_CARD [19591] warn: config: warning: score set for non-existent rule FORGED_RCVD_HELO [19591] warn: lint: 2 issues detected, please rerun with debug enabled for more information postfix@mail /etc/postfix $ > Since you aim to disable the score averager (AWL), you don't have fix > those perms/ownerships... Just comment out the loadplugin. > > Cheers From mike at mlrw.com Wed Aug 12 16:20:15 2009 From: mike at mlrw.com (Mike Wallace) Date: Wed Aug 12 16:20:26 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <14064087.881250069511833.JavaMail.root@office.splatnix.net> References: <14064087.881250069511833.JavaMail.root@office.splatnix.net> Message-ID: <63A65D67-B244-4163-B790-04594F6F473F@mlrw.com> I am running 5.07 and building a new server. Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards > SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would > like to give it a try then let me know. > > Best Regards, > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/fdacd310/attachment.html From uxbod at splatnix.net Wed Aug 12 16:28:19 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Aug 12 16:28:58 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <63A65D67-B244-4163-B790-04594F6F473F@mlrw.com> Message-ID: <26546994.1041250090899879.JavaMail.root@office.splatnix.net> Hi Mike, I have been running RC1-NE for the last few weeks without any real issues TBH. I now have MS and Zimbra working pretty well for 1) Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be the integration of Quarantine. I have completely disabled the AV/AS capabilities within ZCS and solely use MS. Best Regards, ----- "Mike Wallace" wrote: > I am running 5.07 and building a new server. > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would like to give it a try then let me know. > > Best Regards, > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/a6e2ecb3/attachment.html From glenn.steen at gmail.com Wed Aug 12 16:30:45 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Aug 12 16:30:54 2009 Subject: No bayesian for me? In-Reply-To: <4A82C70A.4050004@gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> Message-ID: <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> 2009/8/12 Mauricio Tavares : > Glenn Steen wrote: >> >> 2009/8/12 Mauricio Tavares : >>> >>> Jules Field wrote: >>>> >>>> Did you run sa-learn as the same user you run MailScanner as? ("Run As >>>> User" in MailScanner.conf). Otherwise your Bayes database you've been >>>> training will be in the wrong place. >>>> >>> ? ? ? I see your point. I was indeed running sa-learn as root, not as >>> postfix, which should be the user MailScanner runs as. So, I guess I >>> should >>> run it then as postfix. Now, should I delete the root-created database? >>> Also, where will it save the database at? >>> >> You should delete the one for root, if it resides in roots home >> directory, since that will be no help at all... Or move it. But I see >> you have configured it to reside somewhere sane, so all you need do is >> make it all owned by postfix. > > ? ? ? ?Here is an update: I wrote a script that through all the virtual > email accounts (/var/spool/vmail/domain.com) and scanned the spam (placed in > the .Spam folder) and the ham (placed in all the other mail folders). Since > I am running it as postfix:postfix and that directory is owned by > virtual:virtual, I did not get everyone. Is there a way to let the > postfix-owned script check all the mails in the virtual-owned ones? Make > postfix part of the virtual group? I think that is what the sticky bit is > for, right? In any case, here is the output: > > postfix@mail /etc/postfix $ sa-learn --dump magic > 0.000 ? ? ? ? ?0 ? ? ? ? ?3 ? ? ? ? ?0 ?non-token data: bayes db version > 0.000 ? ? ? ? ?0 ? ? ? 1837 ? ? ? ? ?0 ?non-token data: nspam > 0.000 ? ? ? ? ?0 ? ? 179092 ? ? ? ? ?0 ?non-token data: nham > 0.000 ? ? ? ? ?0 ? ?3104505 ? ? ? ? ?0 ?non-token data: ntokens > 0.000 ? ? ? ? ?0 1053729759 ? ? ? ? ?0 ?non-token data: oldest atime > 0.000 ? ? ? ? ?0 1250081652 ? ? ? ? ?0 ?non-token data: newest atime > 0.000 ? ? ? ? ?0 1250081434 ? ? ? ? ?0 ?non-token data: last journal sync > atime > 0.000 ? ? ? ? ?0 1250034247 ? ? ? ? ?0 ?non-token data: last expiry atime > 0.000 ? ? ? ? ?0 ? ? ? ? ?0 ? ? ? ? ?0 ?non-token data: last expire atime > delta > 0.000 ? ? ? ? ?0 ? ? ? ? ?0 ? ? ? ? ?0 ?non-token data: last expire > reduction count > postfix@mail /etc/postfix $ > > > As you can see, there is a lot more ham than spam. I wonder how much harm > would that cause in my bayesian filtering... > >> If you also use MailWatch, you'll need make the apache users group the >> "group owner" for the base directory and all the files, and set the >> GID bit for the directory (/var/spool/MailScanner/bayes in your case), >> so that any new files get the correct group ownership. Once you've >> done that, things should start cooking:-). > > ? ? ? ?Thanks for the suggestion! If I ever use MailWatch, I will try to > remember to use that. =) > >> One more thing: Always run your tests (spamassassin --lint and stuff >> like that) as your postfix user, to avoid some subleties that might >> otherwise bite. > > postfix@mail /etc/postfix $ spamassassin --lint > [19591] warn: config: warning: score set for non-existent rule > WANTS_CREDIT_CARD > [19591] warn: config: warning: score set for non-existent rule > FORGED_RCVD_HELO > [19591] warn: lint: 2 issues detected, please rerun with debug enabled for > more information > postfix@mail /etc/postfix $ > Hm, I wonder if your postfix user really can read all the .cf files... Do as it suggests and see what debug will tell you (spamassassin --lint -D, as the PF user). Also try running a message through, or else it will not test bayes for you: spamassassin -t -D < /path/to/email/file ... and llok carefully at what it says about bayes. You might want to pipe the output to a file (or less). Don't forget to redirect STDERR as well ( 2>&1). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From uxbod at splatnix.net Wed Aug 12 16:35:04 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Aug 12 16:35:21 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <26546994.1041250090899879.JavaMail.root@office.splatnix.net> Message-ID: <13159084.1071250091304796.JavaMail.root@office.splatnix.net> Mike, Just to be complete my config is now :- Internet -> Front End MTA (Postfix and MS) -> LMTP -> ZCS LDAP look ups performed for B&W and valid mailboxes/aliases. Best Regards, ----- "--[ UxBoD ]--" wrote: > > Hi Mike, > > I have been running RC1-NE for the last few weeks without any real issues TBH. I now have MS and Zimbra working pretty well for 1) Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be the integration of Quarantine. I have completely disabled the AV/AS capabilities within ZCS and solely use MS. > > Best Regards, > > > ----- "Mike Wallace" wrote: > > I am running 5.07 and building a new server. > > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > > If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would like to give it a try then let me know. > > > > Best Regards, > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/6bf7402f/attachment.html From mike at mlrw.com Wed Aug 12 17:17:08 2009 From: mike at mlrw.com (Mike Wallace) Date: Wed Aug 12 17:17:32 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <13159084.1071250091304796.JavaMail.root@office.splatnix.net> References: <13159084.1071250091304796.JavaMail.root@office.splatnix.net> Message-ID: My configuration is very similar, the only differences are that I use SMTP to forward to ZCS where I keep AV running since I have to forward outgoing mail to my ISP (who blocks outbound SMTP) and I only do LDAP lookups for valid mailboxes/aliases. I guess I'll try RC1-OSE on Centos 5.3 and keep the existing system (5.0.7 on FC7) in case I need to move back. Thanks. On Aug 12, 2009, at 11:35 AM, --[ UxBoD ]-- wrote: > Mike, > > Just to be complete my config is now :- > > Internet -> Front End MTA (Postfix and MS) -> LMTP -> ZCS > > LDAP look ups performed for B&W and valid mailboxes/aliases. > > Best Regards, > > > ----- "--[ UxBoD ]--" wrote: > > > > Hi Mike, > > > > I have been running RC1-NE for the last few weeks without any real > issues TBH. I now have MS and Zimbra working pretty well for 1) > Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be the > integration of Quarantine. I have completely disabled the AV/AS > capabilities within ZCS and solely use MS. > > > > Best Regards, > > > > > > ----- "Mike Wallace" wrote: > > > I am running 5.07 and building a new server. > > > > > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > > > > > > > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > > > > If so and you are trying ZCS V6 RC1 I have adapted Steve > Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If > you would like to give it a try then let me know. > > > > > > Best Regards, > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > > > > This message has been scanned for viruses and dangerous content > by MailScanner, and is believed to be clean. -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/ca432ec5/attachment.html From uxbod at splatnix.net Wed Aug 12 17:25:51 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Aug 12 17:26:12 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: Message-ID: <24881783.1151250094351349.JavaMail.root@office.splatnix.net> Why not relay to your ISP from your MailScanner server ? That way you can move LDAP lookups to the front-end reduce load on your MS server aswell ? Best Regards, ----- "Mike Wallace" wrote: > My configuration is very similar, the only differences are that I use SMTP to forward to ZCS where I keep AV running since I have to forward outgoing mail to my ISP (who blocks outbound SMTP) and I only do LDAP lookups for valid mailboxes/aliases. > I guess I'll try RC1-OSE on Centos 5.3 and keep the existing system (5.0.7 on FC7) in case I need to move back. > > Thanks. > On Aug 12, 2009, at 11:35 AM, --[ UxBoD ]-- wrote: > Mike, > > Just to be complete my config is now :- > > Internet -> Front End MTA (Postfix and MS) -> LMTP -> ZCS > > LDAP look ups performed for B&W and valid mailboxes/aliases. > > Best Regards, > > > ----- "--[ UxBoD ]--" < uxbod@splatnix.net > wrote: > > > > Hi Mike, > > > > I have been running RC1-NE for the last few weeks without any real issues TBH. I now have MS and Zimbra working pretty well for 1) Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be the integration of Quarantine. I have completely disabled the AV/AS capabilities within ZCS and solely use MS. > > > > Best Regards, > > > > > > ----- "Mike Wallace" < mike@mlrw.com > wrote: > > > I am running 5.07 and building a new server. > > > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > > > > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > > > If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would like to give it a try then let me know. > > > > > > Best Regards, > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > > > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/7855c62e/attachment.html From mike at mlrw.com Wed Aug 12 17:48:02 2009 From: mike at mlrw.com (Mike Wallace) Date: Wed Aug 12 17:48:22 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <24881783.1151250094351349.JavaMail.root@office.splatnix.net> References: <24881783.1151250094351349.JavaMail.root@office.splatnix.net> Message-ID: <685AB232-2705-4320-A04D-6E0743A7EABC@mlrw.com> My load is not that high ~1,000 msgs/day, so having the MTA/MS server doing the LDAP lookups to ZCS is no big deal. Thanks. On Aug 12, 2009, at 12:25 PM, --[ UxBoD ]-- wrote: > Why not relay to your ISP from your MailScanner server ? That way > you can move LDAP lookups to the front-end reduce load on your MS > server aswell ? > > Best Regards, > > > ----- "Mike Wallace" wrote: > > My configuration is very similar, the only differences are that I > use SMTP to forward to ZCS where I keep AV running since I have to > forward outgoing mail to my ISP (who blocks outbound SMTP) and I > only do LDAP lookups for valid mailboxes/aliases. > > > > I guess I'll try RC1-OSE on Centos 5.3 and keep the existing system > (5.0.7 on FC7) in case I need to move back. > > > > > > Thanks. > > > > On Aug 12, 2009, at 11:35 AM, --[ UxBoD ]-- wrote: > > > Mike, > > > > Just to be complete my config is now :- > > > > Internet -> Front End MTA (Postfix and MS) -> LMTP -> ZCS > > > > LDAP look ups performed for B&W and valid mailboxes/aliases. > > > > Best Regards, > > > > > > ----- "--[ UxBoD ]--" wrote: > > > > > > Hi Mike, > > > > > > I have been running RC1-NE for the last few weeks without any > real issues TBH. I now have MS and Zimbra working pretty well for > 1) Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be > the integration of Quarantine. I have completely disabled the AV/AS > capabilities within ZCS and solely use MS. > > > > > > Best Regards, > > > > > > > > > ----- "Mike Wallace" wrote: > > > > I am running 5.07 and building a new server. > > > > > > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > > > > > > > > > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > > > > > If so and you are trying ZCS V6 RC1 I have adapted Steve > Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If > you would like to give it a try then let me know. > > > > > > > > Best Regards, > > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content and is believed to be clean. > > > > SplatNIX IT Services :: Innovation through collaboration > > > > > > > > This message has been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content and is believed to be clean. > > > > SplatNIX IT Services :: Innovation through collaboration > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/b6cb9796/attachment.html From raubvogel at gmail.com Wed Aug 12 18:30:49 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Aug 12 18:31:01 2009 Subject: No bayesian for me? In-Reply-To: <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> Message-ID: <4A82FC49.4090603@gmail.com> Glenn Steen wrote: > 2009/8/12 Mauricio Tavares : >> Glenn Steen wrote: >>> 2009/8/12 Mauricio Tavares : >>>> Jules Field wrote: >>>>> Did you run sa-learn as the same user you run MailScanner as? ("Run As >>>>> User" in MailScanner.conf). Otherwise your Bayes database you've been >>>>> training will be in the wrong place. >>>>> >>>> I see your point. I was indeed running sa-learn as root, not as >>>> postfix, which should be the user MailScanner runs as. So, I guess I >>>> should >>>> run it then as postfix. Now, should I delete the root-created database? >>>> Also, where will it save the database at? >>>> >>> You should delete the one for root, if it resides in roots home >>> directory, since that will be no help at all... Or move it. But I see >>> you have configured it to reside somewhere sane, so all you need do is >>> make it all owned by postfix. >> Here is an update: I wrote a script that through all the virtual >> email accounts (/var/spool/vmail/domain.com) and scanned the spam (placed in >> the .Spam folder) and the ham (placed in all the other mail folders). Since >> I am running it as postfix:postfix and that directory is owned by >> virtual:virtual, I did not get everyone. Is there a way to let the >> postfix-owned script check all the mails in the virtual-owned ones? Make >> postfix part of the virtual group? I think that is what the sticky bit is >> for, right? In any case, here is the output: >> >> postfix@mail /etc/postfix $ sa-learn --dump magic >> 0.000 0 3 0 non-token data: bayes db version >> 0.000 0 1837 0 non-token data: nspam >> 0.000 0 179092 0 non-token data: nham >> 0.000 0 3104505 0 non-token data: ntokens >> 0.000 0 1053729759 0 non-token data: oldest atime >> 0.000 0 1250081652 0 non-token data: newest atime >> 0.000 0 1250081434 0 non-token data: last journal sync >> atime >> 0.000 0 1250034247 0 non-token data: last expiry atime >> 0.000 0 0 0 non-token data: last expire atime >> delta >> 0.000 0 0 0 non-token data: last expire >> reduction count >> postfix@mail /etc/postfix $ >> >> >> As you can see, there is a lot more ham than spam. I wonder how much harm >> would that cause in my bayesian filtering... >> >>> If you also use MailWatch, you'll need make the apache users group the >>> "group owner" for the base directory and all the files, and set the >>> GID bit for the directory (/var/spool/MailScanner/bayes in your case), >>> so that any new files get the correct group ownership. Once you've >>> done that, things should start cooking:-). >> Thanks for the suggestion! If I ever use MailWatch, I will try to >> remember to use that. =) >> >>> One more thing: Always run your tests (spamassassin --lint and stuff >>> like that) as your postfix user, to avoid some subleties that might >>> otherwise bite. >> postfix@mail /etc/postfix $ spamassassin --lint >> [19591] warn: config: warning: score set for non-existent rule >> WANTS_CREDIT_CARD >> [19591] warn: config: warning: score set for non-existent rule >> FORGED_RCVD_HELO >> [19591] warn: lint: 2 issues detected, please rerun with debug enabled for >> more information >> postfix@mail /etc/postfix $ >> > Hm, I wonder if your postfix user really can read all the .cf files... > Do as it suggests and see what debug will tell you (spamassassin > --lint -D, as the PF user). Also try running a message through, or > else it will not test bayes for you: > spamassassin -t -D < /path/to/email/file > ... and llok carefully at what it says about bayes. You might want to > pipe the output to a file (or less). Don't forget to redirect STDERR > as well ( 2>&1). > > Cheers Some interesting findings (to me): postfix@mail /home/raub/Spam $ spamassassin -D < spam9.eml Content analysis details: (10.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.8 BAD_ENC_HEADER Message has bad MIME encoding in the header 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [202.132.194.31 listed in dnsbl.sorbs.net] 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [202.132.194.31 listed in zen.spamhaus.org] 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE But, as me: raub@mail ~/Spam $ spamassassin -D < spam9.eml [...] Content analysis details: (12.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 BAD_ENC_HEADER Message has bad MIME encoding in the header 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [202.132.194.31 listed in zen.spamhaus.org] 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [202.132.194.31 listed in dnsbl.sorbs.net] 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE So, I guess the above means that bayesian was not run when I ran spamassasin as me because it did not have the rights to access the database. I can live with that. On a related note, why is it saying 5.0 points required if in MailScanner.conf I have Required SpamAssassin Score = 4.7 Do I also have to define required_hits 4.70 in spam.assassin.prefs.conf? From uxbod at splatnix.net Wed Aug 12 18:40:54 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Wed Aug 12 18:41:12 2009 Subject: [OT] Does anybody use MailScanner with Zimbra ? In-Reply-To: <685AB232-2705-4320-A04D-6E0743A7EABC@mlrw.com> Message-ID: <33116967.1261250098853981.JavaMail.root@office.splatnix.net> :) Best Regards, ----- "Mike Wallace" wrote: > My load is not that high ~1,000 msgs/day, so having the MTA/MS server doing the LDAP lookups to ZCS is no big deal. > Thanks. > On Aug 12, 2009, at 12:25 PM, --[ UxBoD ]-- wrote: > Why not relay to your ISP from your MailScanner server ? That way you can move LDAP lookups to the front-end reduce load on your MS server aswell ? > > Best Regards, > > > ----- "Mike Wallace" < mike@mlrw.com > wrote: > > My configuration is very similar, the only differences are that I use SMTP to forward to ZCS where I keep AV running since I have to forward outgoing mail to my ISP (who blocks outbound SMTP) and I only do LDAP lookups for valid mailboxes/aliases. > > I guess I'll try RC1-OSE on Centos 5.3 and keep the existing system (5.0.7 on FC7) in case I need to move back. > > > > Thanks. > > On Aug 12, 2009, at 11:35 AM, --[ UxBoD ]-- wrote: > > Mike, > > > > Just to be complete my config is now :- > > > > Internet -> Front End MTA (Postfix and MS) -> LMTP -> ZCS > > > > LDAP look ups performed for B&W and valid mailboxes/aliases. > > > > Best Regards, > > > > > > ----- "--[ UxBoD ]--" < uxbod@splatnix.net > wrote: > > > > > > Hi Mike, > > > > > > I have been running RC1-NE for the last few weeks without any real issues TBH. I now have MS and Zimbra working pretty well for 1) Shared Bayes 2) B/W Lists 3) Junk folders. Final step will be the integration of Quarantine. I have completely disabled the AV/AS capabilities within ZCS and solely use MS. > > > > > > Best Regards, > > > > > > > > > ----- "Mike Wallace" < mike@mlrw.com > wrote: > > > > I am running 5.07 and building a new server. > > > > Is 6.0 RC 1 ready for prime time or should I stick with 5.0.18? > > > > > > > > On Aug 12, 2009, at 5:31 AM, --[ UxBoD ]-- wrote: > > > > If so and you are trying ZCS V6 RC1 I have adapted Steve Freegards SQLBlackList.pm to use the ZCS LDAP black/white lists. If you would like to give it a try then let me know. > > > > > > > > Best Regards, > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content and is believed to be clean. > > > > SplatNIX IT Services :: Innovation through collaboration > > > > > > > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > -- > > > > This message has been scanned for viruses and > > > > dangerous content and is believed to be clean. > > > > SplatNIX IT Services :: Innovation through collaboration > > > > -- > > > > MailScanner mailing list > > > > mailscanner@lists.mailscanner.info > > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content and is believed to be clean. > > > SplatNIX IT Services :: Innovation through collaboration > > > -- > > > MailScanner mailing list > > > mailscanner@lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > > > Support MailScanner development - buy the book off the website! > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > > > > -- > > This message has been scanned for viruses and > > dangerous content and is believed to be clean. > > SplatNIX IT Services :: Innovation through collaboration > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > > This message has been scanned for viruses and dangerous content by MailScanner , and is believed to be clean. -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > -- > This message has been scanned for viruses and > dangerous content and is believed to be clean. > SplatNIX IT Services :: Innovation through collaboration > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/6eb55b18/attachment.html From maxsec at gmail.com Wed Aug 12 19:04:35 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Aug 12 19:04:44 2009 Subject: No bayesian for me? In-Reply-To: <4A82FC49.4090603@gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> <4A82FC49.4090603@gmail.com> Message-ID: <72cf361e0908121104s3e8e08caxfaf7572f1fabe899@mail.gmail.com> 2009/8/12 Mauricio Tavares > Glenn Steen wrote: > >> 2009/8/12 Mauricio Tavares : >> >>> Glenn Steen wrote: >>> >>>> 2009/8/12 Mauricio Tavares : >>>> >>>>> Jules Field wrote: >>>>> >>>>>> Did you run sa-learn as the same user you run MailScanner as? ("Run As >>>>>> User" in MailScanner.conf). Otherwise your Bayes database you've been >>>>>> training will be in the wrong place. >>>>>> >>>>>> I see your point. I was indeed running sa-learn as root, not as >>>>> postfix, which should be the user MailScanner runs as. So, I guess I >>>>> should >>>>> run it then as postfix. Now, should I delete the root-created database? >>>>> Also, where will it save the database at? >>>>> >>>>> You should delete the one for root, if it resides in roots home >>>> directory, since that will be no help at all... Or move it. But I see >>>> you have configured it to reside somewhere sane, so all you need do is >>>> make it all owned by postfix. >>>> >>> Here is an update: I wrote a script that through all the virtual >>> email accounts (/var/spool/vmail/domain.com) and scanned the spam >>> (placed in >>> the .Spam folder) and the ham (placed in all the other mail folders). >>> Since >>> I am running it as postfix:postfix and that directory is owned by >>> virtual:virtual, I did not get everyone. Is there a way to let the >>> postfix-owned script check all the mails in the virtual-owned ones? Make >>> postfix part of the virtual group? I think that is what the sticky bit is >>> for, right? In any case, here is the output: >>> >>> postfix@mail /etc/postfix $ sa-learn --dump magic >>> 0.000 0 3 0 non-token data: bayes db version >>> 0.000 0 1837 0 non-token data: nspam >>> 0.000 0 179092 0 non-token data: nham >>> 0.000 0 3104505 0 non-token data: ntokens >>> 0.000 0 1053729759 0 non-token data: oldest atime >>> 0.000 0 1250081652 0 non-token data: newest atime >>> 0.000 0 1250081434 0 non-token data: last journal sync >>> atime >>> 0.000 0 1250034247 0 non-token data: last expiry atime >>> 0.000 0 0 0 non-token data: last expire atime >>> delta >>> 0.000 0 0 0 non-token data: last expire >>> reduction count >>> postfix@mail /etc/postfix $ >>> >>> >>> As you can see, there is a lot more ham than spam. I wonder how much harm >>> would that cause in my bayesian filtering... >>> >>> If you also use MailWatch, you'll need make the apache users group the >>>> "group owner" for the base directory and all the files, and set the >>>> GID bit for the directory (/var/spool/MailScanner/bayes in your case), >>>> so that any new files get the correct group ownership. Once you've >>>> done that, things should start cooking:-). >>>> >>> Thanks for the suggestion! If I ever use MailWatch, I will try to >>> remember to use that. =) >>> >>> One more thing: Always run your tests (spamassassin --lint and stuff >>>> like that) as your postfix user, to avoid some subleties that might >>>> otherwise bite. >>>> >>> postfix@mail /etc/postfix $ spamassassin --lint >>> [19591] warn: config: warning: score set for non-existent rule >>> WANTS_CREDIT_CARD >>> [19591] warn: config: warning: score set for non-existent rule >>> FORGED_RCVD_HELO >>> [19591] warn: lint: 2 issues detected, please rerun with debug enabled >>> for >>> more information >>> postfix@mail /etc/postfix $ >>> >>> Hm, I wonder if your postfix user really can read all the .cf files... >> Do as it suggests and see what debug will tell you (spamassassin >> --lint -D, as the PF user). Also try running a message through, or >> else it will not test bayes for you: >> spamassassin -t -D < /path/to/email/file >> ... and llok carefully at what it says about bayes. You might want to >> pipe the output to a file (or less). Don't forget to redirect STDERR >> as well ( 2>&1). >> >> Cheers >> > > Some interesting findings (to me): > > postfix@mail /home/raub/Spam $ spamassassin -D < spam9.eml > > Content analysis details: (10.2 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.8 BAD_ENC_HEADER Message has bad MIME encoding in the header > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5000] > 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars > 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [202.132.194.31 listed in dnsbl.sorbs.net] > 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [202.132.194.31 listed in zen.spamhaus.org] > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see < > http://www.spamcop.net/bl.shtml?202.132.194.31>] > 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > dynamic-looking rDNS > 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE > > But, as me: > > raub@mail ~/Spam $ spamassassin -D < spam9.eml > [...] > > Content analysis details: (12.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.9 BAD_ENC_HEADER Message has bad MIME encoding in the header > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars > 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [202.132.194.31 listed in zen.spamhaus.org] > 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [202.132.194.31 listed in dnsbl.sorbs.net] > 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see < > http://www.spamcop.net/bl.shtml?202.132.194.31>] > 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > dynamic-looking rDNS > 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE > > So, I guess the above means that bayesian was not run when I ran > spamassasin as me because it did not have the rights to access the database. > I can live with that. > > On a related note, why is it saying 5.0 points required if in > MailScanner.conf I have > > Required SpamAssassin Score = 4.7 > > Do I also have to define required_hits 4.70 in spam.assassin.prefs.conf? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Hi There are two settings in MailScanner.conf for SA scores. This gives you the opportunity to mark the mail as "maybe spam" with delivery and the high score as definitely spam and just drop it. This differs from SA's view of the world. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090812/cee75605/attachment.html From MailScanner at ecs.soton.ac.uk Wed Aug 12 19:46:12 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Aug 12 19:47:34 2009 Subject: No bayesian for me? In-Reply-To: <72cf361e0908121104s3e8e08caxfaf7572f1fabe899@mail.gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> <4A82FC49.4090603@gmail.com> <72cf361e0908121104s3e8e08caxfaf7572f1fabe899@mail.gmail.com> <4A830DF4.4050709@ecs.soton.ac.uk> Message-ID: On 12/08/2009 19:04, Martin Hepworth wrote: > > > 2009/8/12 Mauricio Tavares > > > Glenn Steen wrote: > > 2009/8/12 Mauricio Tavares >: > > Glenn Steen wrote: > > 2009/8/12 Mauricio Tavares >: > > Jules Field wrote: > > Did you run sa-learn as the same user you run > MailScanner as? ("Run As > User" in MailScanner.conf). Otherwise your > Bayes database you've been > training will be in the wrong place. > > I see your point. I was indeed running > sa-learn as root, not as > postfix, which should be the user MailScanner runs > as. So, I guess I > should > run it then as postfix. Now, should I delete the > root-created database? > Also, where will it save the database at? > > You should delete the one for root, if it resides in > roots home > directory, since that will be no help at all... Or > move it. But I see > you have configured it to reside somewhere sane, so > all you need do is > make it all owned by postfix. > > Here is an update: I wrote a script that through all > the virtual > email accounts (/var/spool/vmail/domain.com > ) and scanned the spam (placed in > the .Spam folder) and the ham (placed in all the other > mail folders). Since > I am running it as postfix:postfix and that directory is > owned by > virtual:virtual, I did not get everyone. Is there a way to > let the > postfix-owned script check all the mails in the > virtual-owned ones? Make > postfix part of the virtual group? I think that is what > the sticky bit is > for, right? In any case, here is the output: > > postfix@mail /etc/postfix $ sa-learn --dump magic > 0.000 0 3 0 non-token data: > bayes db version > 0.000 0 1837 0 non-token data: nspam > 0.000 0 179092 0 non-token data: nham > 0.000 0 3104505 0 non-token data: > ntokens > 0.000 0 1053729759 0 non-token data: > oldest atime > 0.000 0 1250081652 0 non-token data: > newest atime > 0.000 0 1250081434 0 non-token data: > last journal sync > atime > 0.000 0 1250034247 0 non-token data: > last expiry atime > 0.000 0 0 0 non-token data: > last expire atime > delta > 0.000 0 0 0 non-token data: > last expire > reduction count > postfix@mail /etc/postfix $ > > > As you can see, there is a lot more ham than spam. I > wonder how much harm > would that cause in my bayesian filtering... > > If you also use MailWatch, you'll need make the apache > users group the > "group owner" for the base directory and all the > files, and set the > GID bit for the directory > (/var/spool/MailScanner/bayes in your case), > so that any new files get the correct group ownership. > Once you've > done that, things should start cooking:-). > > Thanks for the suggestion! If I ever use MailWatch, > I will try to > remember to use that. =) > > One more thing: Always run your tests (spamassassin > --lint and stuff > like that) as your postfix user, to avoid some > subleties that might > otherwise bite. > > postfix@mail /etc/postfix $ spamassassin --lint > [19591] warn: config: warning: score set for non-existent rule > WANTS_CREDIT_CARD > [19591] warn: config: warning: score set for non-existent rule > FORGED_RCVD_HELO > [19591] warn: lint: 2 issues detected, please rerun with > debug enabled for > more information > postfix@mail /etc/postfix $ > > Hm, I wonder if your postfix user really can read all the .cf > files... > Do as it suggests and see what debug will tell you (spamassassin > --lint -D, as the PF user). Also try running a message through, or > else it will not test bayes for you: > spamassassin -t -D < /path/to/email/file > ... and llok carefully at what it says about bayes. You might > want to > pipe the output to a file (or less). Don't forget to redirect > STDERR > as well ( 2>&1). > > Cheers > > > Some interesting findings (to me): > > postfix@mail /home/raub/Spam $ spamassassin -D < spam9.eml > > Content analysis details: (10.2 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.8 BAD_ENC_HEADER Message has bad MIME encoding in the > header > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 > to 60% > [score: 0.5000] > 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than > 76 chars > 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic > IP address > [202.132.194.31 listed in > dnsbl.sorbs.net ] > 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [202.132.194.31 listed in > zen.spamhaus.org ] > 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > [Blocked - see > ] > 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > dynamic-looking rDNS > 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no > X-MimeOLE > > But, as me: > > raub@mail ~/Spam $ spamassassin -D < spam9.eml > [...] > > Content analysis details: (12.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.9 BAD_ENC_HEADER Message has bad MIME encoding in the > header > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than > 76 chars > 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [202.132.194.31 listed in > zen.spamhaus.org ] > 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic > IP address > [202.132.194.31 listed in > dnsbl.sorbs.net ] > 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > [Blocked - see > ] > 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > dynamic-looking rDNS > 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no > X-MimeOLE > > So, I guess the above means that bayesian was not run when I ran > spamassasin as me because it did not have the rights to access the > database. I can live with that. > > On a related note, why is it saying 5.0 points required if in > MailScanner.conf I have > > Required SpamAssassin Score = 4.7 > > Do I also have to define required_hits 4.70 in > spam.assassin.prefs.conf? > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Hi > > There are two settings in MailScanner.conf for SA scores. This gives > you the opportunity to mark the mail as "maybe spam" with delivery and > the high score as definitely spam and just drop it. > > This differs from SA's view of the world. And you can implement as many extra levels of spam score handling as you like using "SpamAssassin Rule Actions" where you can specify a set of actions for any arbitrary spam score thresholds. So if you need 15 levels of spam thresholds, no problem! Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jethro.binks at strath.ac.uk Wed Aug 12 19:47:15 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed Aug 12 19:49:17 2009 Subject: No bayesian for me? In-Reply-To: <4A82FC49.4090603@gmail.com> References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> <4A82FC49.4090603@gmail.com> Message-ID: On Wed, 12 Aug 2009, Mauricio Tavares wrote: > raub@mail ~/Spam $ spamassassin -D < spam9.eml > [...] > > Content analysis details: (12.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.9 BAD_ENC_HEADER Message has bad MIME encoding in the header > 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers > 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars > 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > [202.132.194.31 listed in zen.spamhaus.org] > 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address > [202.132.194.31 listed in dnsbl.sorbs.net] > 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see ] > 0.1 RDNS_DYNAMIC Delivered to trusted network by host with > dynamic-looking rDNS > 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE > > So, I guess the above means that bayesian was not run when I ran spamassasin > as me because it did not have the rights to access the database. I can live > with that. > > On a related note, why is it saying 5.0 points required if in > MailScanner.conf I have > > Required SpamAssassin Score = 4.7 > > Do I also have to define required_hits 4.70 in spam.assassin.prefs.conf? For many years, in my mailscanner.cf, which configures SpamAssassin, I have had this: # Note that required_score can actually be set via MailScanner.conf option # "Required SpamAssassin Score", but when you do that, the value used by # the _REQD_ template macro below is not changed. Hence, we change the score # within SpamAssassin itself to match. # Ensure this matches MailScanner/rules/scores.rules required_score 6.5 And regarding the template, I have: # SA's 10_default_prefs.cf contains the template for the default (long) report, # which is placed in reports via MailScanner's $longspamreport variable. # However in Message.pm, MailScanner crops off the initial text from the # report, matching: $salongreport =~ s/^.* pts rule name/ pts rule name/; # We modify the format of the report slightly here by adding some extra # stuff, but we need to ensure we don't tamper with that pattern match. clear_report_template #report Spam detection software, running on the system "_HOSTNAME_", has #report identified this incoming email as possible spam. The original message #report has been attached to this so you can view it (if it isn't spam) or label #report similar future email. If you have any questions, see #report _CONTACTADDRESS_ for details. #report #report Content preview: _PREVIEW_ #report #report Content analysis details: (_SCORE_ points, _REQD_ required) #report report " pts rule name description" report "---- ---------------------- ----------------------------------------------" report _SUMMARY_ report report (_SCORE_ points scored, over _REQD_ points req'd to be tagged as spam) Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From raubvogel at gmail.com Wed Aug 12 20:49:49 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Wed Aug 12 20:50:03 2009 Subject: No bayesian for me? In-Reply-To: References: <4A81AB56.9020306@gmail.com> <72cf361e0908111044k6838deb8t1a380544c84874f1@mail.gmail.com> <4A81C49F.2080805@gmail.com> <4A81DA5B.3060909@ecs.soton.ac.uk> <4A81F995.8010402@gmail.com> <223f97700908120115w452e0e19s5aef23f25fc834b9@mail.gmail.com> <4A82C70A.4050004@gmail.com> <223f97700908120830l6299b203j427412d7888512e1@mail.gmail.com> <4A82FC49.4090603@gmail.com> <72cf361e0908121104s3e8e08caxfaf7572f1fabe899@mail.gmail.com> <4A830DF4.4050709@ecs.soton.ac.uk> Message-ID: <4A831CDD.2010605@gmail.com> Jules Field wrote: > > > On 12/08/2009 19:04, Martin Hepworth wrote: >> >> >> 2009/8/12 Mauricio Tavares > > >> >> Glenn Steen wrote: >> >> 2009/8/12 Mauricio Tavares > >: >> >> Glenn Steen wrote: >> >> 2009/8/12 Mauricio Tavares > >: >> >> Jules Field wrote: >> >> Did you run sa-learn as the same user you run >> MailScanner as? ("Run As >> User" in MailScanner.conf). Otherwise your >> Bayes database you've been >> training will be in the wrong place. >> >> I see your point. I was indeed running >> sa-learn as root, not as >> postfix, which should be the user MailScanner runs >> as. So, I guess I >> should >> run it then as postfix. Now, should I delete the >> root-created database? >> Also, where will it save the database at? >> >> You should delete the one for root, if it resides in >> roots home >> directory, since that will be no help at all... Or >> move it. But I see >> you have configured it to reside somewhere sane, so >> all you need do is >> make it all owned by postfix. >> >> Here is an update: I wrote a script that through all >> the virtual >> email accounts (/var/spool/vmail/domain.com >> ) and scanned the spam (placed in >> the .Spam folder) and the ham (placed in all the other >> mail folders). Since >> I am running it as postfix:postfix and that directory is >> owned by >> virtual:virtual, I did not get everyone. Is there a way to >> let the >> postfix-owned script check all the mails in the >> virtual-owned ones? Make >> postfix part of the virtual group? I think that is what >> the sticky bit is >> for, right? In any case, here is the output: >> >> postfix@mail /etc/postfix $ sa-learn --dump magic >> 0.000 0 3 0 non-token data: >> bayes db version >> 0.000 0 1837 0 non-token data: nspam >> 0.000 0 179092 0 non-token data: nham >> 0.000 0 3104505 0 non-token data: >> ntokens >> 0.000 0 1053729759 0 non-token data: >> oldest atime >> 0.000 0 1250081652 0 non-token data: >> newest atime >> 0.000 0 1250081434 0 non-token data: >> last journal sync >> atime >> 0.000 0 1250034247 0 non-token data: >> last expiry atime >> 0.000 0 0 0 non-token data: >> last expire atime >> delta >> 0.000 0 0 0 non-token data: >> last expire >> reduction count >> postfix@mail /etc/postfix $ >> >> >> As you can see, there is a lot more ham than spam. I >> wonder how much harm >> would that cause in my bayesian filtering... >> >> If you also use MailWatch, you'll need make the apache >> users group the >> "group owner" for the base directory and all the >> files, and set the >> GID bit for the directory >> (/var/spool/MailScanner/bayes in your case), >> so that any new files get the correct group ownership. >> Once you've >> done that, things should start cooking:-). >> >> Thanks for the suggestion! If I ever use MailWatch, >> I will try to >> remember to use that. =) >> >> One more thing: Always run your tests (spamassassin >> --lint and stuff >> like that) as your postfix user, to avoid some >> subleties that might >> otherwise bite. >> >> postfix@mail /etc/postfix $ spamassassin --lint >> [19591] warn: config: warning: score set for non-existent >> rule >> WANTS_CREDIT_CARD >> [19591] warn: config: warning: score set for non-existent >> rule >> FORGED_RCVD_HELO >> [19591] warn: lint: 2 issues detected, please rerun with >> debug enabled for >> more information >> postfix@mail /etc/postfix $ >> >> Hm, I wonder if your postfix user really can read all the .cf >> files... >> Do as it suggests and see what debug will tell you (spamassassin >> --lint -D, as the PF user). Also try running a message >> through, or >> else it will not test bayes for you: >> spamassassin -t -D < /path/to/email/file >> ... and llok carefully at what it says about bayes. You might >> want to >> pipe the output to a file (or less). Don't forget to redirect >> STDERR >> as well ( 2>&1). >> >> Cheers >> >> >> Some interesting findings (to me): >> >> postfix@mail /home/raub/Spam $ spamassassin -D < spam9.eml >> >> Content analysis details: (10.2 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 1.8 BAD_ENC_HEADER Message has bad MIME encoding in the >> header >> 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in >> headers >> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 >> to 60% >> [score: 0.5000] >> 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than >> 76 chars >> 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic >> IP address >> [202.132.194.31 listed in >> dnsbl.sorbs.net ] >> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL >> [202.132.194.31 listed in >> zen.spamhaus.org ] >> 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in >> bl.spamcop.net >> [Blocked - see >> ] >> 0.1 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS >> 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no >> X-MimeOLE >> >> But, as me: >> >> raub@mail ~/Spam $ spamassassin -D < spam9.eml >> [...] >> >> Content analysis details: (12.7 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- >> -------------------------------------------------- >> 2.9 BAD_ENC_HEADER Message has bad MIME encoding in the >> header >> 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in >> headers >> 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than >> 76 chars >> 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL >> [202.132.194.31 listed in >> zen.spamhaus.org ] >> 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic >> IP address >> [202.132.194.31 listed in >> dnsbl.sorbs.net ] >> 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in >> bl.spamcop.net >> [Blocked - see >> ] >> 0.1 RDNS_DYNAMIC Delivered to trusted network by host with >> dynamic-looking rDNS >> 0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no >> X-MimeOLE >> >> So, I guess the above means that bayesian was not run when I ran >> spamassasin as me because it did not have the rights to access the >> database. I can live with that. >> >> On a related note, why is it saying 5.0 points required if in >> MailScanner.conf I have >> >> Required SpamAssassin Score = 4.7 >> >> Do I also have to define required_hits 4.70 in >> spam.assassin.prefs.conf? >> >> -- MailScanner mailing list >> mailscanner@lists.mailscanner.info >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> Hi >> >> There are two settings in MailScanner.conf for SA scores. This gives >> you the opportunity to mark the mail as "maybe spam" with delivery and >> the high score as definitely spam and just drop it. >> >> This differs from SA's view of the world. > And you can implement as many extra levels of spam score handling as you > like using "SpamAssassin Rule Actions" where you can specify a set of > actions for any arbitrary spam score thresholds. So if you need 15 > levels of spam thresholds, no problem! > > Jules > So, what you are saying is that since I ran spamassassin manually, it used its default threshold value. But, if I had it being ran through mailscanner, the later would have taken spamassassin's results and then decided, based on mailscanner's own score thresholds, what to do next. It makes sense. From mark at msapiro.net Wed Aug 12 22:14:01 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed Aug 12 22:14:18 2009 Subject: phishing.bad.sites.conf not updating Message-ID: It appears that both /usr/sbin/update_bad_phishing_sites and the non-google project part of Spear.Phishing.Rules have not updated files since August 8. They both appear to be stuck at 2009-316.1, even if I remove the cache and status files an run them by hand. Have there been no updates or is something wrong? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Aug 12 23:21:35 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed Aug 12 23:21:46 2009 Subject: Message being scanned that shouldn't be. Message-ID: My daily logwatch report got quarantined today as being infected with Email.Phishing.DblDom-124. This in itself is not surprising except that it should not be scanned at all. I have a ruleset for Scan Messages. I know that this is an all-match rule set so it can be tricky, but this is reasonably straightforward. It has a bunch of 'no' rules including several of the form From: 127.0.0.1 no to exempt all local interfaces. It has a few other 'no' rules, but other than the default FromOrTo: default yes There is only one 'yes' rule To: /regexp/ yes and there's no way the regexp matched this mail. The message was the output of a cron and delivered directly to Postfix by cron as root. The Mailscanner virus report contains Sender: root@sbh16.songbird.com IP Address: 127.0.0.1 Recipient: root@sbh16.songbird.com Subject: Logwatch for sbh16.songbird.com (Linux) MessageID: CCA5E6900BD.A6A51 Quarantine: /var/spool/MailScanner/quarantine/20090812/CCA5E6900BD.A6A51 Report: Clamd: message was infected: Email.Phishing.DblDom-124 I tried resending the message from the quarantine with sendmail -t < /var/spool/MailScanner/quarantine/20090812/CCA5E6900BD.A6A51 /message with the same result. I think I would have noticed if this had been going on for long. On Aug 5 I upgraded from 4.78.3 to 4.78.7, and before that from 4.78.2 to 4.78.3 on July 31. It happens under both 4.78.7 and 4.78.8 with this one message. At least some other locally originating messages including a test sent in the same way are properly not scanned. Is it possible that the rearrangement of the virus/spam scanning code in 4.78.3 et. seq. is allowing messages to be virus scanned even if Scan Messages is 'no'? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Aug 12 23:28:39 2009 From: mark at msapiro.net (Mark Sapiro) Date: Wed Aug 12 23:28:52 2009 Subject: Message being scanned that shouldn't be. In-Reply-To: Message-ID: Mark Sapiro wrote: > >I think I would have noticed if this had been going on for long. On Aug >5 I upgraded from 4.78.3 to 4.78.7, and before that from 4.78.2 to >4.78.3 on July 31. It happens under both 4.78.7 and 4.78.8 with this >one message. At least some other locally originating messages >including a test sent in the same way are properly not scanned. Actually, I don't know that they aren't virus scanned. I only know that they don't get added MailScanner headers. >Is it possible that the rearrangement of the virus/spam scanning code >in 4.78.3 et. seq. is allowing messages to be virus scanned even if >Scan Messages is 'no'? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Thu Aug 13 11:31:26 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 13 11:31:45 2009 Subject: Message being scanned that shouldn't be. In-Reply-To: References: <4A83EB7E.8030401@ecs.soton.ac.uk> Message-ID: I have fixed this problem for you, and also an important bug in the code that cleans some types of infections out of archives in messages. Please upgrade to 4.78.9 and these problems should both be fixed. Jules. On 12/08/2009 23:28, Mark Sapiro wrote: > Mark Sapiro wrote: > >> I think I would have noticed if this had been going on for long. On Aug >> 5 I upgraded from 4.78.3 to 4.78.7, and before that from 4.78.2 to >> 4.78.3 on July 31. It happens under both 4.78.7 and 4.78.8 with this >> one message. At least some other locally originating messages >> including a test sent in the same way are properly not scanned. >> > > Actually, I don't know that they aren't virus scanned. I only know that > they don't get added MailScanner headers. > > > >> Is it possible that the rearrangement of the virus/spam scanning code >> in 4.78.3 et. seq. is allowing messages to be virus scanned even if >> Scan Messages is 'no'? >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Aug 13 13:33:53 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Aug 13 13:34:17 2009 Subject: phishing.bad.sites.conf not updating In-Reply-To: References: <4A840831.8060408@ecs.soton.ac.uk> Message-ID: This is hopefully fixed now. Thanks for letting me know! Cheers, Jules. On 12/08/2009 22:14, Mark Sapiro wrote: > It appears that both /usr/sbin/update_bad_phishing_sites and the > non-google project part of Spear.Phishing.Rules have not updated files > since August 8. They both appear to be stuck at 2009-316.1, even if I > remove the cache and status files an run them by hand. > > Have there been no updates or is something wrong? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Thu Aug 13 18:23:30 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu Aug 13 18:24:01 2009 Subject: Message being scanned that shouldn't be. In-Reply-To: Message-ID: Julian Field wrote: >I have fixed this problem for you, and also an important bug in the code >that cleans some types of infections out of archives in messages. >Please upgrade to 4.78.9 and these problems should both be fixed. Thanks Jules. The issue of virus scanning messages in spite of Scan Messages rules to the contrary seems to be fixed for me with 4.78.9. >On 12/08/2009 23:28, Mark Sapiro wrote: >> Mark Sapiro wrote: >> >>> I think I would have noticed if this had been going on for long. On Aug >>> 5 I upgraded from 4.78.3 to 4.78.7, and before that from 4.78.2 to >>> 4.78.3 on July 31. It happens under both 4.78.7 and 4.78.8 with this >>> one message. At least some other locally originating messages >>> including a test sent in the same way are properly not scanned. >>> >> >> Actually, I don't know that they aren't virus scanned. I only know that >> they don't get added MailScanner headers. >> >> >> >>> Is it possible that the rearrangement of the virus/spam scanning code >>> in 4.78.3 et. seq. is allowing messages to be virus scanned even if >>> Scan Messages is 'no'? >>> >> -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From yann.b at capensis.fr Fri Aug 14 17:17:43 2009 From: yann.b at capensis.fr (Yann Bachy) Date: Fri Aug 14 17:18:16 2009 Subject: Segfault Message-ID: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> Hello everyone! I've got the following problem with my mailscanner: every time Mailscanner loads a batch of mails to scan it quits and starts all over again : Aug 14 18:13:59 localhost MailScanner[6844]: MailScanner E-Mail Virus Scanner version 4.55.10 starting... Aug 14 18:13:59 localhost MailScanner[6844]: Read 748 hostnames from the phishing whitelist Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init function SQLBlacklist Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Blacklist Aug 14 18:13:59 localhost MailScanner[6844]: Read 0 blacklist entries Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init function MailWatchLogging Aug 14 18:13:59 localhost MailScanner[6844]: Started SQL Logging child Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init function SQLWhitelist Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Whitelist Aug 14 18:13:59 localhost MailScanner[6844]: Read 2 whitelist entries Aug 14 18:13:59 localhost MailScanner[6844]: Using SpamAssassin results cache Aug 14 18:13:59 localhost MailScanner[6844]: Connected to SpamAssassin cache database Aug 14 18:13:59 localhost MailScanner[6844]: Enabling SpamAssassin auto-whitelist functionality... Aug 14 18:14:00 localhost MailScanner[6844]: Using locktype = flock Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Found 15 messages waiting Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Scanning 5 messages, 922438 bytes Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for message 8248C328003.1CFD1 Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for message 132F5328005.8800B Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for message 96FA0328004.08A04 Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for message 212D9328007.B19A9 Aug 14 18:14:01 localhost MailScanner[6844]: SpamAssassin cache hit for message 9735C328006.BEBA0 Aug 14 18:14:01 localhost MailScanner[6844]: Virus and Content Scanning: Starting Aug 14 18:14:10 localhost MailScanner: Process did not exit cleanly, returned 0 with signal 11 and it does this over and over again I ran an strace on the process and get a segfault when it calls a brk() Mailscanner is running with postfix on a Debian 4.0 2.6.17-2-686 Mailscanner : 4.55.10-3 thanks for any info -- Yann Bachy CAPENSIS 30 rue du Triez 59290 Wasquehal ---------------------- Tel 03 59 39 13 40 Fax 03 59 39 13 49 From alex at rtpty.com Fri Aug 14 17:23:06 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Fri Aug 14 17:23:19 2009 Subject: Segfault In-Reply-To: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> References: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> Message-ID: Please update. On Aug 14, 2009, at 11:17 AM, Yann Bachy wrote: > Mailscanner : 4.55.10-3 From maxsec at gmail.com Fri Aug 14 17:25:12 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Aug 14 17:25:21 2009 Subject: Segfault In-Reply-To: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> References: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> Message-ID: <72cf361e0908140925o18d23647n875bc7e669a150f9@mail.gmail.com> Yann that's a really old version of mailscanner - there's an update debian port somewhere or move to the generic installer. normally this is something like a bad spool file, or the fact you;ve upgraded postfix and the version of MS you've got doesn't understand the new spool file format. Has this ever worked or is this a new install?? -- Martin Hepworth Oxford, UK 2009/8/14 Yann Bachy > Hello everyone! > > I've got the following problem with my mailscanner: > > every time Mailscanner loads a batch of mails to scan it quits and starts > all over again : > > Aug 14 18:13:59 localhost MailScanner[6844]: MailScanner E-Mail Virus > Scanner version 4.55.10 starting... > Aug 14 18:13:59 localhost MailScanner[6844]: Read 748 hostnames from the > phishing whitelist > Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init > function SQLBlacklist > Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Blacklist > Aug 14 18:13:59 localhost MailScanner[6844]: Read 0 blacklist entries > Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init > function MailWatchLogging > Aug 14 18:13:59 localhost MailScanner[6844]: Started SQL Logging child > Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init > function SQLWhitelist > Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Whitelist > Aug 14 18:13:59 localhost MailScanner[6844]: Read 2 whitelist entries > Aug 14 18:13:59 localhost MailScanner[6844]: Using SpamAssassin results > cache > Aug 14 18:13:59 localhost MailScanner[6844]: Connected to SpamAssassin > cache database > Aug 14 18:13:59 localhost MailScanner[6844]: Enabling SpamAssassin > auto-whitelist functionality... > Aug 14 18:14:00 localhost MailScanner[6844]: Using locktype = flock > Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Found 15 messages > waiting > Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Scanning 5 > messages, 922438 bytes > Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for > message 8248C328003.1CFD1 > Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for > message 132F5328005.8800B > Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for > message 96FA0328004.08A04 > Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for > message 212D9328007.B19A9 > Aug 14 18:14:01 localhost MailScanner[6844]: SpamAssassin cache hit for > message 9735C328006.BEBA0 > Aug 14 18:14:01 localhost MailScanner[6844]: Virus and Content Scanning: > Starting > Aug 14 18:14:10 localhost MailScanner: Process did not exit cleanly, > returned 0 with signal 11 > > > > and it does this over and over again > > I ran an strace on the process and get a segfault when it calls a brk() > > Mailscanner is running with postfix on a Debian 4.0 2.6.17-2-686 > Mailscanner : 4.55.10-3 > > thanks for any info > > > > > -- > Yann Bachy > > CAPENSIS > 30 rue du Triez > 59290 Wasquehal > ---------------------- > Tel 03 59 39 13 40 > Fax 03 59 39 13 49 > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090814/6996cc0b/attachment.html From raubvogel at gmail.com Fri Aug 14 17:31:23 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri Aug 14 17:31:35 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness Message-ID: <4A85915B.9070700@gmail.com> This email does not sound like a question; it is more about weird thoughts that are haunting me. Expect then a lot of confusion because that is how I am feeling right now. I am just trying to figure out what is going on here. I have been using X-Spam-Status: as a trigger for my dovecot sieve script to move spam into a Spam folder. Playing around with it, I found something interesting (at least to me): If I create a proper spam email and add to its header something like this: X-Spam-Status: No (or maybe or spongebob for that matters) and then send the spam to your my server, Mailscanner will properly detect it as spam and then edit X-Spam-Status like this: X-Spam-Status: No, Yes I was going to include my sieve script but what I am trying to figure out is something else. In MailScanner.conf we have these two lines: Spam Actions = deliver header "X-Spam-Status: Yes" Non Spam Actions = deliver header "X-Spam-Status: No" I thought that indicated that if there was a X-Spam-Status header in the mail, it would be wiped and replaced with ones of the X-Spam-Status headers shown above. Also, it seems that while spamassassin would do something like X-Spam-Status: spam, SpamAssassin (cached, score=9.645, required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50) X-Spam-Flag: YES MailScanner does the same using its own header, X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=9.645, required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50) X-Spam-Status: Yes So, MailScanner uses X-Spam-Status the same way spamassassin uses X-Spam-Flag. From MailScanner at ecs.soton.ac.uk Fri Aug 14 20:23:57 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 14 20:24:21 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <4A85915B.9070700@gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> Message-ID: MailScanner does not use any header generated by SpamAssassin. It does not allow SpamAssassin to modify the message. It adds its own headers, based on the spam status and report returned by SpamAssassin. So you won't get the same headers you get from using spamd or anything like that from your MTA. You will get the headers that MailScanner adds based on the output of SpamAssassin (which is basically a report and a spam score number). Hope that helps explain it a bit. Jules. On 14/08/2009 17:31, Mauricio Tavares wrote: > This email does not sound like a question; it is more about weird > thoughts that are haunting me. Expect then a lot of confusion because > that is how I am feeling right now. I am just trying to figure out > what is going on here. > > I have been using X-Spam-Status: as a trigger for my dovecot sieve > script to move spam into a Spam folder. Playing around with it, I > found something interesting (at least to me): If I create a proper > spam email and add to its header something like this: > > X-Spam-Status: No (or maybe or spongebob for that matters) > > and then send the spam to your my server, Mailscanner will properly > detect it as spam and then edit X-Spam-Status like this: > > X-Spam-Status: No, Yes > > I was going to include my sieve script but what I am trying to figure > out is something else. In MailScanner.conf we have these two lines: > > Spam Actions = deliver header "X-Spam-Status: Yes" > Non Spam Actions = deliver header "X-Spam-Status: No" > > I thought that indicated that if there was a X-Spam-Status header in > the mail, it would be wiped and replaced with ones of the > X-Spam-Status headers shown above. Also, it seems that while > spamassassin would do something like > > X-Spam-Status: spam, SpamAssassin (cached, score=9.645, required > 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK 3.12, > HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, RAZOR2_CF_RANGE_51_100 > 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50) > X-Spam-Flag: YES > > MailScanner does the same using its own header, > > X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=9.645, > required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK > 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, > RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, > RAZOR2_CHECK 0.50) > X-Spam-Status: Yes > > So, MailScanner uses X-Spam-Status the same way spamassassin uses > X-Spam-Flag. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Fri Aug 14 20:40:21 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri Aug 14 20:40:48 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> Message-ID: <4A85BDA5.9030402@gmail.com> Jules Field wrote: > MailScanner does not use any header generated by SpamAssassin. It does > not allow SpamAssassin to modify the message. It adds its own headers, > based on the spam status and report returned by SpamAssassin. So you > won't get the same headers you get from using spamd or anything like > that from your MTA. You will get the headers that MailScanner adds based > on the output of SpamAssassin (which is basically a report and a spam > score number). > I thought that MailScanner used X-Spam-Status, which is also used by spamassassin but in a different way. > Hope that helps explain it a bit. > > Jules. > > On 14/08/2009 17:31, Mauricio Tavares wrote: >> This email does not sound like a question; it is more about weird >> thoughts that are haunting me. Expect then a lot of confusion because >> that is how I am feeling right now. I am just trying to figure out >> what is going on here. >> >> I have been using X-Spam-Status: as a trigger for my dovecot sieve >> script to move spam into a Spam folder. Playing around with it, I >> found something interesting (at least to me): If I create a proper >> spam email and add to its header something like this: >> >> X-Spam-Status: No (or maybe or spongebob for that matters) >> >> and then send the spam to your my server, Mailscanner will properly >> detect it as spam and then edit X-Spam-Status like this: >> >> X-Spam-Status: No, Yes >> >> I was going to include my sieve script but what I am trying to figure >> out is something else. In MailScanner.conf we have these two lines: >> >> Spam Actions = deliver header "X-Spam-Status: Yes" >> Non Spam Actions = deliver header "X-Spam-Status: No" >> >> I thought that indicated that if there was a X-Spam-Status header in >> the mail, it would be wiped and replaced with ones of the >> X-Spam-Status headers shown above. Also, it seems that while >> spamassassin would do something like >> >> X-Spam-Status: spam, SpamAssassin (cached, score=9.645, required >> 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK 3.12, >> HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, RAZOR2_CF_RANGE_51_100 >> 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50) >> X-Spam-Flag: YES >> >> MailScanner does the same using its own header, >> >> X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=9.645, >> required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK >> 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, >> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, >> RAZOR2_CHECK 0.50) >> X-Spam-Status: Yes >> >> So, MailScanner uses X-Spam-Status the same way spamassassin uses >> X-Spam-Flag. > > Jules > From MailScanner at ecs.soton.ac.uk Fri Aug 14 20:47:08 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 14 20:47:44 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <4A85BDA5.9030402@gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> Message-ID: On 14/08/2009 20:40, Mauricio Tavares wrote: > Jules Field wrote: >> MailScanner does not use any header generated by SpamAssassin. It >> does not allow SpamAssassin to modify the message. It adds its own >> headers, based on the spam status and report returned by >> SpamAssassin. So you won't get the same headers you get from using >> spamd or anything like that from your MTA. You will get the headers >> that MailScanner adds based on the output of SpamAssassin (which is >> basically a report and a spam score number). >> > I thought that MailScanner used X-Spam-Status, which is also used > by spamassassin but in a different way. It will use any header you tell it to, it's totally customisable. You can trivially tell it to use X-Spam-Status, just edit the MailScanner.conf file and "service MailScanner reload". > >> Hope that helps explain it a bit. >> >> Jules. >> >> On 14/08/2009 17:31, Mauricio Tavares wrote: >>> This email does not sound like a question; it is more about >>> weird thoughts that are haunting me. Expect then a lot of confusion >>> because that is how I am feeling right now. I am just trying to >>> figure out what is going on here. >>> >>> I have been using X-Spam-Status: as a trigger for my dovecot sieve >>> script to move spam into a Spam folder. Playing around with it, I >>> found something interesting (at least to me): If I create a proper >>> spam email and add to its header something like this: >>> >>> X-Spam-Status: No (or maybe or spongebob for that matters) >>> >>> and then send the spam to your my server, Mailscanner will properly >>> detect it as spam and then edit X-Spam-Status like this: >>> >>> X-Spam-Status: No, Yes >>> >>> I was going to include my sieve script but what I am trying to >>> figure out is something else. In MailScanner.conf we have these two >>> lines: >>> >>> Spam Actions = deliver header "X-Spam-Status: Yes" >>> Non Spam Actions = deliver header "X-Spam-Status: No" >>> >>> I thought that indicated that if there was a X-Spam-Status header in >>> the mail, it would be wiped and replaced with ones of the >>> X-Spam-Status headers shown above. Also, it seems that while >>> spamassassin would do something like >>> >>> X-Spam-Status: spam, SpamAssassin (cached, score=9.645, required >>> 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK >>> 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, >>> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, >>> RAZOR2_CHECK 0.50) >>> X-Spam-Flag: YES >>> >>> MailScanner does the same using its own header, >>> >>> X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=9.645, >>> required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, >>> FORGED_MUA_OUTLOOK 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE >>> 0.82, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, >>> RAZOR2_CHECK 0.50) >>> X-Spam-Status: Yes >>> >>> So, MailScanner uses X-Spam-Status the same way spamassassin uses >>> X-Spam-Flag. >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Fri Aug 14 21:16:03 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Fri Aug 14 21:16:15 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> Message-ID: <4A85C603.7080907@gmail.com> Jules Field wrote: > > > On 14/08/2009 20:40, Mauricio Tavares wrote: >> Jules Field wrote: >>> MailScanner does not use any header generated by SpamAssassin. It >>> does not allow SpamAssassin to modify the message. It adds its own >>> headers, based on the spam status and report returned by >>> SpamAssassin. So you won't get the same headers you get from using >>> spamd or anything like that from your MTA. You will get the headers >>> that MailScanner adds based on the output of SpamAssassin (which is >>> basically a report and a spam score number). >>> >> I thought that MailScanner used X-Spam-Status, which is also used >> by spamassassin but in a different way. > It will use any header you tell it to, it's totally customisable. You > can trivially tell it to use X-Spam-Status, just edit the > MailScanner.conf file and "service MailScanner reload". >> I see what you mean, In fact, in my MailScanner.conf we have lines like Spam Actions = deliver header "X-Spam-Status: Yes" But one of the questions I have is that when it sees that header in the mail, it does not wipe it and puts its own version. Instead it appends the reply to the currently existing header, hence the X-Spam-Status: No, Yes I mentioned before. Ignore the tag name itself. If MailScanner is using the X-Spam-Status tag to identify a Yes/No-only answer, shouldn't it make sure there is no other value for that tag? >>> Hope that helps explain it a bit. >>> >>> Jules. >>> >>> On 14/08/2009 17:31, Mauricio Tavares wrote: >>>> This email does not sound like a question; it is more about >>>> weird thoughts that are haunting me. Expect then a lot of confusion >>>> because that is how I am feeling right now. I am just trying to >>>> figure out what is going on here. >>>> >>>> I have been using X-Spam-Status: as a trigger for my dovecot sieve >>>> script to move spam into a Spam folder. Playing around with it, I >>>> found something interesting (at least to me): If I create a proper >>>> spam email and add to its header something like this: >>>> >>>> X-Spam-Status: No (or maybe or spongebob for that matters) >>>> >>>> and then send the spam to your my server, Mailscanner will properly >>>> detect it as spam and then edit X-Spam-Status like this: >>>> >>>> X-Spam-Status: No, Yes >>>> >>>> I was going to include my sieve script but what I am trying to >>>> figure out is something else. In MailScanner.conf we have these two >>>> lines: >>>> >>>> Spam Actions = deliver header "X-Spam-Status: Yes" >>>> Non Spam Actions = deliver header "X-Spam-Status: No" >>>> >>>> I thought that indicated that if there was a X-Spam-Status header in >>>> the mail, it would be wiped and replaced with ones of the >>>> X-Spam-Status headers shown above. Also, it seems that while >>>> spamassassin would do something like >>>> >>>> X-Spam-Status: spam, SpamAssassin (cached, score=9.645, required >>>> 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, FORGED_MUA_OUTLOOK >>>> 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE 0.82, >>>> RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, >>>> RAZOR2_CHECK 0.50) >>>> X-Spam-Flag: YES >>>> >>>> MailScanner does the same using its own header, >>>> >>>> X-MailScanner-SpamCheck: spam, SpamAssassin (cached, score=9.645, >>>> required 4.7, BAYES_50 0.00, FH_HELO_ENDS_DOT 2.31, >>>> FORGED_MUA_OUTLOOK 3.12, HTML_MESSAGE 0.90, MSOE_MID_WRONG_CASE >>>> 0.82, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, >>>> RAZOR2_CHECK 0.50) >>>> X-Spam-Status: Yes >>>> >>>> So, MailScanner uses X-Spam-Status the same way spamassassin uses >>>> X-Spam-Flag. >>> >>> Jules >>> >> > > Jules > From rlopezcnm at gmail.com Fri Aug 14 22:35:00 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri Aug 14 22:35:10 2009 Subject: A false positive? Message-ID: The following looks to me as if it is a report of false positive. Does anyone disagree? If it is a false positive what should I do to avoid more like it? > The following e-mails were found to have: Virus Detected > > Sender: daily_headlines@ms3.lga2.nytimes.com > IP Address: 199.239.138.82 > Recipient: xxxxxxxxxx4@cnm.edu > Subject: Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs > MessageID: 0ED79A2E.A6D89 > Quarantine: > Report: Clamd: message was infected: Phishing.Heuristics.Email.SpoofedDomain > > Full headers are: > > Received: from content120c.lga2.nytimes.com > (content120c.lga2.nytimes.com [199.239.138.82]) > by mg05.cnm.edu (Postfix) with ESMTP id 0ED79A2E > for ; Fri, 14 Aug 2009 03:05:09 -0600 (MDT) > > Received: by content120c.lga2.nytimes.com (PowerMTA(TM) v3.5r3) id hgkkc00ho985 for > ; Fri, 14 Aug 2009 05:04:39 -0400 (envelope-from > ) > > From: NYTimes.com > Reply-To: nytdirect@nytimes.com > Date: Fri, 14 Aug 2009 05:04:44 -0400 > To: xxxxxxxxxx4@cnm.edu > X-job: TH-20090814 > Subject: Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs > Content-Type: text/html; charset=iso-8859-1 > Mime-version: 1.0 > Message-Id: <20090814090510.0ED79A2E@mg05.cnm.edu> > > > -- > MailScanner > Email Virus Scanner > www.mailscanner.info > > -- > This message has been scanned for viruses and dangerous content by MailScanner, > and is believed to be clean. -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From ms-list at alexb.ch Fri Aug 14 22:52:43 2009 From: ms-list at alexb.ch (Alex Broens) Date: Fri Aug 14 22:52:52 2009 Subject: A false positive? In-Reply-To: References: Message-ID: <4A85DCAB.7080902@alexb.ch> Not a MailScanner issue. Report with pristine sample to ClamAV team. On 8/14/2009 11:35 PM, Robert Lopez wrote: > The following looks to me as if it is a report of false positive. Does > anyone disagree? > If it is a false positive what should I do to avoid more like it? > >> The following e-mails were found to have: Virus Detected >> >> Sender: daily_headlines@ms3.lga2.nytimes.com >> IP Address: 199.239.138.82 >> Recipient: xxxxxxxxxx4@cnm.edu >> Subject: Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs >> MessageID: 0ED79A2E.A6D89 >> Quarantine: >> Report: Clamd: message was infected: Phishing.Heuristics.Email.SpoofedDomain >> >> Full headers are: >> >> Received: from content120c.lga2.nytimes.com >> (content120c.lga2.nytimes.com [199.239.138.82]) >> by mg05.cnm.edu (Postfix) with ESMTP id 0ED79A2E >> for ; Fri, 14 Aug 2009 03:05:09 -0600 (MDT) >> >> Received: by content120c.lga2.nytimes.com (PowerMTA(TM) v3.5r3) id hgkkc00ho985 for >> ; Fri, 14 Aug 2009 05:04:39 -0400 (envelope-from >> ) >> >> From: NYTimes.com >> Reply-To: nytdirect@nytimes.com >> Date: Fri, 14 Aug 2009 05:04:44 -0400 >> To: xxxxxxxxxx4@cnm.edu >> X-job: TH-20090814 >> Subject: Today's Headlines: New Screening Could Lead to More Potent Cancer Drugs >> Content-Type: text/html; charset=iso-8859-1 >> Mime-version: 1.0 >> Message-Id: <20090814090510.0ED79A2E@mg05.cnm.edu> >> >> >> -- >> MailScanner >> Email Virus Scanner >> www.mailscanner.info >> >> -- >> This message has been scanned for viruses and dangerous content by MailScanner, >> and is believed to be clean. > From rlopezcnm at gmail.com Fri Aug 14 23:12:17 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri Aug 14 23:12:32 2009 Subject: A false positive? In-Reply-To: <4A85DCAB.7080902@alexb.ch> References: <4A85DCAB.7080902@alexb.ch> Message-ID: I just realized that my self. Sorry. On Fri, Aug 14, 2009 at 3:52 PM, Alex Broens wrote: > Not a MailScanner issue. > Report with pristine sample to ClamAV team. > > > On 8/14/2009 11:35 PM, Robert Lopez wrote: >> >> The following looks to me as if it is a report of false positive. Does >> anyone disagree? >> If it is a false positive what should I do to avoid more like it? >> >>> The following e-mails were found to have: Virus Detected >>> >>> ? ?Sender: daily_headlines@ms3.lga2.nytimes.com >>> IP Address: 199.239.138.82 >>> ?Recipient: xxxxxxxxxx4@cnm.edu >>> ? Subject: Today's Headlines: New Screening Could Lead to More Potent >>> Cancer Drugs >>> ?MessageID: 0ED79A2E.A6D89 >>> Quarantine: >>> ? ?Report: Clamd: ?message was infected: >>> Phishing.Heuristics.Email.SpoofedDomain >>> >>> Full headers are: >>> >>> ?Received: from content120c.lga2.nytimes.com >>> ? ? ? ?(content120c.lga2.nytimes.com [199.239.138.82]) >>> ? ? ? ?by mg05.cnm.edu (Postfix) with ESMTP id 0ED79A2E >>> ? ? ? ?for ; Fri, 14 Aug 2009 03:05:09 -0600 (MDT) >>> >>> ?Received: by content120c.lga2.nytimes.com (PowerMTA(TM) v3.5r3) id >>> hgkkc00ho985 for >>> ; Fri, 14 Aug 2009 05:04:39 -0400 (envelope-from >>> ) >>> >>> ?From: NYTimes.com >>> ?Reply-To: nytdirect@nytimes.com >>> ?Date: Fri, 14 Aug 2009 05:04:44 -0400 >>> ?To: xxxxxxxxxx4@cnm.edu >>> ?X-job: TH-20090814 >>> ?Subject: ?Today's Headlines: New Screening Could Lead to More Potent >>> Cancer Drugs >>> ?Content-Type: text/html; charset=iso-8859-1 >>> ?Mime-version: 1.0 >>> ?Message-Id: <20090814090510.0ED79A2E@mg05.cnm.edu> >>> >>> >>> -- >>> MailScanner >>> Email Virus Scanner >>> www.mailscanner.info >>> >>> -- >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, >>> and is believed to be clean. >> > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From mark at msapiro.net Sat Aug 15 15:30:15 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat Aug 15 15:30:26 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <4A85C603.7080907@gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> <4A85C603.7080907@gmail.com> Message-ID: <20090815143015.GA3912@msapiro> On Fri, Aug 14, 2009 at 04:16:03PM -0400, Mauricio Tavares wrote: > > I see what you mean, In fact, in my MailScanner.conf we have lines > like > > Spam Actions = deliver header "X-Spam-Status: Yes" > > But one of the questions I have is that when it sees that header in the > mail, it does not wipe it and puts its own version. Instead it appends > the reply to the currently existing header, hence the > > X-Spam-Status: No, Yes > Look at the documentation for the Multiple Headers setting in MailScanner.conf and see if changing it to Multiple Headers = replace solves your problem. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From yann.b at capensis.fr Sat Aug 15 23:42:51 2009 From: yann.b at capensis.fr (Yann Bachy) Date: Sat Aug 15 23:43:21 2009 Subject: Segfault In-Reply-To: <72cf361e0908140925o18d23647n875bc7e669a150f9@mail.gmail.com> References: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> <72cf361e0908140925o18d23647n875bc7e669a150f9@mail.gmail.com> Message-ID: <20090816004251.nquqnjsr4cggg84k@webmail.capensis.fr> In fact this has worked fine for at least over a 100 days (uptime)... but server has been installed about 1 or 2 years ago ... never had this problem before We finally found the problem.... there was a mal-formatted mail in the queue... I put it aside and gonna check it out on monday morning when I get back to it. I'll let you guys know if I find something, thanks anyway... I'll do some updates ;) bye! -- Yann Bachy CAPENSIS 30 rue du Triez 59290 Wasquehal ---------------------- Tel 03 59 39 13 40 Fax 03 59 39 13 49 Quoting Martin Hepworth : > Yann > that's a really old version of mailscanner - there's an update debian port > somewhere or move to the generic installer. > > normally this is something like a bad spool file, or the fact you;ve > upgraded postfix and the version of MS you've got doesn't understand the new > spool file format. > > Has this ever worked or is this a new install?? > > > -- > Martin Hepworth > Oxford, UK > > 2009/8/14 Yann Bachy > >> Hello everyone! >> >> I've got the following problem with my mailscanner: >> >> every time Mailscanner loads a batch of mails to scan it quits and starts >> all over again : >> >> Aug 14 18:13:59 localhost MailScanner[6844]: MailScanner E-Mail Virus >> Scanner version 4.55.10 starting... >> Aug 14 18:13:59 localhost MailScanner[6844]: Read 748 hostnames from the >> phishing whitelist >> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init >> function SQLBlacklist >> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Blacklist >> Aug 14 18:13:59 localhost MailScanner[6844]: Read 0 blacklist entries >> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init >> function MailWatchLogging >> Aug 14 18:13:59 localhost MailScanner[6844]: Started SQL Logging child >> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom init >> function SQLWhitelist >> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Whitelist >> Aug 14 18:13:59 localhost MailScanner[6844]: Read 2 whitelist entries >> Aug 14 18:13:59 localhost MailScanner[6844]: Using SpamAssassin results >> cache >> Aug 14 18:13:59 localhost MailScanner[6844]: Connected to SpamAssassin >> cache database >> Aug 14 18:13:59 localhost MailScanner[6844]: Enabling SpamAssassin >> auto-whitelist functionality... >> Aug 14 18:14:00 localhost MailScanner[6844]: Using locktype = flock >> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Found 15 messages >> waiting >> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Scanning 5 >> messages, 922438 bytes >> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >> message 8248C328003.1CFD1 >> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >> message 132F5328005.8800B >> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >> message 96FA0328004.08A04 >> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >> message 212D9328007.B19A9 >> Aug 14 18:14:01 localhost MailScanner[6844]: SpamAssassin cache hit for >> message 9735C328006.BEBA0 >> Aug 14 18:14:01 localhost MailScanner[6844]: Virus and Content Scanning: >> Starting >> Aug 14 18:14:10 localhost MailScanner: Process did not exit cleanly, >> returned 0 with signal 11 >> >> >> >> and it does this over and over again >> >> I ran an strace on the process and get a segfault when it calls a brk() >> >> Mailscanner is running with postfix on a Debian 4.0 2.6.17-2-686 >> Mailscanner : 4.55.10-3 >> >> thanks for any info >> >> >> >> >> -- >> Yann Bachy >> >> CAPENSIS >> 30 rue du Triez >> 59290 Wasquehal >> ---------------------- >> Tel 03 59 39 13 40 >> Fax 03 59 39 13 49 >> >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> > From MailScanner at ecs.soton.ac.uk Sun Aug 16 02:14:19 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Aug 16 02:14:42 2009 Subject: Segfault In-Reply-To: <20090816004251.nquqnjsr4cggg84k@webmail.capensis.fr> References: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> <72cf361e0908140925o18d23647n875bc7e669a150f9@mail.gmail.com> <20090816004251.nquqnjsr4cggg84k@webmail.capensis.fr> <4A875D6B.2030906@ecs.soton.ac.uk> Message-ID: The latest versions have protection systems against exactly this kind of problem. On 15/08/2009 23:42, Yann Bachy wrote: > In fact this has worked fine for at least over a 100 days (uptime)... > but server has been installed about 1 or 2 years ago ... never had > this problem before > > We finally found the problem.... there was a mal-formatted mail in the > queue... I put it aside and gonna check it out on monday morning when > I get back to it. > > I'll let you guys know if I find something, thanks anyway... I'll do > some updates ;) > > bye! > > > > > -- > Yann Bachy > > CAPENSIS > 30 rue du Triez > 59290 Wasquehal > ---------------------- > Tel 03 59 39 13 40 > Fax 03 59 39 13 49 > > > Quoting Martin Hepworth : > >> Yann >> that's a really old version of mailscanner - there's an update debian >> port >> somewhere or move to the generic installer. >> >> normally this is something like a bad spool file, or the fact you;ve >> upgraded postfix and the version of MS you've got doesn't understand >> the new >> spool file format. >> >> Has this ever worked or is this a new install?? >> >> >> -- >> Martin Hepworth >> Oxford, UK >> >> 2009/8/14 Yann Bachy >> >>> Hello everyone! >>> >>> I've got the following problem with my mailscanner: >>> >>> every time Mailscanner loads a batch of mails to scan it quits and >>> starts >>> all over again : >>> >>> Aug 14 18:13:59 localhost MailScanner[6844]: MailScanner E-Mail Virus >>> Scanner version 4.55.10 starting... >>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 748 hostnames from >>> the >>> phishing whitelist >>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>> init >>> function SQLBlacklist >>> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Blacklist >>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 0 blacklist entries >>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>> init >>> function MailWatchLogging >>> Aug 14 18:13:59 localhost MailScanner[6844]: Started SQL Logging child >>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>> init >>> function SQLWhitelist >>> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Whitelist >>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 2 whitelist entries >>> Aug 14 18:13:59 localhost MailScanner[6844]: Using SpamAssassin results >>> cache >>> Aug 14 18:13:59 localhost MailScanner[6844]: Connected to SpamAssassin >>> cache database >>> Aug 14 18:13:59 localhost MailScanner[6844]: Enabling SpamAssassin >>> auto-whitelist functionality... >>> Aug 14 18:14:00 localhost MailScanner[6844]: Using locktype = flock >>> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Found 15 >>> messages >>> waiting >>> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Scanning 5 >>> messages, 922438 bytes >>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >>> message 8248C328003.1CFD1 >>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >>> message 132F5328005.8800B >>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >>> message 96FA0328004.08A04 >>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit for >>> message 212D9328007.B19A9 >>> Aug 14 18:14:01 localhost MailScanner[6844]: SpamAssassin cache hit for >>> message 9735C328006.BEBA0 >>> Aug 14 18:14:01 localhost MailScanner[6844]: Virus and Content >>> Scanning: >>> Starting >>> Aug 14 18:14:10 localhost MailScanner: Process did not exit cleanly, >>> returned 0 with signal 11 >>> >>> >>> >>> and it does this over and over again >>> >>> I ran an strace on the process and get a segfault when it calls a brk() >>> >>> Mailscanner is running with postfix on a Debian 4.0 2.6.17-2-686 >>> Mailscanner : 4.55.10-3 >>> >>> thanks for any info >>> >>> >>> >>> >>> -- >>> Yann Bachy >>> >>> CAPENSIS >>> 30 rue du Triez >>> 59290 Wasquehal >>> ---------------------- >>> Tel 03 59 39 13 40 >>> Fax 03 59 39 13 49 >>> >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Follow me at twitter.com/JulesFM MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ichmagmuell at bornefeld-ettmann.de Sun Aug 16 14:16:57 2009 From: ichmagmuell at bornefeld-ettmann.de (Ralph Bornefeld-Ettmann) Date: Sun Aug 16 14:17:57 2009 Subject: Question about Spear.Phishing.Rules script In-Reply-To: References: <4A75D22B.8070707@ecs.soton.ac.uk> <4A76C4CF.90402@ecs.soton.ac.uk> Message-ID: Julian Field schrieb: > > > On 03/08/2009 10:35, Ralph Bornefeld-Ettmann wrote: >> >> Jules Field schrieb: >>> >>> >>> On 02/08/2009 16:46, Mark Sapiro wrote: >>>> Jules Field wrote: >>>> >>>>> Wipe the cache (under /var/cache somewhere, it's in the script), >>>>> and run >>>>> it again. >>>> >>>> I did that and it retrieved all the files >>>> http://www.mailscanner.tv/emails.2009-30.1 through >>>> http://www.mailscanner.tv/emails.2009-30.232 and rebuilt the cache, >>>> but I still get >>>> >>>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at ... >>>> >>>> Note that this file really doesn't exist. As I said, if I try to get it >>>> in a browser, I get a 404 - not found. >>> Interesting. If the script continues to get the files after this one, >>> then I wouldn't worry about it too much, the .227 will probably reset >>> to .1 tomorrow anyway! :-) >>>> >>>>> On 02/08/2009 15:27, Mark Sapiro wrote: >>>>>> I am running the Spear.Phishing.Rules.v2.04 script. >>>>>> >>>>>> Recently I noticed a message: >>>>>> >>>>>> Failed to retrieve http://www.mailscanner.tv/emails.2009-30.227 at >>>>>> ... >>>>>> >>>>>> in the script output. If I try to visit that URL with a browser, I >>>>>> get >>>>>> a "not found". I noticed this once before; I think the URL may have >>>>>> been (from my browser >>>>>> history), but I can't verify this as all the week 28 files seem to be >>>>>> gone now. >>>>>> >>>>>> My questions are: >>>>>> >>>>>> Is it normal for a file to be missing or does this indicate a >>>>>> problem? >>>>>> >>>>>> If the other time really was emails.2009-28.227, is the 227 >>>>>> significant >>>>>> or a coincidence? >>> >>> Jules >>> >> >> It seems the .227 is the problem. >> As suggested in some answer above I am using a mirror for my systems. >> Starting with 2009-24 I found on my mirror : >> 24.1 - 24.252 >> 25.1 - 25.236 >> 26.1 - 26.254 >> 27.1 - 27.183 >> 28.1 - 28.242 -> no .227! (missing between 2009-07-19 04:21 and 07:11) >> 29.1 - 29.249 -> no .227! (missing between 2009-07-25 00:22 and 06:54) >> 30.1 - 30.237 -> no .227! (missing between 2009-08-02 08:22 and 09:43) >> >> When I did a wget on these files I received a 404 error. > Weird. I've changed it to restart every day instead of every week. > Should avoid the problem. > > Jules > possibly new issue : emails.2009-325 on 2009-08-14 emails.2009-326 on 2009-08-15 emails.2009-320 on 2009-08-16 seems to be a jump back in numbers .... Ralph From raubvogel at gmail.com Mon Aug 17 15:27:26 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Mon Aug 17 15:27:40 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <20090815143015.GA3912@msapiro> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> <4A85C603.7080907@gmail.com> <20090815143015.GA3912@msapiro> Message-ID: <4A8968CE.8020804@gmail.com> Mark Sapiro wrote: > On Fri, Aug 14, 2009 at 04:16:03PM -0400, Mauricio Tavares wrote: >> I see what you mean, In fact, in my MailScanner.conf we have lines >> like >> >> Spam Actions = deliver header "X-Spam-Status: Yes" >> >> But one of the questions I have is that when it sees that header in the >> mail, it does not wipe it and puts its own version. Instead it appends >> the reply to the currently existing header, hence the >> >> X-Spam-Status: No, Yes >> > > > Look at the documentation for the Multiple Headers setting in MailScanner.conf > and see if changing it to > > Multiple Headers = replace > > solves your problem. > Thanks for the suggestion. I tried that and it is still appending to that header. I also tried doing clear_headers remove header all Status in spam.assassin.prefs.conf with the same result. I think it just does not like me... From jwirtz at flamingoseismic.com Mon Aug 17 17:03:29 2009 From: jwirtz at flamingoseismic.com (Jim Wirtz) Date: Mon Aug 17 17:03:49 2009 Subject: Logwatch being marked as virus Message-ID: <03bb01ca1f54$42e41c00$c8ac5400$@com> I've recently upgraded to MailScanner version 4.77.10 and now all my Logwatch reports are Being marked has having a virus of different types, so I no longer get my reports. I've attempted To create a whitelist but it seems to be ignored by MailScanner? How do I get MailScanner to pass my reports again? Jim -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090817/1edadb5d/attachment.html From MailScanner at ecs.soton.ac.uk Mon Aug 17 17:24:34 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 17 17:24:54 2009 Subject: Logwatch being marked as virus In-Reply-To: <03bb01ca1f54$42e41c00$c8ac5400$@com> References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> Message-ID: How about you whitelist the host the logwatch reports come from? Does that host generate any other mail at all? How did you create your whitelist, and exactly what steps did you use to do it? On 17/08/2009 17:03, Jim Wirtz wrote: > > I?ve recently upgraded to MailScanner version 4.77.10 and now all my > Logwatch reports are > > Being marked has having a virus of different types, so I no longer get > my reports. I?ve attempted > > To create a whitelist but it seems to be ignored by MailScanner? > > How do I get MailScanner to pass my reports again? > > Jim > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jdwirtz at cox.net Mon Aug 17 18:54:10 2009 From: jdwirtz at cox.net (Jim Wirtz) Date: Mon Aug 17 18:54:38 2009 Subject: Logwatch being marked as virus In-Reply-To: References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> Message-ID: <03e201ca1f63$b9b6f8c0$2d24ea40$@net> The logwatch reports are coming from the localhost (same machine) and 3 other machines. MailScanner is not allowing them to send the logwatch report, just marks it as a virus. /etc/MailScanner/rules/spam.whitelist.rules FromOrTo: root@thismachine.com yes From0rTo: reports@anothermachine.com yes FromOrTo: default no I'm generating the logwatch report on "thismachine.com" and attempting To send to " reports@anothermachine.com". I have clamav as the virus program. The virus it is finding is part of the phising report info. I thought that any address in the whitelist would not be checked, but passed thru, but it appears To do the virus check anyway? Jim -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jules Field Sent: Monday, August 17, 2009 11:25 AM To: MailScanner discussion Subject: Re: Logwatch being marked as virus How about you whitelist the host the logwatch reports come from? Does that host generate any other mail at all? How did you create your whitelist, and exactly what steps did you use to do it? On 17/08/2009 17:03, Jim Wirtz wrote: > > I've recently upgraded to MailScanner version 4.77.10 and now all my > Logwatch reports are > > Being marked has having a virus of different types, so I no longer get > my reports. I've attempted > > To create a whitelist but it seems to be ignored by MailScanner? > > How do I get MailScanner to pass my reports again? > > Jim > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.56/2302 - Release Date: 08/17/09 06:08:00 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dnsadmin at 1bigthink.com Mon Aug 17 19:02:36 2009 From: dnsadmin at 1bigthink.com (dnsadmin 1bigthink.com) Date: Mon Aug 17 19:03:04 2009 Subject: Logwatch being marked as virus In-Reply-To: <03e201ca1f63$b9b6f8c0$2d24ea40$@net> References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> Message-ID: <200908171802.n7HI2kFC022651@mxt.1bigthink.com> At 01:54 PM 8/17/2009, you wrote: >The logwatch reports are coming from the localhost (same machine) and 3 >other machines. >MailScanner is not allowing them to send the logwatch report, just marks it >as a virus. > >/etc/MailScanner/rules/spam.whitelist.rules > >FromOrTo: root@thismachine.com yes >From0rTo: reports@anothermachine.com yes >FromOrTo: default no > >I'm generating the logwatch report on "thismachine.com" and attempting >To send to " reports@anothermachine.com". > >I have clamav as the virus program. The virus it is finding is part of the >phising report info. -Snip- You are using the spam.whitelist rules, which are behaving themselves just fine. Use the virus scanning rules to whitelist. I had the same problem. Fixed! Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Mon Aug 17 19:23:10 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Aug 17 19:23:19 2009 Subject: Logwatch being marked as virus In-Reply-To: <200908171802.n7HI2kFC022651@mxt.1bigthink.com> References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> Message-ID: <72cf361e0908171123t69e6a886j8cdfba1f2e0e21de@mail.gmail.com> 2009/8/17 dnsadmin 1bigthink.com > At 01:54 PM 8/17/2009, you wrote: > >> The logwatch reports are coming from the localhost (same machine) and 3 >> other machines. >> MailScanner is not allowing them to send the logwatch report, just marks >> it >> as a virus. >> >> /etc/MailScanner/rules/spam.whitelist.rules >> >> FromOrTo: root@thismachine.com yes >> From0rTo: reports@anothermachine.com yes >> FromOrTo: default no >> >> I'm generating the logwatch report on "thismachine.com" and attempting >> To send to " reports@anothermachine.com". >> >> I have clamav as the virus program. The virus it is finding is part of the >> phising report info. >> > > -Snip- > > You are using the spam.whitelist rules, which are behaving themselves just > fine. Use the virus scanning rules to whitelist. I had the same problem. > Fixed! > > Cheers, > Glenn > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > or use the global 'Scan Messages' so it doesn't scan from 127.0.0.1 assuming your machine is a gateway and not an end user or MSA machine! -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090817/d184eac1/attachment.html From jdwirtz at cox.net Mon Aug 17 19:52:35 2009 From: jdwirtz at cox.net (Jim Wirtz) Date: Mon Aug 17 19:53:01 2009 Subject: Logwatch being marked as virus In-Reply-To: <200908171802.n7HI2kFC022651@mxt.1bigthink.com> References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> Message-ID: <042901ca1f6b$e2c1e4c0$a845ae40$@net> Thanks Gleen.... That fixed it!.. took a couple trys before I realized this was where I wanted NO as the final option. That No I didn't want it scanned, but yes to the default action. /etc/MailScanner/rules/virus.scanning.rules FromOrTo: root@thismachine.com no From0rTo: reports@anothermachine.com no FromOrTo: default yes -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin 1bigthink.com Sent: Monday, August 17, 2009 1:03 PM To: MailScanner discussion Subject: RE: Logwatch being marked as virus At 01:54 PM 8/17/2009, you wrote: >The logwatch reports are coming from the localhost (same machine) and 3 >other machines. >MailScanner is not allowing them to send the logwatch report, just marks it >as a virus. > >/etc/MailScanner/rules/spam.whitelist.rules > >FromOrTo: root@thismachine.com yes >From0rTo: reports@anothermachine.com yes >FromOrTo: default no > >I'm generating the logwatch report on "thismachine.com" and attempting >To send to " reports@anothermachine.com". > >I have clamav as the virus program. The virus it is finding is part of the >phising report info. -Snip- You are using the spam.whitelist rules, which are behaving themselves just fine. Use the virus scanning rules to whitelist. I had the same problem. Fixed! Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.56/2302 - Release Date: 08/17/09 06:08:00 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Aug 17 21:11:13 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 17 21:11:34 2009 Subject: Logwatch being marked as virus In-Reply-To: <042901ca1f6b$e2c1e4c0$a845ae40$@net> References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> <042901ca1f6b$e2c1e4c0$a845ae40$@net> <4A89B961.8010102@ecs.soton.ac.uk> Message-ID: On 17/08/2009 19:52, Jim Wirtz wrote: > Thanks Gleen.... > > That fixed it!.. took a couple trys before I realized this was where I > wanted NO as the final option. > That No I didn't want it scanned, but yes to the default action. > > /etc/MailScanner/rules/virus.scanning.rules > > FromOrTo: root@thismachine.com no > From0rTo: reports@anothermachine.com no > FromOrTo: default yes > Doing it by email address it dangerous. If some attacker sends you mail with the envelope sender address set as root@thismachine.com then it won't get scanned, regardless of where it came from. A sender can set the sender address to anything they like, it has no effect on the delivery of the message. So don't do this, do it by IP address, such as From: 127.0.0.1 no so you don't scan mail originating from the localhost itself. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of dnsadmin > 1bigthink.com > Sent: Monday, August 17, 2009 1:03 PM > To: MailScanner discussion > Subject: RE: Logwatch being marked as virus > > At 01:54 PM 8/17/2009, you wrote: > >> The logwatch reports are coming from the localhost (same machine) and 3 >> other machines. >> MailScanner is not allowing them to send the logwatch report, just marks it >> as a virus. >> >> /etc/MailScanner/rules/spam.whitelist.rules >> >> FromOrTo: root@thismachine.com yes >> From0rTo: reports@anothermachine.com yes >> FromOrTo: default no >> >> I'm generating the logwatch report on "thismachine.com" and attempting >> To send to " reports@anothermachine.com". >> >> I have clamav as the virus program. The virus it is finding is part of the >> phising report info. >> > -Snip- > > You are using the spam.whitelist rules, which are behaving themselves > just fine. Use the virus scanning rules to whitelist. I had the same > problem. Fixed! > > Cheers, > Glenn > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From alex at rtpty.com Mon Aug 17 21:21:42 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Aug 17 21:21:57 2009 Subject: Logwatch being marked as virus In-Reply-To: References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> <042901ca1f6b$e2c1e4c0$a845ae40$@net> <4A89B961.8010102@ecs.soton.ac.uk> Message-ID: This can be dangerous. If the host itself has a webmail service, or an exploitable form, the server won't scan messages sent from the compromised system. Perhaps a two-factor system, like From:127.0.0.1 and From:mailwatch@myserver or somesuch, would be better, don't you think? On Aug 17, 2009, at 3:11 PM, Jules Field wrote: > A sender can set the sender address to anything they like, it has no > effect on the delivery of the message. > So don't do this, do it by IP address, such as > From: 127.0.0.1 no > so you don't scan mail originating from the localhost itself. From shprahi at gmail.com Tue Aug 18 07:57:40 2009 From: shprahi at gmail.com (shprahi shprahi) Date: Tue Aug 18 07:57:49 2009 Subject: Recipient Limitation(s) In-Reply-To: <20090726175456.GA1076@msapiro> References: <7d9b3cf20907241256t7c9efe8xf0e543e5e724ae8c@mail.gmail.com> <20090725140814.GA3244@msapiro> <4A6B2B35.1000401@fsl.com> <20090726175456.GA1076@msapiro> Message-ID: In my opinion do not give load to Mailscanner for these kind of activity,Use some policyd kind of throttling..... On Sun, Jul 26, 2009 at 11:24 PM, Mark Sapiro wrote: > On Sat, Jul 25, 2009 at 04:56:37PM +0100, Steve Freegard wrote: > > > > These rules could also be simplified considerably and reduce their > > overhead by better regexp (using capturing parenthesis in SA simply > > wastes memory) so: > > > > header COUNT_TO To =~ /(?:\S+@\S+)/ > > tflags COUNT_TO multiple > > score COUNT_TO 0.1 > > > > header COUNT_CC Cc =~ /(?:\S+@\S+)/ > > tflags COUNT_CC multiple > > score COUNT_CC 0.1 > > > > These would add 0.1 for every e-mail address in the To and Cc headers; > > to 20 recipients would add 2 to the computed score. > > > Actually, I think the above regexps would better be something like > > header COUNT_TO To =~ /(?:[^@,\s]+@[^@,\s]+)/ > header COUNT_CC Cc =~ /(?:[^@,\s]+@[^@,\s]+)/ > > Otherwise they match the whole header value in something like > > To: , > > -- > Mark Sapiro mark at msapiro net The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090818/aa620e48/attachment.html From MailScanner at ecs.soton.ac.uk Tue Aug 18 08:04:21 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 18 08:04:42 2009 Subject: Logwatch being marked as virus In-Reply-To: References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> <042901ca1f6b$e2c1e4c0$a845ae40$@net> <4A89B961.8010102@ecs.soton.ac.uk> <4A8A5275.1040605@ecs.soton.ac.uk> Message-ID: Absolutely agreed. What would I do without you guys?! On 17/08/2009 21:21, Alex Neuman van der Hans wrote: > This can be dangerous. > > If the host itself has a webmail service, or an exploitable form, the > server won't scan messages sent from the compromised system. > > Perhaps a two-factor system, like From:127.0.0.1 and > From:mailwatch@myserver or somesuch, would be better, don't you think? > > On Aug 17, 2009, at 3:11 PM, Jules Field wrote: > >> A sender can set the sender address to anything they like, it has no >> effect on the delivery of the message. >> So don't do this, do it by IP address, such as >> From: 127.0.0.1 no >> so you don't scan mail originating from the localhost itself. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From J.Ede at birchenallhowden.co.uk Tue Aug 18 08:14:23 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Aug 18 08:14:43 2009 Subject: Logwatch being marked as virus In-Reply-To: References: <03bb01ca1f54$42e41c00$c8ac5400$@com> <4A898442.4070502@ecs.soton.ac.uk> <03e201ca1f63$b9b6f8c0$2d24ea40$@net> <200908171802.n7HI2kFC022651@mxt.1bigthink.com> <042901ca1f6b$e2c1e4c0$a845ae40$@net> <4A89B961.8010102@ecs.soton.ac.uk> <4A8A5275.1040605@ecs.soton.ac.uk> Message-ID: <1213490F1F316842A544A850422BFA960F7EBFF90D@BHLSBS.bhl.local> Have a much quieter life? > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 18 August 2009 08:04 > To: MailScanner discussion > Subject: Re: Logwatch being marked as virus > > Absolutely agreed. What would I do without you guys?! > > On 17/08/2009 21:21, Alex Neuman van der Hans wrote: > > This can be dangerous. > > > > If the host itself has a webmail service, or an exploitable form, the > > server won't scan messages sent from the compromised system. > > > > Perhaps a two-factor system, like From:127.0.0.1 and > > From:mailwatch@myserver or somesuch, would be better, don't you > think? > > > > On Aug 17, 2009, at 3:11 PM, Jules Field wrote: > > > >> A sender can set the sender address to anything they like, it has no > >> effect on the delivery of the message. > >> So don't do this, do it by IP address, such as > >> From: 127.0.0.1 no > >> so you don't scan mail originating from the localhost itself. > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Tue Aug 18 11:28:17 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Aug 18 11:28:26 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <4A8968CE.8020804@gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> <4A85C603.7080907@gmail.com> <20090815143015.GA3912@msapiro> <4A8968CE.8020804@gmail.com> Message-ID: <223f97700908180328l1d368b43n741c745811f44f83@mail.gmail.com> 2009/8/17 Mauricio Tavares : > Mark Sapiro wrote: >> >> On Fri, Aug 14, 2009 at 04:16:03PM -0400, Mauricio Tavares wrote: >>> >>> ? ? ? ?I see what you mean, In fact, in my MailScanner.conf we have lines >>> ? ? ? ?like >>> >>> Spam Actions = deliver header "X-Spam-Status: Yes" >>> >>> But one of the questions I have is that when it sees that header in the >>> mail, it does not wipe it and puts its own version. Instead it appends the >>> reply to the currently existing header, hence the >>> >>> X-Spam-Status: No, Yes >>> >> >> >> Look at the documentation for the Multiple Headers setting in >> MailScanner.conf >> and see if changing it to >> >> Multiple Headers = replace >> >> solves your problem. >> > ? ? ? ?Thanks for the suggestion. I tried that and it is still appending to > that header. I also tried doing > > clear_headers > remove header all Status > > in spam.assassin.prefs.conf with the same result. I think it just does not > like me... As Jules said, the SA bit shouldn't matter. Did you remember to restart MS after editing MailScanner.conf? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From Denis.Beauchemin at USherbrooke.ca Tue Aug 18 13:32:53 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Aug 18 13:33:06 2009 Subject: More descriptive body spam message In-Reply-To: <4A6842E3.7050109@gmail.com> References: <4A6842E3.7050109@gmail.com> Message-ID: <4A8A9F75.6010408@USherbrooke.ca> Mauricio Tavares a ?crit : > I received a spam mail from one of my other accounts in which > their spamassassin detected the spam. That is fine, nothing specially > really. But what it had that was interesting to me was the amount of > info shown on the body of the message about the said spam: > > =============================%< ==================================== > Spam detection software, running on the system "freenet9.afn.org", has > identified this incoming email as possible spam. The original message > has been attached to this so you can view it (if it isn't spam) or label > similar future email. If you have any questions, see > the administrator of that system for details. > > [...] > > Content analysis details: (6.9 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 MISSING_MID Missing Message-Id: header > 1.3 MISSING_HEADERS Missing To: header > 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% > [score: 0.6317] > 0.0 HTML_MESSAGE BODY: HTML included in message > 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts > 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only > 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook > > The original message was not completely plain text, and may be unsafe to > open with some email clients; in particular, it may contain a virus, > or confirm that your address can receive spam. If you wish to view > it, it may be safer to save it to a file and open it with an editor. > > =============================%< ==================================== > > A lot of that MailScanner already does, but in a shorthand version on > the header. Is there a way to do something like the above, as in > append that to the top of the body of the mail that by now is already > defanged? Mauricio, I use the following in spam.assassin.prefs.conf to get a similar report: clear-report-template report Current analysis details: (_HITS_ points, _REQD_ required) report pts rule name description report ---- ---------------------- -------------------------------------------------- report _SUMMARY_ Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From Denis.Beauchemin at USherbrooke.ca Tue Aug 18 14:25:43 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Tue Aug 18 14:25:53 2009 Subject: New beta release 4.78.3 -- "spam-viruses" In-Reply-To: References: <4A72F46F.8030803@ecs.soton.ac.uk> Message-ID: <4A8AABD7.3000800@USherbrooke.ca> Julian Field a ?crit : > I have just released a new beta, the first in quite a while. > > ... > > So you need to do 2 other things: > 1. Set the name of the header used for this: see the "Spam-Virus > Header" setting in MailScanner.conf. Julian, I am just catching up to the list (been away a few weeks). I find this new setting quite interesting but I am wondering what MS does if the header is already present in the incoming email when it works on it? Do you remove the old header and add a new one or just add a new one? Could this cause problems? Thanks again for all the time you put into MailScanner. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From jonas at vrt.dk Tue Aug 18 14:33:38 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 18 14:33:55 2009 Subject: Reports about newest beta Message-ID: <003e01ca2008$7e41d030$7ac57090$@dk> Hi Julian I've installed the newest beta(4.78.9) on 1 of my scanners and got some feedback in that context. I got 2 issues: 1/ This is the first install for me which has the mailscanner crash/dos protection. And I just receved a couple of mails which apparently would crash mailscanner. These mails seems to have been moved to /var/spool/MailScanner/quarantine/20090818/ Normally spam would have been moved to /var/spool/MailScanner/quarantine/20090818/spam and ham to /var/spool/MailScanner/quarantine/20090818/nonspam These 3 mails was each moved to /var/spool/MailScanner/quarantine/20090818/ and a directory was created for each mail named after the mail id, and inside was a file called message with the mail content. Is this the normal designed behavior? If yes is it customizeable somehow? As in can I control where the "kill mails" are stored. /2 My second issue is more of a problem, I've started using the new virus-spam feature with great success (and I encourage everyone else to as well if you can spare the extra cpu time). However in the conf it says: # Some virus scanners now use their signatures to detect spam as well as # viruses. These "viruses" are called "spam-viruses". When they are found # the following header will be added to your message before it is passed to # SpamAssassin, listing all the "spam-viruses" that were found as a comma- # separated list. # This can also be the filename of a ruleset. Spam-Virus Header = X-%org-name%-SpamVirus-Report: # This defines which virus reports from your virus scanners are really the # names of "spam-viruses" as described in the "Spam-Virus Header" section # above. This is a space-separated list of strings which can contain "*" # wildcards to mean "any string of characters", and which will match the # whole name of the virus reported by your virus scanner. So for example # "HTML/*" will match all virus names which start with the string "HTML/". # The supplied example is suitable for F-Prot6 and the SaneSecurity # databases for ClamAV. The test is case-sensitive. # This cannot be a ruleset, it must be a simple value as described. Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* I don't understand how/why you would make Spam-Virus Header a ruleset? What would u control with it? But I do see why you would want a ruleset for the Virus Names Which Are Spam option. This would allow me to deploy some of the databases sanesecurity lables with a high chance of FP's by assigning them different headers and thus giving them fewer points in SA than the more trusthworthy DB's. Was there a technical reason why this option isn't possible to set in a ruleset, or did you just think it would be overkill? Overall the new beta seems to be running fine except for the mails which appears to make it crash, I have not looked into detail about the mails (it was actually test mails) but ile do that later on. Hope you survived my longish rant J -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090818/de7a5a5e/attachment.html From MailScanner at ecs.soton.ac.uk Tue Aug 18 14:34:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 18 14:34:30 2009 Subject: New beta release 4.78.3 -- "spam-viruses" In-Reply-To: <4A8AABD7.3000800@USherbrooke.ca> References: <4A72F46F.8030803@ecs.soton.ac.uk> <4A8AABD7.3000800@USherbrooke.ca> <4A8AADD2.2010604@ecs.soton.ac.uk> Message-ID: On 18/08/2009 14:25, Denis Beauchemin wrote: > Julian Field a ?crit : >> I have just released a new beta, the first in quite a while. >> >> ... >> >> So you need to do 2 other things: >> 1. Set the name of the header used for this: see the "Spam-Virus >> Header" setting in MailScanner.conf. > > Julian, > > I am just catching up to the list (been away a few weeks). I find > this new setting quite interesting but I am wondering what MS does if > the header is already present in the incoming email when it works on > it? Do you remove the old header and add a new one or just add a new > one? Could this cause problems? The new value of the header should be appended to any existing header of the same name. > > Thanks again for all the time you put into MailScanner. Glad you find it useful! Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From raubvogel at gmail.com Tue Aug 18 14:44:15 2009 From: raubvogel at gmail.com (Mauricio Tavares) Date: Tue Aug 18 14:44:30 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <223f97700908180328l1d368b43n741c745811f44f83@mail.gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> <4A85C603.7080907@gmail.com> <20090815143015.GA3912@msapiro> <4A8968CE.8020804@gmail.com> <223f97700908180328l1d368b43n741c745811f44f83@mail.gmail.com> Message-ID: <4A8AB02F.3030004@gmail.com> Glenn Steen wrote: > 2009/8/17 Mauricio Tavares : >> Mark Sapiro wrote: >>> On Fri, Aug 14, 2009 at 04:16:03PM -0400, Mauricio Tavares wrote: >>>> I see what you mean, In fact, in my MailScanner.conf we have lines >>>> like >>>> >>>> Spam Actions = deliver header "X-Spam-Status: Yes" >>>> >>>> But one of the questions I have is that when it sees that header in the >>>> mail, it does not wipe it and puts its own version. Instead it appends the >>>> reply to the currently existing header, hence the >>>> >>>> X-Spam-Status: No, Yes >>>> >>> >>> Look at the documentation for the Multiple Headers setting in >>> MailScanner.conf >>> and see if changing it to >>> >>> Multiple Headers = replace >>> >>> solves your problem. >>> >> Thanks for the suggestion. I tried that and it is still appending to >> that header. I also tried doing >> >> clear_headers >> remove header all Status >> >> in spam.assassin.prefs.conf with the same result. I think it just does not >> like me... I agree completely, but since I feel like I am on the end of my rope here, I am trying anything I can think of. If fact, if someone told me to rub a dead chicken on the server, I would go poultry shopping... :) > As Jules said, the SA bit shouldn't matter. Did you remember to > restart MS after editing MailScanner.conf? > About restarting MS, I actually told it to first stop and then start instead of just /etc/init.d/MailScanner restart kinda thing. > Cheers From MailScanner at ecs.soton.ac.uk Tue Aug 18 14:47:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 18 14:48:03 2009 Subject: Reports about newest beta In-Reply-To: <003e01ca2008$7e41d030$7ac57090$@dk> References: <003e01ca2008$7e41d030$7ac57090$@dk> <4A8AB0FC.5010602@ecs.soton.ac.uk> Message-ID: On 18/08/2009 14:33, Jonas A. Larsen wrote: > > Hi Julian > > I?ve installed the newest beta(4.78.9) on 1 of my scanners and got > some feedback in that context. > > I got 2 issues: > > 1/ > > This is the first install for me which has the mailscanner crash/dos > protection. And I just receved a couple of mails which apparently > would crash mailscanner. > > These mails seems to have been moved to > /var/spool/MailScanner/quarantine/20090818/ > > Normally spam would have been moved to > /var/spool/MailScanner/quarantine/20090818/spam and ham to > /var/spool/MailScanner/quarantine/20090818/nonspam > > These 3 mails was each moved to > /var/spool/MailScanner/quarantine/20090818/ and a directory was > created for each mail named after the mail id, and inside was a file > called message with the mail content. > > Is this the normal designed behavior? If yes is it customizeable > somehow? As in can I control where the ?kill mails? are stored. > They are put in the quarantine relying on the other quarantine settings in MailScanner.conf, such as storing the whole message and so on. > > /2 > > My second issue is more of a problem, I?ve started using the new > virus-spam feature with great success (and I encourage everyone else > to as well if you can spare the extra cpu time). > > However in the conf it says: > > # Some virus scanners now use their signatures to detect spam as well as > > # viruses. These "viruses" are called "spam-viruses". When they are found > > # the following header will be added to your message before it is > passed to > > # SpamAssassin, listing all the "spam-viruses" that were found as a comma- > > # separated list. > > # This can also be the filename of a ruleset. > > Spam-Virus Header = X-%org-name%-SpamVirus-Report: > > # This defines which virus reports from your virus scanners are really the > > # names of "spam-viruses" as described in the "Spam-Virus Header" section > > # above. This is a space-separated list of strings which can contain "*" > > # wildcards to mean "any string of characters", and which will match the > > # whole name of the virus reported by your virus scanner. So for example > > # "HTML/*" will match all virus names which start with the string "HTML/". > > # The supplied example is suitable for F-Prot6 and the SaneSecurity > > # databases for ClamAV. The test is case-sensitive. > > # This cannot be a ruleset, it must be a simple value as described. > > Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* > > I don?t understand how/why you would make Spam-Virus Header a ruleset? > What would u control with it? > People in different countries could have different header names so they make sense in different languages for example. Just because you don't want to make it selectable doesn't mean no-one does. > > But I do see why you would want a ruleset for the Virus Names Which > Are Spam option. This would allow me to deploy some of the databases > sanesecurity lables with a high chance of FP?s by assigning them > different headers and thus giving them fewer points in SA than the > more trusthworthy DB?s. > You can do that by assigning different SpamAssassin scores to the header values in SpamAssassin. The SpamVirus-Report header is passed to SpamAssassin, so you can have different rules triggering off different "spamvirus" names giving different scores for different types of spamvirus. So you can do this perfectly simply. > > Was there a technical reason why this option isn?t possible to set in > a ruleset, or did you just think it would be overkill? > A very good technical reason. And because it's totally unnecessary as you can already implement exactly the same thing better in a bunch of SpamAssassin rules. Take a look in the new spam.assassin.prefs.conf (right at the bottom) and you will see a very simple rule for assigning a spam score when this header is present. You can expand that rule into multiple rules triggering on different texts, assigning different scores to each one. I explained all of this in the ChangeLog entry for 4.78, please read it. > > Overall the new beta seems to be running fine except for the mails > which appears to make it crash, I have not looked into detail about > the mails (it was actually test mails) but ile do that later on. > That's the whole point of the crash-protection system. > > Hope you survived my longish rant > I did, but I honestly don't know why I bothered... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Aug 18 14:48:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Aug 18 14:49:04 2009 Subject: On X-Spam-Status, X-Spam-Flag, X-MailScanner-SpamCheck, and other weirdness In-Reply-To: <4A8AB02F.3030004@gmail.com> References: <4A85915B.9070700@gmail.com> <4A85B9CD.5040707@ecs.soton.ac.uk> <4A85BDA5.9030402@gmail.com> <4A85BF3C.80906@ecs.soton.ac.uk> <4A85C603.7080907@gmail.com> <20090815143015.GA3912@msapiro> <4A8968CE.8020804@gmail.com> <223f97700908180328l1d368b43n741c745811f44f83@mail.gmail.com> <4A8AB02F.3030004@gmail.com> <4A8AB137.6090304@ecs.soton.ac.uk> Message-ID: On 18/08/2009 14:44, Mauricio Tavares wrote: > Glenn Steen wrote: >> 2009/8/17 Mauricio Tavares : >>> Mark Sapiro wrote: >>>> On Fri, Aug 14, 2009 at 04:16:03PM -0400, Mauricio Tavares wrote: >>>>> I see what you mean, In fact, in my MailScanner.conf we >>>>> have lines >>>>> like >>>>> >>>>> Spam Actions = deliver header "X-Spam-Status: Yes" >>>>> >>>>> But one of the questions I have is that when it sees that header >>>>> in the >>>>> mail, it does not wipe it and puts its own version. Instead it >>>>> appends the >>>>> reply to the currently existing header, hence the >>>>> >>>>> X-Spam-Status: No, Yes >>>>> >>>> >>>> Look at the documentation for the Multiple Headers setting in >>>> MailScanner.conf >>>> and see if changing it to >>>> >>>> Multiple Headers = replace >>>> >>>> solves your problem. >>>> >>> Thanks for the suggestion. I tried that and it is still >>> appending to >>> that header. I also tried doing >>> >>> clear_headers >>> remove header all Status >>> >>> in spam.assassin.prefs.conf with the same result. I think it just >>> does not >>> like me... > > I agree completely, but since I feel like I am on the end of my > rope here, I am trying anything I can think of. If fact, if someone > told me to rub a dead chicken on the server, I would go poultry > shopping... :) > >> As Jules said, the SA bit shouldn't matter. Did you remember to >> restart MS after editing MailScanner.conf? >> > > About restarting MS, I actually told it to first stop and then start > instead of just /etc/init.d/MailScanner restart kinda thing. Doing a restart is actually more reliable than a stop rapidly followed by a start. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Amelein at dantumadiel.eu Tue Aug 18 15:06:38 2009 From: Amelein at dantumadiel.eu (Amelein@dantumadiel.eu) Date: Tue Aug 18 15:06:59 2009 Subject: Could not analyse message Message-ID: <4A8AD18E0200008E000107D1@10.1.0.206> We keep getting some newsletter which keeps 'breaking' MS where it'll just reject the message on the account of it not being able to read it. The actual message is just plain text (html) as far as I can tel. We're still running MS 4.66.5 and we're going to re-invent the wheel on a new server with all the latest versions since this one has served us very well but the OS has fallen far enough behind to warrant a clean install. But until then I need a way to ignore these e-mails and just pass them through unchecked, but I cant remember where and how to do this, adding them to the always.white list did not work (they get marked as non spam and then kicked out on the account that they can't be read). Any suggestions ? Arjan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090818/55766f28/attachment.html From jonas at vrt.dk Tue Aug 18 15:22:39 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 18 15:22:56 2009 Subject: Reports about newest beta In-Reply-To: References: <003e01ca2008$7e41d030$7ac57090$@dk> <4A8AB0FC.5010602@ecs.soton.ac.uk> Message-ID: <005601ca200f$57703490$06509db0$@dk> Thanks for answering my questions, here comes my follow up ones :) > > Is this the normal designed behavior? If yes is it customizeable > > somehow? As in can I control where the ?kill mails? are stored. > > > They are put in the quarantine relying on the other quarantine settings > in MailScanner.conf, such as storing the whole message and so on. Wouldn't it make most sense to put them in a "crashmails" folder what ever it would be named the same as spam and nonspam? Not important I guess, would just make it more mmm coherent is the word i think. > > > > > You can do that by assigning different SpamAssassin scores to the header > values in SpamAssassin. The SpamVirus-Report header is passed to > SpamAssassin, so you can have different rules triggering off different > "spamvirus" names giving different scores for different types of > spamvirus. So you can do this perfectly simply. Hmm i guess that implies that the name of the actual virus is put in the headers, I've never managed to actually see a header since its always blocked and quarantined, and the quarantine mails don?t have the MS headers. But I will look into that. > > > > Was there a technical reason why this option isn?t possible to set in > > a ruleset, or did you just think it would be overkill? > > > A very good technical reason. And because it's totally unnecessary as > you can already implement exactly the same thing better in a bunch of > SpamAssassin rules. Take a look in the new spam.assassin.prefs.conf > (right at the bottom) and you will see a very simple rule for assigning > a spam score when this header is present. You can expand that rule into > multiple rules triggering on different texts, assigning different scores > to each one. Was the last part I was missing. > > I explained all of this in the ChangeLog entry for 4.78, please read it. I did read it, I guess it wasn't clear enough for me to grasp at first try. > > > > Overall the new beta seems to be running fine except for the mails > > which appears to make it crash, I have not looked into detail about > > the mails (it was actually test mails) but ile do that later on. > > > That's the whole point of the crash-protection system. > > > > Hope you survived my longish rant > > > I did, but I honestly don't know why I bothered... to be nice? :) Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From clacroix at cegep-ste-foy.qc.ca Wed Aug 19 20:32:46 2009 From: clacroix at cegep-ste-foy.qc.ca (Charles Lacroix) Date: Wed Aug 19 20:33:06 2009 Subject: Segfault In-Reply-To: References: <20090814181743.zp0awxueskcgc4s0@webmail.capensis.fr> <72cf361e0908140925o18d23647n875bc7e669a150f9@mail.gmail.com> <20090816004251.nquqnjsr4cggg84k@webmail.capensis.fr> <4A875D6B.2030906@ecs.soton.ac.uk> Message-ID: <4A8C535E.7080605@cegep-ste-foy.qc.ca> Yeah latest version rocks :) I was with an old version and got a problem with some docx attachement, and it would just fill up my memory. I updated to last version and it took like 36sec ( 6 times the default 6 seconds queue scan ) for the message to hit the max attempts and be redirected to quarantine. Its probably the best feature ever :) thanks Julian Field wrote: > The latest versions have protection systems against exactly this kind > of problem. > > On 15/08/2009 23:42, Yann Bachy wrote: >> In fact this has worked fine for at least over a 100 days (uptime)... >> but server has been installed about 1 or 2 years ago ... never had >> this problem before >> >> We finally found the problem.... there was a mal-formatted mail in >> the queue... I put it aside and gonna check it out on monday morning >> when I get back to it. >> >> I'll let you guys know if I find something, thanks anyway... I'll do >> some updates ;) >> >> bye! >> >> >> >> >> -- >> Yann Bachy >> >> CAPENSIS >> 30 rue du Triez >> 59290 Wasquehal >> ---------------------- >> Tel 03 59 39 13 40 >> Fax 03 59 39 13 49 >> >> >> Quoting Martin Hepworth : >> >>> Yann >>> that's a really old version of mailscanner - there's an update >>> debian port >>> somewhere or move to the generic installer. >>> >>> normally this is something like a bad spool file, or the fact you;ve >>> upgraded postfix and the version of MS you've got doesn't understand >>> the new >>> spool file format. >>> >>> Has this ever worked or is this a new install?? >>> >>> >>> -- >>> Martin Hepworth >>> Oxford, UK >>> >>> 2009/8/14 Yann Bachy >>> >>>> Hello everyone! >>>> >>>> I've got the following problem with my mailscanner: >>>> >>>> every time Mailscanner loads a batch of mails to scan it quits and >>>> starts >>>> all over again : >>>> >>>> Aug 14 18:13:59 localhost MailScanner[6844]: MailScanner E-Mail Virus >>>> Scanner version 4.55.10 starting... >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 748 hostnames >>>> from the >>>> phishing whitelist >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>>> init >>>> function SQLBlacklist >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Blacklist >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 0 blacklist entries >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>>> init >>>> function MailWatchLogging >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Started SQL Logging child >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Config: calling custom >>>> init >>>> function SQLWhitelist >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Starting up SQL Whitelist >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Read 2 whitelist entries >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Using SpamAssassin >>>> results >>>> cache >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Connected to SpamAssassin >>>> cache database >>>> Aug 14 18:13:59 localhost MailScanner[6844]: Enabling SpamAssassin >>>> auto-whitelist functionality... >>>> Aug 14 18:14:00 localhost MailScanner[6844]: Using locktype = flock >>>> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Found 15 >>>> messages >>>> waiting >>>> Aug 14 18:14:00 localhost MailScanner[6844]: New Batch: Scanning 5 >>>> messages, 922438 bytes >>>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit >>>> for >>>> message 8248C328003.1CFD1 >>>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit >>>> for >>>> message 132F5328005.8800B >>>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit >>>> for >>>> message 96FA0328004.08A04 >>>> Aug 14 18:14:00 localhost MailScanner[6844]: SpamAssassin cache hit >>>> for >>>> message 212D9328007.B19A9 >>>> Aug 14 18:14:01 localhost MailScanner[6844]: SpamAssassin cache hit >>>> for >>>> message 9735C328006.BEBA0 >>>> Aug 14 18:14:01 localhost MailScanner[6844]: Virus and Content >>>> Scanning: >>>> Starting >>>> Aug 14 18:14:10 localhost MailScanner: Process did not exit cleanly, >>>> returned 0 with signal 11 >>>> >>>> >>>> >>>> and it does this over and over again >>>> >>>> I ran an strace on the process and get a segfault when it calls a >>>> brk() >>>> >>>> Mailscanner is running with postfix on a Debian 4.0 2.6.17-2-686 >>>> Mailscanner : 4.55.10-3 >>>> >>>> thanks for any info >>>> >>>> >>>> >>>> >>>> -- >>>> Yann Bachy >>>> >>>> CAPENSIS >>>> 30 rue du Triez >>>> 59290 Wasquehal >>>> ---------------------- >>>> Tel 03 59 39 13 40 >>>> Fax 03 59 39 13 49 >>>> >>>> >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> >>> >> > > Jules > From brent.bolin at gmail.com Thu Aug 20 17:16:11 2009 From: brent.bolin at gmail.com (Brent Bolin) Date: Thu Aug 20 17:16:22 2009 Subject: Can somebody explain the differences between clamavmodule vs clamd Message-ID: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> Performance, abilities etc... Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/b2033b06/attachment.html From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 18:15:24 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 18:15:40 2009 Subject: Localhost forgery Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> I'm being bombarded with a ton of spam that claims to be from localhost (but the IP isn't in the 127. range). They are false NDRs, bouncing off of foreign servers. A large number of my users are being joe-jobbed, and the remote servers send the NDRs here. Here's a couple of examples from the the mail log: Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged) Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be forged) I'd really like to be able to block them at the MTA level, but barring that, a spamassassin rule would do nicely. Anybody have a rule available that would fit the bill? There are too many sources to try to blacklist - I'd be playing whack-a-mole all day long. (I've been on vacation the past few weeks, so if this has been discussed please let me know the subject line.) Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From ecasarero at gmail.com Thu Aug 20 18:22:20 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Aug 20 18:22:49 2009 Subject: Localhost forgery In-Reply-To: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> Message-ID: <7d9b3cf20908201022g45c94788vc49f48940285a12a@mail.gmail.com> 2009/8/20 Kevin Miller > I'm being bombarded with a ton of spam that claims to be from localhost > (but the IP isn't in the 127. range). They are false NDRs, bouncing off of > foreign servers. A large number of my users are being joe-jobbed, and the > remote servers send the NDRs here. Here's a couple of examples from the the > mail log: > > Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=< > qvmanifestation@grahamevinson.com>, size=0, class=0, nrcpts=0, > proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged) > Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=< > kzmatrimony@ivory.plala.or.jp>, size=0, class=0, nrcpts=0, proto=ESMTP, > daemon=MTA, relay=localhost [222.254.108.100] (may be forged) > > I'd really like to be able to block them at the MTA level, but barring > that, a spamassassin rule would do nicely. Anybody have a rule available > that would fit the bill? There are too many sources to try to blacklist - > I'd be playing whack-a-mole all day long. > do you use greylisting? > > (I've been on vacation the past few weeks, so if this has been discussed > please let me know the subject line.) > > Thanks... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/b0159621/attachment.html From maxsec at gmail.com Thu Aug 20 18:42:47 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Aug 20 18:42:55 2009 Subject: Can somebody explain the differences between clamavmodule vs clamd In-Reply-To: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> References: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> Message-ID: <72cf361e0908201042kcdbf1f9ke9adbbd63cb85cc6@mail.gmail.com> clamd is normally recommended now as clammodule normally (usually) needs upgrading everytime clamav puts out a new version and this gives a large lag between the two.. MailScanner also starts quicker and is smaller with clamd as it doesn't need to load all the signatures and code on each child start. Someone did a performance test a while ago (months), I can't remember the results but I *think* from experience clamd is faster. -- Martin Hepworth Oxford, UK 2009/8/20 Brent Bolin > Performance, abilities etc... > Thanks > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/e5a165e7/attachment.html From maxsec at gmail.com Thu Aug 20 18:45:15 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Aug 20 18:45:24 2009 Subject: Localhost forgery In-Reply-To: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> Message-ID: <72cf361e0908201045m7317740et18cd1a354687a475@mail.gmail.com> 2009/8/20 Kevin Miller > I'm being bombarded with a ton of spam that claims to be from localhost > (but the IP isn't in the 127. range). They are false NDRs, bouncing off of > foreign servers. A large number of my users are being joe-jobbed, and the > remote servers send the NDRs here. Here's a couple of examples from the the > mail log: > > Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=< > qvmanifestation@grahamevinson.com>, size=0, class=0, nrcpts=0, > proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged) > Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=< > kzmatrimony@ivory.plala.or.jp>, size=0, class=0, nrcpts=0, proto=ESMTP, > daemon=MTA, relay=localhost [222.254.108.100] (may be forged) > > I'd really like to be able to block them at the MTA level, but barring > that, a spamassassin rule would do nicely. Anybody have a rule available > that would fit the bill? There are too many sources to try to blacklist - > I'd be playing whack-a-mole all day long. > > (I've been on vacation the past few weeks, so if this has been discussed > please let me know the subject line.) > > Thanks... > > ...Kevin > -- > Kevin Miller Registered Linux User No: 307357 > CBJ MIS Dept. Network Systems Admin., Mail Admin. > 155 South Seward Street ph: (907) 586-0242 > Juneau, Alaska 99801 fax: (907 586-4500 -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Kevin does you outgoing go via MailScanner? if so make ure you're using the watermark feature of MailScanner. Still means you're accepting the email but it will mean any email thats an NDR without those watermark headers will get marked as spam. -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/82443bce/attachment.html From ecasarero at gmail.com Thu Aug 20 18:46:13 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Thu Aug 20 18:46:45 2009 Subject: Can somebody explain the differences between clamavmodule vs clamd In-Reply-To: <72cf361e0908201042kcdbf1f9ke9adbbd63cb85cc6@mail.gmail.com> References: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> <72cf361e0908201042kcdbf1f9ke9adbbd63cb85cc6@mail.gmail.com> Message-ID: <7d9b3cf20908201046t6ff6e728o9ad785c0990e01e8@mail.gmail.com> 2009/8/20 Martin Hepworth > clamd is normally recommended now as clammodule normally (usually) needs > upgrading everytime clamav puts out a new version and this gives a large lag > between the two.. > > MailScanner also starts quicker and is smaller with clamd as it doesn't > need to load all the signatures and code on each child start. > > Someone did a performance test a while ago (months), I can't remember the > results but I *think* from experience clamd is faster. > and the memory footprint of mailscanner is really small compared to clamavmodule > > > > -- > Martin Hepworth > Oxford, UK > > 2009/8/20 Brent Bolin > >> Performance, abilities etc... >> Thanks >> >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/7b3d3097/attachment.html From steve.freegard at fsl.com Thu Aug 20 18:47:20 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Aug 20 18:47:33 2009 Subject: Can somebody explain the differences between clamavmodule vs clamd In-Reply-To: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> References: <787dcac20908200916w22798c37g9dfd2fbc03cfc13@mail.gmail.com> Message-ID: <4A8D8C28.8060507@fsl.com> Brent Bolin wrote: > Performance, abilities etc... clamavmodule: advantages: no daemon to crash disadvantages: memory usage; each MailScanner child has a full copy of the signatures in memory. Mail::ClamAV module breaks on each new release; it can take some time for the author to fix these issues. Requires MailScanner reload on signature update to reload the ClamAV signatures. clamd: advantages: far lower memory usage; as Clamd is threaded it only has one copy of the signatures and each thread handles a connection from the MailScanner children. freshclamd can be used to update signatures; Clamd will get notified and reload the signatures without interruption to service (although there will be increased memory usage for a time). More standard way of speaking to Clamd disadvantages: Daemon required to be running (it doesn't crash for me; others have had issues with Sane sigs in the past), so service monitoring is required. Regards, Steve. From steve.freegard at fsl.com Thu Aug 20 18:51:15 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Thu Aug 20 18:51:26 2009 Subject: Localhost forgery In-Reply-To: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> Message-ID: <4A8D8D13.8090305@fsl.com> Kevin Miller wrote: > I'm being bombarded with a ton of spam that claims to be from localhost (but the IP isn't in the 127. range). They are false NDRs, bouncing off of foreign servers. A large number of my users are being joe-jobbed, and the remote servers send the NDRs here. Here's a couple of examples from the the mail log: > > Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged) > Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be forged) > > I'd really like to be able to block them at the MTA level, but barring that, a spamassassin rule would do nicely. Anybody have a rule available that would fit the bill? There are too many sources to try to blacklist - I'd be playing whack-a-mole all day long. > > (I've been on vacation the past few weeks, so if this has been discussed please let me know the subject line.) > Try: connect:127.0.0.1 OK connect:localhost REJECT In the access-map as the connect tag inspects the IP address and the PTR record which should work in this case provided Sendmail doesn't ignore it due to the '(may be forged)'. Regards, Steve. From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 18:51:40 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 18:51:51 2009 Subject: Configuration suggestion... In-Reply-To: References: <1249926135.5733.119.camel@canyon.wittsend.com> <4A806028.4070207@ecs.soton.ac.uk> <1249930586.5733.130.camel@canyon.wittsend.com> <4A81282E.7090509@ecs.soton.ac.uk> Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE1@city-exchange07> Julian Field wrote: > I could just do an upgrade_MailScanner_conf; mv; mv in the RPM > instead, that would remove the whole exercise from your hands. I just > thought many people might like the opportunity to do it by hand so > they get to see it working. Been out of town, so my reply isn't all that timely, but it seems like it would be easy enough to gen up a little script that does the steps for those that want to fast track it. If Jules is feeling bored one of these days w/nothing better to do (like that ever happens!), he could maybe include it in the download package - call it autoupdate.sh or something, I dunno. But he shouldn't have to hold our hands all the way down the garden path - if it was that much of an annoyance to me I'd just write one and put it in /root/bin. It would be, what, maybe 5 lines long? Just my .02 worth... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From alex at rtpty.com Thu Aug 20 18:54:21 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Thu Aug 20 18:54:35 2009 Subject: Localhost forgery In-Reply-To: <4A8D8D13.8090305@fsl.com> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> <4A8D8D13.8090305@fsl.com> Message-ID: <9CECAFCA-2326-448E-9CE7-B5D7171B3A7C@rtpty.com> Why not milter-null? It's free and specifically designed for this. On Aug 20, 2009, at 12:51 PM, Steve Freegard wrote: >> I'd really like to be able to block them at the MTA level, but >> barring that, a spamassassin rule would do nicely. Anybody have a >> rule available that would fit the bill? There are too many sources >> to try to blacklist - I'd be playing whack-a-mole all day long. > From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 19:10:38 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 19:10:51 2009 Subject: Localhost forgery In-Reply-To: <7d9b3cf20908201022g45c94788vc49f48940285a12a@mail.gmail.com> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> <7d9b3cf20908201022g45c94788vc49f48940285a12a@mail.gmail.com> Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE2@city-exchange07> No - On the MTA (sendmail) I'm running greet pause, smf-spf and smf-sav. Everytime I read about greylisting I don't quite get the difference between it and greet pause. Guess I'm just slow. Does it do more than greet pause? If I implement it, sould I discontinue use of greet pause or use them in conjunction w/each other? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Eduardo Casarero Sent: Thursday, August 20, 2009 9:22 AM To: MailScanner discussion Subject: Re: Localhost forgery 2009/8/20 Kevin Miller > I'm being bombarded with a ton of spam that claims to be from localhost (but the IP isn't in the 127. range). They are false NDRs, bouncing off of foreign servers. A large number of my users are being joe-jobbed, and the remote servers send the NDRs here. Here's a couple of examples from the the mail log: Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: from=>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be forged) Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: from=>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be forged) I'd really like to be able to block them at the MTA level, but barring that, a spamassassin rule would do nicely. Anybody have a rule available that would fit the bill? There are too many sources to try to blacklist - I'd be playing whack-a-mole all day long. do you use greylisting? (I've been on vacation the past few weeks, so if this has been discussed please let me know the subject line.) Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/3e319c2c/attachment.html From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 19:14:10 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 19:14:22 2009 Subject: Localhost forgery In-Reply-To: <72cf361e0908201045m7317740et18cd1a354687a475@mail.gmail.com> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> <72cf361e0908201045m7317740et18cd1a354687a475@mail.gmail.com> Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE3@city-exchange07> No - I have three inbound SMTP gateways, which point to an Exchange server. It sends outbound directly. Maybe time to set up either set up a outbound relay host? If I watermark them on mx-out will the inbound mx hosts all queue off the same watermark? ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: Thursday, August 20, 2009 9:45 AM To: MailScanner discussion Subject: Re: Localhost forgery Kevin does you outgoing go via MailScanner? if so make ure you're using the watermark feature of MailScanner. Still means you're accepting the email but it will mean any email thats an NDR without those watermark headers will get marked as spam. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090820/56a8311c/attachment.html From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 19:15:07 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 19:15:18 2009 Subject: Localhost forgery In-Reply-To: <9CECAFCA-2326-448E-9CE7-B5D7171B3A7C@rtpty.com> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> <4A8D8D13.8090305@fsl.com> <9CECAFCA-2326-448E-9CE7-B5D7171B3A7C@rtpty.com> Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE4@city-exchange07> Alex Neuman van der Hans wrote: > Why not milter-null? It's free and specifically designed for this. > > On Aug 20, 2009, at 12:51 PM, Steve Freegard wrote: > >>> I'd really like to be able to block them at the MTA level, but >>> barring that, a spamassassin rule would do nicely. Anybody have a >>> rule available that would fit the bill? There are too many sources >>> to try to blacklist - I'd be playing whack-a-mole all day long. Why not indeed! I'll look into it. Thanks... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From Kevin_Miller at ci.juneau.ak.us Thu Aug 20 20:11:09 2009 From: Kevin_Miller at ci.juneau.ak.us (Kevin Miller) Date: Thu Aug 20 20:11:22 2009 Subject: Localhost forgery In-Reply-To: <4A8D8D13.8090305@fsl.com> References: <4A09477D575C2C4B86497161427DD94C10EE645FE0@city-exchange07> <4A8D8D13.8090305@fsl.com> Message-ID: <4A09477D575C2C4B86497161427DD94C10EE645FE5@city-exchange07> Steve Freegard wrote: > Kevin Miller wrote: >> I'm being bombarded with a ton of spam that claims to be from >> localhost (but the IP isn't in the 127. range). They are false >> NDRs, bouncing off of foreign servers. A large number of my users >> are being joe-jobbed, and the remote servers send the NDRs here. >> Here's a couple of examples from the the mail log: >> >> Aug 20 06:32:30 mx2 sendmail-in[25703]: n7KEVnN7025703: >> from=, size=0, class=0, nrcpts=0, >> proto=ESMTP, daemon=MTA, relay=localhost [123.26.216.57] (may be >> forged) Aug 20 07:34:33 mx2 sendmail-in[29611]: n7KFYJdI029611: >> from=, size=0, class=0, nrcpts=0, >> proto=ESMTP, daemon=MTA, relay=localhost [222.254.108.100] (may be >> forged) >> >> I'd really like to be able to block them at the MTA level, but >> barring that, a spamassassin rule would do nicely. Anybody have a >> rule available that would fit the bill? There are too many sources >> to try to blacklist - I'd be playing whack-a-mole all day long. >> >> (I've been on vacation the past few weeks, so if this has been >> discussed please let me know the subject line.) >> > > Try: > > connect:127.0.0.1 OK > connect:localhost REJECT > > In the access-map as the connect tag inspects the IP address and the > PTR record which should work in this case provided Sendmail doesn't > ignore it due to the '(may be forged)'. Sending from the server itself fails when I do that. Thanks for the suggestion though... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 From jonas at vrt.dk Fri Aug 21 14:11:58 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri Aug 21 14:12:21 2009 Subject: Problem with newest mailscanner beta Message-ID: <002901ca2260$f6d85d20$e4891760$@dk> Hi all After upgrading to the newest beta and activating the ?don?t kill mailscanner? dos protection, it seems more mails are having issues being delivered. Do anybody else see a lot of these ?mail tried to kill mailscanner? events? Before we had like 1-3 incidents a year where a mail was being scanned over and over again by mailscanner. With the newest beta it seems to happen several times a week. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090821/f9c3c428/attachment.html From richard at fastnet.co.uk Fri Aug 21 17:02:41 2009 From: richard at fastnet.co.uk (Richard Mealing) Date: Fri Aug 21 17:02:23 2009 Subject: White lists per domain. Message-ID: Hi, I am running mailscanner with sa and trying out this whitelist per domain. It's working ok apart from we seem to get some issues where white listing is not taking place. I am adding the entries like the following in the domain files - Dir_to_directory/example.com *@domain.com *domain.com person@domain.com And so on. I take it this is ok, as apposed to the following format - From: *blahdomain.com yes ## In my logs I see the following - Aug 21 04:57:44 mailfilter7 MailScanner[20618]: Read whitelist for 1161 domains Aug 21 04:58:07 mailfilter6 MailScanner[19037]: Read whitelist for 1161 domains Aug 21 04:58:08 mailfilter7 MailScanner[12023]: Closing down by-domain spam whitelist Aug 21 04:58:09 mailfilter7 MailScanner[21457]: Starting up by-domain spam whitelist, reading from /f****/customer_rulesets/spam.bydomain/whitelist Aug 21 04:58:22 mailfilter7 MailScanner[21457]: Read whitelist for 1161 domains Aug 21 04:58:24 mailfilter7 MailScanner[7705]: Closing down by-domain spam whitelist Aug 21 04:58:25 mailfilter7 MailScanner[21792]: Starting up by-domain spam whitelist, reading from /f****/customer_rulesets/spam.bydomain/whitelist Aug 21 04:58:37 mailfilter7 MailScanner[21792]: Read whitelist for 1161 domains Aug 21 04:59:39 mailfilter6 MailScanner[84011]: Message n7L3xTf5022032 from 12*.**.64.14 (****@****.com) is whitelisted Aug 21 05:00:18 mailfilter6 MailScanner[94480]: Closing down by-domain spam whitelist Aug 21 05:00:19 mailfilter6 MailScanner[23486]: Starting up by-domain spam whitelist, reading from /**/customer_rulesets/spam.bydomain/whitelist/ Aug 21 05:00:43 mailfilter6 MailScanner[23486]: Read whitelist for 1161 domains Aug 21 05:01:31 mailfilter7 MailScanner[22669]: Closing down by-domain spam whitelist Aug 21 05:01:34 mailfilter7 MailScanner[25753]: Starting up by-domain spam whitelist, reading from /**/customer_rulesets/spam.bydomain/whitelist Aug 21 05:01:49 mailfilter7 MailScanner[25753]: Read whitelist for 1161 domains Aug 21 05:02:17 mailfilter4 MailScanner[60817]: Enabling SpamAssassin auto-whitelist functionality... Aug 21 05:02:36 mailfilter9 MailScanner[34519]: Closing down by-domain spam whitelist Aug 21 05:02:39 mailfilter9 MailScanner[26208]: Starting up by-domain spam whitelist, reading from /***/customer_rulesets/spam.bydomain/whitelist/ Aug 21 05:02:48 mailfilter6 MailScanner[97198]: Message n7L42eIE027969 from **.*.105.43 (|cumuli@blah.co.uk) is whitelisted Aug 21 05:03:03 mailfilter6 MailScanner[62033]: Message n7L42ut1028549 from **.**.129.204 (hnabbe@blah.co.uk) is whitelisted Aug 21 05:03:06 mailfilter9 MailScanner[26208]: Read whitelist for 1161 domains Aug 21 05:04:34 mailfilter7 MailScanner[21457]: Message n7L44S2m031047 from **.***.28.105 (update-206489-998e79e1@list.blah***.co.uk) is whitelisted Aug 21 05:05:01 mailfilter7 MailScanner[29142]: Closing down by-domain spam whitelist Aug 21 05:05:01 mailfilter7 MailScanner[33553]: Closing down by-domain spam whitelist Aug 21 05:05:02 mailfilter7 MailScanner[32135]: Starting up by-domain spam whitelist, readi I would like to know if there's any limit of entries I can add to the whitelists, and why I keep seeing it stop and start all the time. I wondering if when it stops this is when the entries get through and become spam? We've had a few complaints that white list entries are getting through. I can't see much documentation about this anywhere. Every domains whitelist has the global list we used to have, so all the whitelists are very large. I had to do this as some entries in the global list didn't have comments by them to say who they were for. Many thanks, Richard Mealing -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090821/e39476c1/attachment.html From E.Bloodaxe at gold.ac.uk Fri Aug 21 19:59:50 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Fri Aug 21 20:00:03 2009 Subject: Problem with latest version on RH 5.2 Message-ID: <4A8EEEA6.4080003@gold.ac.uk> I am finding that some messages which have negative SPAM scores are taged with {Spam?}. This appears not to be a spamassasin problem but some interaction between spamassasin and MailScanner. the versions are SpamAssassin version 3.2.4 running on Perl version 5.8.8. Can anyone assist? I am unsure of how to track down where the problem lies. The install is a standard of RedHat 5.2 and a standard install of MailScanner (tar file version)? I have some example messages but do not want to share these with the list. Regards From E.Bloodaxe at gold.ac.uk Fri Aug 21 20:25:19 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Fri Aug 21 20:25:36 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EEEA6.4080003@gold.ac.uk> References: <4A8EEEA6.4080003@gold.ac.uk> Message-ID: <4A8EF49F.7060805@gold.ac.uk> Erik Bloodaxe wrote: > I am finding that some messages which have negative SPAM scores are > taged with {Spam?}. This appears not to be a spamassasin problem but > some interaction between spamassasin and MailScanner. the versions > are SpamAssassin version 3.2.4 running on Perl version 5.8.8. Can > anyone assist? I am unsure of how to track down where the problem > lies. The install is a standard of RedHat 5.2 and a standard install > of MailScanner (tar file version)? > > I have some example messages but do not want to share these with the > list. > > Regards > To add a bit more I have copies of some messages which were tagged when sent, but, when I send them through again do not get tagged! This is an intermittent problem and realy annoying Help! Erik From bpirie at rma.edu Fri Aug 21 20:32:15 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Fri Aug 21 20:32:38 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EF49F.7060805@gold.ac.uk> References: <4A8EEEA6.4080003@gold.ac.uk> <4A8EF49F.7060805@gold.ac.uk> Message-ID: <4A8EF63F.6080806@rma.edu> Erik Bloodaxe wrote: > Erik Bloodaxe wrote: >> I am finding that some messages which have negative SPAM scores are >> taged with {Spam?}. This appears not to be a spamassasin problem but >> some interaction between spamassasin and MailScanner. the versions >> are SpamAssassin version 3.2.4 running on Perl version 5.8.8. Can >> anyone assist? I am unsure of how to track down where the problem >> lies. The install is a standard of RedHat 5.2 and a standard install >> of MailScanner (tar file version)? >> >> I have some example messages but do not want to share these with the >> list. >> >> Regards >> > To add a bit more I have copies of some messages which were tagged > when sent, but, when I send them through again do not get tagged! > > This is an intermittent problem and realy annoying > > Help! > > Erik Erik, Are you using Spam List = or Spam Domain List = ? If so then if Spam Lists To Be Spam is triggered, it will be marked as spam even if the SA score is negative. Brendan From E.Bloodaxe at gold.ac.uk Fri Aug 21 20:42:31 2009 From: E.Bloodaxe at gold.ac.uk (Erik Bloodaxe) Date: Fri Aug 21 20:42:43 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EF63F.6080806@rma.edu> References: <4A8EEEA6.4080003@gold.ac.uk> <4A8EF49F.7060805@gold.ac.uk> <4A8EF63F.6080806@rma.edu> Message-ID: <4A8EF8A7.6050208@gold.ac.uk> Brendan Pirie wrote: > Erik Bloodaxe wrote: >> Erik Bloodaxe wrote: >>> I am finding that some messages which have negative SPAM scores are >>> taged with {Spam?}. This appears not to be a spamassasin problem >>> but some interaction between spamassasin and MailScanner. the >>> versions are SpamAssassin version 3.2.4 running on Perl version >>> 5.8.8. Can anyone assist? I am unsure of how to track down where >>> the problem lies. The install is a standard of RedHat 5.2 and a >>> standard install of MailScanner (tar file version)? >>> >>> I have some example messages but do not want to share these with the >>> list. >>> >>> Regards >>> >> To add a bit more I have copies of some messages which were tagged >> when sent, but, when I send them through again do not get tagged! >> >> This is an intermittent problem and realy annoying >> >> Help! >> >> Erik > Erik, > > Are you using Spam List = or Spam Domain List = ? If so then if Spam > Lists To Be Spam is triggered, it will be marked as spam even if the > SA score is negative. > > Brendan I should have added I do not see this behaviour with Mail Scanner 4.57.6 and SpamAssassin version 3.1.9 running on Perl version 5.8.8 On the new system, with the problem, I have Spam List = MAPS+RBL+ spamhaus-ZEN Spam Domain List = while the older system (with out problem I have Spam List = SBL+XBL MAPS-RBL+ #costs money (except .ac.uk) Spam Domain List = SBL+XBL translates to a sub list of spamhaus-ZEN. So the difference is small. Would this account for the problem? Thanks Erik From bpirie at rma.edu Fri Aug 21 20:48:33 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Fri Aug 21 20:48:53 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EF8A7.6050208@gold.ac.uk> References: <4A8EEEA6.4080003@gold.ac.uk> <4A8EF49F.7060805@gold.ac.uk> <4A8EF63F.6080806@rma.edu> <4A8EF8A7.6050208@gold.ac.uk> Message-ID: <4A8EFA11.9030301@rma.edu> Erik Bloodaxe wrote: > Brendan Pirie wrote: >> Erik Bloodaxe wrote: >>> Erik Bloodaxe wrote: >>>> I am finding that some messages which have negative SPAM scores are >>>> taged with {Spam?}. This appears not to be a spamassasin problem >>>> but some interaction between spamassasin and MailScanner. the >>>> versions are SpamAssassin version 3.2.4 running on Perl version >>>> 5.8.8. Can anyone assist? I am unsure of how to track down where >>>> the problem lies. The install is a standard of RedHat 5.2 and a >>>> standard install of MailScanner (tar file version)? >>>> >>>> I have some example messages but do not want to share these with >>>> the list. >>>> >>>> Regards >>>> >>> To add a bit more I have copies of some messages which were tagged >>> when sent, but, when I send them through again do not get tagged! >>> >>> This is an intermittent problem and realy annoying >>> >>> Help! >>> >>> Erik >> Erik, >> >> Are you using Spam List = or Spam Domain List = ? If so then if Spam >> Lists To Be Spam is triggered, it will be marked as spam even if the >> SA score is negative. >> >> Brendan > I should have added I do not see this behaviour with Mail Scanner > 4.57.6 and SpamAssassin version 3.1.9 running on Perl version 5.8.8 > On the new system, with the problem, I have > Spam List = MAPS+RBL+ spamhaus-ZEN > > Spam Domain List = > > while the older system (with out problem I have > Spam List = SBL+XBL MAPS-RBL+ #costs money (except .ac.uk) > > Spam Domain List = > > SBL+XBL translates to a sub list of spamhaus-ZEN. So the difference > is small. Would this account for the problem? > > Thanks > > Erik Erik, It's entirely possible, if not probable, that is the cause. Brendan From maxsec at gmail.com Fri Aug 21 21:46:43 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Aug 21 21:46:52 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EFA11.9030301@rma.edu> References: <4A8EEEA6.4080003@gold.ac.uk> <4A8EF49F.7060805@gold.ac.uk> <4A8EF63F.6080806@rma.edu> <4A8EF8A7.6050208@gold.ac.uk> <4A8EFA11.9030301@rma.edu> Message-ID: <72cf361e0908211346v25ce8dbct3038ee60602c4d65@mail.gmail.com> 2009/8/21 Brendan Pirie > Erik Bloodaxe wrote: > >> Brendan Pirie wrote: >> >>> Erik Bloodaxe wrote: >>> >>>> Erik Bloodaxe wrote: >>>> >>>>> I am finding that some messages which have negative SPAM scores are >>>>> taged with {Spam?}. This appears not to be a spamassasin problem but some >>>>> interaction between spamassasin and MailScanner. the versions are >>>>> SpamAssassin version 3.2.4 running on Perl version 5.8.8. Can anyone >>>>> assist? I am unsure of how to track down where the problem lies. The >>>>> install is a standard of RedHat 5.2 and a standard install of MailScanner >>>>> (tar file version)? >>>>> >>>>> I have some example messages but do not want to share these with the >>>>> list. >>>>> >>>>> Regards >>>>> >>>>> To add a bit more I have copies of some messages which were tagged >>>> when sent, but, when I send them through again do not get tagged! >>>> >>>> This is an intermittent problem and realy annoying >>>> >>>> Help! >>>> >>>> Erik >>>> >>> Erik, >>> >>> Are you using Spam List = or Spam Domain List = ? If so then if Spam >>> Lists To Be Spam is triggered, it will be marked as spam even if the SA >>> score is negative. >>> >>> Brendan >>> >> I should have added I do not see this behaviour with Mail Scanner 4.57.6 >> and SpamAssassin version 3.1.9 running on Perl version 5.8.8 >> On the new system, with the problem, I have >> Spam List = MAPS+RBL+ spamhaus-ZEN >> >> Spam Domain List = >> >> while the older system (with out problem I have >> Spam List = SBL+XBL MAPS-RBL+ #costs money (except .ac.uk) >> >> Spam Domain List = >> >> SBL+XBL translates to a sub list of spamhaus-ZEN. So the difference is >> small. Would this account for the problem? >> >> Thanks >> >> Erik >> > Erik, > > It's entirely possible, if not probable, that is the cause. > > Brendan > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Hi make the following changes to MailScanner.conf and you'll get detailed reports in the header as why (or not) MailScanner marked things as spam. Spam Score Number Format = %5.2f Detailed Spam Report = yes Include Scores In SpamAssassin Report = yes Always Include SpamAssassin Report = yes Spam Score Number Format = %5.2f -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090821/cd75d9ae/attachment.html From ja at conviator.com Sun Aug 23 08:36:59 2009 From: ja at conviator.com (Jan Agermose) Date: Sun Aug 23 08:37:05 2009 Subject: SPF not "working correct" Message-ID: hi I had a small mishap in configuring the SPF plugin so no SPF records ever turned up in the SA scores. Now it does. Well mostly SPF_HELO_XXX - im more interested in SPF_PASS and SPF_FAIL and the others - not HELO related. Just they do not show up. When I send a email from our domian to a domain on the MailScanner setup there should be a SPF_PASS but nothing shows up. I searched the database to see if there is EVER a SPF_SPASS and there is :) 67 of them. All from spam - all from domains that actually have a SPF record - one that the plugin might need a small rewrite to overwrite the result and make it a SPF_FAILD? computercodewake.com. 3600 IN TXT "v=spf1 ip4:0.0.0.0/0 ?all" computercodewake.com. 3600 IN TXT "spf2.0/pra ip4:0.0.0.0/0 ?all" a) Since this is a completly open SPF record maybe it should really be turned in to a SPF_FAILD (user config maybe) b) anyway - my real problem is - why is this module not picking up on SPF records? What might I be missing - what can I check? Its newest MailScanner (at least as new as the FSL gold repo gives me :) - im gussing its new :) ) regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090823/fc780357/attachment.html From ja at conviator.com Sun Aug 23 09:40:52 2009 From: ja at conviator.com (Jan Agermose) Date: Sun Aug 23 09:40:58 2009 Subject: SPF not "working correct" In-Reply-To: References: Message-ID: I ran a test on a non-spam message from myself - it seams it does not get the Evelope-From - but maybe thats because of the way im running the test? spamassassin -D < /var/spool/MailScanner/quarantine/20090823/nonspam/n7N82uEC024928 2>&1 | grep -i spf [5112] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [5112] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [5112] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file [5112] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [5112] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf .cf [5112] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_sp f.cf" for included file [5112] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf .cf [5112] dbg: rules: ran header rule __SARE_HEAD_SUBJ_RAND ======> got hit: "test spf [5112] dbg: spf: checking to see if the message has a Received-SPF header that we can use [5112] dbg: spf: using Mail::SPF for SPF checks [5112] dbg: spf: checking HELO (helo=mx1.myoutlookonline.com, ip=64.95.72.238) [5112] dbg: spf: query for /64.95.72.238/mx1.myoutlookonline.com: result: none, comment: , text: No applicable sender policy available [5112] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [5112] dbg: spf: cannot get Envelope-From, cannot use SPF [5112] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [5112] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check Subject: test spf Thread-Topic: test spf From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jan Agermose Sent: 23. august 2009 09:37 To: MailScanner discussion Subject: SPF not "working correct" hi I had a small mishap in configuring the SPF plugin so no SPF records ever turned up in the SA scores. Now it does. Well mostly SPF_HELO_XXX - im more interested in SPF_PASS and SPF_FAIL and the others - not HELO related. Just they do not show up. When I send a email from our domian to a domain on the MailScanner setup there should be a SPF_PASS but nothing shows up. I searched the database to see if there is EVER a SPF_SPASS and there is :) 67 of them. All from spam - all from domains that actually have a SPF record - one that the plugin might need a small rewrite to overwrite the result and make it a SPF_FAILD? computercodewake.com. 3600 IN TXT "v=spf1 ip4:0.0.0.0/0 ?all" computercodewake.com. 3600 IN TXT "spf2.0/pra ip4:0.0.0.0/0 ?all" a) Since this is a completly open SPF record maybe it should really be turned in to a SPF_FAILD (user config maybe) b) anyway - my real problem is - why is this module not picking up on SPF records? What might I be missing - what can I check? Its newest MailScanner (at least as new as the FSL gold repo gives me :) - im gussing its new :) ) regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090823/b7ca0c3c/attachment.html From ja at conviator.com Sun Aug 23 10:34:16 2009 From: ja at conviator.com (Jan Agermose) Date: Sun Aug 23 10:34:22 2009 Subject: SPF not "working correct" In-Reply-To: References: Message-ID: seams to be a missing: envelope_sender_header From always_trust_envelope_sender 1 in /etc/mail/spamassassin/local.cf :) From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jan Agermose Sent: 23. august 2009 10:41 To: MailScanner discussion Subject: RE: SPF not "working correct" I ran a test on a non-spam message from myself - it seams it does not get the Evelope-From - but maybe thats because of the way im running the test? spamassassin -D < /var/spool/MailScanner/quarantine/20090823/nonspam/n7N82uEC024928 2>&1 | grep -i spf [5112] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [5112] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [5112] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file [5112] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [5112] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf .cf [5112] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_sp f.cf" for included file [5112] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf .cf [5112] dbg: rules: ran header rule __SARE_HEAD_SUBJ_RAND ======> got hit: "test spf [5112] dbg: spf: checking to see if the message has a Received-SPF header that we can use [5112] dbg: spf: using Mail::SPF for SPF checks [5112] dbg: spf: checking HELO (helo=mx1.myoutlookonline.com, ip=64.95.72.238) [5112] dbg: spf: query for /64.95.72.238/mx1.myoutlookonline.com: result: none, comment: , text: No applicable sender policy available [5112] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [5112] dbg: spf: cannot get Envelope-From, cannot use SPF [5112] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [5112] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check Subject: test spf Thread-Topic: test spf From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Jan Agermose Sent: 23. august 2009 09:37 To: MailScanner discussion Subject: SPF not "working correct" hi I had a small mishap in configuring the SPF plugin so no SPF records ever turned up in the SA scores. Now it does. Well mostly SPF_HELO_XXX - im more interested in SPF_PASS and SPF_FAIL and the others - not HELO related. Just they do not show up. When I send a email from our domian to a domain on the MailScanner setup there should be a SPF_PASS but nothing shows up. I searched the database to see if there is EVER a SPF_SPASS and there is :) 67 of them. All from spam - all from domains that actually have a SPF record - one that the plugin might need a small rewrite to overwrite the result and make it a SPF_FAILD? computercodewake.com. 3600 IN TXT "v=spf1 ip4:0.0.0.0/0 ?all" computercodewake.com. 3600 IN TXT "spf2.0/pra ip4:0.0.0.0/0 ?all" a) Since this is a completly open SPF record maybe it should really be turned in to a SPF_FAILD (user config maybe) b) anyway - my real problem is - why is this module not picking up on SPF records? What might I be missing - what can I check? Its newest MailScanner (at least as new as the FSL gold repo gives me :) - im gussing its new :) ) regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090823/2b834f5a/attachment.html From steve.freegard at fsl.com Sun Aug 23 12:29:04 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun Aug 23 12:29:17 2009 Subject: SPF not "working correct" In-Reply-To: References: Message-ID: <4A912800.5060305@fsl.com> Jan Agermose wrote: > seams to be a missing: > > > > envelope_sender_header From > > always_trust_envelope_sender 1 > > > > > > in /etc/mail/spamassassin/local.cf > > > > :) > > > No - that's both wrong and dangerous. If you use Sendmail; then with MailScanner you'll need to set: Add Envelope From Header = yes Envelope From Header = X-%org-name%-MailScanner-From: Then set 'envelope_sender_header' to the value of the Envelope From Header in local.cf and 'always_trust_envelope_sender 1' in local.cf Then it will work correctly. Regards, Steve. From ja at conviator.com Sun Aug 23 18:28:04 2009 From: ja at conviator.com (Jan Agermose) Date: Sun Aug 23 18:30:35 2009 Subject: SPF not "working correct" References: <4A912800.5060305@fsl.com> Message-ID: my mistake, I have envelope_sender_header X-mailwall-MailScanner-From always_trust_envelope_sender 1 this is also what you mean or? because I have %org-name% = mailwall ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Steve Freegard Sent: Sun 23-08-2009 13:29 To: MailScanner discussion Subject: Re: SPF not "working correct" Jan Agermose wrote: > seams to be a missing: > > > > envelope_sender_header From > > always_trust_envelope_sender 1 > > > > > > in /etc/mail/spamassassin/local.cf > > > > :) > > > No - that's both wrong and dangerous. If you use Sendmail; then with MailScanner you'll need to set: Add Envelope From Header = yes Envelope From Header = X-%org-name%-MailScanner-From: Then set 'envelope_sender_header' to the value of the Envelope From Header in local.cf and 'always_trust_envelope_sender 1' in local.cf Then it will work correctly. Regards, Steve. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4522 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090823/c3a18d85/attachment.bin From steve.freegard at fsl.com Sun Aug 23 19:02:13 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Sun Aug 23 19:02:43 2009 Subject: SPF not "working correct" In-Reply-To: References: <4A912800.5060305@fsl.com> Message-ID: <4A918425.7000702@fsl.com> Jan Agermose wrote: > my mistake, I have > > envelope_sender_header X-mailwall-MailScanner-From > always_trust_envelope_sender 1 > > this is also what you mean or? because I have %org-name% = mailwall > Yes - that's correct. Regards, Steve. From maillists at conactive.com Mon Aug 24 17:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Aug 24 17:31:32 2009 Subject: Problem with latest version on RH 5.2 In-Reply-To: <4A8EF8A7.6050208@gold.ac.uk> References: <4A8EEEA6.4080003@gold.ac.uk> <4A8EF49F.7060805@gold.ac.uk> <4A8EF63F.6080806@rma.edu> <4A8EF8A7.6050208@gold.ac.uk> Message-ID: Erik Bloodaxe wrote on Fri, 21 Aug 2009 20:42:31 +0100: > Spam List = MAPS+RBL+ spamhaus-ZEN MAPS *+* RBL ??? do you have a Maps-RBL subscription? > Would this account for the problem? First check if your problem messages *are* getting tagged by lists or not. AFAICS, you haven't done this yet. Apart from that it's possible that different results are fetched at different times. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ecasarero at gmail.com Mon Aug 24 19:11:47 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Mon Aug 24 19:12:16 2009 Subject: Filename Rule action Message-ID: <7d9b3cf20908241111yc6d1ec1hbdcbe8747263ab8d@mail.gmail.com> I'm trying to block some filenames/filetypes (that works ok) but i'm trying to save this blocked emails in quarantine in the spam folder, but MS saves it in /var/spool/MailScanner/quarantine//* i've been playing with MailScanner.conf with no result. Is there a way to configure MS to use the "spam-action" as the file action? and saving the email in the spam folder in 1 file, and notifying destination? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090824/1d1af88b/attachment.html From ja at conviator.com Mon Aug 24 22:48:38 2009 From: ja at conviator.com (Jan Agermose) Date: Mon Aug 24 22:48:44 2009 Subject: image spam again :) Message-ID: hi we are seeing a lot of image spam again. we are running sa update and the image tings they publish / imageinfo.cf and others. But lately a lot is getting through. Some tekst like the below and a attached image of a distorted viagra commercial "exciting.jpg". whats new in the world of stopping image spam :) Tion. We could not hear a word that was spoken; when, in some few succeeding seconds, the diapason stop only was opened ... and how sweet and touching was the melody which it imparted! "Oh Dieu! (exclaimed our valet) que cela est ravissant, et meme penetrant." This was true enough. A solemn stave or two of a hymn (during which a few other pipes were opened) was then performed by the organist ... and the effect was, as if these notes had been chanted by an invisible choir of angels. The darkness of the heavens added much to the solemnity of the whole. Silence ensuing, we were asked how we liked the church, the organ, and the organist? Of course there could be but one answer to make. The pulpit--situated at an angle where the choir and transept meet, and opposite to the place w -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090824/fb128e22/attachment.html From micoots at yahoo.com Mon Aug 24 22:51:11 2009 From: micoots at yahoo.com (Michael Mansour) Date: Mon Aug 24 22:51:21 2009 Subject: Archiving to MailArchiva Message-ID: <9011.51157.qm@web33307.mail.mud.yahoo.com> Hi, I've setup a mailarchiva server (OSE) and now want to archive mail from mailscanner into that server (only for a specific domain though). The server itself, by default, listens on these ports: 8090 - http web console port (e.g. http://localhost:8090/mailarchiva) 8091 - smtp port 8092 - smtp milter port 8009 - tomcat ajp port 8010 - tomcat shutdown port so it can accept smtp connections to archive the mail. It also has a tool (ex2mailarchiva) which can import mail into the archive using various formats like mbox. I've looked at the Archive mail options in MailScanner and not sure about the best way to approach this. I've tested the MailScanner archive system and using dated directories, it produces "queue" files which I could use with sendmail I guess to re-send those emails? If anyone's used mailarchiva before with MailScanner I'd be interested in how you finally decided to make it work. Or if anyone has other suggestions please chime in. Thanks. Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From steve.freegard at fsl.com Mon Aug 24 23:16:34 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Mon Aug 24 23:16:45 2009 Subject: image spam again :) In-Reply-To: References: Message-ID: <4A931142.3070406@fsl.com> Jan Agermose wrote: > hi > > > > we are seeing a lot of image spam again. we are running sa update and > the image tings they publish / imageinfo.cf and others. But lately a lot > is getting through. > I hadn't noticed... use zen.spamhaus.org and bl.spamcop.net at SMTP time along with 15 mins of greylisting for unknown hosts. Problem solved. Regards, Steve. From jtp at jtpage.net Tue Aug 25 02:00:36 2009 From: jtp at jtpage.net (Jeffry Page) Date: Tue Aug 25 02:00:58 2009 Subject: Greylisting... where to start... Message-ID: <004401ca251f$75b76e90$61264bb0$@net> OK so I keep hearing how great greylisting is and I am always trying to better the mail server, as I hate spam. Yes I found http://www.greylisting.org There is just an info overload with links all over. No comments or ratings on different methods / scripts so I don't know which is best. I am using sendmail and I already have MIMEDefang installed for something else. I thought implementing something in MIMEDefang would be best? I do know perl pretty good and can do whatever. Can anyone point in the right direction? Thanks. -------------------- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From micoots at yahoo.com Tue Aug 25 03:05:28 2009 From: micoots at yahoo.com (Michael Mansour) Date: Tue Aug 25 03:05:38 2009 Subject: Greylisting... where to start... Message-ID: <929776.71233.qm@web33305.mail.mud.yahoo.com> Hi, > OK so I keep hearing how great > greylisting is and > I am always trying to better the mail server, as I hate > spam. > > Yes I found http://www.greylisting.org > > There is just an info overload with links all over. > No comments or ratings on different methods / scripts so I > don't know which > is best. > > I am using sendmail and I already have MIMEDefang installed > for something > else. > > I thought implementing something in MIMEDefang would be > best? > > I do know perl pretty good and can do whatever. > > Can anyone point in the right direction? Thanks. I have been using milter-greylist for years: http://hcpnet.free.fr/milter-greylist/ with great success, I've found it as the best greylisting implementation for sendmail to date. Although opinions may vary. Regards, Michael. > -------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be > clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! > __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From ecasarero at gmail.com Tue Aug 25 04:13:12 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Aug 25 04:13:41 2009 Subject: Archiving to MailArchiva In-Reply-To: <9011.51157.qm@web33307.mail.mud.yahoo.com> References: <9011.51157.qm@web33307.mail.mud.yahoo.com> Message-ID: <7d9b3cf20908242013i65225129s191fcaf68ab08ce2@mail.gmail.com> 2009/8/24 Michael Mansour > Hi, > > I've setup a mailarchiva server (OSE) and now want to archive mail from > mailscanner into that server (only for a specific domain though). > > The server itself, by default, listens on these ports: > > 8090 - http web console port (e.g. http://localhost:8090/mailarchiva) > 8091 - smtp port > 8092 - smtp milter port > 8009 - tomcat ajp port > 8010 - tomcat shutdown port > > so it can accept smtp connections to archive the mail. > > It also has a tool (ex2mailarchiva) which can import mail into the archive > using various formats like mbox. > > I've looked at the Archive mail options in MailScanner and not sure about > the best way to approach this. I've tested the MailScanner archive system > and using dated directories, it produces "queue" files which I could use > with sendmail I guess to re-send those emails? > > If anyone's used mailarchiva before with MailScanner I'd be interested in > how you finally decided to make it work. Or if anyone has other suggestions > please chime in. > I've a mailarchiva OSE in testing. i've configured sendmail to have mailarchiva as milter and works ok. its very simple to configure. > > Thanks. > > Michael. > > > > > __________________________________________________________________________________ > Find local businesses and services in your area with Yahoo!7 Local. > Get started: http://local.yahoo.com.au > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090825/aa2eecd6/attachment.html From ecasarero at gmail.com Tue Aug 25 04:15:56 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Aug 25 04:16:25 2009 Subject: Greylisting... where to start... In-Reply-To: <929776.71233.qm@web33305.mail.mud.yahoo.com> References: <929776.71233.qm@web33305.mail.mud.yahoo.com> Message-ID: <7d9b3cf20908242015l521e18cfg3852594f5e662f6@mail.gmail.com> 2009/8/24 Michael Mansour > Hi, > > > OK so I keep hearing how great > > greylisting is and > > I am always trying to better the mail server, as I hate > > spam. > > > > Yes I found http://www.greylisting.org > > > > There is just an info overload with links all over. > > No comments or ratings on different methods / scripts so I > > don't know which > > is best. > > > > I am using sendmail and I already have MIMEDefang installed > > for something > > else. > > > > I thought implementing something in MIMEDefang would be > > best? > > > > I do know perl pretty good and can do whatever. > > > > Can anyone point in the right direction? Thanks. > > I have been using milter-greylist for years: > > http://hcpnet.free.fr/milter-greylist/ > > with great success, I've found it as the best greylisting implementation > for sendmail to date. Although opinions may vary. i agree, and that implementation has other funcionalities as dnsrbl, spf, uribl, etc. > > > Regards, > > Michael. > > > -------------------- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is believed to be > > clean. > > > > -- > > MailScanner mailing list > > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > Before posting, read http://wiki.mailscanner.info/posting > > > > Support MailScanner development - buy the book off the > > website! > > > > > > __________________________________________________________________________________ > Find local businesses and services in your area with Yahoo!7 Local. > Get started: http://local.yahoo.com.au > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090825/286f4ada/attachment.html From micoots at yahoo.com Tue Aug 25 07:00:58 2009 From: micoots at yahoo.com (Michael Mansour) Date: Tue Aug 25 07:01:11 2009 Subject: Archiving to MailArchiva Message-ID: <209282.63762.qm@web33305.mail.mud.yahoo.com> Hi Eduardo, --- On Tue, 25/8/09, Eduardo Casarero wrote: > From: Eduardo Casarero > Subject: Re: Archiving to MailArchiva > To: "MailScanner discussion" > Received: Tuesday, 25 August, 2009, 1:13 PM > > 2009/8/24 Michael Mansour > > Hi, > > I've setup a mailarchiva server (OSE) and now want to > archive mail from mailscanner into that server (only for a > specific domain though). > > The server itself, by default, listens on these ports: > > 8090 - http web console port (e.g. http://localhost:8090/mailarchiva) > 8091 - smtp port > 8092 - smtp milter port > 8009 - tomcat ajp port > 8010 - tomcat shutdown port > > so it can accept smtp connections to archive the mail. > > It also has a tool (ex2mailarchiva) which can import mail > into the archive using various formats like mbox. > > I've looked at the Archive mail options in MailScanner > and not sure about the best way to approach this. I've > tested the MailScanner archive system and using dated > directories, it produces "queue" files which I > could use with sendmail I guess to re-send those emails? > > If anyone's used mailarchiva before with MailScanner > I'd be interested in how you finally decided to make it > work. Or if anyone has other suggestions please chime in. > >> I've a mailarchiva OSE in testing. i've configured >> sendmail to have mailarchiva as milter and works ok. its >> very simple to configure. How did you do that? In earlier versions on sourceforge I see they have a perl script: sendmailpostfixagent.pl which can be used on sendmail hosts as a milter which can be used to "pipe" emails from the MX servers into the mailarchiva server, but I'm only interested in archiving one hosted domain and not all of them. I'm unsure whether mailarchiva only archives messages from domains that it knows about from it's config, or just accepts everything that's sent to it to archive it. That's why I'm taking a serious look at the "Archive Mail" feature of MailScanner. Since what I should be able to do is tell it to Archive all for a domain to mbox files, and then run a process of ex2mailarchiva to import those mbox files into the mailarchive server. I've also thought about getting MailScanner to "forward" copies of the emails to/from a domain to another email account and have procmail recipes to take action on those items, which I might be able to send to the mailarchiva server via smtp. I'm after something elegant though which is why I'm asking here. I've also asked on the mailarchiva forums and have yet to receive a reply. Their online KB is little help here also. Thanks. Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From jonas at vrt.dk Tue Aug 25 07:18:56 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 25 07:19:11 2009 Subject: image spam again :) In-Reply-To: <4A931142.3070406@fsl.com> References: <4A931142.3070406@fsl.com> Message-ID: <000f01ca254b$ed06a110$c713e330$@dk> > > we are seeing a lot of image spam again. we are running sa update and > > the image tings they publish / imageinfo.cf and others. But lately a lot > > is getting through. > > > > I hadn't noticed... use zen.spamhaus.org and bl.spamcop.net at SMTP time > along with 15 mins of greylisting for unknown hosts. Problem solved. > > Regards, > Steve. Mmmm well let's be frank Steve, that?s just simply entirely untrue :) The past weeks have seen a rise in image based spam, where many of them (the ones that doesn?t hit obvious rbl's etc) slip by even ocr plugins etc. If you take a look at the SA list you can see lots of people are seeing this new bunch of image spams and pretty penetrating. So far there's no sure fire way of stopping it if you are to judge by the sa users responses. I use spamhaus and spamcop in mta and greylist, and I've gotten a few of them myself. Many of them use the so called "flag" method where the image looks "wavy" like a flag, which is probably whats disabling the ocr techniques. If anybody got any advice I'd love to hear it. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From ram at netcore.co.in Tue Aug 25 07:22:57 2009 From: ram at netcore.co.in (ram) Date: Tue Aug 25 07:23:11 2009 Subject: Greylisting... where to start... In-Reply-To: <004401ca251f$75b76e90$61264bb0$@net> References: <004401ca251f$75b76e90$61264bb0$@net> Message-ID: <1251181377.18024.45.camel@darkstar.netcore.co.in> On Mon, 2009-08-24 at 20:00 -0500, Jeffry Page wrote: > OK so I keep hearing how great greylisting is and > I am always trying to better the mail server, as I hate spam. > > Yes I found http://www.greylisting.org > > There is just an info overload with links all over. > No comments or ratings on different methods / scripts so I don't know which > is best. > > I am using sendmail and I already have MIMEDefang installed for something > else. > > I thought implementing something in MIMEDefang would be best? > > I do know perl pretty good and can do whatever. > Greylisting should be handled by the MTA , probably by a milter. Use an existing milter ( unfortunately perl milters are unstable) But greylisting as a method is not appreciated by all. If you are doing it for your own domains mails on a single server that should be perfectly fine. But at a MX host with multiple servers greylists are a huge pain to manage and create more problems than solve them. Anyway with spammers using proper MTA's now greylists are not really that effective IMHO. > Can anyone point in the right direction? Thanks. > > > > > -------------------- > This message has been scanned for viruses and > dangerous content by MailScanner, and is believed to be clean. > From zaeem.arshad at gmail.com Tue Aug 25 08:02:36 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Tue Aug 25 08:02:48 2009 Subject: Multiple incoming and outgoing queue directories Message-ID: <3e1809420908250002g56c1c68bwb982be777902530f@mail.gmail.com> Hi, I have a requirement where I have multiple postfix instances running on the same box. Instance 1 has its directory structure in /queue1 while instance 2's postfix dir structure is in /queue2. Both directories are on separate partitions. I have tried setting up a file containing a list of the hold directories but MailScanner complains that the directories need to be on the same filesystem as the outgoing work dir. Why is that so? Also, is it possible to have multiple outgoing queue directories so that mailscanner can scan files in /queue1/hold and place them in /queue1/postfix/incoming and same for the second instance? Thanks Zaeem -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090825/e6f61a06/attachment.html From uxbod at splatnix.net Tue Aug 25 08:58:04 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Aug 25 08:58:26 2009 Subject: image spam again :) In-Reply-To: <4131489.6671251186367518.JavaMail.root@office.splatnix.net> Message-ID: <23562177.6691251187084189.JavaMail.root@office.splatnix.net> I believe John Hardin on the SA list has noticed some commenalities and asked for volunteers to check some new rules. Best Regards, ----- "Jonas A. Larsen" wrote: | > > we are seeing a lot of image spam again. we are running sa update | and | > > the image tings they publish / imageinfo.cf and others. But lately | a lot | > > is getting through. | > > | > | > I hadn't noticed... use zen.spamhaus.org and bl.spamcop.net at SMTP | time | > along with 15 mins of greylisting for unknown hosts. Problem | solved. | > | > Regards, | > Steve. | | Mmmm well let's be frank Steve, that?s just simply entirely untrue :) | | The past weeks have seen a rise in image based spam, where many of | them (the | ones that doesn?t hit obvious rbl's etc) slip by even ocr plugins | etc. | | If you take a look at the SA list you can see lots of people are | seeing this | new bunch of image spams and pretty penetrating. | | So far there's no sure fire way of stopping it if you are to judge by | the sa | users responses. | | I use spamhaus and spamcop in mta and greylist, and I've gotten a few | of | them myself. | | Many of them use the so called "flag" method where the image looks | "wavy" | like a flag, which is probably whats disabling the ocr techniques. | | If anybody got any advice I'd love to hear it. | | | | Med venlig hilsen / Best regards | | Jonas Akrouh Larsen | | TechBiz ApS | Laplandsgade 4, 2. sal | 2300 K?benhavn S | | Office: 7020 0979 | Direct: 3336 9974 | Mobile: 5120 1096 | Fax: 7020 0978 | Web: www.techbiz.dk | | | | -- | MailScanner mailing list | mailscanner@lists.mailscanner.info | http://lists.mailscanner.info/mailman/listinfo/mailscanner | | Before posting, read http://wiki.mailscanner.info/posting | | Support MailScanner development - buy the book off the website! | | -- | This message has been scanned for viruses and | dangerous content and is believed to be clean. | | SplatNIX IT Services :: Innovation through collaboration -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration From micoots at yahoo.com Tue Aug 25 09:03:57 2009 From: micoots at yahoo.com (Michael Mansour) Date: Tue Aug 25 09:04:11 2009 Subject: image spam again :) Message-ID: <768671.54354.qm@web33302.mail.mud.yahoo.com> Hi Jonas, > From: Jonas A. Larsen > Subject: RE: image spam again :) > To: "'MailScanner discussion'" > Received: Tuesday, 25 August, 2009, 4:18 PM > > > we are seeing a lot of > image spam again. we are running sa update and > > > the image tings they publish / imageinfo.cf and > others. But lately a lot > > > is getting through. > > > > > > > I hadn't noticed... use zen.spamhaus.org and > bl.spamcop.net at SMTP time > > along with 15 mins of greylisting for unknown > hosts.? Problem solved. > > > > Regards, > > Steve. > > Mmmm well let's be frank Steve, that?s just simply > entirely untrue :) > > The past weeks have seen a rise in image based spam, where > many of them (the > ones that doesn?t hit obvious rbl's etc) slip by even ocr > plugins etc. > > If you take a look at the SA list you can see lots of > people are seeing this > new bunch of image spams and pretty penetrating. > > So far there's no sure fire way of stopping it if you are > to judge by the sa > users responses. > > I use spamhaus and spamcop in mta and greylist, and I've > gotten a few of > them myself. > > Many of them use the so called "flag" method where the > image looks "wavy" > like a flag, which is probably whats disabling the ocr > techniques. > > If anybody got any advice I'd love to hear it. From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why? I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should. Regards, Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From micoots at yahoo.com Tue Aug 25 09:13:24 2009 From: micoots at yahoo.com (Michael Mansour) Date: Tue Aug 25 09:13:38 2009 Subject: sa-compile scheduling Message-ID: <225951.39862.qm@web33305.mail.mud.yahoo.com> Hi, I have just implemented this: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html to use sa-compile to compile the rulesets and speed up SA. Now I have sa-update cron'ed to run periodically, is sa-update clever enough to realise that this SA plugin is being used and to then run sa-compile on it's own? or must I now manually setup another cron job to compile the new rules downloaded by sa-update after they are updated? Thanks. Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From uxbod at splatnix.net Tue Aug 25 09:28:35 2009 From: uxbod at splatnix.net (--[ UxBoD ]--) Date: Tue Aug 25 09:29:03 2009 Subject: sa-compile scheduling In-Reply-To: <225951.39862.qm@web33305.mail.mud.yahoo.com> Message-ID: <30569703.6731251188915600.JavaMail.root@office.splatnix.net> ----- "Michael Mansour" wrote: | Hi, | | I have just implemented this: | | http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html | | to use sa-compile to compile the rulesets and speed up SA. | | Now I have sa-update cron'ed to run periodically, is sa-update clever | enough to realise that this SA plugin is being used and to then run | sa-compile on it's own? or must I now manually setup another cron job | to compile the new rules downloaded by sa-update after they are | updated? | | Thanks. | | Michael. | | | Why not put the sa-update in a script, under /usr/local/bin, and add sa-compile to the end of it. You can then call that via cron. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration From jonas at vrt.dk Tue Aug 25 10:04:03 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Tue Aug 25 10:04:14 2009 Subject: image spam again :) In-Reply-To: <768671.54354.qm@web33302.mail.mud.yahoo.com> References: <768671.54354.qm@web33302.mail.mud.yahoo.com> Message-ID: <000601ca2562$fe5b75f0$fb1261d0$@dk> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Michael Mansour > Sent: 25. august 2009 10:04 > To: MailScanner discussion > Subject: RE: image spam again :) > > Hi Jonas, > > > From: Jonas A. Larsen > > Subject: RE: image spam again :) > > To: "'MailScanner discussion'" > > Received: Tuesday, 25 August, 2009, 4:18 PM > > > > we are seeing a lot of > > image spam again. we are running sa update and > > > > the image tings they publish / imageinfo.cf and > > others. But lately a lot > > > > is getting through. > > > > > > > > > > I hadn't noticed... use zen.spamhaus.org and > > bl.spamcop.net at SMTP time > > > along with 15 mins of greylisting for unknown > > hosts. Problem solved. > > > > > > Regards, > > > Steve. > > > > Mmmm well let's be frank Steve, that?s just simply > > entirely untrue :) > > > > The past weeks have seen a rise in image based spam, where > > many of them (the > > ones that doesn?t hit obvious rbl's etc) slip by even ocr > > plugins etc. > > > > If you take a look at the SA list you can see lots of > > people are seeing this > > new bunch of image spams and pretty penetrating. > > > > So far there's no sure fire way of stopping it if you are > > to judge by the sa > > users responses. > > > > I use spamhaus and spamcop in mta and greylist, and I've > > gotten a few of > > them myself. > > > > Many of them use the so called "flag" method where the > > image looks "wavy" > > like a flag, which is probably whats disabling the ocr > > techniques. > > > > If anybody got any advice I'd love to hear it. > > From my end, I haven't noticed any image spam getting through. But, I use > SaneSecurity clam signatures which import the MSRBL image spam > definitions, so maybe that is why? > > I don't have time to go through the virus infected emails, but I'd suggest > if you don't use SaneSecurity signatures in ClamAV, you should. > > Regards, > > Michael. > I did deploy all the 3rd party clamav sigs as a test last week, and they are doing great. Thanks to julians latest addition I can score them in SA instaid of blocking them completely, so I wont be so vulnerable to FP's. I'm using bill landry's script to pull all of them auto. They do hit on a part of the new image spams. But not all of them unfortunately. But the problem would definitely be bigger without the 3rd party sigs. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From maxsec at gmail.com Tue Aug 25 10:58:39 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Aug 25 10:58:54 2009 Subject: sa-compile scheduling In-Reply-To: <225951.39862.qm@web33305.mail.mud.yahoo.com> References: <225951.39862.qm@web33305.mail.mud.yahoo.com> Message-ID: <72cf361e0908250258k4a2c6593lcd6fcfd0f65fda21@mail.gmail.com> You'll need to run sa-compile after every rule update, otherwise it'll keep using the old version of the rule that was sa-compiled.... as already suggested an '&& sa-compile' at the end of the cron job that does the update will do the job. -- Martin Hepworth Oxford, UK 2009/8/25 Michael Mansour > Hi, > > I have just implemented this: > > > http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html > > to use sa-compile to compile the rulesets and speed up SA. > > Now I have sa-update cron'ed to run periodically, is sa-update clever > enough to realise that this SA plugin is being used and to then run > sa-compile on it's own? or must I now manually setup another cron job to > compile the new rules downloaded by sa-update after they are updated? > > Thanks. > > Michael. > > > > __________________________________________________________________________________ > Find local businesses and services in your area with Yahoo!7 Local. > Get started: http://local.yahoo.com.au > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090825/402dca44/attachment.html From ecasarero at gmail.com Tue Aug 25 13:59:41 2009 From: ecasarero at gmail.com (Eduardo Casarero) Date: Tue Aug 25 14:00:15 2009 Subject: Archiving to MailArchiva In-Reply-To: <209282.63762.qm@web33305.mail.mud.yahoo.com> References: <209282.63762.qm@web33305.mail.mud.yahoo.com> Message-ID: <7d9b3cf20908250559s29c0fb3ckf66612200c8bca68@mail.gmail.com> 2009/8/25 Michael Mansour > Hi Eduardo, > > --- On Tue, 25/8/09, Eduardo Casarero wrote: > > > From: Eduardo Casarero > > Subject: Re: Archiving to MailArchiva > > To: "MailScanner discussion" > > Received: Tuesday, 25 August, 2009, 1:13 PM > > > > 2009/8/24 Michael Mansour > > > > Hi, > > > > I've setup a mailarchiva server (OSE) and now want to > > archive mail from mailscanner into that server (only for a > > specific domain though). > > > > The server itself, by default, listens on these ports: > > > > 8090 - http web console port (e.g. http://localhost:8090/mailarchiva) > > 8091 - smtp port > > 8092 - smtp milter port > > 8009 - tomcat ajp port > > 8010 - tomcat shutdown port > > > > so it can accept smtp connections to archive the mail. > > > > It also has a tool (ex2mailarchiva) which can import mail > > into the archive using various formats like mbox. > > > > I've looked at the Archive mail options in MailScanner > > and not sure about the best way to approach this. I've > > tested the MailScanner archive system and using dated > > directories, it produces "queue" files which I > > could use with sendmail I guess to re-send those emails? > > > > If anyone's used mailarchiva before with MailScanner > > I'd be interested in how you finally decided to make it > > work. Or if anyone has other suggestions please chime in. > > > >> I've a mailarchiva OSE in testing. i've configured > >> sendmail to have mailarchiva as milter and works ok. its > >> very simple to configure. > > How did you do that? > you have to add this to your sendmail.cf O InputMailFilters= mailarchiva Xmailarchiva, S=inet:8092@192.168.123.123 (ip and port of mailarchiva) (i dont remember the sintax to add it to sendmail.mc and then run m4) > In earlier versions on sourceforge I see they have a perl script: > > sendmailpostfixagent.pl > > which can be used on sendmail hosts as a milter which can be used to "pipe" > emails from the MX servers into the mailarchiva server, but I'm only > interested in archiving one hosted domain and not all of them. > > I'm unsure whether mailarchiva only archives messages from domains that it > knows about from it's config, or just accepts everything that's sent to it > to archive it. I've just checked an only stores emails from domains that it knwos about. for example all localhost emails (logwatch, crontab notifications, etc) were not stored in my config. > > > That's why I'm taking a serious look at the "Archive Mail" feature of > MailScanner. Since what I should be able to do is tell it to Archive all for > a domain to mbox files, and then run a process of ex2mailarchiva to import > those mbox files into the mailarchive server. > > I've also thought about getting MailScanner to "forward" copies of the > emails to/from a domain to another email account and have procmail recipes > to take action on those items, which I might be able to send to the > mailarchiva server via smtp. > > I'm after something elegant though which is why I'm asking here. I've also > asked on the mailarchiva forums and have yet to receive a reply. mmm you get a complex setup doing that, i rather preffer the milter solution, it just works. > > > Their online KB is little help here also. > > Thanks. > > Michael. > > > > > __________________________________________________________________________________ > Find local businesses and services in your area with Yahoo!7 Local. > Get started: http://local.yahoo.com.au > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090825/11c752cd/attachment.html From dave.list at pixelhammer.com Tue Aug 25 14:38:22 2009 From: dave.list at pixelhammer.com (DAve) Date: Tue Aug 25 14:38:56 2009 Subject: Archiving to MailArchiva In-Reply-To: <9011.51157.qm@web33307.mail.mud.yahoo.com> References: <9011.51157.qm@web33307.mail.mud.yahoo.com> Message-ID: <4A93E94E.1000907@pixelhammer.com> Michael Mansour wrote: > If anyone's used mailarchiva before with MailScanner I'd be interested in how you finally decided to make it work. Or if anyone has other suggestions please chime in. In MailArchiva, 1) Under listeners, check "Listen for incoming Exchange/SMTP requests". 2) Enter "25" in the "Exchange/SMTP Port" field. 3) Select your MailArchiva's server IP in the "Bind IP Address" field. 4) Click "Save". 5) Under "Domains", click the "New Domain" button. 6) Enter the domain you want to archive mail for in the "Domain Name" field. 7) Click "Save". In MailScanner, 1) In rules directory create "archive.rules" file. 2) In archive.rules file add this line, To: *@ forward archive@ 3) In MailScanner.conf change, #Archive Mail = /local/spool/MailScanner/archive to Archive Mail = %rules-dir%/archive.rules 4) Create a DNS A record for with the mailarchive IP from step 3 in configuring MailArchiva. 5) Restart MailScanner. Warning Will Robinson !!!!!!, this was off the top of my head, some fine adjustment may be called for. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org From MailScanner at ecs.soton.ac.uk Tue Aug 25 16:07:48 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Tue Aug 25 16:08:12 2009 Subject: sa-compile scheduling In-Reply-To: <30569703.6731251188915600.JavaMail.root@office.splatnix.net> References: <30569703.6731251188915600.JavaMail.root@office.splatnix.net> <4A93FE44.8070102@ecs.soton.ac.uk> Message-ID: On 25/08/2009 09:28, --[ UxBoD ]-- wrote: > ----- "Michael Mansour" wrote: > > | Hi, > | > | I have just implemented this: > | > | http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html > | > | to use sa-compile to compile the rulesets and speed up SA. > | > | Now I have sa-update cron'ed to run periodically, is sa-update clever > | enough to realise that this SA plugin is being used and to then run > | sa-compile on it's own? or must I now manually setup another cron job > | to compile the new rules downloaded by sa-update after they are > | updated? > | > | Thanks. > | > | Michael. > | > | > | > Why not put the sa-update in a script, under /usr/local/bin, and add sa-compile to the end of it. You can then call that via cron. > You can use my update_spamassassin which you will find in /usr/sbin if I remember correctly, which will call sa-compile and everything for you. Just install "re2c" from rpmforge so you have the tool it will need. You may well find this is already in your /etc/cron.hourly or /etc/cron.daily so it's being run for you. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Tue Aug 25 18:36:49 2009 From: mike at mlrw.com (Mike Wallace) Date: Tue Aug 25 18:37:00 2009 Subject: "include path-to-conf-files" in 4.78.9 Message-ID: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> Jules, I hope you are enjoying or enjoyed (based on when you read this) your well deserved vacation in the States. I have been playing with "include path-to-conf-files" in 4.78.9 and found a couple of limitations that I want to verify. It seems that the following parameters are ignored when in the include file: %org-name% = %org-long-name% = %web-site% = Run As User = Run As Group = MTA = Is this by design or a "feature"? Are their other parameters that can't be in the include file? The reason I ask is that I am trying to put all of my site specific configuration changes in the include file so that the only thing I have to do to MailScanner.conf is add "include /etc/MailScanner/config/ mysite.conf". It would be awesome if you had "include /etc/MailScanner/config/ *.conf" in MailScanner.conf. Then if the directory or and/or any files in that directory did not exist, they would be ignored. That way those who don't want to use it can edit the configuration file like they always have. Mike From glenn.steen at gmail.com Tue Aug 25 18:57:50 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Aug 25 18:58:00 2009 Subject: Filename Rule action In-Reply-To: <7d9b3cf20908241111yc6d1ec1hbdcbe8747263ab8d@mail.gmail.com> References: <7d9b3cf20908241111yc6d1ec1hbdcbe8747263ab8d@mail.gmail.com> Message-ID: <223f97700908251057l15fe0f1es4fce8be821a2d672@mail.gmail.com> 2009/8/24 Eduardo Casarero : > I'm trying to block some filenames/filetypes (that works ok) but i'm trying > to save this blocked emails in quarantine in the spam folder, but MS saves > it in /var/spool/MailScanner/quarantine//* i've been playing > with MailScanner.conf with no result. > It is viewed as an "Other" type of infection, and as such handled (IMO correctly so) as a potential virus... and thus put in the virus quarantine. Why would you like to do it differently? > Is there a way to configure MS to use the "spam-action" as the file action? Don't think so, no. Unless you ditch the filename/-type things (simply turn them off) and do some specific SA rules to replace them... and then do SA rule hit actions for them, or set some silly scores;-)... > and saving the email in the spam folder in 1 file, and notifying > destination? ... which would land them there... > Thanks! > But again... Why would you need it? If you have a compelling reason, I'm sure Jules can dream something up...:-D Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Tue Aug 25 19:10:21 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Tue Aug 25 19:10:34 2009 Subject: Multiple incoming and outgoing queue directories In-Reply-To: <3e1809420908250002g56c1c68bwb982be777902530f@mail.gmail.com> References: <3e1809420908250002g56c1c68bwb982be777902530f@mail.gmail.com> Message-ID: <223f97700908251110o7958187em551fe64ebe8dc53b@mail.gmail.com> 2009/8/25 Zaeem Arshad : > Hi, > I have a requirement where I have multiple postfix instances running on the > same box. Instance 1 has its directory structure in /queue1 while instance > 2's postfix dir structure is in /queue2. Both directories are on separate > partitions. I have tried setting up a file containing a list of the hold > directories but MailScanner complains that the directories need to be on the > same filesystem as the outgoing work dir. Why is that so??Also, is it Queue file ID is generated (for resubmitted/reconstructed mail) as a dunction of the inode numer and the current millisecond. So you cannot create the file on one filesystem and then copy it over to the outgoing directory (which happen to be "incoming", usually;-), since that would break that relationship (inode numbers are only unique in the respective filesystems. Doing a copy would mean having possible duplicates in the series)... So that mandates that the "moving into place" need be through linking, or on other words an mv, not a copy operation. > possible to have multiple outgoing queue directories so that mailscanner can > scan files in /queue1/hold and place them in /queue1/postfix/incoming and > same for the second instance? All that is mandated is that the work directory and the respective outgoing directories be on the same filesystem... Not the hold, IIRC;-)... Or you could try run multiple MSes. But really... What kind of requirement would mandate you set it up like that? Are you sure there is no other, more or less sane, wayto do it? > > Thanks > Zaeem Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jaearick at colby.edu Tue Aug 25 20:52:34 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Tue Aug 25 20:52:51 2009 Subject: MS 4.78.9-1, process did not exit cleanly Message-ID: Julian, Since upgrading from 4.77.9-1 to 4.78.9-1 yesterday, I've noticed a lot of: MailScanner: waiting for children to die: [ID 702911 user.warning] Process did not exit cleanly, returned 2 with signal 0 syslog messages. This is coming from the main routine methinks. Anything to worry about? My setup: Solaris 10, sparc, sendmail, Spamassassin, clamd. Jeff Earickson Colby College From zaeem.arshad at gmail.com Wed Aug 26 03:57:52 2009 From: zaeem.arshad at gmail.com (Zaeem Arshad) Date: Wed Aug 26 03:58:02 2009 Subject: Multiple incoming and outgoing queue directories In-Reply-To: <223f97700908251110o7958187em551fe64ebe8dc53b@mail.gmail.com> References: <3e1809420908250002g56c1c68bwb982be777902530f@mail.gmail.com> <223f97700908251110o7958187em551fe64ebe8dc53b@mail.gmail.com> Message-ID: <3e1809420908251957v79d3db2fwa3e7b22818516d4d@mail.gmail.com> On Wed, Aug 26, 2009 at 12:10 AM, Glenn Steen wrote: > 2009/8/25 Zaeem Arshad : > > Hi, > > I have a requirement where I have multiple postfix instances running on > the > > same box. Instance 1 has its directory structure in /queue1 while > instance > > 2's postfix dir structure is in /queue2. Both directories are on separate > > partitions. I have tried setting up a file containing a list of the hold > > directories but MailScanner complains that the directories need to be on > the > > same filesystem as the outgoing work dir. Why is that so? Also, is it > Queue file ID is generated (for resubmitted/reconstructed mail) as a > dunction of the inode numer and the current millisecond. So you cannot > create the file on one filesystem and then copy it over to the > outgoing directory (which happen to be "incoming", usually;-), since > that would break that relationship (inode numbers are only unique in > the respective filesystems. Doing a copy would mean having possible > duplicates in the series)... So that mandates that the "moving into > place" need be through linking, or on other words an mv, not a copy > operation. > > > possible to have multiple outgoing queue directories so that mailscanner > can > > scan files in /queue1/hold and place them in /queue1/postfix/incoming and > > same for the second instance? > > All that is mandated is that the work directory and the respective > outgoing directories be on the same filesystem... Not the hold, > IIRC;-)... Or you could try run multiple MSes. > > But really... What kind of requirement would mandate you set it up > like that? Are you sure there is no other, more or less sane, wayto do > it. The mail gateway is running multiple instances of postfix. It is treating both corporate email and our customers traffic. I'd like to have both kind of emails scanned by MS but delivered outside using specific outbound IP addresses. In the current scenario, the IP of the postfix instance whose incoming queue is used by MS is used. I couldn't find any good resource on running multiple MS. Got any pointers? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090826/2f1abc78/attachment.html From micoots at yahoo.com Wed Aug 26 08:35:09 2009 From: micoots at yahoo.com (Michael Mansour) Date: Wed Aug 26 08:35:28 2009 Subject: Multiple incoming and outgoing queue directories Message-ID: <196148.12504.qm@web33306.mail.mud.yahoo.com> Hi, --- On Wed, 26/8/09, Zaeem Arshad wrote: > From: Zaeem Arshad > Subject: Re: Multiple incoming and outgoing queue directories > To: "MailScanner discussion" > Received: Wednesday, 26 August, 2009, 12:57 PM > > > On Wed, Aug 26, 2009 at 12:10 AM, > Glenn Steen > wrote: > > 2009/8/25 Zaeem Arshad : > > > Hi, > > > I have a requirement where I have multiple postfix > instances running on the > > > same box. Instance 1 has its directory structure in > /queue1 while instance > > > 2's postfix dir structure is in /queue2. Both > directories are on separate > > > partitions. I have tried setting up a file containing > a list of the hold > > > directories but MailScanner complains that the > directories need to be on the > > > same filesystem as the outgoing work dir. Why is that > so??Also, is it > > Queue file ID is generated (for > resubmitted/reconstructed mail) as a > > dunction of the inode numer and the current millisecond. So > you cannot > > create the file on one filesystem and then copy it over to > the > > outgoing directory (which happen to be > "incoming", usually;-), since > > that would break that relationship (inode numbers are only > unique in > > the respective filesystems. Doing a copy would mean having > possible > > duplicates in the series)... So that mandates that the > "moving into > > place" need be through linking, or on other words an > mv, not a copy > > operation. > > > > > possible to have multiple outgoing queue directories > so that mailscanner can > > > scan files in /queue1/hold and place them in > /queue1/postfix/incoming and > > > same for the second instance? > > > > All that is mandated is that the work directory and > the respective > > outgoing directories be on the same filesystem... Not the > hold, > > IIRC;-)... Or you could try run multiple MSes. > > > > But really... What kind of requirement would mandate you > set it up > > like that? Are you sure there is no other, more or less > sane, wayto do > > it. > > The mail gateway is running multiple instances > of postfix. It is treating both corporate email and our > customers traffic. I'd like to have both kind of emails > scanned by MS but delivered outside using specific outbound > IP addresses. In the current scenario, the IP of the postfix > instance whose incoming queue is used by MS is used.? > > I couldn't find any good resource on running > multiple MS. Got any pointers? I started to look at doing that about a month or more ago, and emailed the list here about it but didn't receive any response. I looked into it for days and after various tests, came to the conclusion the best way to do it was using chroot'ed environments, one each for two sendmail instances and then one each for two MailScanner instances. It was quite straight forward overall but I abandoned the idea when I realised if I'd set such a thing up, not too many people would have the skillset to manage it after me. So decided to keep it simple. BTW, I needed it to run two instances of sendmail on the one box, as I setup the environment in a HA hosting platform. Regards, Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From micoots at yahoo.com Wed Aug 26 09:48:01 2009 From: micoots at yahoo.com (Michael Mansour) Date: Wed Aug 26 09:48:12 2009 Subject: sa-compile scheduling Message-ID: <733510.70172.qm@web33301.mail.mud.yahoo.com> Hi Jules, --- On Wed, 26/8/09, Jules Field wrote: > From: Jules Field > Subject: Re: sa-compile scheduling > To: "MailScanner discussion" > Received: Wednesday, 26 August, 2009, 1:07 AM > > > On 25/08/2009 09:28, --[ UxBoD ]-- wrote: > > ----- "Michael Mansour"? > wrote: > > > > | Hi, > > | > > | I have just implemented this: > > | > > | http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html > > | > > | to use sa-compile to compile the rulesets and speed > up SA. > > | > > | Now I have sa-update cron'ed to run periodically, is > sa-update clever > > | enough to realise that this SA plugin is being used > and to then run > > | sa-compile on it's own? or must I now manually setup > another cron job > > | to compile the new rules downloaded by sa-update > after they are > > | updated? > > | > > | Thanks. > > | > > | Michael. > > | > > Why not put the sa-update in a script, under > /usr/local/bin, and add sa-compile to the end of it.? > You can then call that via cron. > >? ? > You can use my update_spamassassin which you will find in > /usr/sbin if I remember correctly, which will call > sa-compile and everything for you. Just install "re2c" from > rpmforge so you have the tool it will need. > You may well find this is already in your /etc/cron.hourly > or /etc/cron.daily so it's being run for you. Yes you're right, I haven't looked at this for some years but I did have your update_spamassassin script running (together with the sa-update.cron script which comes with the SA RPM). So yes, I was running it twice from two RPM packages and didn't realise ;) I've cleaned that setup up now so it's only run once a night from all the mail servers. Thanks. Michael. > Jules > > -- Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from > your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 > B654 > Follow me at twitter.com/JulesFM and > twitter.com/MailScanner > > > -- This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From micoots at yahoo.com Wed Aug 26 09:57:20 2009 From: micoots at yahoo.com (Michael Mansour) Date: Wed Aug 26 09:57:29 2009 Subject: Archiving to MailArchiva Message-ID: <440359.51215.qm@web33304.mail.mud.yahoo.com> Hi Dave, --- On Tue, 25/8/09, DAve wrote: > From: DAve > Subject: Re: Archiving to MailArchiva > To: "MailScanner discussion" > Received: Tuesday, 25 August, 2009, 11:38 PM > Michael Mansour wrote: > > > If anyone's used mailarchiva before with MailScanner > I'd be interested in how you finally decided to make it > work. Or if anyone has other suggestions please chime in. > > In MailArchiva, > > 1) Under listeners, check "Listen for incoming > Exchange/SMTP requests". > > 2) Enter "25" in the "Exchange/SMTP Port" field. > > 3) Select your MailArchiva's server IP in the "Bind IP > Address" field. Hmm.. I didn't consider having the mailarchiva server listening on port 25, thanks for the tip. > 4) Click "Save". > > 5) Under "Domains", click the "New Domain" button. > > 6) Enter the domain you want to archive mail for in the > "Domain Name" field. > > 7) Click "Save". > > In MailScanner, > > 1) In rules directory create "archive.rules" file. > > 2) In archive.rules file add this line, > To: *@ forward > archive@ > > 3) In MailScanner.conf change, > ? #Archive Mail = /local/spool/MailScanner/archive > to > ? Archive Mail = %rules-dir%/archive.rules > > 4) Create a DNS A record for > with the mailarchive IP from step 3 in configuring > MailArchiva. I'm trying to understand how this will work. Step 2 requires all the to/from emails of that particular domain to go to one mailbox? I'd likely setup step 2 to be: To: *@ forward archive@ so won't need Step 4 as it'll be the real server. But then the mailarchiva server will recieve these on its port 25, but destined to the "archive" account, you think even if that account didn't exist, the server would simply just sort the emails anyway? I know advanced rulesets can be added to the mailarchiva server, but I'm still new to it myself. Even though it's off the top of your head, it's a possibility this may work. Thanks. Michael. > 5) Restart MailScanner. > > Warning Will Robinson !!!!!!, this was off the top of my > head, some fine adjustment may be called for. > > DAve > > -- "Posterity, you will know how much it cost the present > generation to > preserve your freedom.? I hope you will make good use > of it.? If you > do not, I shall repent in heaven that ever I took half the > pains to > preserve it." John Quincy Adams > > http://appleseedinfo.org > > -- MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the > website! __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From glenn.steen at gmail.com Wed Aug 26 10:03:13 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Aug 26 10:03:22 2009 Subject: Multiple incoming and outgoing queue directories In-Reply-To: <3e1809420908251957v79d3db2fwa3e7b22818516d4d@mail.gmail.com> References: <3e1809420908250002g56c1c68bwb982be777902530f@mail.gmail.com> <223f97700908251110o7958187em551fe64ebe8dc53b@mail.gmail.com> <3e1809420908251957v79d3db2fwa3e7b22818516d4d@mail.gmail.com> Message-ID: <223f97700908260203j10600fe6ke8f030e0719d5522@mail.gmail.com> 2009/8/26 Zaeem Arshad : > > > On Wed, Aug 26, 2009 at 12:10 AM, Glenn Steen wrote: >> >> 2009/8/25 Zaeem Arshad : >> > Hi, >> > I have a requirement where I have multiple postfix instances running on >> > the >> > same box. Instance 1 has its directory structure in /queue1 while >> > instance >> > 2's postfix dir structure is in /queue2. Both directories are on >> > separate >> > partitions. I have tried setting up a file containing a list of the hold >> > directories but MailScanner complains that the directories need to be on >> > the >> > same filesystem as the outgoing work dir. Why is that so??Also, is it >> Queue file ID is generated (for resubmitted/reconstructed mail) as a >> dunction of the inode numer and the current millisecond. So you cannot >> create the file on one filesystem and then copy it over to the >> outgoing directory (which happen to be "incoming", usually;-), since >> that would break that relationship (inode numbers are only unique in >> the respective filesystems. Doing a copy would mean having possible >> duplicates in the series)... So that mandates that the "moving into >> place" need be through linking, or on other words an mv, not a copy >> operation. >> >> > possible to have multiple outgoing queue directories so that mailscanner >> > can >> > scan files in /queue1/hold and place them in /queue1/postfix/incoming >> > and >> > same for the second instance? >> >> All that is mandated is that the work directory and the respective >> outgoing directories be on the same filesystem... Not the hold, >> IIRC;-)... Or you could try run multiple MSes. >> >> But really... What kind of requirement would mandate you set it up >> like that? Are you sure there is no other, more or less sane, wayto do >> it. > > The mail gateway is running multiple instances of postfix. It is treating > both corporate email and our customers traffic. I'd like to have both kind > of emails scanned by MS but delivered outside using specific outbound IP > addresses. In the current scenario, the IP of the postfix instance whose > incoming queue is used by MS is used. > I couldn't find any good resource on running multiple MS. Got any pointers? > Ok. You do know that there is absolutely nothing stipulating that you must send mail for a specific domain from a specific IP adress? Sure, SPF and such may impose that on you, but ... you usually solve that some other way (like allow that actual IP adress:-). Oh well...:-) options to run multiple MS would include a) a different physical machine, b) a different virtual machine, c) (as Mike describe so well) chroot jails. Or I suppose you could play with just one instance and do some transportmap and inet_interface thing to achieve what you want... Would entail a second smtp (on some high port) with options set for inet_inetrface, so that it'd pretend to be from the secondary IF... Haven't really thought this through, but it should be fairly simple to implement...:-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From micoots at yahoo.com Wed Aug 26 10:03:49 2009 From: micoots at yahoo.com (Michael Mansour) Date: Wed Aug 26 10:03:59 2009 Subject: Archiving to MailArchiva Message-ID: <552026.77725.qm@web33301.mail.mud.yahoo.com> Hi Eduardo, --- On Tue, 25/8/09, Eduardo Casarero wrote: > From: Eduardo Casarero > Subject: Re: Archiving to MailArchiva > To: "MailScanner discussion" > Received: Tuesday, 25 August, 2009, 10:59 PM > > > 2009/8/25 Michael Mansour > > > Hi Eduardo, > > > > --- On Tue, 25/8/09, Eduardo Casarero > wrote: > > > > > From: Eduardo Casarero > > > Subject: Re: Archiving to MailArchiva > > > To: "MailScanner discussion" > > > Received: Tuesday, 25 August, 2009, 1:13 PM > > > > > > 2009/8/24 Michael Mansour > > > > > > Hi, > > > > > > I've setup a mailarchiva server (OSE) and now want > to > > > archive mail from mailscanner into that server (only > for a > > > specific domain though). > > > > > > The server itself, by default, listens on these > ports: > > > > > > 8090 - http web console port (e.g. http://localhost:8090/mailarchiva) > > > 8091 - smtp port > > > 8092 - smtp milter port > > > 8009 - tomcat ajp port > > > 8010 - tomcat shutdown port > > > > > > so it can accept smtp connections to archive the > mail. > > > > > > It also has a tool (ex2mailarchiva) which can import > mail > > > into the archive using various formats like mbox. > > > > > > I've looked at the Archive mail options in > MailScanner > > > and not sure about the best way to approach this. > I've > > > tested the MailScanner archive system and using dated > > > directories, it produces "queue" files which > I > > > could use with sendmail I guess to re-send those > emails? > > > > > > If anyone's used mailarchiva before with > MailScanner > > > I'd be interested in how you finally decided to > make it > > > work. Or if anyone has other suggestions please chime > in. > > > > > >> I've a mailarchiva OSE in testing. i've > configured > > >> sendmail to have mailarchiva as milter and works > ok. its > > >> very simple to configure. > > > > How did you do that? > > > you have to add this to your sendmail.cf > > O InputMailFilters= mailarchiva > Xmailarchiva, S=inet:8092@192.168.123.123 > (ip and port of mailarchiva) > ? > (i dont remember the sintax to add it to sendmail.mc > and then run m4) Oh ok, that makes sense now but it also means I have to run their "sendmailpostfixagent.pl" script on each MX server to be able to use the INPUT_MAIL_FILTERS feature. Note that the sendmail.mc addition is documented in their KB and in the setup guide, it's better to do it from the .mc also than from the .cf. It's just one line in the .mc INPUT_MAIL_FILTER(`mailarchiva', `S=inet:8092@127.0.0.1')dnl and then a make. > In earlier versions on sourceforge I see they have a perl > script: > > sendmailpostfixagent.pl > > which can be used on sendmail hosts as a milter which can > be used to "pipe" emails from the MX servers into > the mailarchiva server, but I'm only interested in > archiving one hosted domain and not all of them. > > I'm unsure whether mailarchiva only archives messages > from domains that it knows about from it's config, or > just accepts everything that's sent to it to archive > it. >> I've just checked an only stores emails from domains >> that it knwos about. for example all localhost emails >> (logwatch, crontab notifications, etc) were not stored in my >> config. That's excellent, thank you for spending the time to check this, I may simply go this route now if I can get the perl script above working on the MX servers. > That's why I'm taking a serious look at the > "Archive Mail" feature of MailScanner. Since what > I should be able to do is tell it to Archive all for a > domain to mbox files, and then run a process of > ex2mailarchiva to import those mbox files into the > mailarchive server. > > I've also thought about getting MailScanner to > "forward" copies of the emails to/from a domain to > another email account and have procmail recipes to take > action on those items, which I might be able to send to the > mailarchiva server via smtp. > > I'm after something elegant though which is why I'm > asking here. I've also asked on the mailarchiva forums > and have yet to receive a reply. > mmm you get a complex setup doing that, i rather preffer > the milter solution, it just works. > >> Their online KB is little help here also. Thanks again for your help. Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au From housey at sme-ecom.co.uk Wed Aug 26 10:39:17 2009 From: housey at sme-ecom.co.uk (Paul) Date: Wed Aug 26 10:39:30 2009 Subject: Email with chinese writing saying No Program Allowed Message-ID: <4A9502C5.7020606@sme-ecom.co.uk> Hi I have someone sending me an email with chinese writing in it. The problem is mailscanner blocks it as it thinks its a program - No programs allowed (msg-10911-621.txt) I ran the file command on the quarantined file and it does indeed think its an program [root@venice n7OEIC6o017365]# file msg-10911-621.txt msg-10911-621.txt: COM executable for DOS But it just contains chinese characters. This seems to be happening on quite a few emails with chinese writing in them - has anyone seen this before? or got a solution to stop them being blocked? Kind Regards Paul From prandal at herefordshire.gov.uk Wed Aug 26 14:03:50 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Aug 26 14:04:18 2009 Subject: McAfee commandline virus scanners V5.40.0 now available Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA078F03D5@HC-MBX02.herefordshire.gov.uk> Hi folks, Users of McAfee's uvscan may wish to update to V5.40.0 which uses the McAfee 5400 scan engine. Note that this program uses the V1 format DAT files, and will be obsoleted at the end of March 2010. McAfee promises a fourth quarter release for the V6 commandline scanners, which use the V2 format DAT files. The mcafee-autoupdate script will need updating for this when it is available. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090826/079aa7d5/attachment.html From glenn.steen at gmail.com Wed Aug 26 14:08:27 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Wed Aug 26 14:08:35 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <4A9502C5.7020606@sme-ecom.co.uk> References: <4A9502C5.7020606@sme-ecom.co.uk> Message-ID: <223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> 2009/8/26 Paul : > Hi > > I have someone sending me an email with chinese writing in it. > > The problem is mailscanner blocks it as it thinks its a program - No > programs allowed (msg-10911-621.txt) > > I ran the file command on the quarantined file and it does indeed think its > an program > > [root@venice n7OEIC6o017365]# file msg-10911-621.txt > msg-10911-621.txt: COM executable for DOS > > But it just contains chinese characters. > > This seems to be happening on quite a few emails with chinese writing in > them - has anyone seen this before? or got a solution to stop them being > blocked? > > Kind Regards > > Paul > Not only chinese, but basically any language containing non-ascii characters can fall afoul of these "opportunistic" magic codes. Either switch to using file -i, or edit/recompile your file commands magic file... For more details, I suggest you do some mailing list searches;-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.list at pixelhammer.com Wed Aug 26 14:17:52 2009 From: dave.list at pixelhammer.com (DAve) Date: Wed Aug 26 14:18:26 2009 Subject: Archiving to MailArchiva In-Reply-To: <440359.51215.qm@web33304.mail.mud.yahoo.com> References: <440359.51215.qm@web33304.mail.mud.yahoo.com> Message-ID: <4A953600.3020206@pixelhammer.com> Michael Mansour wrote: > Hi Dave, > > --- On Tue, 25/8/09, DAve wrote: > >> From: DAve >> Subject: Re: Archiving to MailArchiva >> To: "MailScanner discussion" >> Received: Tuesday, 25 August, 2009, 11:38 PM >> Michael Mansour wrote: >> >>> If anyone's used mailarchiva before with MailScanner >> I'd be interested in how you finally decided to make it >> work. Or if anyone has other suggestions please chime in. >> >> In MailArchiva, >> >> 1) Under listeners, check "Listen for incoming >> Exchange/SMTP requests". >> >> 2) Enter "25" in the "Exchange/SMTP Port" field. >> >> 3) Select your MailArchiva's server IP in the "Bind IP >> Address" field. > > Hmm.. I didn't consider having the mailarchiva server listening on port 25, thanks for the tip. > >> 4) Click "Save". >> >> 5) Under "Domains", click the "New Domain" button. >> >> 6) Enter the domain you want to archive mail for in the >> "Domain Name" field. >> >> 7) Click "Save". >> >> In MailScanner, >> >> 1) In rules directory create "archive.rules" file. >> >> 2) In archive.rules file add this line, >> To: *@ forward >> archive@ >> >> 3) In MailScanner.conf change, >> #Archive Mail = /local/spool/MailScanner/archive >> to >> Archive Mail = %rules-dir%/archive.rules >> >> 4) Create a DNS A record for >> with the mailarchive IP from step 3 in configuring >> MailArchiva. > > I'm trying to understand how this will work. Step 2 requires all the to/from emails of that particular domain to go to one mailbox? > > I'd likely setup step 2 to be: > > To: *@ forward archive@ I only archive the messages "To" the target domain in MailScanner, our outbound mail is handled by another set of servers. You would need to adjust the rule for your installation. > > so won't need Step 4 as it'll be the real server. Sure, I just didn't have the MailArchiva server online before I did this, so it needed FQDN. > > But then the mailarchiva server will recieve these on its port 25, but destined to the "archive" account, you think even if that account didn't exist, the server would simply just sort the emails anyway? > > I know advanced rulesets can be added to the mailarchiva server, but I'm still new to it myself. I honestly didn't look too closely, we needed it working for a single client, for a test, and now it has been left running for that client. The address "archive@archive-domain.com" is really unimportant, once the message arrives at the MailArchiva server it is sorted based on the original recipient. Let me know how it works out for you. We are considering purchasing the full version based on the fact it was so easy to manage the traffic that is archived based on MailScanner rules. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org From housey at sme-ecom.co.uk Wed Aug 26 14:50:41 2009 From: housey at sme-ecom.co.uk (Paul) Date: Wed Aug 26 14:50:53 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> References: <4A9502C5.7020606@sme-ecom.co.uk> <223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> Message-ID: <4A953DB1.3060906@sme-ecom.co.uk> >> I have someone sending me an email with chinese writing in it. >> >> The problem is mailscanner blocks it as it thinks its a program - No >> programs allowed (msg-10911-621.txt) >> >> I ran the file command on the quarantined file and it does indeed think its >> an program >> >> [root@venice n7OEIC6o017365]# file msg-10911-621.txt >> msg-10911-621.txt: COM executable for DOS >> >> But it just contains chinese characters. >> >> This seems to be happening on quite a few emails with chinese writing in >> them - has anyone seen this before? or got a solution to stop them being >> blocked? >> >> Kind Regards >> >> Paul >> >> > Not only chinese, but basically any language containing non-ascii > characters can fall afoul of these "opportunistic" magic codes. Either > switch to using file -i, or edit/recompile your file commands magic > file... For more details, I suggest you do some mailing list > searches;-). > > Cheers > Hi Glenn Thanks for your response, I did some searches and saw mention of adding a fifth field in filetype.rules.conf The output of "file -i" on the message in question is [root@venice n7OEIC6o017365]# file -i msg-10911-621.txt msg-10911-621.txt: text/plain; charset=iso-8859-1 So I added allow - - - text/plain to filetype.rules.conf and it seems to have solved my problem. Thanks for your help Paul From prandal at herefordshire.gov.uk Wed Aug 26 15:05:28 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Aug 26 15:05:45 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <4A953DB1.3060906@sme-ecom.co.uk> References: <4A9502C5.7020606@sme-ecom.co.uk><223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> <4A953DB1.3060906@sme-ecom.co.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA078F0437@HC-MBX02.herefordshire.gov.uk> Your example will allow everything, not quite what you had in mind. try allow - text/plain - - instead Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Sent: 26 August 2009 14:51 To: MailScanner discussion Subject: Re: Email with chinese writing saying No Program Allowed >> I have someone sending me an email with chinese writing in it. >> >> The problem is mailscanner blocks it as it thinks its a program - No >> programs allowed (msg-10911-621.txt) >> >> I ran the file command on the quarantined file and it does indeed >> think its an program >> >> [root@venice n7OEIC6o017365]# file msg-10911-621.txt >> msg-10911-621.txt: COM executable for DOS >> >> But it just contains chinese characters. >> >> This seems to be happening on quite a few emails with chinese writing >> in them - has anyone seen this before? or got a solution to stop them >> being blocked? >> >> Kind Regards >> >> Paul >> >> > Not only chinese, but basically any language containing non-ascii > characters can fall afoul of these "opportunistic" magic codes. Either > switch to using file -i, or edit/recompile your file commands magic > file... For more details, I suggest you do some mailing list > searches;-). > > Cheers > Hi Glenn Thanks for your response, I did some searches and saw mention of adding a fifth field in filetype.rules.conf The output of "file -i" on the message in question is [root@venice n7OEIC6o017365]# file -i msg-10911-621.txt msg-10911-621.txt: text/plain; charset=iso-8859-1 So I added allow - - - text/plain to filetype.rules.conf and it seems to have solved my problem. Thanks for your help Paul -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Aug 26 16:08:50 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Aug 26 16:09:09 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> Message-ID: On 25/08/2009 18:36, Mike Wallace wrote: > Jules, > > I hope you are enjoying or enjoyed (based on when you read this) your > well deserved vacation in the States. "Enjoying" thanks :-) > > I have been playing with "include path-to-conf-files" in 4.78.9 and > found a couple of limitations that I want to verify. > > It seems that the following parameters are ignored when in the include > file: > > %org-name% = > %org-long-name% = > %web-site% = > Run As User = > Run As Group = > MTA = > > Is this by design or a "feature"? Are their other parameters that > can't be in the include file? Fixed. > > The reason I ask is that I am trying to put all of my site specific > configuration changes in the include file so that the only thing I > have to do to MailScanner.conf is add "include > /etc/MailScanner/config/mysite.conf". > > It would be awesome if you had "include > /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if the > directory or and/or any files in that directory did not exist, they > would be ignored. That way those who don't want to use it can edit the > configuration file like they always have. Done. I've called it "/conf.d/" instead of your "/config/" as that is more standard these days. There should be a little README file in that directory so it has something short to parse so the include line at the very end of MailScanner.conf won't whine that it couldn't find any files matching conf.d/*. I have just released 4.78.10 for your pleasure :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From housey at sme-ecom.co.uk Wed Aug 26 16:21:32 2009 From: housey at sme-ecom.co.uk (Paul) Date: Wed Aug 26 16:21:42 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA078F0437@HC-MBX02.herefordshire.gov.uk> References: <4A9502C5.7020606@sme-ecom.co.uk><223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> <4A953DB1.3060906@sme-ecom.co.uk> <7EF0EE5CB3B263488C8C18823239BEBA078F0437@HC-MBX02.herefordshire.gov.uk> Message-ID: <4A9552FC.6010102@sme-ecom.co.uk> Ive changed to allow - text/plain - - and now the message is being blocked again? Do I need to do anything else to get the mime check working? Paul Randal, Phil wrote: > Your example will allow everything, not quite what you had in mind. > > try > > allow - text/plain - - > > instead > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. > Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Sent: 26 August 2009 14:51 > To: MailScanner discussion > Subject: Re: Email with chinese writing saying No Program Allowed > > > >>> I have someone sending me an email with chinese writing in it. >>> >>> The problem is mailscanner blocks it as it thinks its a program - No >>> programs allowed (msg-10911-621.txt) >>> >>> I ran the file command on the quarantined file and it does indeed >>> think its an program >>> >>> [root@venice n7OEIC6o017365]# file msg-10911-621.txt >>> msg-10911-621.txt: COM executable for DOS >>> >>> But it just contains chinese characters. >>> >>> This seems to be happening on quite a few emails with chinese writing >>> > > >>> in them - has anyone seen this before? or got a solution to stop them >>> > > >>> being blocked? >>> >>> Kind Regards >>> >>> Paul >>> >>> >>> >> Not only chinese, but basically any language containing non-ascii >> characters can fall afoul of these "opportunistic" magic codes. Either >> > > >> switch to using file -i, or edit/recompile your file commands magic >> file... For more details, I suggest you do some mailing list >> searches;-). >> >> Cheers >> >> > Hi Glenn > > Thanks for your response, I did some searches and saw mention of adding > a fifth field in filetype.rules.conf > > The output of "file -i" on the message in question is > > [root@venice n7OEIC6o017365]# file -i msg-10911-621.txt > msg-10911-621.txt: text/plain; charset=iso-8859-1 > > So I added > > allow - - - text/plain > > to filetype.rules.conf and it seems to have solved my problem. > > Thanks for your help > > Paul > > > > From mike at mlrw.com Wed Aug 26 16:22:22 2009 From: mike at mlrw.com (Mike Wallace) Date: Wed Aug 26 16:22:32 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> Message-ID: Jules, Thanks, I'm glad you liked my suggestion. I didn't expect any updates until next week when you got back to the UK. You are a gentleman and a scholar. Mike On Aug 26, 2009, at 11:08 AM, Jules Field wrote: > > > On 25/08/2009 18:36, Mike Wallace wrote: >> Jules, >> >> I hope you are enjoying or enjoyed (based on when you read this) >> your well deserved vacation in the States. > "Enjoying" thanks :-) >> >> I have been playing with "include path-to-conf-files" in 4.78.9 and >> found a couple of limitations that I want to verify. >> >> It seems that the following parameters are ignored when in the >> include file: >> >> %org-name% = >> %org-long-name% = >> %web-site% = >> Run As User = >> Run As Group = >> MTA = >> >> Is this by design or a "feature"? Are their other parameters that >> can't be in the include file? > Fixed. >> >> The reason I ask is that I am trying to put all of my site specific >> configuration changes in the include file so that the only thing I >> have to do to MailScanner.conf is add "include /etc/MailScanner/ >> config/mysite.conf". >> >> It would be awesome if you had "include /etc/MailScanner/config/ >> *.conf" in MailScanner.conf. Then if the directory or and/or any >> files in that directory did not exist, they would be ignored. That >> way those who don't want to use it can edit the configuration file >> like they always have. > Done. I've called it "/conf.d/" instead of your "/config/" as that > is more standard these days. > There should be a little README file in that directory so it has > something short to parse so the include line at the very end of > MailScanner.conf won't whine that it couldn't find any files > matching conf.d/*. > > I have just released 4.78.10 for your pleasure :-) > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From prandal at herefordshire.gov.uk Wed Aug 26 16:27:12 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Aug 26 16:27:28 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <4A9552FC.6010102@sme-ecom.co.uk> References: <4A9502C5.7020606@sme-ecom.co.uk><223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> <4A953DB1.3060906@sme-ecom.co.uk><7EF0EE5CB3B263488C8C18823239BEBA078F0437@HC-MBX02.herefordshire.gov.uk> <4A9552FC.6010102@sme-ecom.co.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA078F04BC@HC-MBX02.herefordshire.gov.uk> Tabs between each of the fields? Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul Sent: 26 August 2009 16:22 To: MailScanner discussion Subject: Re: Email with chinese writing saying No Program Allowed Ive changed to allow - text/plain - - and now the message is being blocked again? Do I need to do anything else to get the mime check working? Paul Randal, Phil wrote: > Your example will allow everything, not quite what you had in mind. > > try > > allow - text/plain - - > > instead > > Cheers, > > Phil > > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. > Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those > of the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended > solely for the use of the addressee. This communication may contain > material protected by law from being passed on. If you are not the > intended recipient and have received this e-mail in error, you are > advised that any use, dissemination, forwarding, printing or copying > of this e-mail is strictly prohibited. If you have received this > e-mail in error please contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Sent: 26 August 2009 14:51 > To: MailScanner discussion > Subject: Re: Email with chinese writing saying No Program Allowed > > > >>> I have someone sending me an email with chinese writing in it. >>> >>> The problem is mailscanner blocks it as it thinks its a program - No >>> programs allowed (msg-10911-621.txt) >>> >>> I ran the file command on the quarantined file and it does indeed >>> think its an program >>> >>> [root@venice n7OEIC6o017365]# file msg-10911-621.txt >>> msg-10911-621.txt: COM executable for DOS >>> >>> But it just contains chinese characters. >>> >>> This seems to be happening on quite a few emails with chinese >>> writing >>> > > >>> in them - has anyone seen this before? or got a solution to stop >>> them >>> > > >>> being blocked? >>> >>> Kind Regards >>> >>> Paul >>> >>> >>> >> Not only chinese, but basically any language containing non-ascii >> characters can fall afoul of these "opportunistic" magic codes. >> Either >> > > >> switch to using file -i, or edit/recompile your file commands magic >> file... For more details, I suggest you do some mailing list >> searches;-). >> >> Cheers >> >> > Hi Glenn > > Thanks for your response, I did some searches and saw mention of > adding a fifth field in filetype.rules.conf > > The output of "file -i" on the message in question is > > [root@venice n7OEIC6o017365]# file -i msg-10911-621.txt > msg-10911-621.txt: text/plain; charset=iso-8859-1 > > So I added > > allow - - - text/plain > > to filetype.rules.conf and it seems to have solved my problem. > > Thanks for your help > > Paul > > > > -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From housey at sme-ecom.co.uk Wed Aug 26 16:47:33 2009 From: housey at sme-ecom.co.uk (Paul) Date: Wed Aug 26 16:47:42 2009 Subject: Email with chinese writing saying No Program Allowed In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA078F04BC@HC-MBX02.herefordshire.gov.uk> References: <4A9502C5.7020606@sme-ecom.co.uk><223f97700908260608g3a44a5d5u584dfe40f4b5d85e@mail.gmail.com> <4A953DB1.3060906@sme-ecom.co.uk><7EF0EE5CB3B263488C8C18823239BEBA078F0437@HC-MBX02.herefordshire.gov.uk> <4A9552FC.6010102@sme-ecom.co.uk> <7EF0EE5CB3B263488C8C18823239BEBA078F04BC@HC-MBX02.herefordshire.gov.uk> Message-ID: <4A955915.8000902@sme-ecom.co.uk> Hi Phil Sorry just tested again and it worked! Only thing I can think is I didnt reload Mailscanner - really thought I did! Thanks for your help again, saved me some trouble there! Paul Randal, Phil wrote: > Tabs between each of the fields? > > Cheers, > > Phil > > > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. > Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul > Sent: 26 August 2009 16:22 > To: MailScanner discussion > Subject: Re: Email with chinese writing saying No Program Allowed > > Ive changed to > > allow - text/plain - - > > > and now the message is being blocked again? > > Do I need to do anything else to get the mime check working? > > Paul > > > Randal, Phil wrote: > >> Your example will allow everything, not quite what you had in mind. >> >> try >> >> allow - text/plain - - >> >> instead >> >> Cheers, >> >> Phil >> >> -- >> Phil Randal | Networks Engineer >> Herefordshire Council | Deputy Chief Executive's Office | I.C.T. >> Services Division >> Thorn Office Centre, Rotherwas, Hereford, HR2 6JT >> Tel: 01432 260160 >> email: prandal@herefordshire.gov.uk >> >> Any opinion expressed in this e-mail or any attached files are those >> of the individual and not necessarily those of Herefordshire Council. >> >> This e-mail and any attached files are confidential and intended >> solely for the use of the addressee. This communication may contain >> material protected by law from being passed on. If you are not the >> intended recipient and have received this e-mail in error, you are >> advised that any use, dissemination, forwarding, printing or copying >> of this e-mail is strictly prohibited. If you have received this >> e-mail in error please contact the sender immediately and destroy all >> > copies of it. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info >> [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Paul >> Sent: 26 August 2009 14:51 >> To: MailScanner discussion >> Subject: Re: Email with chinese writing saying No Program Allowed >> >> >> >> >>>> I have someone sending me an email with chinese writing in it. >>>> >>>> The problem is mailscanner blocks it as it thinks its a program - No >>>> > > >>>> programs allowed (msg-10911-621.txt) >>>> >>>> I ran the file command on the quarantined file and it does indeed >>>> think its an program >>>> >>>> [root@venice n7OEIC6o017365]# file msg-10911-621.txt >>>> msg-10911-621.txt: COM executable for DOS >>>> >>>> But it just contains chinese characters. >>>> >>>> This seems to be happening on quite a few emails with chinese >>>> writing >>>> >>>> >> >> >>>> in them - has anyone seen this before? or got a solution to stop >>>> them >>>> >>>> >> >> >>>> being blocked? >>>> >>>> Kind Regards >>>> >>>> Paul >>>> >>>> >>>> >>>> >>> Not only chinese, but basically any language containing non-ascii >>> characters can fall afoul of these "opportunistic" magic codes. >>> Either >>> >>> >> >> >>> switch to using file -i, or edit/recompile your file commands magic >>> file... For more details, I suggest you do some mailing list >>> searches;-). >>> >>> Cheers >>> >>> >>> >> Hi Glenn >> >> Thanks for your response, I did some searches and saw mention of >> adding a fifth field in filetype.rules.conf >> >> The output of "file -i" on the message in question is >> >> [root@venice n7OEIC6o017365]# file -i msg-10911-621.txt >> msg-10911-621.txt: text/plain; charset=iso-8859-1 >> >> So I added >> >> allow - - - text/plain >> >> to filetype.rules.conf and it seems to have solved my problem. >> >> Thanks for your help >> >> Paul >> >> >> From MailScanner at ecs.soton.ac.uk Wed Aug 26 20:03:09 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Aug 26 20:03:47 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> Message-ID: Can you do me a big favour and give it a good try and report back if anything doesn't work? Thanks! Jules. On 26/08/2009 16:22, Mike Wallace wrote: > Jules, > > Thanks, I'm glad you liked my suggestion. > > I didn't expect any updates until next week when you got back to the UK. > > You are a gentleman and a scholar. > > Mike > > On Aug 26, 2009, at 11:08 AM, Jules Field wrote: > >> >> >> On 25/08/2009 18:36, Mike Wallace wrote: >>> Jules, >>> >>> I hope you are enjoying or enjoyed (based on when you read this) >>> your well deserved vacation in the States. >> "Enjoying" thanks :-) >>> >>> I have been playing with "include path-to-conf-files" in 4.78.9 and >>> found a couple of limitations that I want to verify. >>> >>> It seems that the following parameters are ignored when in the >>> include file: >>> >>> %org-name% = >>> %org-long-name% = >>> %web-site% = >>> Run As User = >>> Run As Group = >>> MTA = >>> >>> Is this by design or a "feature"? Are their other parameters that >>> can't be in the include file? >> Fixed. >>> >>> The reason I ask is that I am trying to put all of my site specific >>> configuration changes in the include file so that the only thing I >>> have to do to MailScanner.conf is add "include >>> /etc/MailScanner/config/mysite.conf". >>> >>> It would be awesome if you had "include >>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if the >>> directory or and/or any files in that directory did not exist, they >>> would be ignored. That way those who don't want to use it can edit >>> the configuration file like they always have. >> Done. I've called it "/conf.d/" instead of your "/config/" as that is >> more standard these days. >> There should be a little README file in that directory so it has >> something short to parse so the include line at the very end of >> MailScanner.conf won't whine that it couldn't find any files matching >> conf.d/*. >> >> I have just released 4.78.10 for your pleasure :-) >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Wed Aug 26 21:49:22 2009 From: mike at mlrw.com (Mike Wallace) Date: Wed Aug 26 21:49:34 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> Message-ID: <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> I found a couple of things 1) I like how MailScanner --lint shows what configuration files were read and my configuration was read last. 2) Found a couple of parameters that are still not being imported from my config: %org-name% = Run As User = Run As Group = The org-name shows up when running --lint "ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf is not correct, it should match X-yoursite-MailScanner-From". In 78.9 the message was "ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf is not correct, it should match X-mlrw_com- MailScanner-From". As for the Run As, when I do a ps I see that MailScanner is running as root and not postfix. 3) One thing to help with debugging would be if you had a command like postconf to display what configuration parameters are being used. Or could you guide me on how to dump the configuration. 4) The link on the MailScanner website still shows 4.78.9 as the current beta release. Thanks for the help. Mike On Aug 26, 2009, at 3:03 PM, Jules Field wrote: > Can you do me a big favour and give it a good try and report back if > anything doesn't work? > > Thanks! > Jules. > > On 26/08/2009 16:22, Mike Wallace wrote: >> Jules, >> >> Thanks, I'm glad you liked my suggestion. >> >> I didn't expect any updates until next week when you got back to >> the UK. >> >> You are a gentleman and a scholar. >> >> Mike >> >> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >> >>> >>> >>> On 25/08/2009 18:36, Mike Wallace wrote: >>>> Jules, >>>> >>>> I hope you are enjoying or enjoyed (based on when you read this) >>>> your well deserved vacation in the States. >>> "Enjoying" thanks :-) >>>> >>>> I have been playing with "include path-to-conf-files" in 4.78.9 >>>> and found a couple of limitations that I want to verify. >>>> >>>> It seems that the following parameters are ignored when in the >>>> include file: >>>> >>>> %org-name% = >>>> %org-long-name% = >>>> %web-site% = >>>> Run As User = >>>> Run As Group = >>>> MTA = >>>> >>>> Is this by design or a "feature"? Are their other parameters that >>>> can't be in the include file? >>> Fixed. >>>> >>>> The reason I ask is that I am trying to put all of my site >>>> specific configuration changes in the include file so that the >>>> only thing I have to do to MailScanner.conf is add "include /etc/ >>>> MailScanner/config/mysite.conf". >>>> >>>> It would be awesome if you had "include /etc/MailScanner/config/ >>>> *.conf" in MailScanner.conf. Then if the directory or and/or any >>>> files in that directory did not exist, they would be ignored. >>>> That way those who don't want to use it can edit the >>>> configuration file like they always have. >>> Done. I've called it "/conf.d/" instead of your "/config/" as that >>> is more standard these days. >>> There should be a little README file in that directory so it has >>> something short to parse so the include line at the very end of >>> MailScanner.conf won't whine that it couldn't find any files >>> matching conf.d/*. >>> >>> I have just released 4.78.10 for your pleasure :-) >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From MailScanner at ecs.soton.ac.uk Wed Aug 26 22:19:15 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Aug 26 22:19:37 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> Message-ID: Should be all fixed now. Sorry for the lousy testing on my part before I released 10. 11 correctly picks up %org-name% and "Run As User" when set in an included file, no problems. So all the others should work correctly now too. Please give 11 a try. As for the website, it has definitely been updated, so I suspect your browser's caching it. Cheers, Jules. On 26/08/2009 21:49, Mike Wallace wrote: > I found a couple of things > > 1) I like how MailScanner --lint shows what configuration files were > read and my configuration was read last. > 2) Found a couple of parameters that are still not being imported from > my config: > > %org-name% = > Run As User = > Run As Group = > > The org-name shows up when running --lint "ERROR: The > "envelope_sender_header" in your spam.assassin.prefs.conf is not > correct, it should match X-yoursite-MailScanner-From". In 78.9 the > message was "ERROR: The "envelope_sender_header" in your > spam.assassin.prefs.conf is not correct, it should match > X-mlrw_com-MailScanner-From". > > As for the Run As, when I do a ps I see that MailScanner is running as > root and not postfix. > > 3) One thing to help with debugging would be if you had a command like > postconf to display what configuration parameters are being used. Or > could you guide me on how to dump the configuration. > 4) The link on the MailScanner website still shows 4.78.9 as the > current beta release. > > Thanks for the help. > > Mike > > On Aug 26, 2009, at 3:03 PM, Jules Field wrote: > >> Can you do me a big favour and give it a good try and report back if >> anything doesn't work? >> >> Thanks! >> Jules. >> >> On 26/08/2009 16:22, Mike Wallace wrote: >>> Jules, >>> >>> Thanks, I'm glad you liked my suggestion. >>> >>> I didn't expect any updates until next week when you got back to the >>> UK. >>> >>> You are a gentleman and a scholar. >>> >>> Mike >>> >>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>> >>>> >>>> >>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>> Jules, >>>>> >>>>> I hope you are enjoying or enjoyed (based on when you read this) >>>>> your well deserved vacation in the States. >>>> "Enjoying" thanks :-) >>>>> >>>>> I have been playing with "include path-to-conf-files" in 4.78.9 >>>>> and found a couple of limitations that I want to verify. >>>>> >>>>> It seems that the following parameters are ignored when in the >>>>> include file: >>>>> >>>>> %org-name% = >>>>> %org-long-name% = >>>>> %web-site% = >>>>> Run As User = >>>>> Run As Group = >>>>> MTA = >>>>> >>>>> Is this by design or a "feature"? Are their other parameters that >>>>> can't be in the include file? >>>> Fixed. >>>>> >>>>> The reason I ask is that I am trying to put all of my site >>>>> specific configuration changes in the include file so that the >>>>> only thing I have to do to MailScanner.conf is add "include >>>>> /etc/MailScanner/config/mysite.conf". >>>>> >>>>> It would be awesome if you had "include >>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if the >>>>> directory or and/or any files in that directory did not exist, >>>>> they would be ignored. That way those who don't want to use it can >>>>> edit the configuration file like they always have. >>>> Done. I've called it "/conf.d/" instead of your "/config/" as that >>>> is more standard these days. >>>> There should be a little README file in that directory so it has >>>> something short to parse so the include line at the very end of >>>> MailScanner.conf won't whine that it couldn't find any files >>>> matching conf.d/*. >>>> >>>> I have just released 4.78.10 for your pleasure :-) >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Aug 26 22:57:22 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Wed Aug 26 22:57:46 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> Message-ID: Correction. Teensy bug removed, which you would hopefully not hit anyway, but might if your main MailScanner.conf file is very old. Try 4.78.12. On 26/08/2009 22:19, Jules Field wrote: > Should be all fixed now. Sorry for the lousy testing on my part before > I released 10. > 11 correctly picks up %org-name% and "Run As User" when set in an > included file, no problems. So all the others should work correctly > now too. > > Please give 11 a try. > > As for the website, it has definitely been updated, so I suspect your > browser's caching it. > > Cheers, > Jules. > > On 26/08/2009 21:49, Mike Wallace wrote: >> I found a couple of things >> >> 1) I like how MailScanner --lint shows what configuration files were >> read and my configuration was read last. >> 2) Found a couple of parameters that are still not being imported >> from my config: >> >> %org-name% = >> Run As User = >> Run As Group = >> >> The org-name shows up when running --lint "ERROR: The >> "envelope_sender_header" in your spam.assassin.prefs.conf is not >> correct, it should match X-yoursite-MailScanner-From". In 78.9 the >> message was "ERROR: The "envelope_sender_header" in your >> spam.assassin.prefs.conf is not correct, it should match >> X-mlrw_com-MailScanner-From". >> >> As for the Run As, when I do a ps I see that MailScanner is running >> as root and not postfix. >> >> 3) One thing to help with debugging would be if you had a command >> like postconf to display what configuration parameters are being >> used. Or could you guide me on how to dump the configuration. >> 4) The link on the MailScanner website still shows 4.78.9 as the >> current beta release. >> >> Thanks for the help. >> >> Mike >> >> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >> >>> Can you do me a big favour and give it a good try and report back if >>> anything doesn't work? >>> >>> Thanks! >>> Jules. >>> >>> On 26/08/2009 16:22, Mike Wallace wrote: >>>> Jules, >>>> >>>> Thanks, I'm glad you liked my suggestion. >>>> >>>> I didn't expect any updates until next week when you got back to >>>> the UK. >>>> >>>> You are a gentleman and a scholar. >>>> >>>> Mike >>>> >>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>> >>>>> >>>>> >>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>> Jules, >>>>>> >>>>>> I hope you are enjoying or enjoyed (based on when you read this) >>>>>> your well deserved vacation in the States. >>>>> "Enjoying" thanks :-) >>>>>> >>>>>> I have been playing with "include path-to-conf-files" in 4.78.9 >>>>>> and found a couple of limitations that I want to verify. >>>>>> >>>>>> It seems that the following parameters are ignored when in the >>>>>> include file: >>>>>> >>>>>> %org-name% = >>>>>> %org-long-name% = >>>>>> %web-site% = >>>>>> Run As User = >>>>>> Run As Group = >>>>>> MTA = >>>>>> >>>>>> Is this by design or a "feature"? Are their other parameters that >>>>>> can't be in the include file? >>>>> Fixed. >>>>>> >>>>>> The reason I ask is that I am trying to put all of my site >>>>>> specific configuration changes in the include file so that the >>>>>> only thing I have to do to MailScanner.conf is add "include >>>>>> /etc/MailScanner/config/mysite.conf". >>>>>> >>>>>> It would be awesome if you had "include >>>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if the >>>>>> directory or and/or any files in that directory did not exist, >>>>>> they would be ignored. That way those who don't want to use it >>>>>> can edit the configuration file like they always have. >>>>> Done. I've called it "/conf.d/" instead of your "/config/" as that >>>>> is more standard these days. >>>>> There should be a little README file in that directory so it has >>>>> something short to parse so the include line at the very end of >>>>> MailScanner.conf won't whine that it couldn't find any files >>>>> matching conf.d/*. >>>>> >>>>> I have just released 4.78.10 for your pleasure :-) >>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> This message has been scanned for viruses and dangerous content by >>>>> MailScanner, and is believed to be clean. >>>>> >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Thu Aug 27 02:30:25 2009 From: mike at mlrw.com (Mike Wallace) Date: Thu Aug 27 02:30:36 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> Message-ID: <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> I hate to spoil your holiday but I tried 4.78.12 and still found some issues. 1) In my configuration I am using all of the default values in MailScanner.conf for these headers and %org-name% is not being inserted: Information Header ID Header Spam Header Envelope From Header Don't know if this is true for all default Headers that don't get overridden. 2) I did not get "Spam Score Header" inserted even though "Spam Score = yes". 3) In my include I have %report-dir% = /etc/MailScanner/reports/ myreports, this is not being overridden I am getting the default reports. 4) Putting the MTA in an include file breaks /etc/sysconfig/ MailScanner as it's extracting the MTA from /etc/MailScanner/ MailScanner.conf. That's all I've found so far. Mike On Aug 26, 2009, at 5:57 PM, Jules Field wrote: > Correction. Teensy bug removed, which you would hopefully not hit > anyway, but might if your main MailScanner.conf file is very old. > > Try 4.78.12. > > On 26/08/2009 22:19, Jules Field wrote: >> Should be all fixed now. Sorry for the lousy testing on my part >> before I released 10. >> 11 correctly picks up %org-name% and "Run As User" when set in an >> included file, no problems. So all the others should work correctly >> now too. >> >> Please give 11 a try. >> >> As for the website, it has definitely been updated, so I suspect >> your browser's caching it. >> >> Cheers, >> Jules. >> >> On 26/08/2009 21:49, Mike Wallace wrote: >>> I found a couple of things >>> >>> 1) I like how MailScanner --lint shows what configuration files >>> were read and my configuration was read last. >>> 2) Found a couple of parameters that are still not being imported >>> from my config: >>> >>> %org-name% = >>> Run As User = >>> Run As Group = >>> >>> The org-name shows up when running --lint "ERROR: The >>> "envelope_sender_header" in your spam.assassin.prefs.conf is not >>> correct, it should match X-yoursite-MailScanner-From". In 78.9 the >>> message was "ERROR: The "envelope_sender_header" in your >>> spam.assassin.prefs.conf is not correct, it should match X- >>> mlrw_com-MailScanner-From". >>> >>> As for the Run As, when I do a ps I see that MailScanner is >>> running as root and not postfix. >>> >>> 3) One thing to help with debugging would be if you had a command >>> like postconf to display what configuration parameters are being >>> used. Or could you guide me on how to dump the configuration. >>> 4) The link on the MailScanner website still shows 4.78.9 as the >>> current beta release. >>> >>> Thanks for the help. >>> >>> Mike >>> >>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>> >>>> Can you do me a big favour and give it a good try and report back >>>> if anything doesn't work? >>>> >>>> Thanks! >>>> Jules. >>>> >>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>> Jules, >>>>> >>>>> Thanks, I'm glad you liked my suggestion. >>>>> >>>>> I didn't expect any updates until next week when you got back to >>>>> the UK. >>>>> >>>>> You are a gentleman and a scholar. >>>>> >>>>> Mike >>>>> >>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>> >>>>>> >>>>>> >>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>> Jules, >>>>>>> >>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>> this) your well deserved vacation in the States. >>>>>> "Enjoying" thanks :-) >>>>>>> >>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>> 4.78.9 and found a couple of limitations that I want to verify. >>>>>>> >>>>>>> It seems that the following parameters are ignored when in the >>>>>>> include file: >>>>>>> >>>>>>> %org-name% = >>>>>>> %org-long-name% = >>>>>>> %web-site% = >>>>>>> Run As User = >>>>>>> Run As Group = >>>>>>> MTA = >>>>>>> >>>>>>> Is this by design or a "feature"? Are their other parameters >>>>>>> that can't be in the include file? >>>>>> Fixed. >>>>>>> >>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>> specific configuration changes in the include file so that the >>>>>>> only thing I have to do to MailScanner.conf is add "include / >>>>>>> etc/MailScanner/config/mysite.conf". >>>>>>> >>>>>>> It would be awesome if you had "include /etc/MailScanner/ >>>>>>> config/*.conf" in MailScanner.conf. Then if the directory or >>>>>>> and/or any files in that directory did not exist, they would >>>>>>> be ignored. That way those who don't want to use it can edit >>>>>>> the configuration file like they always have. >>>>>> Done. I've called it "/conf.d/" instead of your "/config/" as >>>>>> that is more standard these days. >>>>>> There should be a little README file in that directory so it >>>>>> has something short to parse so the include line at the very >>>>>> end of MailScanner.conf won't whine that it couldn't find any >>>>>> files matching conf.d/*. >>>>>> >>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>> >>>>>> Jules >>>>>> >>>>>> -- >>>>>> Julian Field MEng CITP CEng >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>> Need help customising MailScanner? >>>>>> Contact me! >>>>>> Need help fixing or optimising your systems? >>>>>> Contact me! >>>>>> Need help getting you started solving new requirements from >>>>>> your boss? >>>>>> Contact me! >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> This message has been scanned for viruses and dangerous content >>>>>> by MailScanner, and is believed to be clean. >>>>>> >>>>> >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your >>>> boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> This message has been scanned for viruses and dangerous content >>>> by MailScanner, and is believed to be clean. >>>> >>> >> >> Jules >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From MailScanner at ecs.soton.ac.uk Thu Aug 27 06:06:57 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Aug 27 06:07:22 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> Message-ID: On 26/08/2009 21:30, Mike Wallace wrote: > I hate to spoil your holiday but I tried 4.78.12 and still found some > issues. > > 1) In my configuration I am using all of the default values in > MailScanner.conf for these headers and %org-name% is not being inserted: > > Information Header > ID Header > Spam Header > Envelope From Header > > Don't know if this is true for all default Headers that don't get > overridden. The %variables% are substituted when the conf files are read, ie. at "compile time". Otherwise, to substitute them when the value is calculated, I would have to know exactly where each variable was set and what value the variables all had at that time. All I can suggest is an include line after the initial %var% setting near the top of MailScanner.conf, which sets your values of the %variables%. Then at the bottom you include your new local settings, and so everything in the MailScanner.conf file (and all included files) will inherit your values of them. Whenever I evaluate "MailScanner Header =" in MailScanner when it is running, I cannot easily know exactly what %variables% were set to what where the "MailScanner Header" was defined by you (as you probably will have the default value + at least 1 over-ride for it). I can only substitute all the %% stuff in when "MailScanner Header =" is read in at the start. The other solution is, when you redefine a %% that is used by a whole bunch of settings, you also redefine each of the settings that uses it, so they all inherit *your* %% definition, and not mine. Sorry, but I cannot see any way around this. > > 2) I did not get "Spam Score Header" inserted even though "Spam > Score = yes". Don't know about that one, but it may be related to (1). > > 3) In my include I have %report-dir% = > /etc/MailScanner/reports/myreports, this is not being overridden I am > getting the default reports. See (1). > > 4) Putting the MTA in an include file breaks > /etc/sysconfig/MailScanner as it's extracting the MTA from > /etc/MailScanner/MailScanner.conf. I have written a new /usr/sbin/Quick.Peek script which is called from all the places like /etc/sysconfig/MailScanner to search all the included files correctly for your over-rides. > > That's all I've found so far. All very much appreciated. Jules. P.S. Now I must go to bed, it's just gone 1 am ... > On Aug 26, 2009, at 5:57 PM, Jules Field wrote: > >> Correction. Teensy bug removed, which you would hopefully not hit >> anyway, but might if your main MailScanner.conf file is very old. >> >> Try 4.78.12. >> >> On 26/08/2009 22:19, Jules Field wrote: >>> Should be all fixed now. Sorry for the lousy testing on my part >>> before I released 10. >>> 11 correctly picks up %org-name% and "Run As User" when set in an >>> included file, no problems. So all the others should work correctly >>> now too. >>> >>> Please give 11 a try. >>> >>> As for the website, it has definitely been updated, so I suspect >>> your browser's caching it. >>> >>> Cheers, >>> Jules. >>> >>> On 26/08/2009 21:49, Mike Wallace wrote: >>>> I found a couple of things >>>> >>>> 1) I like how MailScanner --lint shows what configuration files >>>> were read and my configuration was read last. >>>> 2) Found a couple of parameters that are still not being imported >>>> from my config: >>>> >>>> %org-name% = >>>> Run As User = >>>> Run As Group = >>>> >>>> The org-name shows up when running --lint "ERROR: The >>>> "envelope_sender_header" in your spam.assassin.prefs.conf is not >>>> correct, it should match X-yoursite-MailScanner-From". In 78.9 the >>>> message was "ERROR: The "envelope_sender_header" in your >>>> spam.assassin.prefs.conf is not correct, it should match >>>> X-mlrw_com-MailScanner-From". >>>> >>>> As for the Run As, when I do a ps I see that MailScanner is running >>>> as root and not postfix. >>>> >>>> 3) One thing to help with debugging would be if you had a command >>>> like postconf to display what configuration parameters are being >>>> used. Or could you guide me on how to dump the configuration. >>>> 4) The link on the MailScanner website still shows 4.78.9 as the >>>> current beta release. >>>> >>>> Thanks for the help. >>>> >>>> Mike >>>> >>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>> >>>>> Can you do me a big favour and give it a good try and report back >>>>> if anything doesn't work? >>>>> >>>>> Thanks! >>>>> Jules. >>>>> >>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>> Jules, >>>>>> >>>>>> Thanks, I'm glad you liked my suggestion. >>>>>> >>>>>> I didn't expect any updates until next week when you got back to >>>>>> the UK. >>>>>> >>>>>> You are a gentleman and a scholar. >>>>>> >>>>>> Mike >>>>>> >>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>> Jules, >>>>>>>> >>>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>>> this) your well deserved vacation in the States. >>>>>>> "Enjoying" thanks :-) >>>>>>>> >>>>>>>> I have been playing with "include path-to-conf-files" in 4.78.9 >>>>>>>> and found a couple of limitations that I want to verify. >>>>>>>> >>>>>>>> It seems that the following parameters are ignored when in the >>>>>>>> include file: >>>>>>>> >>>>>>>> %org-name% = >>>>>>>> %org-long-name% = >>>>>>>> %web-site% = >>>>>>>> Run As User = >>>>>>>> Run As Group = >>>>>>>> MTA = >>>>>>>> >>>>>>>> Is this by design or a "feature"? Are their other parameters >>>>>>>> that can't be in the include file? >>>>>>> Fixed. >>>>>>>> >>>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>>> specific configuration changes in the include file so that the >>>>>>>> only thing I have to do to MailScanner.conf is add "include >>>>>>>> /etc/MailScanner/config/mysite.conf". >>>>>>>> >>>>>>>> It would be awesome if you had "include >>>>>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if >>>>>>>> the directory or and/or any files in that directory did not >>>>>>>> exist, they would be ignored. That way those who don't want to >>>>>>>> use it can edit the configuration file like they always have. >>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" as >>>>>>> that is more standard these days. >>>>>>> There should be a little README file in that directory so it has >>>>>>> something short to parse so the include line at the very end of >>>>>>> MailScanner.conf won't whine that it couldn't find any files >>>>>>> matching conf.d/*. >>>>>>> >>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> -- >>>>>>> Julian Field MEng CITP CEng >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> Need help customising MailScanner? >>>>>>> Contact me! >>>>>>> Need help fixing or optimising your systems? >>>>>>> Contact me! >>>>>>> Need help getting you started solving new requirements from your >>>>>>> boss? >>>>>>> Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> This message has been scanned for viruses and dangerous content >>>>>>> by MailScanner, and is believed to be clean. >>>>>>> >>>>>> >>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> This message has been scanned for viruses and dangerous content by >>>>> MailScanner, and is believed to be clean. >>>>> >>>> >>> >>> Jules >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard at fastnet.co.uk Thu Aug 27 08:55:12 2009 From: richard at fastnet.co.uk (Richard Mealing) Date: Thu Aug 27 08:54:49 2009 Subject: image spam again :) In-Reply-To: <768671.54354.qm@web33302.mail.mud.yahoo.com> References: <768671.54354.qm@web33302.mail.mud.yahoo.com> Message-ID: Hi Michael, I am using that sanesecurity and it's great (thanks for the heads up), however I was wondering if there is a way to forward on the spam mail to the recipient, like spamassassins mail it goes off as per the ruleset, but because this is clamav catching the spam it gets quarantined. Any thoughts? Many thanks, Rich -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour Sent: 25 August 2009 09:04 To: MailScanner discussion Subject: RE: image spam again :) Hi Jonas, > From: Jonas A. Larsen > Subject: RE: image spam again :) > To: "'MailScanner discussion'" > Received: Tuesday, 25 August, 2009, 4:18 PM > > > we are seeing a lot of > image spam again. we are running sa update and > > > the image tings they publish / imageinfo.cf and > others. But lately a lot > > > is getting through. > > > > > > > I hadn't noticed... use zen.spamhaus.org and > bl.spamcop.net at SMTP time > > along with 15 mins of greylisting for unknown > hosts.? Problem solved. > > > > Regards, > > Steve. > > Mmmm well let's be frank Steve, that?s just simply > entirely untrue :) > > The past weeks have seen a rise in image based spam, where > many of them (the > ones that doesn?t hit obvious rbl's etc) slip by even ocr > plugins etc. > > If you take a look at the SA list you can see lots of > people are seeing this > new bunch of image spams and pretty penetrating. > > So far there's no sure fire way of stopping it if you are > to judge by the sa > users responses. > > I use spamhaus and spamcop in mta and greylist, and I've > gotten a few of > them myself. > > Many of them use the so called "flag" method where the > image looks "wavy" > like a flag, which is probably whats disabling the ocr > techniques. > > If anybody got any advice I'd love to hear it. From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why? I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should. Regards, Michael. __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jcputter at centreweb.co.za Thu Aug 27 07:07:16 2009 From: jcputter at centreweb.co.za (jcputter@centreweb.co.za) Date: Thu Aug 27 09:07:36 2009 Subject: Bogofilter Message-ID: <63559.196.212.34.106.1251353236.squirrel@196.212.34.107> Hi everyone, has anybody been able to get bogofilter working with mailscanner+postfix? i heard good thing about the bayes enige.. thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Thu Aug 27 09:20:21 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Thu Aug 27 09:50:59 2009 Subject: image spam again :) In-Reply-To: References: <768671.54354.qm@web33302.mail.mud.yahoo.com> Message-ID: <72cf361e0908270120t264b45c6mcd2ac8d7a5330f00@mail.gmail.com> Richard from changelog in latest beta. 3 Swapped over virus-scanning and spam-scanning code completely, so all virus-scanning code is done before spam-scanning code. It won't virus- scan "Silent Viruses" which is pretty much all of them now, so it should work okay. This allows me to introduce... 3 New feature to allow detection of "spam-viruses" which are items of spam that are reported by your virus scanner. You can set 2 new configuration options: Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* The names of the "spam-viruses" found are those viruses reported by your virus scanners which match any of the strings given in "Virus Names Which Are Spam". These "spam-virus" names are added to the header set by "Spam-Virus Header". You can then write a SpamAssassin rule in spam.assassin.prefs.conf which gives a score for the presence or contents of this header. I supply an example rule which adds a score of 3 if the header exists. Feel free to re-write and extend that rule! It will not work unless you customise it. You could even write a "SpamAssassin Rule Action" to handle this rule specially! I think does want you want. -- Martin Hepworth Oxford, UK 2009/8/27 Richard Mealing > Hi Michael, > > I am using that sanesecurity and it's great (thanks for the heads up), > however I was wondering if there is a way to forward on the spam mail to the > recipient, like spamassassins mail it goes off as per the ruleset, but > because this is clamav catching the spam it gets quarantined. > > Any thoughts? > > Many thanks, > Rich > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto: > mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour > Sent: 25 August 2009 09:04 > To: MailScanner discussion > Subject: RE: image spam again :) > > Hi Jonas, > > > From: Jonas A. Larsen > > Subject: RE: image spam again :) > > To: "'MailScanner discussion'" > > Received: Tuesday, 25 August, 2009, 4:18 PM > > > > we are seeing a lot of > > image spam again. we are running sa update and > > > > the image tings they publish / imageinfo.cf and > > others. But lately a lot > > > > is getting through. > > > > > > > > > > I hadn't noticed... use zen.spamhaus.org and > > bl.spamcop.net at SMTP time > > > along with 15 mins of greylisting for unknown > > hosts. Problem solved. > > > > > > Regards, > > > Steve. > > > > Mmmm well let's be frank Steve, that?s just simply > > entirely untrue :) > > > > The past weeks have seen a rise in image based spam, where > > many of them (the > > ones that doesn?t hit obvious rbl's etc) slip by even ocr > > plugins etc. > > > > If you take a look at the SA list you can see lots of > > people are seeing this > > new bunch of image spams and pretty penetrating. > > > > So far there's no sure fire way of stopping it if you are > > to judge by the sa > > users responses. > > > > I use spamhaus and spamcop in mta and greylist, and I've > > gotten a few of > > them myself. > > > > Many of them use the so called "flag" method where the > > image looks "wavy" > > like a flag, which is probably whats disabling the ocr > > techniques. > > > > If anybody got any advice I'd love to hear it. > > From my end, I haven't noticed any image spam getting through. But, I use > SaneSecurity clam signatures which import the MSRBL image spam definitions, > so maybe that is why? > > I don't have time to go through the virus infected emails, but I'd suggest > if you don't use SaneSecurity signatures in ClamAV, you should. > > Regards, > > Michael. > > > > > __________________________________________________________________________________ > Find local businesses and services in your area with Yahoo!7 Local. > Get started: http://local.yahoo.com.au > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090827/c09de03b/attachment.html From jcputter at centreweb.co.za Thu Aug 27 10:05:43 2009 From: jcputter at centreweb.co.za (jcputter@centreweb.co.za) Date: Thu Aug 27 10:06:01 2009 Subject: MailScanner --lint error Message-ID: <64909.196.212.34.106.1251363943.squirrel@196.212.34.107> i am using postfix+clamav+mailscanner, the system runs fine but when i run MailScanner --lint i get the following errors, maybe someone can explain to me but i did change the directory owner with postfix.postfix /var/spool/MailScanner but for some reason after restarting the mailscanner service it changes back. Thank you. http://pastebin.com/m1b280c12 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From richard at fastnet.co.uk Thu Aug 27 10:12:18 2009 From: richard at fastnet.co.uk (Richard Mealing) Date: Thu Aug 27 10:11:54 2009 Subject: image spam again :) In-Reply-To: <768671.54354.qm@web33302.mail.mud.yahoo.com> References: <768671.54354.qm@web33302.mail.mud.yahoo.com> Message-ID: >-----Original Message----- >From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour >Sent: 25 August 2009 09:04 >To: MailScanner discussion >Subject: RE: image spam again :) > >Hi Jonas, > >> From: Jonas A. Larsen >> Subject: RE: image spam again :) >> To: "'MailScanner discussion'" >> Received: Tuesday, 25 August, 2009, 4:18 PM >> > > we are seeing a lot of >> image spam again. we are running sa update and >> > > the image tings they publish / imageinfo.cf and >> others. But lately a lot >> > > is getting through. >> > > >> > >> > I hadn't noticed... use zen.spamhaus.org and >> bl.spamcop.net at SMTP time >> > along with 15 mins of greylisting for unknown >> hosts.? Problem solved. >> > >> > Regards, >> > Steve. >> >> Mmmm well let's be frank Steve, that?s just simply >> entirely untrue :) >> >> The past weeks have seen a rise in image based spam, where >> many of them (the >> ones that doesn?t hit obvious rbl's etc) slip by even ocr >> plugins etc. >> >> If you take a look at the SA list you can see lots of >> people are seeing this >> new bunch of image spams and pretty penetrating. >> >> So far there's no sure fire way of stopping it if you are >> to judge by the sa >> users responses. >> >> I use spamhaus and spamcop in mta and greylist, and I've >> gotten a few of >> them myself. >> >> Many of them use the so called "flag" method where the >> image looks "wavy" >> like a flag, which is probably whats disabling the ocr >> techniques. >> >> If anybody got any advice I'd love to hear it. > >From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why? > >I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should. > >Regards, > >Michael. Hi Michael, (now posting properly at the bottom!! Sorry..) I am using that sanesecurity and it's great (thanks for the heads up), however I was wondering if there is a way to forward on the spam mail to the recipient, like spamassassins mail it goes off as per the ruleset, but because this is clamav catching the spam it gets quarantined. Any thoughts? After testing yesterday, I found where spamassassin caught some 8,500 emails, sanesecurity did nearly 5,300 in the same time. It would be awesome if I could use this but if the mail goes to quarantine then I can see we are going to have some issues with missing mail. Many thanks, Rich __________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From Amelein at dantumadiel.eu Thu Aug 27 10:31:12 2009 From: Amelein at dantumadiel.eu (Amelein@dantumadiel.eu) Date: Thu Aug 27 10:31:34 2009 Subject: Betr.: MailScanner --lint error In-Reply-To: <64909.196.212.34.106.1251363943.squirrel@196.212.34.107> References: <64909.196.212.34.106.1251363943.squirrel@196.212.34.107> Message-ID: <4A966E800200008E0001099B@10.1.0.206> the incoming dir is set to clamav and the group does not have write permissions. This is what it shows for me on a system (FC11) with postfix as MTA (MS runs as postfix as well) drwxrwxrwt 12 postfix root 280 2009-08-27 03:24 incoming drwxr-xr-x. 3 root root 4096 2009-08-18 19:10 quarantine On an old (FC5, in serious need of replacing) system with sendmail (runs as root) it shows: drwxr----- 1123 root root 36864 Aug 27 00:03 archive drwx------ 6 root root 4096 Aug 27 11:26 incoming drwxrwx--- 1190 root apache 36864 Aug 27 00:03 quarantine the dir needs to be set to the same user as the MTA / MS runs as. - Arjan >>> Op 27-8-2009 om 11:05 is door geschreven: m1b280c12 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090827/4fd7ae8d/attachment.html From jcputter at centreweb.co.za Thu Aug 27 10:36:46 2009 From: jcputter at centreweb.co.za (jcputter@centreweb.co.za) Date: Thu Aug 27 10:37:04 2009 Subject: Betr.: MailScanner --lint error In-Reply-To: <4A966E800200008E0001099B@10.1.0.206> References: <64909.196.212.34.106.1251363943.squirrel@196.212.34.107> <4A966E800200008E0001099B@10.1.0.206> Message-ID: <19807.196.212.34.106.1251365806.squirrel@196.212.34.107> Thank you. > the incoming dir is set to clamav and the group does not have write > permissions. > This is what it shows for me on a system (FC11) with postfix as MTA (MS > runs as postfix as well) > > drwxrwxrwt 12 postfix root 280 2009-08-27 03:24 incoming > drwxr-xr-x. 3 root root 4096 2009-08-18 19:10 quarantine > > On an old (FC5, in serious need of replacing) system with sendmail (runs > as root) it shows: > > drwxr----- 1123 root root 36864 Aug 27 00:03 archive > drwx------ 6 root root 4096 Aug 27 11:26 incoming > drwxrwx--- 1190 root apache 36864 Aug 27 00:03 quarantine > the dir needs to be set to the same user as the MTA / MS runs as. > > - > Arjan > >>>> Op 27-8-2009 om 11:05 is door geschreven: > > m1b280c12 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From e.mink at remote.nl Thu Aug 27 10:43:41 2009 From: e.mink at remote.nl (Eric Mink) Date: Thu Aug 27 10:43:56 2009 Subject: Betr.: MailScanner --lint error References: <64909.196.212.34.106.1251363943.squirrel@196.212.34.107><4A966E800200008E0001099B@10.1.0.206> <19807.196.212.34.106.1251365806.squirrel@196.212.34.107> Message-ID: Hallo Bas, Heb je nog inloggegevens voor mij voor backoffice.finale.nl? Ik kan dan die .net programmeur laten zien waar het cv probleem precies zit. Met vriendelijk groet, ? ? Eric Mink ? Remote IT - Services Pascalweg 1, Postbus 256 8000 AG? Zwolle ? Telefoon: 038 - 428 44 44 Fax: 038 - 428 44 40 E-mail: servicedesk@remote.nl -----Oorspronkelijk bericht----- Van: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Namens jcputter@centreweb.co.za Verzonden: donderdag 27 augustus 2009 11:37 Aan: MailScanner discussion Onderwerp: Re: Betr.: MailScanner --lint error Thank you. > the incoming dir is set to clamav and the group does not have write > permissions. > This is what it shows for me on a system (FC11) with postfix as MTA (MS > runs as postfix as well) > > drwxrwxrwt 12 postfix root 280 2009-08-27 03:24 incoming > drwxr-xr-x. 3 root root 4096 2009-08-18 19:10 quarantine > > On an old (FC5, in serious need of replacing) system with sendmail (runs > as root) it shows: > > drwxr----- 1123 root root 36864 Aug 27 00:03 archive > drwx------ 6 root root 4096 Aug 27 11:26 incoming > drwxrwx--- 1190 root apache 36864 Aug 27 00:03 quarantine > the dir needs to be set to the same user as the MTA / MS runs as. > > - > Arjan > >>>> Op 27-8-2009 om 11:05 is door geschreven: > > m1b280c12 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From richard at fastnet.co.uk Thu Aug 27 12:16:58 2009 From: richard at fastnet.co.uk (Richard Mealing) Date: Thu Aug 27 12:16:35 2009 Subject: image spam again :) In-Reply-To: <72cf361e0908270120t264b45c6mcd2ac8d7a5330f00@mail.gmail.com> References: <768671.54354.qm@web33302.mail.mud.yahoo.com> <72cf361e0908270120t264b45c6mcd2ac8d7a5330f00@mail.gmail.com> Message-ID: Hi Martin, Thanks for this, sorry if I'm being stupid, but I'm using freebsd and I've updated my port tree, however I don't see the latest version in there - less distinfo MD5 (MailScanner-install-4.60.5-1.tar.gz) = cf1e87131f90ff7f43e1f4c1d787a245 SHA256 (MailScanner-install-4.60.5-1.tar.gz) = 1ec3fd536e05f5da0b1551cc57664bb4379e049e8243e0ed112e33325c53b994 SIZE (MailScanner-install-4.60.5-1.tar.gz) = 7704758 Can this be updated? Rich From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Martin Hepworth Sent: 27 August 2009 09:20 To: MailScanner discussion Subject: Re: image spam again :) Richard from changelog in latest beta. 3 Swapped over virus-scanning and spam-scanning code completely, so all virus-scanning code is done before spam-scanning code. It won't virus- scan "Silent Viruses" which is pretty much all of them now, so it should work okay. This allows me to introduce... 3 New feature to allow detection of "spam-viruses" which are items of spam that are reported by your virus scanner. You can set 2 new configuration options: Spam-Virus Header = X-%org-name%-MailScanner-SpamVirus-Report: Virus Names Which Are Spam = Sane*UNOFFICIAL HTML/* The names of the "spam-viruses" found are those viruses reported by your virus scanners which match any of the strings given in "Virus Names Which Are Spam". These "spam-virus" names are added to the header set by "Spam-Virus Header". You can then write a SpamAssassin rule in spam.assassin.prefs.conf which gives a score for the presence or contents of this header. I supply an example rule which adds a score of 3 if the header exists. Feel free to re-write and extend that rule! It will not work unless you customise it. You could even write a "SpamAssassin Rule Action" to handle this rule specially! I think does want you want. -- Martin Hepworth Oxford, UK 2009/8/27 Richard Mealing Hi Michael, I am using that sanesecurity and it's great (thanks for the heads up), however I was wondering if there is a way to forward on the spam mail to the recipient, like spamassassins mail it goes off as per the ruleset, but because this is clamav catching the spam it gets quarantined. Any thoughts? Many thanks, Rich -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Michael Mansour Sent: 25 August 2009 09:04 To: MailScanner discussion Subject: RE: image spam again :) Hi Jonas, > From: Jonas A. Larsen > Subject: RE: image spam again :) > To: "'MailScanner discussion'" > Received: Tuesday, 25 August, 2009, 4:18 PM > > > we are seeing a lot of > image spam again. we are running sa update and > > > the image tings they publish / imageinfo.cf and > others. But lately a lot > > > is getting through. > > > > > > > I hadn't noticed... use zen.spamhaus.org and > bl.spamcop.net at SMTP time > > along with 15 mins of greylisting for unknown > hosts. Problem solved. > > > > Regards, > > Steve. > > Mmmm well let's be frank Steve, that's just simply > entirely untrue :) > > The past weeks have seen a rise in image based spam, where > many of them (the > ones that doesn't hit obvious rbl's etc) slip by even ocr > plugins etc. > > If you take a look at the SA list you can see lots of > people are seeing this > new bunch of image spams and pretty penetrating. > > So far there's no sure fire way of stopping it if you are > to judge by the sa > users responses. > > I use spamhaus and spamcop in mta and greylist, and I've > gotten a few of > them myself. > > Many of them use the so called "flag" method where the > image looks "wavy" > like a flag, which is probably whats disabling the ocr > techniques. > > If anybody got any advice I'd love to hear it. >From my end, I haven't noticed any image spam getting through. But, I use SaneSecurity clam signatures which import the MSRBL image spam definitions, so maybe that is why? I don't have time to go through the virus infected emails, but I'd suggest if you don't use SaneSecurity signatures in ClamAV, you should. Regards, Michael. ________________________________________________________________________ __________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090827/5c7f5590/attachment.html From MailScanner at ecs.soton.ac.uk Thu Aug 27 17:56:22 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Thu Aug 27 17:56:42 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> Message-ID: I have just published the work I did last night, as described below. Please download 4.78.13 from the usual place. All the scripts and files such as /etc/sysconfig/MailScanner will now read MailScanner.conf settings with support for included files. Jules. On 27/08/2009 01:06, Jules Field wrote: > > > On 26/08/2009 21:30, Mike Wallace wrote: >> I hate to spoil your holiday but I tried 4.78.12 and still found some >> issues. >> >> 1) In my configuration I am using all of the default values in >> MailScanner.conf for these headers and %org-name% is not being inserted: >> >> Information Header >> ID Header >> Spam Header >> Envelope From Header >> >> Don't know if this is true for all default Headers that don't get >> overridden. > The %variables% are substituted when the conf files are read, ie. at > "compile time". > Otherwise, to substitute them when the value is calculated, I would > have to know exactly where each variable was set and what value the > variables all had at that time. > All I can suggest is an include line after the initial %var% setting > near the top of MailScanner.conf, which sets your values of the > %variables%. Then at the bottom you include your new local settings, > and so everything in the MailScanner.conf file (and all included > files) will inherit your values of them. > > Whenever I evaluate "MailScanner Header =" in MailScanner when it is > running, I cannot easily know exactly what %variables% were set to > what where the "MailScanner Header" was defined by you (as you > probably will have the default value + at least 1 over-ride for it). I > can only substitute all the %% stuff in when "MailScanner Header =" is > read in at the start. > > The other solution is, when you redefine a %% that is used by a whole > bunch of settings, you also redefine each of the settings that uses > it, so they all inherit *your* %% definition, and not mine. > > Sorry, but I cannot see any way around this. >> >> 2) I did not get "Spam Score Header" inserted even though "Spam >> Score = yes". > Don't know about that one, but it may be related to (1). >> >> 3) In my include I have %report-dir% = >> /etc/MailScanner/reports/myreports, this is not being overridden I am >> getting the default reports. > See (1). >> >> 4) Putting the MTA in an include file breaks >> /etc/sysconfig/MailScanner as it's extracting the MTA from >> /etc/MailScanner/MailScanner.conf. > I have written a new /usr/sbin/Quick.Peek script which is called from > all the places like /etc/sysconfig/MailScanner to search all the > included files correctly for your over-rides. >> >> That's all I've found so far. > All very much appreciated. > > Jules. > > P.S. Now I must go to bed, it's just gone 1 am ... > >> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >> >>> Correction. Teensy bug removed, which you would hopefully not hit >>> anyway, but might if your main MailScanner.conf file is very old. >>> >>> Try 4.78.12. >>> >>> On 26/08/2009 22:19, Jules Field wrote: >>>> Should be all fixed now. Sorry for the lousy testing on my part >>>> before I released 10. >>>> 11 correctly picks up %org-name% and "Run As User" when set in an >>>> included file, no problems. So all the others should work correctly >>>> now too. >>>> >>>> Please give 11 a try. >>>> >>>> As for the website, it has definitely been updated, so I suspect >>>> your browser's caching it. >>>> >>>> Cheers, >>>> Jules. >>>> >>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>> I found a couple of things >>>>> >>>>> 1) I like how MailScanner --lint shows what configuration files >>>>> were read and my configuration was read last. >>>>> 2) Found a couple of parameters that are still not being imported >>>>> from my config: >>>>> >>>>> %org-name% = >>>>> Run As User = >>>>> Run As Group = >>>>> >>>>> The org-name shows up when running --lint "ERROR: The >>>>> "envelope_sender_header" in your spam.assassin.prefs.conf is not >>>>> correct, it should match X-yoursite-MailScanner-From". In 78.9 the >>>>> message was "ERROR: The "envelope_sender_header" in your >>>>> spam.assassin.prefs.conf is not correct, it should match >>>>> X-mlrw_com-MailScanner-From". >>>>> >>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>> running as root and not postfix. >>>>> >>>>> 3) One thing to help with debugging would be if you had a command >>>>> like postconf to display what configuration parameters are being >>>>> used. Or could you guide me on how to dump the configuration. >>>>> 4) The link on the MailScanner website still shows 4.78.9 as the >>>>> current beta release. >>>>> >>>>> Thanks for the help. >>>>> >>>>> Mike >>>>> >>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>> >>>>>> Can you do me a big favour and give it a good try and report back >>>>>> if anything doesn't work? >>>>>> >>>>>> Thanks! >>>>>> Jules. >>>>>> >>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>> Jules, >>>>>>> >>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>> >>>>>>> I didn't expect any updates until next week when you got back to >>>>>>> the UK. >>>>>>> >>>>>>> You are a gentleman and a scholar. >>>>>>> >>>>>>> Mike >>>>>>> >>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>> Jules, >>>>>>>>> >>>>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>>>> this) your well deserved vacation in the States. >>>>>>>> "Enjoying" thanks :-) >>>>>>>>> >>>>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>>>> 4.78.9 and found a couple of limitations that I want to verify. >>>>>>>>> >>>>>>>>> It seems that the following parameters are ignored when in the >>>>>>>>> include file: >>>>>>>>> >>>>>>>>> %org-name% = >>>>>>>>> %org-long-name% = >>>>>>>>> %web-site% = >>>>>>>>> Run As User = >>>>>>>>> Run As Group = >>>>>>>>> MTA = >>>>>>>>> >>>>>>>>> Is this by design or a "feature"? Are their other parameters >>>>>>>>> that can't be in the include file? >>>>>>>> Fixed. >>>>>>>>> >>>>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>>>> specific configuration changes in the include file so that the >>>>>>>>> only thing I have to do to MailScanner.conf is add "include >>>>>>>>> /etc/MailScanner/config/mysite.conf". >>>>>>>>> >>>>>>>>> It would be awesome if you had "include >>>>>>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then if >>>>>>>>> the directory or and/or any files in that directory did not >>>>>>>>> exist, they would be ignored. That way those who don't want to >>>>>>>>> use it can edit the configuration file like they always have. >>>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" as >>>>>>>> that is more standard these days. >>>>>>>> There should be a little README file in that directory so it >>>>>>>> has something short to parse so the include line at the very >>>>>>>> end of MailScanner.conf won't whine that it couldn't find any >>>>>>>> files matching conf.d/*. >>>>>>>> >>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field MEng CITP CEng >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>> Need help customising MailScanner? >>>>>>>> Contact me! >>>>>>>> Need help fixing or optimising your systems? >>>>>>>> Contact me! >>>>>>>> Need help getting you started solving new requirements from >>>>>>>> your boss? >>>>>>>> Contact me! >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> This message has been scanned for viruses and dangerous content >>>>>>>> by MailScanner, and is believed to be clean. >>>>>>>> >>>>>>> >>>>>> >>>>>> Jules >>>>>> >>>>>> -- >>>>>> Julian Field MEng CITP CEng >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>> Need help customising MailScanner? >>>>>> Contact me! >>>>>> Need help fixing or optimising your systems? >>>>>> Contact me! >>>>>> Need help getting you started solving new requirements from your >>>>>> boss? >>>>>> Contact me! >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> This message has been scanned for viruses and dangerous content >>>>>> by MailScanner, and is believed to be clean. >>>>>> >>>>> >>>> >>>> Jules >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >> > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Thu Aug 27 18:11:06 2009 From: mike at mlrw.com (Mike Wallace) Date: Thu Aug 27 18:11:19 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A955002.4000809@ecs.soton.ac.uk> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> Message-ID: <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> I will try 4.78.13 latter today and let you know how is works. I figured out a way to get around the first issue and third issues. I can either edit all of the %variables% in MailScanner.conf or add "include /etc/MailScanner/site.conf" to MailScanner.conf after the variables to define them and eliminate them in the conf.d include. The variable fix did not fix the "Spam Score Header" not being inserted. Mike On Aug 27, 2009, at 12:56 PM, Jules Field wrote: > I have just published the work I did last night, as described below. > Please download 4.78.13 from the usual place. > > All the scripts and files such as /etc/sysconfig/MailScanner will > now read MailScanner.conf settings with support for included files. > > Jules. > > On 27/08/2009 01:06, Jules Field wrote: >> >> >> On 26/08/2009 21:30, Mike Wallace wrote: >>> I hate to spoil your holiday but I tried 4.78.12 and still found >>> some issues. >>> >>> 1) In my configuration I am using all of the default values in >>> MailScanner.conf for these headers and %org-name% is not being >>> inserted: >>> >>> Information Header >>> ID Header >>> Spam Header >>> Envelope From Header >>> >>> Don't know if this is true for all default Headers that don't get >>> overridden. >> The %variables% are substituted when the conf files are read, ie. >> at "compile time". >> Otherwise, to substitute them when the value is calculated, I would >> have to know exactly where each variable was set and what value the >> variables all had at that time. >> All I can suggest is an include line after the initial %var% >> setting near the top of MailScanner.conf, which sets your values of >> the %variables%. Then at the bottom you include your new local >> settings, and so everything in the MailScanner.conf file (and all >> included files) will inherit your values of them. >> >> Whenever I evaluate "MailScanner Header =" in MailScanner when it >> is running, I cannot easily know exactly what %variables% were set >> to what where the "MailScanner Header" was defined by you (as you >> probably will have the default value + at least 1 over-ride for >> it). I can only substitute all the %% stuff in when "MailScanner >> Header =" is read in at the start. >> >> The other solution is, when you redefine a %% that is used by a >> whole bunch of settings, you also redefine each of the settings >> that uses it, so they all inherit *your* %% definition, and not mine. >> >> Sorry, but I cannot see any way around this. >>> >>> 2) I did not get "Spam Score Header" inserted even though "Spam >>> Score = yes". >> Don't know about that one, but it may be related to (1). >>> >>> 3) In my include I have %report-dir% = /etc/MailScanner/reports/ >>> myreports, this is not being overridden I am getting the default >>> reports. >> See (1). >>> >>> 4) Putting the MTA in an include file breaks /etc/sysconfig/ >>> MailScanner as it's extracting the MTA from /etc/MailScanner/ >>> MailScanner.conf. >> I have written a new /usr/sbin/Quick.Peek script which is called >> from all the places like /etc/sysconfig/MailScanner to search all >> the included files correctly for your over-rides. >>> >>> That's all I've found so far. >> All very much appreciated. >> >> Jules. >> >> P.S. Now I must go to bed, it's just gone 1 am ... >> >>> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >>> >>>> Correction. Teensy bug removed, which you would hopefully not hit >>>> anyway, but might if your main MailScanner.conf file is very old. >>>> >>>> Try 4.78.12. >>>> >>>> On 26/08/2009 22:19, Jules Field wrote: >>>>> Should be all fixed now. Sorry for the lousy testing on my part >>>>> before I released 10. >>>>> 11 correctly picks up %org-name% and "Run As User" when set in >>>>> an included file, no problems. So all the others should work >>>>> correctly now too. >>>>> >>>>> Please give 11 a try. >>>>> >>>>> As for the website, it has definitely been updated, so I suspect >>>>> your browser's caching it. >>>>> >>>>> Cheers, >>>>> Jules. >>>>> >>>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>>> I found a couple of things >>>>>> >>>>>> 1) I like how MailScanner --lint shows what configuration files >>>>>> were read and my configuration was read last. >>>>>> 2) Found a couple of parameters that are still not being >>>>>> imported from my config: >>>>>> >>>>>> %org-name% = >>>>>> Run As User = >>>>>> Run As Group = >>>>>> >>>>>> The org-name shows up when running --lint "ERROR: The >>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf is >>>>>> not correct, it should match X-yoursite-MailScanner-From". In >>>>>> 78.9 the message was "ERROR: The "envelope_sender_header" in >>>>>> your spam.assassin.prefs.conf is not correct, it should match X- >>>>>> mlrw_com-MailScanner-From". >>>>>> >>>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>>> running as root and not postfix. >>>>>> >>>>>> 3) One thing to help with debugging would be if you had a >>>>>> command like postconf to display what configuration parameters >>>>>> are being used. Or could you guide me on how to dump the >>>>>> configuration. >>>>>> 4) The link on the MailScanner website still shows 4.78.9 as >>>>>> the current beta release. >>>>>> >>>>>> Thanks for the help. >>>>>> >>>>>> Mike >>>>>> >>>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>>> >>>>>>> Can you do me a big favour and give it a good try and report >>>>>>> back if anything doesn't work? >>>>>>> >>>>>>> Thanks! >>>>>>> Jules. >>>>>>> >>>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>>> Jules, >>>>>>>> >>>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>>> >>>>>>>> I didn't expect any updates until next week when you got back >>>>>>>> to the UK. >>>>>>>> >>>>>>>> You are a gentleman and a scholar. >>>>>>>> >>>>>>>> Mike >>>>>>>> >>>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>>> Jules, >>>>>>>>>> >>>>>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>>>>> this) your well deserved vacation in the States. >>>>>>>>> "Enjoying" thanks :-) >>>>>>>>>> >>>>>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>>>>> 4.78.9 and found a couple of limitations that I want to >>>>>>>>>> verify. >>>>>>>>>> >>>>>>>>>> It seems that the following parameters are ignored when in >>>>>>>>>> the include file: >>>>>>>>>> >>>>>>>>>> %org-name% = >>>>>>>>>> %org-long-name% = >>>>>>>>>> %web-site% = >>>>>>>>>> Run As User = >>>>>>>>>> Run As Group = >>>>>>>>>> MTA = >>>>>>>>>> >>>>>>>>>> Is this by design or a "feature"? Are their other >>>>>>>>>> parameters that can't be in the include file? >>>>>>>>> Fixed. >>>>>>>>>> >>>>>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>>>>> specific configuration changes in the include file so that >>>>>>>>>> the only thing I have to do to MailScanner.conf is add >>>>>>>>>> "include /etc/MailScanner/config/mysite.conf". >>>>>>>>>> >>>>>>>>>> It would be awesome if you had "include /etc/MailScanner/ >>>>>>>>>> config/*.conf" in MailScanner.conf. Then if the directory >>>>>>>>>> or and/or any files in that directory did not exist, they >>>>>>>>>> would be ignored. That way those who don't want to use it >>>>>>>>>> can edit the configuration file like they always have. >>>>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" >>>>>>>>> as that is more standard these days. >>>>>>>>> There should be a little README file in that directory so it >>>>>>>>> has something short to parse so the include line at the very >>>>>>>>> end of MailScanner.conf won't whine that it couldn't find >>>>>>>>> any files matching conf.d/*. >>>>>>>>> >>>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>> www.MailScanner.info >>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>> >>>>>>>>> Need help customising MailScanner? >>>>>>>>> Contact me! >>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>> Contact me! >>>>>>>>> Need help getting you started solving new requirements from >>>>>>>>> your boss? >>>>>>>>> Contact me! >>>>>>>>> >>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >>>>>>>>> B654 >>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> MailScanner mailing list >>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>> >>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>> website! >>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> -- >>>>>>> Julian Field MEng CITP CEng >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> Need help customising MailScanner? >>>>>>> Contact me! >>>>>>> Need help fixing or optimising your systems? >>>>>>> Contact me! >>>>>>> Need help getting you started solving new requirements from >>>>>>> your boss? >>>>>>> Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> This message has been scanned for viruses and dangerous >>>>>>> content by MailScanner, and is believed to be clean. >>>>>>> >>>>>> >>>>> >>>>> Jules >>>>> >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your >>>> boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> This message has been scanned for viruses and dangerous content >>>> by MailScanner, and is believed to be clean. >>>> >>> >> >> Jules >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From MailScanner at ecs.soton.ac.uk Fri Aug 28 01:51:55 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 28 01:52:16 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> <4A972A2B.8080309@ecs.soton.ac.uk> Message-ID: On 27/08/2009 13:11, Mike Wallace wrote: > I will try 4.78.13 latter today and let you know how is works. > > I figured out a way to get around the first issue and third issues. I > can either edit all of the %variables% in MailScanner.conf or add > "include /etc/MailScanner/site.conf" to MailScanner.conf after the > variables to define them and eliminate them in the conf.d include. I figured you would do that. > > The variable fix did not fix the "Spam Score Header" not being inserted. Interesting. I'll have to take a look at that one again, but probably not tonight. > > Mike > > > On Aug 27, 2009, at 12:56 PM, Jules Field wrote: > >> I have just published the work I did last night, as described below. >> Please download 4.78.13 from the usual place. >> >> All the scripts and files such as /etc/sysconfig/MailScanner will now >> read MailScanner.conf settings with support for included files. >> >> Jules. >> >> On 27/08/2009 01:06, Jules Field wrote: >>> >>> >>> On 26/08/2009 21:30, Mike Wallace wrote: >>>> I hate to spoil your holiday but I tried 4.78.12 and still found >>>> some issues. >>>> >>>> 1) In my configuration I am using all of the default values in >>>> MailScanner.conf for these headers and %org-name% is not being >>>> inserted: >>>> >>>> Information Header >>>> ID Header >>>> Spam Header >>>> Envelope From Header >>>> >>>> Don't know if this is true for all default Headers that don't get >>>> overridden. >>> The %variables% are substituted when the conf files are read, ie. at >>> "compile time". >>> Otherwise, to substitute them when the value is calculated, I would >>> have to know exactly where each variable was set and what value the >>> variables all had at that time. >>> All I can suggest is an include line after the initial %var% setting >>> near the top of MailScanner.conf, which sets your values of the >>> %variables%. Then at the bottom you include your new local settings, >>> and so everything in the MailScanner.conf file (and all included >>> files) will inherit your values of them. >>> >>> Whenever I evaluate "MailScanner Header =" in MailScanner when it is >>> running, I cannot easily know exactly what %variables% were set to >>> what where the "MailScanner Header" was defined by you (as you >>> probably will have the default value + at least 1 over-ride for it). >>> I can only substitute all the %% stuff in when "MailScanner Header >>> =" is read in at the start. >>> >>> The other solution is, when you redefine a %% that is used by a >>> whole bunch of settings, you also redefine each of the settings that >>> uses it, so they all inherit *your* %% definition, and not mine. >>> >>> Sorry, but I cannot see any way around this. >>>> >>>> 2) I did not get "Spam Score Header" inserted even though "Spam >>>> Score = yes". >>> Don't know about that one, but it may be related to (1). >>>> >>>> 3) In my include I have %report-dir% = >>>> /etc/MailScanner/reports/myreports, this is not being overridden I >>>> am getting the default reports. >>> See (1). >>>> >>>> 4) Putting the MTA in an include file breaks >>>> /etc/sysconfig/MailScanner as it's extracting the MTA from >>>> /etc/MailScanner/MailScanner.conf. >>> I have written a new /usr/sbin/Quick.Peek script which is called >>> from all the places like /etc/sysconfig/MailScanner to search all >>> the included files correctly for your over-rides. >>>> >>>> That's all I've found so far. >>> All very much appreciated. >>> >>> Jules. >>> >>> P.S. Now I must go to bed, it's just gone 1 am ... >>> >>>> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >>>> >>>>> Correction. Teensy bug removed, which you would hopefully not hit >>>>> anyway, but might if your main MailScanner.conf file is very old. >>>>> >>>>> Try 4.78.12. >>>>> >>>>> On 26/08/2009 22:19, Jules Field wrote: >>>>>> Should be all fixed now. Sorry for the lousy testing on my part >>>>>> before I released 10. >>>>>> 11 correctly picks up %org-name% and "Run As User" when set in an >>>>>> included file, no problems. So all the others should work >>>>>> correctly now too. >>>>>> >>>>>> Please give 11 a try. >>>>>> >>>>>> As for the website, it has definitely been updated, so I suspect >>>>>> your browser's caching it. >>>>>> >>>>>> Cheers, >>>>>> Jules. >>>>>> >>>>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>>>> I found a couple of things >>>>>>> >>>>>>> 1) I like how MailScanner --lint shows what configuration files >>>>>>> were read and my configuration was read last. >>>>>>> 2) Found a couple of parameters that are still not being >>>>>>> imported from my config: >>>>>>> >>>>>>> %org-name% = >>>>>>> Run As User = >>>>>>> Run As Group = >>>>>>> >>>>>>> The org-name shows up when running --lint "ERROR: The >>>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf is not >>>>>>> correct, it should match X-yoursite-MailScanner-From". In 78.9 >>>>>>> the message was "ERROR: The "envelope_sender_header" in your >>>>>>> spam.assassin.prefs.conf is not correct, it should match >>>>>>> X-mlrw_com-MailScanner-From". >>>>>>> >>>>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>>>> running as root and not postfix. >>>>>>> >>>>>>> 3) One thing to help with debugging would be if you had a >>>>>>> command like postconf to display what configuration parameters >>>>>>> are being used. Or could you guide me on how to dump the >>>>>>> configuration. >>>>>>> 4) The link on the MailScanner website still shows 4.78.9 as the >>>>>>> current beta release. >>>>>>> >>>>>>> Thanks for the help. >>>>>>> >>>>>>> Mike >>>>>>> >>>>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>>>> >>>>>>>> Can you do me a big favour and give it a good try and report >>>>>>>> back if anything doesn't work? >>>>>>>> >>>>>>>> Thanks! >>>>>>>> Jules. >>>>>>>> >>>>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>>>> Jules, >>>>>>>>> >>>>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>>>> >>>>>>>>> I didn't expect any updates until next week when you got back >>>>>>>>> to the UK. >>>>>>>>> >>>>>>>>> You are a gentleman and a scholar. >>>>>>>>> >>>>>>>>> Mike >>>>>>>>> >>>>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>>>> Jules, >>>>>>>>>>> >>>>>>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>>>>>> this) your well deserved vacation in the States. >>>>>>>>>> "Enjoying" thanks :-) >>>>>>>>>>> >>>>>>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>>>>>> 4.78.9 and found a couple of limitations that I want to verify. >>>>>>>>>>> >>>>>>>>>>> It seems that the following parameters are ignored when in >>>>>>>>>>> the include file: >>>>>>>>>>> >>>>>>>>>>> %org-name% = >>>>>>>>>>> %org-long-name% = >>>>>>>>>>> %web-site% = >>>>>>>>>>> Run As User = >>>>>>>>>>> Run As Group = >>>>>>>>>>> MTA = >>>>>>>>>>> >>>>>>>>>>> Is this by design or a "feature"? Are their other parameters >>>>>>>>>>> that can't be in the include file? >>>>>>>>>> Fixed. >>>>>>>>>>> >>>>>>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>>>>>> specific configuration changes in the include file so that >>>>>>>>>>> the only thing I have to do to MailScanner.conf is add >>>>>>>>>>> "include /etc/MailScanner/config/mysite.conf". >>>>>>>>>>> >>>>>>>>>>> It would be awesome if you had "include >>>>>>>>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then >>>>>>>>>>> if the directory or and/or any files in that directory did >>>>>>>>>>> not exist, they would be ignored. That way those who don't >>>>>>>>>>> want to use it can edit the configuration file like they >>>>>>>>>>> always have. >>>>>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" as >>>>>>>>>> that is more standard these days. >>>>>>>>>> There should be a little README file in that directory so it >>>>>>>>>> has something short to parse so the include line at the very >>>>>>>>>> end of MailScanner.conf won't whine that it couldn't find any >>>>>>>>>> files matching conf.d/*. >>>>>>>>>> >>>>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>>>> >>>>>>>>>> Jules >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>> www.MailScanner.info >>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>> >>>>>>>>>> Need help customising MailScanner? >>>>>>>>>> Contact me! >>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>> Contact me! >>>>>>>>>> Need help getting you started solving new requirements from >>>>>>>>>> your boss? >>>>>>>>>> Contact me! >>>>>>>>>> >>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> MailScanner mailing list >>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>> >>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field MEng CITP CEng >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>> Need help customising MailScanner? >>>>>>>> Contact me! >>>>>>>> Need help fixing or optimising your systems? >>>>>>>> Contact me! >>>>>>>> Need help getting you started solving new requirements from >>>>>>>> your boss? >>>>>>>> Contact me! >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> This message has been scanned for viruses and dangerous content >>>>>>>> by MailScanner, and is believed to be clean. >>>>>>>> >>>>>>> >>>>>> >>>>>> Jules >>>>>> >>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> This message has been scanned for viruses and dangerous content by >>>>> MailScanner, and is believed to be clean. >>>>> >>>> >>> >>> Jules >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From jonas at techbiz.dk Fri Aug 28 09:44:18 2009 From: jonas at techbiz.dk (Jonas Akrouh Larsen) Date: Fri Aug 28 09:44:32 2009 Subject: TNEF corruption and crashes and massive problems after upgrading to 4.78.9 Message-ID: <002401ca27bb$bb4a0b40$31de21c0$@dk> Hello all. I was glad to see that the processing db feature to prevent mails which would crash mailscanner or one of its module was added in the version from topic. However after having run this beta for about 2 weeks, I got massive problems in contrast to the old version I ran before that (4.74.16-1) Before I used to get a problematic mails which would hold up the queues maybe once every 6 months or so, while very annoying it did not happen often at all. However since I upgraded, I get about 2-6 every day which are placed in the processing queue. So on the up side the processing database is doing precisely what it was made for, preventing MailScanner crashes from holding up queue?s, as the problem mails are removed after X number of tries. The downside is of course that these mails are not delivery, and its almost always ham mails, so it?s annoying for the users. It seems from my first look aty the problem that it seems to be the tnef expanding part that fails. Now I?ve always used: Expand TNEF = yes Use TNEF Contents = replace TNEF Expander = internal Deliver Unparsable TNEF = no Which has worked well both in terms of not crashing and removing those annoying winmail.dat files. Are these variable values the recommended values? What are everyone else using? And is anybody using the new beta with success on a faily active system (like at least 1000 mails a day) My systems details are below: scanner0:/var/log# /opt/MailScanner/bin/MailScanner -V Running on Linux scanner0 2.6.26-2-686-bigmem #1 SMP Fri Aug 14 01:52:30 UTC 2009 i686 GNU/Linux This is Perl version 5.010000 (5.10.0) This is MailScanner version 4.78.9 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.08 Carp 2.012 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.125 Data::Dumper 2.27 Date::Parse 1.01 DirHandle 1.06 Fcntl 2.76 File::Basename 2.11 File::Copy 2.01 FileHandle 2.07 File::Path 0.22 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.25 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.08 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.08 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.18 OLE::Storage_Lite 1.04 Pod::Escapes 3.08 Pod::Simple 1.13 POSIX 1.21 Scalar::Util 1.80 Socket 2.21 Storable 1.4 Sys::Hostname::Long 0.26 Sys::Syslog 1.40 Test::Pod 0.92 Test::Simple 1.9719 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.52 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.15 Data::Dump 1.816_1 DB_File 1.25 DBD::SQLite 1.605 DBI 1.16 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.11 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.2603 ExtUtils::CBuilder 2.2002 ExtUtils::ParseXS 2.38 Getopt::Long 0.45 Inline 1.08 IO::String 1.10 IO::Zlib 2.27 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin v2.006 Mail::SPF 1.999001 Mail::SPF::Query 0.340201 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.39 Net::LDAP 4.027 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 3.17 Test::Harness 1.23 Test::Manifest 2.02 Text::Balanced 1.40 URI 0.77 version 0.70 YAML scanner0:/var/log# Hope somebody have some comments/sugestions. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090828/88fe84e1/attachment.html From ja at conviator.com Fri Aug 28 09:44:09 2009 From: ja at conviator.com (Jan Agermose) Date: Fri Aug 28 09:44:55 2009 Subject: image spam again :) In-Reply-To: <000601ca2562$fe5b75f0$fb1261d0$@dk> References: <768671.54354.qm@web33302.mail.mud.yahoo.com> <000601ca2562$fe5b75f0$fb1261d0$@dk> Message-ID: hi this "latest addition" of julians is in the beta you mean? or is it already in a stable release? > > I don't have time to go through the virus infected emails, but I'd suggest > if you don't use SaneSecurity signatures in ClamAV, you should. > > Regards, > > Michael. > I did deploy all the 3rd party clamav sigs as a test last week, and they are doing great. Thanks to julians latest addition I can score them in SA instaid of blocking them completely, so I wont be so vulnerable to FP's. I'm using bill landry's script to pull all of them auto. They do hit on a part of the new image spams. But not all of them unfortunately. But the problem would definitely be bigger without the 3rd party sigs. From jonas at vrt.dk Fri Aug 28 10:28:25 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Fri Aug 28 10:28:37 2009 Subject: image spam again :) In-Reply-To: References: <768671.54354.qm@web33302.mail.mud.yahoo.com> <000601ca2562$fe5b75f0$fb1261d0$@dk> Message-ID: <003001ca27c1$e4c27100$ae475300$@dk> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Jan Agermose > Sent: 28. august 2009 10:44 > To: MailScanner discussion > Subject: RE: image spam again :) > > hi > > this "latest addition" of julians is in the beta you mean? or is it > already in a stable release? > Well i've been running it for ~2 weeks and the clamav 3rd party sigs scoring works great so far, no issues on that front at all. I do have other issues with the new beta though, whether it's just on my end or if it?s a problem with the beta remains to be seen. (I just wrote a mail about it actually, about the tnef issues) So personally I wouldn?t call it stable just yet (its labeled as beta by Julian as well) But ymmv. > > > > I did deploy all the 3rd party clamav sigs as a test last week, and they > are doing great. Thanks to julians latest addition I can score them in SA > instaid of blocking them completely, so I wont be so vulnerable to FP's. > I'm using bill landry's script to pull all of them auto. > > They do hit on a part of the new image spams. But not all of them > unfortunately. But the problem would definitely be bigger without the 3rd > party sigs. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From edward.prendergast at netring.co.uk Fri Aug 28 10:44:12 2009 From: edward.prendergast at netring.co.uk (Edward Prendergast) Date: Fri Aug 28 10:44:16 2009 Subject: Perl module RPM package dependency problem Message-ID: <4A97A6EC.2000307@netring.co.uk> Hi, I'm not sure if this is a MailScanner package installer problem, a CentOS problem or a rpmforge issue. I'm running into problems upgrading CentOS 5.3 and I think it might be down to a conflict between the MailScanner provided RPM packages and those coming from the distribution. The error transcript from yum is as follows: Transaction Check Error: file /usr/share/man/man3/Test::Builder.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::Builder::Module.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::Builder::Tester.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::More.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::Simple.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Test::Tutorial.3pm.gz conflicts between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted installs of perl-bignum-0.23-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/bignum.3pm.gz conflicts between attempted installs of perl-bignum-0.23-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/bigrat.3pm.gz conflicts between attempted installs of perl-bignum-0.23-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 file /usr/share/man/man3/Math::BigRat.3pm.gz conflicts between attempted installs of perl-Math-BigRat-0.22-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 I'm running MailScanner-4.77.10-1. Thanks, Edward ************ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. ************ From MailScanner at ecs.soton.ac.uk Fri Aug 28 14:07:18 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 28 14:07:38 2009 Subject: TNEF corruption and crashes and massive problems after upgrading to 4.78.9 In-Reply-To: <002401ca27bb$bb4a0b40$31de21c0$@dk> References: <002401ca27bb$bb4a0b40$31de21c0$@dk> <4A97D686.4020409@ecs.soton.ac.uk> Message-ID: On 28/08/2009 04:44, Jonas Akrouh Larsen wrote: > > Hello all. > > I was glad to see that the processing db feature to prevent mails > which would crash mailscanner or one of its module was added in the > version from topic. > > However after having run this beta for about 2 weeks, I got massive > problems in contrast to the old version I ran before that (4.74.16-1) > > Before I used to get a problematic mails which would hold up the > queues maybe once every 6 months or so, while very annoying it did not > happen often at all. > > However since I upgraded, I get about 2-6 every day which are placed > in the processing queue. > > So on the up side the processing database is doing precisely what it > was made for, preventing MailScanner crashes from holding up queue?s, > as the problem mails are removed after X number of tries. > > The downside is of course that these mails are not delivery, and its > almost always ham mails, so it?s annoying for the users. > > It seems from my first look aty the problem that it seems to be the > tnef expanding part that fails. Now I?ve always used: > > Expand TNEF = yes > > Use TNEF Contents = replace > > TNEF Expander = internal > > Deliver Unparsable TNEF = no > > Which has worked well both in terms of not crashing and removing those > annoying winmail.dat files. > > Are these variable values the recommended values? What are everyone > else using? > I would try "TNEF Expander = external". > And is anybody using the new beta with success on a faily active > system (like at least 1000 mails a day) > > My systems details are below: > > scanner0:/var/log# /opt/MailScanner/bin/MailScanner -V > > Running on > > Linux scanner0 2.6.26-2-686-bigmem #1 SMP Fri Aug 14 01:52:30 UTC 2009 > i686 GNU/Linux > > This is Perl version 5.010000 (5.10.0) > > This is MailScanner version 4.78.9 > > Module versions are: > > 1.00 AnyDBM_File > > 1.30 Archive::Zip > > 0.23 bignum > > 1.08 Carp > > 2.012 Compress::Zlib > > 1.119 Convert::BinHex > > 0.17 Convert::TNEF > > 2.125 Data::Dumper > > 2.27 Date::Parse > > 1.01 DirHandle > > 1.06 Fcntl > > 2.76 File::Basename > > 2.11 File::Copy > > 2.01 FileHandle > > 2.07 File::Path > > 0.22 File::Temp > > 0.92 Filesys::Df > > 1.35 HTML::Entities > > 3.56 HTML::Parser > > 2.37 HTML::TokeParser > > 1.25 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.04 Mail::Header > > 1.89 Math::BigInt > > 0.22 Math::BigRat > > 3.08 MIME::Base64 > > 5.427 MIME::Decoder > > 5.427 MIME::Decoder::UU > > 5.427 MIME::Head > > 5.427 MIME::Parser > > 3.08 MIME::QuotedPrint > > 5.427 MIME::Tools > > 0.13 Net::CIDR > > 1.25 Net::IP > > 0.18 OLE::Storage_Lite > > 1.04 Pod::Escapes > > 3.08 Pod::Simple > > 1.13 POSIX > > 1.21 Scalar::Util > > 1.80 Socket > > 2.21 Storable > > 1.4 Sys::Hostname::Long > > 0.26 Sys::Syslog > > 1.40 Test::Pod > > 0.92 Test::Simple > > 1.9719 Time::HiRes > > 1.02 Time::localtime > > Optional module versions are: > > 1.52 Archive::Tar > > 0.23 bignum > > 2.05 Business::ISBN > > 20081208 Business::ISBN::Data > > 1.15 Data::Dump > > 1.816_1 DB_File > > 1.25 DBD::SQLite > > 1.605 DBI > > 1.16 Digest > > 1.01 Digest::HMAC > > 2.39 Digest::MD5 > > 2.11 Digest::SHA1 > > 1.01 Encode::Detect > > 0.17015 Error > > 0.2603 ExtUtils::CBuilder > > 2.2002 ExtUtils::ParseXS > > 2.38 Getopt::Long > > 0.45 Inline > > 1.08 IO::String > > 1.10 IO::Zlib > > 2.27 IP::Country > > missing Mail::ClamAV > > 3.002005 Mail::SpamAssassin > > v2.006 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.340201 Module::Build > > 0.20 Net::CIDR::Lite > > 0.63 Net::DNS > > v0.003 Net::DNS::Resolver::Programmable > > 0.39 Net::LDAP > > 4.027 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 3.17 Test::Harness > > 1.23 Test::Manifest > > 2.02 Text::Balanced > > 1.40 URI > > 0.77 version > > 0.70 YAML > > scanner0:/var/log# > > Hope somebody have some comments/sugestions. > > Med venlig hilsen / Best regards > > Jonas Akrouh Larsen > > TechBiz ApS > > Laplandsgade 4, 2. sal > > 2300 K?benhavn S > > Office: 7020 0979 > > Direct: 3336 9974 > > Mobile: 5120 1096 > > Fax: 7020 0978 > > Web: www.techbiz.dk > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Fri Aug 28 14:27:05 2009 From: mike at mlrw.com (Mike Wallace) Date: Fri Aug 28 14:27:16 2009 Subject: Perl module RPM package dependency problem In-Reply-To: <4A97A6EC.2000307@netring.co.uk> References: <4A97A6EC.2000307@netring.co.uk> Message-ID: <9CBDCEA4-2FBF-462F-ADBF-B84BE319A072@mlrw.com> Edward, Yes, it is a rpmforge issue with the packages installed by MailScanner. What I do is disable rpmforge for yum updates and then manually enable rpmforge to update specific packages like clamav and clamd. Mike On Aug 28, 2009, at 5:44 AM, Edward Prendergast wrote: > Hi, > > I'm not sure if this is a MailScanner package installer problem, a > CentOS problem or a rpmforge issue. > > I'm running into problems upgrading CentOS 5.3 and I think it might > be down to a conflict between the MailScanner provided RPM packages > and those coming from the distribution. > > The error transcript from yum is as follows: > > Transaction Check Error: > file /usr/share/man/man3/Test::Builder.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::Builder::Module.3pm.gz conflicts > between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch > and perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::Builder::Tester.3pm.gz conflicts > between attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch > and perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::Builder::Tester::Color.3pm.gz > conflicts between attempted installs of perl-Test- > Simple-0.92-1.el5.rf.noarch and perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::More.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::Simple.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Test::Tutorial.3pm.gz conflicts between > attempted installs of perl-Test-Simple-0.92-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/bigint.3pm.gz conflicts between attempted > installs of perl-bignum-0.23-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/bignum.3pm.gz conflicts between attempted > installs of perl-bignum-0.23-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/bigrat.3pm.gz conflicts between attempted > installs of perl-bignum-0.23-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > file /usr/share/man/man3/Math::BigRat.3pm.gz conflicts between > attempted installs of perl-Math-BigRat-0.22-1.el5.rf.noarch and > perl-5.8.8-18.el5_3.1.i386 > > I'm running MailScanner-4.77.10-1. > > Thanks, > Edward > > ************ > The information in this email is confidential and may be legally > privileged. > It is intended solely for the addressee. Access to this email by > anyone else > is unauthorised. If you are not the intended recipient, any action > taken or > omitted to be taken in reliance on it, any form of reproduction, > dissemination, copying, disclosure, modification, distribution and/or > publication of this E-mail message is strictly prohibited and may be > unlawful. If you have received this E-mail message in error, please > notify > us immediately. Please also destroy and delete the message from your > computer. > ************ > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From damfam at gmail.com Fri Aug 28 15:13:02 2009 From: damfam at gmail.com (Edward Dam) Date: Fri Aug 28 15:13:11 2009 Subject: MailScanner and password protected archives Message-ID: <65a7d0f30908280713w412c9f7eg3a417d1f89f94103@mail.gmail.com> Hello, We are running into the exact same issue with MailScanner version 4.65.3 with password protected archives. When *Allow Password-Protected Archives = no*, MailScanner does not send the recipient a notification, and the password protected archive is not retained (we can?t release it from quarantine) When *Allow Password-Protected Archives = yes*, MailScanner just allows the attachment through as a blanket rule. We?d like to see some middle ground. The ability (like with other attachments) for it to be quarantined, and we release the one(s) we deem legit to recipients while blocking the rest. Can this be accomplished? I understand altering the ?*Keep Spam And MCP Archive Clean = Yes*? to ?*No*? would produce this behavior, but it would also quarantine and save all attachments with viruses as well ? which is not a desired effect. So basically I am asking if there is a way to configure MailScanner to quarantine password protected archives, WITHOUT affecting the other settings of MailScanner on a system wide basis (like the Keep Spam And MCP Archive Clean? change would do) Thank you for your time Ed Dam -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090828/2e9daedc/attachment.html From jaearick at colby.edu Fri Aug 28 15:19:22 2009 From: jaearick at colby.edu (Jeff A. Earickson) Date: Fri Aug 28 15:19:36 2009 Subject: does MailScanner use port 587? Message-ID: Julian, A brain cramp here... Does it make any difference to MailScanner if sendmail listens on both ports 25 and 587? Does MailScanner treat email via 587 any differently than email from port 25? Advice on using port 587 (or not) please? The flow is sendmail-in -> MailScanner -> sendmail -> delivery, so I wouldn't think that port numbers would matter, right? Jeff Earickson Colby College From GSilver at rampuptech.com Fri Aug 28 15:23:57 2009 From: GSilver at rampuptech.com (Gavin Silver) Date: Fri Aug 28 15:24:09 2009 Subject: User managed whitelist/blacklist via email Message-ID: I have mailscanner running as a mail gateway right now, relaying mail for a few different domains/servers. What I would like to accomplish is a way for users to manage their own whitelist/blacklist via a email address or folders. I had an idea that it would work like this: Users gets message tagged as spam that is not spam. User forwards the message to notspam@usercompany.com (which is only allowed to receive mail locally from usercompany.com). notspam@usercompany.com is aliased for whitelist[SomeLongString]@myMailGateway.com. It gets the message, strips the original "from" address somehow. Runs a SQL method that inserts into the whitelist ["from" -> user@usercompany.com] And the same scenario for blacklist. I would obviously need to put in some checks or even just have the method remove any identical entries from both the whitelist and the blacklist before adding to either. If anyone has implemented something like this (or perhaps something simpler that serves the same purpose!) please let me know. If not, let me know if I should follow this email up after/if I succeed with what I did if you think it would be helpful to you. Cheers ---------------------------------- Gavin Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090828/013838c7/attachment.html From MailScanner at ecs.soton.ac.uk Fri Aug 28 17:09:48 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 28 17:10:07 2009 Subject: MailScanner and password protected archives In-Reply-To: <65a7d0f30908280713w412c9f7eg3a417d1f89f94103@mail.gmail.com> References: <65a7d0f30908280713w412c9f7eg3a417d1f89f94103@mail.gmail.com> <4A98014C.6020606@ecs.soton.ac.uk> Message-ID: What do you have set in "Silent Viruses" and "Non-Forging Viruses"? From the docs in MailScanner.conf, either of these settings can contain this keyword: # Zip-Password : inserting this will stop senders being warned about # password-protected zip files, when they are not allowed. # This keyword is not needed if you include All-Viruses. However, there is a note on the end of the doc for the "All-Viruses" keyword: "This includes Zip-Password so you don't need to include both." If you are treating "Zip-Password" as a silent virus, then no-one will get any notifications and the message will not be quarantined. What you want to do is add "Zip-Password" to the "Non-Forging Viruses" list, so it treats all viruses as silent, except for password-protected archives which will still generate a recipient report and a quarantined copy. Hope that makes some sense! Jules. On 28/08/2009 10:13, Edward Dam wrote: > > Hello, > > We are running into the exact same issue with MailScanner version > 4.65.3 with password protected archives. > > When *Allow Password-Protected Archives = no*, MailScanner does not > send the recipient a notification, and the password protected archive > is not retained (we can?t release it from quarantine) > > When *Allow Password-Protected Archives = yes*, MailScanner just > allows the attachment through as a blanket rule. > > We?d like to see some middle ground. The ability (like with other > attachments) for it to be quarantined, and we release the one(s) we > deem legit to recipients while blocking the rest. > > Can this be accomplished? > > I understand altering the ?*Keep Spam And MCP Archive Clean = Yes*? to > ?*No*? would produce this behavior, but it would also quarantine and > save all attachments with viruses as well ? which is not a desired effect. > > So basically I am asking if there is a way to configure MailScanner to > quarantine password protected archives, WITHOUT affecting the other > settings of MailScanner on a system wide basis (like the Keep Spam And > MCP Archive Clean? change would do) > > Thank you for your time > > Ed Dam > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Aug 28 17:10:19 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Fri Aug 28 17:10:38 2009 Subject: does MailScanner use port 587? In-Reply-To: References: <4A98016B.9040508@ecs.soton.ac.uk> Message-ID: No difference whatsoever. MailScanner doesn't care where the message came from. On 28/08/2009 10:19, Jeff A. Earickson wrote: > Julian, > > A brain cramp here... Does it make any difference to MailScanner > if sendmail listens on both ports 25 and 587? Does MailScanner > treat email via 587 any differently than email from port 25? > Advice on using port 587 (or not) please? > > The flow is sendmail-in -> MailScanner -> sendmail -> delivery, > so I wouldn't think that port numbers would matter, right? > > Jeff Earickson > Colby College Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rlopezcnm at gmail.com Fri Aug 28 17:52:57 2009 From: rlopezcnm at gmail.com (Robert Lopez) Date: Fri Aug 28 17:53:12 2009 Subject: wiki page questions Message-ID: I have a few questions related to this page: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail Why is "cp" used instead of "mv"? Is is simply the "-p" option availability? When using "install" I assume the case of .../spam/... still requires the removal of the tail term . Correct? Is the function at the end of the page just a suggestion for use in the above scripts? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106 From maxsec at gmail.com Fri Aug 28 21:17:08 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Aug 28 21:17:23 2009 Subject: wiki page questions In-Reply-To: References: Message-ID: <72cf361e0908281317j32159334la24df82c42bf1758@mail.gmail.com> Robert if you mv rather than cp you loose the original email and can never release it/backup again....maybe not a good idea. Other folks can comment on the scripts 2009/8/28 Robert Lopez > I have a few questions related to this page: > > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail > > Why is "cp" used instead of "mv"? Is is simply the "-p" option > availability? > > When using "install" I assume the case of .../spam/... still requires > the removal of the tail term . Correct? > > Is the function at the end of the page just a suggestion for use in > the above scripts? > > -- > Robert Lopez > Unix Systems Administrator > Central New Mexico Community College (CNM) > 525 Buena Vista SE > Albuquerque, New Mexico 87106 > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090828/81ce36ab/attachment.html From mike at mlrw.com Fri Aug 28 22:05:52 2009 From: mike at mlrw.com (Mike Wallace) Date: Fri Aug 28 22:06:03 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4A9586ED.8080705@ecs.soton.ac.uk> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> <4A972A2B.8080309@ecs.soton.ac.uk> <"EMEW3|a355e4663d3a01d9ebb7e8cb3a2216 63l7R1q50bMailScanner|ecs.soton.ac.uk|080309"@ecs.soton.ac.uk> Message-ID: <19CF32A4-36FF-4A92-8D68-FAC3CD5D32FC@mlrw.com> Tested 4.78.14 and everything looks fine with includes. Mike On Aug 27, 2009, at 8:51 PM, Jules Field wrote: > > > On 27/08/2009 13:11, Mike Wallace wrote: >> I will try 4.78.13 latter today and let you know how is works. >> >> I figured out a way to get around the first issue and third issues. >> I can either edit all of the %variables% in MailScanner.conf or add >> "include /etc/MailScanner/site.conf" to MailScanner.conf after the >> variables to define them and eliminate them in the conf.d include. > I figured you would do that. >> >> The variable fix did not fix the "Spam Score Header" not being >> inserted. > Interesting. I'll have to take a look at that one again, but > probably not tonight. > >> >> Mike >> >> >> On Aug 27, 2009, at 12:56 PM, Jules Field wrote: >> >>> I have just published the work I did last night, as described below. >>> Please download 4.78.13 from the usual place. >>> >>> All the scripts and files such as /etc/sysconfig/MailScanner will >>> now read MailScanner.conf settings with support for included files. >>> >>> Jules. >>> >>> On 27/08/2009 01:06, Jules Field wrote: >>>> >>>> >>>> On 26/08/2009 21:30, Mike Wallace wrote: >>>>> I hate to spoil your holiday but I tried 4.78.12 and still found >>>>> some issues. >>>>> >>>>> 1) In my configuration I am using all of the default values >>>>> in MailScanner.conf for these headers and %org-name% is not >>>>> being inserted: >>>>> >>>>> Information Header >>>>> ID Header >>>>> Spam Header >>>>> Envelope From Header >>>>> >>>>> Don't know if this is true for all default Headers that don't >>>>> get overridden. >>>> The %variables% are substituted when the conf files are read, ie. >>>> at "compile time". >>>> Otherwise, to substitute them when the value is calculated, I >>>> would have to know exactly where each variable was set and what >>>> value the variables all had at that time. >>>> All I can suggest is an include line after the initial %var% >>>> setting near the top of MailScanner.conf, which sets your values >>>> of the %variables%. Then at the bottom you include your new local >>>> settings, and so everything in the MailScanner.conf file (and all >>>> included files) will inherit your values of them. >>>> >>>> Whenever I evaluate "MailScanner Header =" in MailScanner when it >>>> is running, I cannot easily know exactly what %variables% were >>>> set to what where the "MailScanner Header" was defined by you (as >>>> you probably will have the default value + at least 1 over-ride >>>> for it). I can only substitute all the %% stuff in when >>>> "MailScanner Header =" is read in at the start. >>>> >>>> The other solution is, when you redefine a %% that is used by a >>>> whole bunch of settings, you also redefine each of the settings >>>> that uses it, so they all inherit *your* %% definition, and not >>>> mine. >>>> >>>> Sorry, but I cannot see any way around this. >>>>> >>>>> 2) I did not get "Spam Score Header" inserted even though >>>>> "Spam Score = yes". >>>> Don't know about that one, but it may be related to (1). >>>>> >>>>> 3) In my include I have %report-dir% = /etc/MailScanner/ >>>>> reports/myreports, this is not being overridden I am getting the >>>>> default reports. >>>> See (1). >>>>> >>>>> 4) Putting the MTA in an include file breaks /etc/sysconfig/ >>>>> MailScanner as it's extracting the MTA from /etc/MailScanner/ >>>>> MailScanner.conf. >>>> I have written a new /usr/sbin/Quick.Peek script which is called >>>> from all the places like /etc/sysconfig/MailScanner to search all >>>> the included files correctly for your over-rides. >>>>> >>>>> That's all I've found so far. >>>> All very much appreciated. >>>> >>>> Jules. >>>> >>>> P.S. Now I must go to bed, it's just gone 1 am ... >>>> >>>>> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >>>>> >>>>>> Correction. Teensy bug removed, which you would hopefully not >>>>>> hit anyway, but might if your main MailScanner.conf file is >>>>>> very old. >>>>>> >>>>>> Try 4.78.12. >>>>>> >>>>>> On 26/08/2009 22:19, Jules Field wrote: >>>>>>> Should be all fixed now. Sorry for the lousy testing on my >>>>>>> part before I released 10. >>>>>>> 11 correctly picks up %org-name% and "Run As User" when set in >>>>>>> an included file, no problems. So all the others should work >>>>>>> correctly now too. >>>>>>> >>>>>>> Please give 11 a try. >>>>>>> >>>>>>> As for the website, it has definitely been updated, so I >>>>>>> suspect your browser's caching it. >>>>>>> >>>>>>> Cheers, >>>>>>> Jules. >>>>>>> >>>>>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>>>>> I found a couple of things >>>>>>>> >>>>>>>> 1) I like how MailScanner --lint shows what configuration >>>>>>>> files were read and my configuration was read last. >>>>>>>> 2) Found a couple of parameters that are still not being >>>>>>>> imported from my config: >>>>>>>> >>>>>>>> %org-name% = >>>>>>>> Run As User = >>>>>>>> Run As Group = >>>>>>>> >>>>>>>> The org-name shows up when running --lint "ERROR: The >>>>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf is >>>>>>>> not correct, it should match X-yoursite-MailScanner-From". In >>>>>>>> 78.9 the message was "ERROR: The "envelope_sender_header" in >>>>>>>> your spam.assassin.prefs.conf is not correct, it should match >>>>>>>> X-mlrw_com-MailScanner-From". >>>>>>>> >>>>>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>>>>> running as root and not postfix. >>>>>>>> >>>>>>>> 3) One thing to help with debugging would be if you had a >>>>>>>> command like postconf to display what configuration >>>>>>>> parameters are being used. Or could you guide me on how to >>>>>>>> dump the configuration. >>>>>>>> 4) The link on the MailScanner website still shows 4.78.9 as >>>>>>>> the current beta release. >>>>>>>> >>>>>>>> Thanks for the help. >>>>>>>> >>>>>>>> Mike >>>>>>>> >>>>>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>>>>> >>>>>>>>> Can you do me a big favour and give it a good try and report >>>>>>>>> back if anything doesn't work? >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> Jules. >>>>>>>>> >>>>>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>>>>> Jules, >>>>>>>>>> >>>>>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>>>>> >>>>>>>>>> I didn't expect any updates until next week when you got >>>>>>>>>> back to the UK. >>>>>>>>>> >>>>>>>>>> You are a gentleman and a scholar. >>>>>>>>>> >>>>>>>>>> Mike >>>>>>>>>> >>>>>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>>>>> Jules, >>>>>>>>>>>> >>>>>>>>>>>> I hope you are enjoying or enjoyed (based on when you >>>>>>>>>>>> read this) your well deserved vacation in the States. >>>>>>>>>>> "Enjoying" thanks :-) >>>>>>>>>>>> >>>>>>>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>>>>>>> 4.78.9 and found a couple of limitations that I want to >>>>>>>>>>>> verify. >>>>>>>>>>>> >>>>>>>>>>>> It seems that the following parameters are ignored when >>>>>>>>>>>> in the include file: >>>>>>>>>>>> >>>>>>>>>>>> %org-name% = >>>>>>>>>>>> %org-long-name% = >>>>>>>>>>>> %web-site% = >>>>>>>>>>>> Run As User = >>>>>>>>>>>> Run As Group = >>>>>>>>>>>> MTA = >>>>>>>>>>>> >>>>>>>>>>>> Is this by design or a "feature"? Are their other >>>>>>>>>>>> parameters that can't be in the include file? >>>>>>>>>>> Fixed. >>>>>>>>>>>> >>>>>>>>>>>> The reason I ask is that I am trying to put all of my >>>>>>>>>>>> site specific configuration changes in the include file >>>>>>>>>>>> so that the only thing I have to do to MailScanner.conf >>>>>>>>>>>> is add "include /etc/MailScanner/config/mysite.conf". >>>>>>>>>>>> >>>>>>>>>>>> It would be awesome if you had "include /etc/MailScanner/ >>>>>>>>>>>> config/*.conf" in MailScanner.conf. Then if the >>>>>>>>>>>> directory or and/or any files in that directory did not >>>>>>>>>>>> exist, they would be ignored. That way those who don't >>>>>>>>>>>> want to use it can edit the configuration file like they >>>>>>>>>>>> always have. >>>>>>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" >>>>>>>>>>> as that is more standard these days. >>>>>>>>>>> There should be a little README file in that directory so >>>>>>>>>>> it has something short to parse so the include line at the >>>>>>>>>>> very end of MailScanner.conf won't whine that it couldn't >>>>>>>>>>> find any files matching conf.d/*. >>>>>>>>>>> >>>>>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>>>>> >>>>>>>>>>> Jules >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>>> www.MailScanner.info >>>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>>> >>>>>>>>>>> Need help customising MailScanner? >>>>>>>>>>> Contact me! >>>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>>> Contact me! >>>>>>>>>>> Need help getting you started solving new requirements >>>>>>>>>>> from your boss? >>>>>>>>>>> Contact me! >>>>>>>>>>> >>>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>>>>>>>>>> 1415 B654 >>>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>> believed to be clean. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> MailScanner mailing list >>>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>>> >>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>> website! >>>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>> www.MailScanner.info >>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>> >>>>>>>>> Need help customising MailScanner? >>>>>>>>> Contact me! >>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>> Contact me! >>>>>>>>> Need help getting you started solving new requirements from >>>>>>>>> your boss? >>>>>>>>> Contact me! >>>>>>>>> >>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >>>>>>>>> B654 >>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> This message has been scanned for viruses and >>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>> believed to be clean. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> MailScanner mailing list >>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>> >>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>> >>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>> website! >>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> Jules >>>>>>> >>>>>> >>>>>> Jules >>>>>> >>>>>> -- >>>>>> Julian Field MEng CITP CEng >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> >>>>>> Need help customising MailScanner? >>>>>> Contact me! >>>>>> Need help fixing or optimising your systems? >>>>>> Contact me! >>>>>> Need help getting you started solving new requirements from >>>>>> your boss? >>>>>> Contact me! >>>>>> >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>> >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> -- >>>>>> MailScanner mailing list >>>>>> mailscanner@lists.mailscanner.info >>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>> >>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>>> This message has been scanned for viruses and dangerous content >>>>>> by MailScanner, and is believed to be clean. >>>>>> >>>>> >>>> >>>> Jules >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From ssilva at sgvwater.com Sat Aug 29 00:35:16 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Sat Aug 29 00:35:56 2009 Subject: TNEF corruption and crashes and massive problems after upgrading to 4.78.9 In-Reply-To: References: <002401ca27bb$bb4a0b40$31de21c0$@dk> <4A97D686.4020409@ecs.soton.ac.uk> Message-ID: >> >> Are these variable values the recommended values? What are everyone >> else using? >> > I would try "TNEF Expander = external". > Is that the current variable? Or should it be "TNEF Expander = /path/to/tnef" as it is in the docs? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090828/85d24889/signature.bin From MailScanner at ecs.soton.ac.uk Sat Aug 29 02:47:57 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Aug 29 02:48:43 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: <19CF32A4-36FF-4A92-8D68-FAC3CD5D32FC@mlrw.com> References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> <4A972A2B.8080309@ecs.soton.ac.uk> <"EMEW3|a355e4663d3a01d9ebb7e8cb3a2216 63l7R1q50bMailScanner|ecs.soton.ac.uk|080309"@ecs.soton.ac.uk> <19CF32A4-36FF-4A92-8D68-FAC3CD5D32FC@mlrw.com> <4A9888CD.6070904@ecs.soton.ac.uk> Message-ID: Is the problem with the "Spam Score Header" not being inserted still a problem, or is that fixed now too? Just want to know if I incidentally fixed it, or whether I need to go on another hunt for that one. Cheers, Jules. On 28/08/2009 17:05, Mike Wallace wrote: > Tested 4.78.14 and everything looks fine with includes. > > Mike > > On Aug 27, 2009, at 8:51 PM, Jules Field wrote: > >> >> >> On 27/08/2009 13:11, Mike Wallace wrote: >>> I will try 4.78.13 latter today and let you know how is works. >>> >>> I figured out a way to get around the first issue and third issues. >>> I can either edit all of the %variables% in MailScanner.conf or add >>> "include /etc/MailScanner/site.conf" to MailScanner.conf after the >>> variables to define them and eliminate them in the conf.d include. >> I figured you would do that. >>> >>> The variable fix did not fix the "Spam Score Header" not being >>> inserted. >> Interesting. I'll have to take a look at that one again, but probably >> not tonight. >> >>> >>> Mike >>> >>> >>> On Aug 27, 2009, at 12:56 PM, Jules Field wrote: >>> >>>> I have just published the work I did last night, as described below. >>>> Please download 4.78.13 from the usual place. >>>> >>>> All the scripts and files such as /etc/sysconfig/MailScanner will >>>> now read MailScanner.conf settings with support for included files. >>>> >>>> Jules. >>>> >>>> On 27/08/2009 01:06, Jules Field wrote: >>>>> >>>>> >>>>> On 26/08/2009 21:30, Mike Wallace wrote: >>>>>> I hate to spoil your holiday but I tried 4.78.12 and still found >>>>>> some issues. >>>>>> >>>>>> 1) In my configuration I am using all of the default values in >>>>>> MailScanner.conf for these headers and %org-name% is not being >>>>>> inserted: >>>>>> >>>>>> Information Header >>>>>> ID Header >>>>>> Spam Header >>>>>> Envelope From Header >>>>>> >>>>>> Don't know if this is true for all default Headers that don't get >>>>>> overridden. >>>>> The %variables% are substituted when the conf files are read, ie. >>>>> at "compile time". >>>>> Otherwise, to substitute them when the value is calculated, I >>>>> would have to know exactly where each variable was set and what >>>>> value the variables all had at that time. >>>>> All I can suggest is an include line after the initial %var% >>>>> setting near the top of MailScanner.conf, which sets your values >>>>> of the %variables%. Then at the bottom you include your new local >>>>> settings, and so everything in the MailScanner.conf file (and all >>>>> included files) will inherit your values of them. >>>>> >>>>> Whenever I evaluate "MailScanner Header =" in MailScanner when it >>>>> is running, I cannot easily know exactly what %variables% were set >>>>> to what where the "MailScanner Header" was defined by you (as you >>>>> probably will have the default value + at least 1 over-ride for >>>>> it). I can only substitute all the %% stuff in when "MailScanner >>>>> Header =" is read in at the start. >>>>> >>>>> The other solution is, when you redefine a %% that is used by a >>>>> whole bunch of settings, you also redefine each of the settings >>>>> that uses it, so they all inherit *your* %% definition, and not mine. >>>>> >>>>> Sorry, but I cannot see any way around this. >>>>>> >>>>>> 2) I did not get "Spam Score Header" inserted even though >>>>>> "Spam Score = yes". >>>>> Don't know about that one, but it may be related to (1). >>>>>> >>>>>> 3) In my include I have %report-dir% = >>>>>> /etc/MailScanner/reports/myreports, this is not being overridden >>>>>> I am getting the default reports. >>>>> See (1). >>>>>> >>>>>> 4) Putting the MTA in an include file breaks >>>>>> /etc/sysconfig/MailScanner as it's extracting the MTA from >>>>>> /etc/MailScanner/MailScanner.conf. >>>>> I have written a new /usr/sbin/Quick.Peek script which is called >>>>> from all the places like /etc/sysconfig/MailScanner to search all >>>>> the included files correctly for your over-rides. >>>>>> >>>>>> That's all I've found so far. >>>>> All very much appreciated. >>>>> >>>>> Jules. >>>>> >>>>> P.S. Now I must go to bed, it's just gone 1 am ... >>>>> >>>>>> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >>>>>> >>>>>>> Correction. Teensy bug removed, which you would hopefully not >>>>>>> hit anyway, but might if your main MailScanner.conf file is very >>>>>>> old. >>>>>>> >>>>>>> Try 4.78.12. >>>>>>> >>>>>>> On 26/08/2009 22:19, Jules Field wrote: >>>>>>>> Should be all fixed now. Sorry for the lousy testing on my part >>>>>>>> before I released 10. >>>>>>>> 11 correctly picks up %org-name% and "Run As User" when set in >>>>>>>> an included file, no problems. So all the others should work >>>>>>>> correctly now too. >>>>>>>> >>>>>>>> Please give 11 a try. >>>>>>>> >>>>>>>> As for the website, it has definitely been updated, so I >>>>>>>> suspect your browser's caching it. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Jules. >>>>>>>> >>>>>>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>>>>>> I found a couple of things >>>>>>>>> >>>>>>>>> 1) I like how MailScanner --lint shows what configuration >>>>>>>>> files were read and my configuration was read last. >>>>>>>>> 2) Found a couple of parameters that are still not being >>>>>>>>> imported from my config: >>>>>>>>> >>>>>>>>> %org-name% = >>>>>>>>> Run As User = >>>>>>>>> Run As Group = >>>>>>>>> >>>>>>>>> The org-name shows up when running --lint "ERROR: The >>>>>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf is >>>>>>>>> not correct, it should match X-yoursite-MailScanner-From". In >>>>>>>>> 78.9 the message was "ERROR: The "envelope_sender_header" in >>>>>>>>> your spam.assassin.prefs.conf is not correct, it should match >>>>>>>>> X-mlrw_com-MailScanner-From". >>>>>>>>> >>>>>>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>>>>>> running as root and not postfix. >>>>>>>>> >>>>>>>>> 3) One thing to help with debugging would be if you had a >>>>>>>>> command like postconf to display what configuration parameters >>>>>>>>> are being used. Or could you guide me on how to dump the >>>>>>>>> configuration. >>>>>>>>> 4) The link on the MailScanner website still shows 4.78.9 as >>>>>>>>> the current beta release. >>>>>>>>> >>>>>>>>> Thanks for the help. >>>>>>>>> >>>>>>>>> Mike >>>>>>>>> >>>>>>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>>>>>> >>>>>>>>>> Can you do me a big favour and give it a good try and report >>>>>>>>>> back if anything doesn't work? >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> Jules. >>>>>>>>>> >>>>>>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>>>>>> Jules, >>>>>>>>>>> >>>>>>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>>>>>> >>>>>>>>>>> I didn't expect any updates until next week when you got >>>>>>>>>>> back to the UK. >>>>>>>>>>> >>>>>>>>>>> You are a gentleman and a scholar. >>>>>>>>>>> >>>>>>>>>>> Mike >>>>>>>>>>> >>>>>>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>>>>>> Jules, >>>>>>>>>>>>> >>>>>>>>>>>>> I hope you are enjoying or enjoyed (based on when you read >>>>>>>>>>>>> this) your well deserved vacation in the States. >>>>>>>>>>>> "Enjoying" thanks :-) >>>>>>>>>>>>> >>>>>>>>>>>>> I have been playing with "include path-to-conf-files" in >>>>>>>>>>>>> 4.78.9 and found a couple of limitations that I want to >>>>>>>>>>>>> verify. >>>>>>>>>>>>> >>>>>>>>>>>>> It seems that the following parameters are ignored when in >>>>>>>>>>>>> the include file: >>>>>>>>>>>>> >>>>>>>>>>>>> %org-name% = >>>>>>>>>>>>> %org-long-name% = >>>>>>>>>>>>> %web-site% = >>>>>>>>>>>>> Run As User = >>>>>>>>>>>>> Run As Group = >>>>>>>>>>>>> MTA = >>>>>>>>>>>>> >>>>>>>>>>>>> Is this by design or a "feature"? Are their other >>>>>>>>>>>>> parameters that can't be in the include file? >>>>>>>>>>>> Fixed. >>>>>>>>>>>>> >>>>>>>>>>>>> The reason I ask is that I am trying to put all of my site >>>>>>>>>>>>> specific configuration changes in the include file so that >>>>>>>>>>>>> the only thing I have to do to MailScanner.conf is add >>>>>>>>>>>>> "include /etc/MailScanner/config/mysite.conf". >>>>>>>>>>>>> >>>>>>>>>>>>> It would be awesome if you had "include >>>>>>>>>>>>> /etc/MailScanner/config/*.conf" in MailScanner.conf. Then >>>>>>>>>>>>> if the directory or and/or any files in that directory did >>>>>>>>>>>>> not exist, they would be ignored. That way those who don't >>>>>>>>>>>>> want to use it can edit the configuration file like they >>>>>>>>>>>>> always have. >>>>>>>>>>>> Done. I've called it "/conf.d/" instead of your "/config/" >>>>>>>>>>>> as that is more standard these days. >>>>>>>>>>>> There should be a little README file in that directory so >>>>>>>>>>>> it has something short to parse so the include line at the >>>>>>>>>>>> very end of MailScanner.conf won't whine that it couldn't >>>>>>>>>>>> find any files matching conf.d/*. >>>>>>>>>>>> >>>>>>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>>>>>> >>>>>>>>>>>> Jules >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>>>> www.MailScanner.info >>>>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>>>> >>>>>>>>>>>> Need help customising MailScanner? >>>>>>>>>>>> Contact me! >>>>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>>>> Contact me! >>>>>>>>>>>> Need help getting you started solving new requirements from >>>>>>>>>>>> your boss? >>>>>>>>>>>> Contact me! >>>>>>>>>>>> >>>>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >>>>>>>>>>>> B654 >>>>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>> believed to be clean. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> MailScanner mailing list >>>>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>>>> >>>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>>>> >>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>> website! >>>>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Jules >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>> www.MailScanner.info >>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>> >>>>>>>>>> Need help customising MailScanner? >>>>>>>>>> Contact me! >>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>> Contact me! >>>>>>>>>> Need help getting you started solving new requirements from >>>>>>>>>> your boss? >>>>>>>>>> Contact me! >>>>>>>>>> >>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>> believed to be clean. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> MailScanner mailing list >>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>> >>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>> >>>>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> -- >>>>>>> Julian Field MEng CITP CEng >>>>>>> www.MailScanner.info >>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>> >>>>>>> Need help customising MailScanner? >>>>>>> Contact me! >>>>>>> Need help fixing or optimising your systems? >>>>>>> Contact me! >>>>>>> Need help getting you started solving new requirements from your >>>>>>> boss? >>>>>>> Contact me! >>>>>>> >>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> This message has been scanned for viruses and >>>>>>> dangerous content by MailScanner, and is >>>>>>> believed to be clean. >>>>>>> >>>>>>> -- >>>>>>> MailScanner mailing list >>>>>>> mailscanner@lists.mailscanner.info >>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>> >>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>> >>>>>>> Support MailScanner development - buy the book off the website! >>>>>>> This message has been scanned for viruses and dangerous content >>>>>>> by MailScanner, and is believed to be clean. >>>>>>> >>>>>> >>>>> >>>>> Jules >>>>> >>>> >>>> Jules >>>> >>>> -- >>>> Julian Field MEng CITP CEng >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> >>>> Need help customising MailScanner? >>>> Contact me! >>>> Need help fixing or optimising your systems? >>>> Contact me! >>>> Need help getting you started solving new requirements from your boss? >>>> Contact me! >>>> >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> -- >>>> MailScanner mailing list >>>> mailscanner@lists.mailscanner.info >>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>> >>>> Before posting, read http://wiki.mailscanner.info/posting >>>> >>>> Support MailScanner development - buy the book off the website! >>>> This message has been scanned for viruses and dangerous content by >>>> MailScanner, and is believed to be clean. >>>> >>> >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> Need help customising MailScanner? >> Contact me! >> Need help fixing or optimising your systems? >> Contact me! >> Need help getting you started solving new requirements from your boss? >> Contact me! >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Aug 29 02:48:58 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sat Aug 29 02:49:17 2009 Subject: TNEF corruption and crashes and massive problems after upgrading to 4.78.9 In-Reply-To: References: <002401ca27bb$bb4a0b40$31de21c0$@dk> <4A97D686.4020409@ecs.soton.ac.uk> <4A98890A.7010603@ecs.soton.ac.uk> Message-ID: On 28/08/2009 19:35, Scott Silva wrote: > > >>> Are these variable values the recommended values? What are everyone >>> else using? >>> >>> >> I would try "TNEF Expander = external". >> >> > Is that the current variable? Or should it be "TNEF Expander = /path/to/tnef" > as it is in the docs? > Sorry, my mistake, it should be as you suggested and not "external". Silly me :( The docs are correct, ignore my ramblings..... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mike at mlrw.com Sat Aug 29 03:04:20 2009 From: mike at mlrw.com (Mike Wallace) Date: Sat Aug 29 03:04:39 2009 Subject: "include path-to-conf-files" in 4.78.9 In-Reply-To: References: <8694A801-185A-4B6F-8F30-2D92E3BCE596@mlrw.com> <4CE65FC2-9AC3-493D-A09E-28E38E831A14@mlrw.com> <4A95A6D3.8090109@ecs.soton.ac.uk> <4A95AFC2.4010906@ecs.soton.ac.uk> <1E65D80A-CD14-414E-89C5-D0FCDFE8B005@mlrw.com> <4A961471.10803@ecs.soton.ac.uk> <4A96BAB6.8080309@ecs.soton.ac.uk> <860ED0A9-361E-4FAA-98D9-13263973D89E@mlrw.com> <4A972A2B.8080309@ecs.soton.ac.uk> <"EMEW3|a355e4663d3a01d9ebb7e8cb3a2216 63l7R1q50bMailScanner|ecs.soton.ac.uk|080309"@ecs.soton.ac.uk> <19CF32A4-36FF-4A92-8D68-FAC3CD5D32FC@mlrw.com> <4A9888CD.6070904@ecs.soton.ac.uk> <"EMEW3|808017a100b6171ed1a61cd66c2 b203bl7S2mP0bMailScanner|ecs.soton.ac.uk|070904"@ecs.soton.ac.uk> Message-ID: It's wasn't a issue it was a user error. On Aug 28, 2009, at 9:47 PM, Jules Field wrote: > Is the problem with the "Spam Score Header" not being inserted still > a problem, or is that fixed now too? > Just want to know if I incidentally fixed it, or whether I need to > go on another hunt for that one. > > Cheers, > Jules. > > On 28/08/2009 17:05, Mike Wallace wrote: >> Tested 4.78.14 and everything looks fine with includes. >> >> Mike >> >> On Aug 27, 2009, at 8:51 PM, Jules Field wrote: >> >>> >>> >>> On 27/08/2009 13:11, Mike Wallace wrote: >>>> I will try 4.78.13 latter today and let you know how is works. >>>> >>>> I figured out a way to get around the first issue and third >>>> issues. I can either edit all of the %variables% in >>>> MailScanner.conf or add "include /etc/MailScanner/site.conf" to >>>> MailScanner.conf after the variables to define them and eliminate >>>> them in the conf.d include. >>> I figured you would do that. >>>> >>>> The variable fix did not fix the "Spam Score Header" not being >>>> inserted. >>> Interesting. I'll have to take a look at that one again, but >>> probably not tonight. >>> >>>> >>>> Mike >>>> >>>> >>>> On Aug 27, 2009, at 12:56 PM, Jules Field wrote: >>>> >>>>> I have just published the work I did last night, as described >>>>> below. >>>>> Please download 4.78.13 from the usual place. >>>>> >>>>> All the scripts and files such as /etc/sysconfig/MailScanner >>>>> will now read MailScanner.conf settings with support for >>>>> included files. >>>>> >>>>> Jules. >>>>> >>>>> On 27/08/2009 01:06, Jules Field wrote: >>>>>> >>>>>> >>>>>> On 26/08/2009 21:30, Mike Wallace wrote: >>>>>>> I hate to spoil your holiday but I tried 4.78.12 and still >>>>>>> found some issues. >>>>>>> >>>>>>> 1) In my configuration I am using all of the default values >>>>>>> in MailScanner.conf for these headers and %org-name% is not >>>>>>> being inserted: >>>>>>> >>>>>>> Information Header >>>>>>> ID Header >>>>>>> Spam Header >>>>>>> Envelope From Header >>>>>>> >>>>>>> Don't know if this is true for all default Headers that don't >>>>>>> get overridden. >>>>>> The %variables% are substituted when the conf files are read, >>>>>> ie. at "compile time". >>>>>> Otherwise, to substitute them when the value is calculated, I >>>>>> would have to know exactly where each variable was set and what >>>>>> value the variables all had at that time. >>>>>> All I can suggest is an include line after the initial %var% >>>>>> setting near the top of MailScanner.conf, which sets your >>>>>> values of the %variables%. Then at the bottom you include your >>>>>> new local settings, and so everything in the MailScanner.conf >>>>>> file (and all included files) will inherit your values of them. >>>>>> >>>>>> Whenever I evaluate "MailScanner Header =" in MailScanner when >>>>>> it is running, I cannot easily know exactly what %variables% >>>>>> were set to what where the "MailScanner Header" was defined by >>>>>> you (as you probably will have the default value + at least 1 >>>>>> over-ride for it). I can only substitute all the %% stuff in >>>>>> when "MailScanner Header =" is read in at the start. >>>>>> >>>>>> The other solution is, when you redefine a %% that is used by a >>>>>> whole bunch of settings, you also redefine each of the settings >>>>>> that uses it, so they all inherit *your* %% definition, and not >>>>>> mine. >>>>>> >>>>>> Sorry, but I cannot see any way around this. >>>>>>> >>>>>>> 2) I did not get "Spam Score Header" inserted even though >>>>>>> "Spam Score = yes". >>>>>> Don't know about that one, but it may be related to (1). >>>>>>> >>>>>>> 3) In my include I have %report-dir% = /etc/MailScanner/ >>>>>>> reports/myreports, this is not being overridden I am getting >>>>>>> the default reports. >>>>>> See (1). >>>>>>> >>>>>>> 4) Putting the MTA in an include file breaks /etc/sysconfig/ >>>>>>> MailScanner as it's extracting the MTA from /etc/MailScanner/ >>>>>>> MailScanner.conf. >>>>>> I have written a new /usr/sbin/Quick.Peek script which is >>>>>> called from all the places like /etc/sysconfig/MailScanner to >>>>>> search all the included files correctly for your over-rides. >>>>>>> >>>>>>> That's all I've found so far. >>>>>> All very much appreciated. >>>>>> >>>>>> Jules. >>>>>> >>>>>> P.S. Now I must go to bed, it's just gone 1 am ... >>>>>> >>>>>>> On Aug 26, 2009, at 5:57 PM, Jules Field wrote: >>>>>>> >>>>>>>> Correction. Teensy bug removed, which you would hopefully not >>>>>>>> hit anyway, but might if your main MailScanner.conf file is >>>>>>>> very old. >>>>>>>> >>>>>>>> Try 4.78.12. >>>>>>>> >>>>>>>> On 26/08/2009 22:19, Jules Field wrote: >>>>>>>>> Should be all fixed now. Sorry for the lousy testing on my >>>>>>>>> part before I released 10. >>>>>>>>> 11 correctly picks up %org-name% and "Run As User" when set >>>>>>>>> in an included file, no problems. So all the others should >>>>>>>>> work correctly now too. >>>>>>>>> >>>>>>>>> Please give 11 a try. >>>>>>>>> >>>>>>>>> As for the website, it has definitely been updated, so I >>>>>>>>> suspect your browser's caching it. >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> Jules. >>>>>>>>> >>>>>>>>> On 26/08/2009 21:49, Mike Wallace wrote: >>>>>>>>>> I found a couple of things >>>>>>>>>> >>>>>>>>>> 1) I like how MailScanner --lint shows what configuration >>>>>>>>>> files were read and my configuration was read last. >>>>>>>>>> 2) Found a couple of parameters that are still not being >>>>>>>>>> imported from my config: >>>>>>>>>> >>>>>>>>>> %org-name% = >>>>>>>>>> Run As User = >>>>>>>>>> Run As Group = >>>>>>>>>> >>>>>>>>>> The org-name shows up when running --lint "ERROR: The >>>>>>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf >>>>>>>>>> is not correct, it should match X-yoursite-MailScanner- >>>>>>>>>> From". In 78.9 the message was "ERROR: The >>>>>>>>>> "envelope_sender_header" in your spam.assassin.prefs.conf >>>>>>>>>> is not correct, it should match X-mlrw_com-MailScanner-From". >>>>>>>>>> >>>>>>>>>> As for the Run As, when I do a ps I see that MailScanner is >>>>>>>>>> running as root and not postfix. >>>>>>>>>> >>>>>>>>>> 3) One thing to help with debugging would be if you had a >>>>>>>>>> command like postconf to display what configuration >>>>>>>>>> parameters are being used. Or could you guide me on how to >>>>>>>>>> dump the configuration. >>>>>>>>>> 4) The link on the MailScanner website still shows 4.78.9 >>>>>>>>>> as the current beta release. >>>>>>>>>> >>>>>>>>>> Thanks for the help. >>>>>>>>>> >>>>>>>>>> Mike >>>>>>>>>> >>>>>>>>>> On Aug 26, 2009, at 3:03 PM, Jules Field wrote: >>>>>>>>>> >>>>>>>>>>> Can you do me a big favour and give it a good try and >>>>>>>>>>> report back if anything doesn't work? >>>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> Jules. >>>>>>>>>>> >>>>>>>>>>> On 26/08/2009 16:22, Mike Wallace wrote: >>>>>>>>>>>> Jules, >>>>>>>>>>>> >>>>>>>>>>>> Thanks, I'm glad you liked my suggestion. >>>>>>>>>>>> >>>>>>>>>>>> I didn't expect any updates until next week when you got >>>>>>>>>>>> back to the UK. >>>>>>>>>>>> >>>>>>>>>>>> You are a gentleman and a scholar. >>>>>>>>>>>> >>>>>>>>>>>> Mike >>>>>>>>>>>> >>>>>>>>>>>> On Aug 26, 2009, at 11:08 AM, Jules Field wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On 25/08/2009 18:36, Mike Wallace wrote: >>>>>>>>>>>>>> Jules, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I hope you are enjoying or enjoyed (based on when you >>>>>>>>>>>>>> read this) your well deserved vacation in the States. >>>>>>>>>>>>> "Enjoying" thanks :-) >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have been playing with "include path-to-conf-files" >>>>>>>>>>>>>> in 4.78.9 and found a couple of limitations that I want >>>>>>>>>>>>>> to verify. >>>>>>>>>>>>>> >>>>>>>>>>>>>> It seems that the following parameters are ignored when >>>>>>>>>>>>>> in the include file: >>>>>>>>>>>>>> >>>>>>>>>>>>>> %org-name% = >>>>>>>>>>>>>> %org-long-name% = >>>>>>>>>>>>>> %web-site% = >>>>>>>>>>>>>> Run As User = >>>>>>>>>>>>>> Run As Group = >>>>>>>>>>>>>> MTA = >>>>>>>>>>>>>> >>>>>>>>>>>>>> Is this by design or a "feature"? Are their other >>>>>>>>>>>>>> parameters that can't be in the include file? >>>>>>>>>>>>> Fixed. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The reason I ask is that I am trying to put all of my >>>>>>>>>>>>>> site specific configuration changes in the include file >>>>>>>>>>>>>> so that the only thing I have to do to MailScanner.conf >>>>>>>>>>>>>> is add "include /etc/MailScanner/config/mysite.conf". >>>>>>>>>>>>>> >>>>>>>>>>>>>> It would be awesome if you had "include /etc/ >>>>>>>>>>>>>> MailScanner/config/*.conf" in MailScanner.conf. Then >>>>>>>>>>>>>> if the directory or and/or any files in that directory >>>>>>>>>>>>>> did not exist, they would be ignored. That way those >>>>>>>>>>>>>> who don't want to use it can edit the configuration >>>>>>>>>>>>>> file like they always have. >>>>>>>>>>>>> Done. I've called it "/conf.d/" instead of your "/ >>>>>>>>>>>>> config/" as that is more standard these days. >>>>>>>>>>>>> There should be a little README file in that directory >>>>>>>>>>>>> so it has something short to parse so the include line >>>>>>>>>>>>> at the very end of MailScanner.conf won't whine that it >>>>>>>>>>>>> couldn't find any files matching conf.d/*. >>>>>>>>>>>>> >>>>>>>>>>>>> I have just released 4.78.10 for your pleasure :-) >>>>>>>>>>>>> >>>>>>>>>>>>> Jules >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>>>>> www.MailScanner.info >>>>>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>>>>> >>>>>>>>>>>>> Need help customising MailScanner? >>>>>>>>>>>>> Contact me! >>>>>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>>>>> Contact me! >>>>>>>>>>>>> Need help getting you started solving new requirements >>>>>>>>>>>>> from your boss? >>>>>>>>>>>>> Contact me! >>>>>>>>>>>>> >>>>>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>>>>>>>>>>>> 1415 B654 >>>>>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>>>> believed to be clean. >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> MailScanner mailing list >>>>>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>>>>> >>>>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>>>>> >>>>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>>>> website! >>>>>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Jules >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Julian Field MEng CITP CEng >>>>>>>>>>> www.MailScanner.info >>>>>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>>>>> >>>>>>>>>>> Need help customising MailScanner? >>>>>>>>>>> Contact me! >>>>>>>>>>> Need help fixing or optimising your systems? >>>>>>>>>>> Contact me! >>>>>>>>>>> Need help getting you started solving new requirements >>>>>>>>>>> from your boss? >>>>>>>>>>> Contact me! >>>>>>>>>>> >>>>>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 >>>>>>>>>>> 1415 B654 >>>>>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> This message has been scanned for viruses and >>>>>>>>>>> dangerous content by MailScanner, and is >>>>>>>>>>> believed to be clean. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> MailScanner mailing list >>>>>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>>>>> >>>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>>>>> >>>>>>>>>>> Support MailScanner development - buy the book off the >>>>>>>>>>> website! >>>>>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>> >>>>>>>> Jules >>>>>>>> >>>>>>>> -- >>>>>>>> Julian Field MEng CITP CEng >>>>>>>> www.MailScanner.info >>>>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>>>> >>>>>>>> Need help customising MailScanner? >>>>>>>> Contact me! >>>>>>>> Need help fixing or optimising your systems? >>>>>>>> Contact me! >>>>>>>> Need help getting you started solving new requirements from >>>>>>>> your boss? >>>>>>>> Contact me! >>>>>>>> >>>>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 >>>>>>>> B654 >>>>>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> This message has been scanned for viruses and >>>>>>>> dangerous content by MailScanner, and is >>>>>>>> believed to be clean. >>>>>>>> >>>>>>>> -- >>>>>>>> MailScanner mailing list >>>>>>>> mailscanner@lists.mailscanner.info >>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>>>>> >>>>>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>>>>> >>>>>>>> Support MailScanner development - buy the book off the website! >>>>>>>> This message has been scanned for viruses and dangerous >>>>>>>> content by MailScanner, and is believed to be clean. >>>>>>>> >>>>>>> >>>>>> >>>>>> Jules >>>>>> >>>>> >>>>> Jules >>>>> >>>>> -- >>>>> Julian Field MEng CITP CEng >>>>> www.MailScanner.info >>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>> >>>>> Need help customising MailScanner? >>>>> Contact me! >>>>> Need help fixing or optimising your systems? >>>>> Contact me! >>>>> Need help getting you started solving new requirements from your >>>>> boss? >>>>> Contact me! >>>>> >>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>>>> >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> -- >>>>> MailScanner mailing list >>>>> mailscanner@lists.mailscanner.info >>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>>>> >>>>> Before posting, read http://wiki.mailscanner.info/posting >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>>> This message has been scanned for viruses and dangerous content >>>>> by MailScanner, and is believed to be clean. >>>>> >>>> >>> >>> Jules >>> >>> -- >>> Julian Field MEng CITP CEng >>> www.MailScanner.info >>> Buy the MailScanner book at www.MailScanner.info/store >>> >>> Need help customising MailScanner? >>> Contact me! >>> Need help fixing or optimising your systems? >>> Contact me! >>> Need help getting you started solving new requirements from your >>> boss? >>> Contact me! >>> >>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>> Follow me at twitter.com/JulesFM and twitter.com/MailScanner >>> >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> This message has been scanned for viruses and dangerous content by >>> MailScanner, and is believed to be clean. >>> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > Need help customising MailScanner? > Contact me! > Need help fixing or optimising your systems? > Contact me! > Need help getting you started solving new requirements from your boss? > Contact me! > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > Follow me at twitter.com/JulesFM and twitter.com/MailScanner > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > From maurizio.salvadeo at ecostampa.it Sat Aug 29 18:34:43 2009 From: maurizio.salvadeo at ecostampa.it (Maurizio Salvadeo) Date: Sat Aug 29 18:35:10 2009 Subject: messages are not scanned Message-ID: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> this is result of MailScanner --lint. i'd like to work with clamav, not with clamavmodule. at this momento i don't have errors runnig MailScanner but the emails are not scanned at all. can you help me? thanks Trying to setlogsock(unix) Reading configuration file /etc/MailScanner/MailScanner.conf Reading configuration file /etc/MailScanner/conf.d/README Read 856 hostnames from the phishing whitelist Read 5975 hostnames from the phishing blacklists Checking version numbers... Version number in MailScanner.conf (4.78.14) is correct. Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. Your envelope_sender_header in spam.assassin.prefs.conf is correct. Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 0 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting =========================================================================== If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -- Maurizio Salvadeo IT Manager L'Eco della Stampa S.p.A. Via Compagnoni 28 210129 Milano (MI) - Italy Tel: +39 02 748113471 - +39 3485161936 Skype: maurizio.salvadeo From maxsec at gmail.com Sat Aug 29 20:53:23 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sat Aug 29 20:53:32 2009 Subject: messages are not scanned In-Reply-To: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> Message-ID: <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> Hi is this a new install or an update? Has it ever worked at all? if it's a new install what O/S and how did you install it? 2009/8/29 Maurizio Salvadeo > this is result of MailScanner --lint. > i'd like to work with clamav, not with clamavmodule. > at this momento i don't have errors runnig MailScanner but the emails are > not scanned at all. > can you help me? > thanks > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 856 hostnames from the phishing whitelist > Read 5975 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.78.14) is correct. > > Unrar is not installed, it should be in /usr/bin/unrar. > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > =========================================================================== > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its virus.scanners.conf. > > > -- > Maurizio Salvadeo > IT Manager > L'Eco della Stampa S.p.A. > Via Compagnoni 28 > 210129 Milano (MI) - Italy > Tel: +39 02 748113471 - +39 3485161936 > Skype: maurizio.salvadeo > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- Martin Hepworth Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090829/6f43b157/attachment.html From maurizio.salvadeo at ecostampa.it Sun Aug 30 01:37:31 2009 From: maurizio.salvadeo at ecostampa.it (Maurizio Salvadeo) Date: Sun Aug 30 01:38:17 2009 Subject: messages are not scanned In-Reply-To: <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> Message-ID: <4A99C9CB.7080105@ecostampa.it> hi, thanks fro your help. this is a new install on fedora 10. clamav was installed from the tar.gz in /usr/local/ and mailscanner was installed excuting ./install.sh. i also have installed Mail;;ClamAV perl module. it never worked at all. two months later i installed another server with an older version of mailscanner and it runs properly. Martin Hepworth ha scritto: > Hi > > is this a new install or an update? Has it ever worked at all? > > if it's a new install what O/S and how did you install it? > > 2009/8/29 Maurizio Salvadeo > > > this is result of MailScanner --lint. > i'd like to work with clamav, not with clamavmodule. > at this momento i don't have errors runnig MailScanner but the > emails are not scanned at all. > can you help me? > thanks > > Trying to setlogsock(unix) > > Reading configuration file /etc/MailScanner/MailScanner.conf > Reading configuration file /etc/MailScanner/conf.d/README > Read 856 hostnames from the phishing whitelist > Read 5975 hostnames from the phishing blacklists > > Checking version numbers... > Version number in MailScanner.conf (4.78.14) is correct. > > Unrar is not installed, it should be in /usr/bin/unrar. > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > SpamAssassin reported no errors. > Connected to Processing Attempts Database > Created Processing Attempts Database successfully > There are 0 messages in the Processing Attempts Database > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamav" > Found these virus scanners installed: clamavmodule > =========================================================================== > Filename Checks: Windows/DOS Executable (1 eicar.com ) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > =========================================================================== > > If any of your virus scanners (clamavmodule) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > > > -- > Maurizio Salvadeo > IT Manager > L'Eco della Stampa S.p.A. > Via Compagnoni 28 > 210129 Milano (MI) - Italy > Tel: +39 02 748113471 - +39 3485161936 > Skype: maurizio.salvadeo > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > > -- > Martin Hepworth > Oxford, UK > -- Maurizio Salvadeo ICT Manager L'Eco della Stampa S.p.A. Via Compagnoni 28 20129 - Milano +39 02 748113 +39 348 5161936 skype: maurizio.salvadeo From mark at msapiro.net Sun Aug 30 15:13:22 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sun Aug 30 15:13:34 2009 Subject: messages are not scanned In-Reply-To: <4A99C9CB.7080105@ecostampa.it> References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> <4A99C9CB.7080105@ecostampa.it> Message-ID: <20090830141322.GA3904@msapiro> On Sun, Aug 30, 2009 at 02:37:31AM +0200, Maurizio Salvadeo wrote: > hi, thanks fro your help. > this is a new install on fedora 10. clamav was installed from the tar.gz > in /usr/local/ and mailscanner was installed excuting ./install.sh. i > also have installed Mail;;ClamAV perl module. > it never worked at all. > two months later i installed another server with an older version of > mailscanner and it runs properly. According to MailScanner --lint, it is running clamav via the perl module and properly detecting the eicar test. Note however that these days, clamd is preferred to the clamav module. The only problem detected is the absence of the unrar executable. What is difference between this install's MailScanner.conf and that of the working install? Are the MTAs the same. If the MTA is, e.g., Postfix, have you made the necessary MTA config changes? Are there MailScanner entries in the system mail log? Do they offer clues? -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Sun Aug 30 20:26:57 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Sun Aug 30 20:27:17 2009 Subject: messages are not scanned In-Reply-To: <20090830141322.GA3904@msapiro> References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> <4A99C9CB.7080105@ecostampa.it> <20090830141322.GA3904@msapiro> <4A9AD281.70505@ecs.soton.ac.uk> Message-ID: On 30/08/2009 15:13, Mark Sapiro wrote: > On Sun, Aug 30, 2009 at 02:37:31AM +0200, Maurizio Salvadeo wrote: > >> hi, thanks fro your help. >> this is a new install on fedora 10. clamav was installed from the tar.gz >> in /usr/local/ and mailscanner was installed excuting ./install.sh. i >> also have installed Mail;;ClamAV perl module. >> it never worked at all. >> two months later i installed another server with an older version of >> mailscanner and it runs properly. >> > > According to MailScanner --lint, it is running clamav via the perl module > and properly detecting the eicar test. Note however that these days, clamd > is preferred to the clamav module. > > The only problem detected is the absence of the unrar executable. > > What is difference between this install's MailScanner.conf and that of > the working install? Are the MTAs the same. If the MTA is, e.g., Postfix, > have you made the necessary MTA config changes? > > Are there MailScanner entries in the system mail log? Do they offer clues? > > And do message which have been through your MailScanner show any signs of any X-MailScanner headers in them? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maurizio.salvadeo at ecostampa.it Mon Aug 31 08:13:14 2009 From: maurizio.salvadeo at ecostampa.it (Maurizio Salvadeo) Date: Mon Aug 31 08:14:00 2009 Subject: messages are not scanned In-Reply-To: References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> <4A99C9CB.7080105@ecostampa.it> <20090830141322.GA3904@msapiro> <4A9AD281.70505@ecs.soton.ac.uk> Message-ID: <4A9B780A.4000500@ecostampa.it> the MTA is sendmail. in the received email there are no mailscanner headers. the conf file is different from the one on the system tha runs correctly because this one is a newer version. Jules Field ha scritto: > > > On 30/08/2009 15:13, Mark Sapiro wrote: >> On Sun, Aug 30, 2009 at 02:37:31AM +0200, Maurizio Salvadeo wrote: >> >>> hi, thanks fro your help. >>> this is a new install on fedora 10. clamav was installed from the tar.gz >>> in /usr/local/ and mailscanner was installed excuting ./install.sh. i >>> also have installed Mail;;ClamAV perl module. >>> it never worked at all. >>> two months later i installed another server with an older version of >>> mailscanner and it runs properly. >>> >> >> According to MailScanner --lint, it is running clamav via the perl module >> and properly detecting the eicar test. Note however that these days, >> clamd >> is preferred to the clamav module. >> >> The only problem detected is the absence of the unrar executable. >> >> What is difference between this install's MailScanner.conf and that of >> the working install? Are the MTAs the same. If the MTA is, e.g., Postfix, >> have you made the necessary MTA config changes? >> >> Are there MailScanner entries in the system mail log? Do they offer >> clues? >> >> > And do message which have been through your MailScanner show any signs > of any X-MailScanner headers in them? > > Jules > -- Maurizio Salvadeo ICT Manager L'Eco della Stampa S.p.A. Via Compagnoni 28 20129 - Milano +39 02 748113 +39 348 5161936 skype: maurizio.salvadeo From maxsec at gmail.com Mon Aug 31 08:46:22 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Mon Aug 31 08:46:46 2009 Subject: messages are not scanned In-Reply-To: <4A9B780A.4000500@ecostampa.it> References: <20090829193443.jlxw5e4g4ks0c8c8@webmail.ecostampa.it> <72cf361e0908291253h1cf46b9fr4cc009d44041dc45@mail.gmail.com> <4A99C9CB.7080105@ecostampa.it> <20090830141322.GA3904@msapiro> <4A9AD281.70505@ecs.soton.ac.uk> <4A9B780A.4000500@ecostampa.it> Message-ID: <72cf361e0908310046pcabba55n336356d403d005f7@mail.gmail.com> Hi in that case then sendmail isn't setup properly to talk to mailscanner. Look at the manual steps for setting up sendmail in the wiki. Also FC isn't considered a good system to run a server on as it needs a full OS upgrade too often. May I suggest Centos as an alternative (it's the free version of RHES). -- Martin Hepworth Oxford, UK 2009/8/31 Maurizio Salvadeo > the MTA is sendmail. in the received email there are no mailscanner > headers. the conf file is different from the one on the system tha runs > correctly because this one is a newer version. > > Jules Field ha scritto: > > > > > > On 30/08/2009 15:13, Mark Sapiro wrote: > >> On Sun, Aug 30, 2009 at 02:37:31AM +0200, Maurizio Salvadeo wrote: > >> > >>> hi, thanks fro your help. > >>> this is a new install on fedora 10. clamav was installed from the > tar.gz > >>> in /usr/local/ and mailscanner was installed excuting ./install.sh. i > >>> also have installed Mail;;ClamAV perl module. > >>> it never worked at all. > >>> two months later i installed another server with an older version of > >>> mailscanner and it runs properly. > >>> > >> > >> According to MailScanner --lint, it is running clamav via the perl > module > >> and properly detecting the eicar test. Note however that these days, > >> clamd > >> is preferred to the clamav module. > >> > >> The only problem detected is the absence of the unrar executable. > >> > >> What is difference between this install's MailScanner.conf and that of > >> the working install? Are the MTAs the same. If the MTA is, e.g., > Postfix, > >> have you made the necessary MTA config changes? > >> > >> Are there MailScanner entries in the system mail log? Do they offer > >> clues? > >> > >> > > And do message which have been through your MailScanner show any signs > > of any X-MailScanner headers in them? > > > > Jules > > > > -- > Maurizio Salvadeo > ICT Manager > L'Eco della Stampa S.p.A. > Via Compagnoni 28 > 20129 - Milano > +39 02 748113 > +39 348 5161936 > skype: maurizio.salvadeo > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090831/989902da/attachment.html From roland at inbox4u.de Mon Aug 31 17:51:08 2009 From: roland at inbox4u.de (Ehle, Roland) Date: Mon Aug 31 17:52:55 2009 Subject: TNEF Problems with version 4.78.14-1 Message-ID: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> Hi all, My box seems to have a problem with TNEF encoded attachment. I am running a rule, to replace winmail.dat from certain senders by the "real" attachments. This rule has been working for months, until I updated to Version 4.77.x E-Mails with attachment from that sender are put into quarantine and are marked with "Message attempted to kill MailScanner". I was trying to find a solution and even switched from external tnef decoder to the internal one (as described here in the list), without success. I updated the box to the latest beta version of MailScanner last night, no change. I am running a 64-Bit version of CENTOS 5.x. When running MailScanner in debugging mode with an example message I get the following results: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. MIME::Body::File->open /var/spool/MailScanner/incoming/6843/n7VGDl9R030438/nwinmail.dat: No such file or directory at /usr/lib/perl5/site_perl/5.8.8/MIME/Body.pm line 435. Indeed the directory only contains the original attachment and not a winmail.dat. Any help and/or hints are highly appreciated. Regards, Roland This is perl, v5.8.8 built for x86_64-linux-thread-multi This is CentOS release 5.3 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.78.14 Module versions are: 1.00 AnyDBM_File 1.30 Archive::Zip 0.23 bignum 1.04 Carp 2.02 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.124 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.92 Filesys::Df 3.60 HTML::Entities 3.62 HTML::Parser 3.57 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.13 Net::CIDR 1.25 Net::IP 0.18 OLE::Storage_Lite 1.04 Pod::Escapes 3.08 Pod::Simple 1.09 POSIX 1.21 Scalar::Util 1.78 Socket 2.16 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.6 Test::Simple 1.68 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.52 Archive::Tar 0.23 bignum 2.05 Business::ISBN 20081208 Business::ISBN::Data 1.15 Data::Dump 1.814 DB_File 1.25 DBD::SQLite 1.609 DBI 1.10 Digest 1.01 Digest::HMAC 2.39 Digest::MD5 2.12 Digest::SHA1 1.01 Encode::Detect 0.17008 Error 0.2603 ExtUtils::CBuilder 2.2002 ExtUtils::ParseXS 2.38 Getopt::Long 0.45 Inline 1.08 IO::String 1.10 IO::Zlib 2.21 IP::Country 0.29 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.006 Mail::SPF 1.999001 Mail::SPF::Query 0.340201 Module::Build 0.20 Net::CIDR::Lite 0.65 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.33 Net::LDAP 4.027 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.52 Test::Harness 1.23 Test::Manifest 1.98 Text::Balanced 1.35 URI 0.7701 version 0.70 YAML -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090831/657a0baf/attachment.html From MailScanner at ecs.soton.ac.uk Mon Aug 31 18:45:53 2009 From: MailScanner at ecs.soton.ac.uk (Jules Field) Date: Mon Aug 31 18:46:24 2009 Subject: TNEF Problems with version 4.78.14-1 In-Reply-To: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> References: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> <4A9C0C51.1090605@ecs.soton.ac.uk> Message-ID: Many thanks for a thorough analysis of the symptoms, this enabled me to find the fault very quickly. All fixed and published as 4.78.15. Please download and try this version for me. It only actually appears when "Expand TNEF = replace". Cheers, Jules. On 31/08/2009 17:51, Ehle, Roland wrote: > > Hi all, > > My box seems to have a problem with TNEF encoded attachment. I am > running a rule, to replace winmail.dat from certain senders by the > ?real? attachments. This rule has been working for months, until I > updated to Version 4.77.x > > E-Mails with attachment from that sender are put into quarantine and > are marked with ?Message attempted to kill MailScanner?. I was trying > to find a solution and even switched from external tnef decoder to the > internal one (as described here in the list), without success. I > updated the box to the latest beta version of MailScanner last night, > no change. > > I am running a 64-Bit version of CENTOS 5.x. > > When running MailScanner in debugging mode with an example message I > get the following results: > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 1 message. > > MIME::Body::File->open > /var/spool/MailScanner/incoming/6843/n7VGDl9R030438/nwinmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.8/MIME/Body.pm > line 435. > > Indeed the directory only contains the original attachment and not a > winmail.dat. > > Any help and/or hints are highly appreciated. > > Regards, > > Roland > > This is perl, v5.8.8 built for x86_64-linux-thread-multi > > This is CentOS release 5.3 (Final) > > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.78.14 > > Module versions are: > > 1.00 AnyDBM_File > > 1.30 Archive::Zip > > 0.23 bignum > > 1.04 Carp > > 2.02 Compress::Zlib > > 1.119 Convert::BinHex > > 0.17 Convert::TNEF > > 2.124 Data::Dumper > > 2.27 Date::Parse > > 1.00 DirHandle > > 1.05 Fcntl > > 2.74 File::Basename > > 2.09 File::Copy > > 2.01 FileHandle > > 1.08 File::Path > > 0.20 File::Temp > > 0.92 Filesys::Df > > 3.60 HTML::Entities > > 3.62 HTML::Parser > > 3.57 HTML::TokeParser > > 1.23 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.04 Mail::Header > > 1.89 Math::BigInt > > 0.22 Math::BigRat > > 3.05 MIME::Base64 > > 5.427 MIME::Decoder > > 5.427 MIME::Decoder::UU > > 5.427 MIME::Head > > 5.427 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.427 MIME::Tools > > 0.13 Net::CIDR > > 1.25 Net::IP > > 0.18 OLE::Storage_Lite > > 1.04 Pod::Escapes > > 3.08 Pod::Simple > > 1.09 POSIX > > 1.21 Scalar::Util > > 1.78 Socket > > 2.16 Storable > > 1.4 Sys::Hostname::Long > > 0.27 Sys::Syslog > > 1.26 Test::Pod > > 0.6 Test::Simple > > 1.68 Time::HiRes > > 1.02 Time::localtime > > Optional module versions are: > > 1.52 Archive::Tar > > 0.23 bignum > > 2.05 Business::ISBN > > 20081208 Business::ISBN::Data > > 1.15 Data::Dump > > 1.814 DB_File > > 1.25 DBD::SQLite > > 1.609 DBI > > 1.10 Digest > > 1.01 Digest::HMAC > > 2.39 Digest::MD5 > > 2.12 Digest::SHA1 > > 1.01 Encode::Detect > > 0.17008 Error > > 0.2603 ExtUtils::CBuilder > > 2.2002 ExtUtils::ParseXS > > 2.38 Getopt::Long > > 0.45 Inline > > 1.08 IO::String > > 1.10 IO::Zlib > > 2.21 IP::Country > > 0.29 Mail::ClamAV > > 3.002005 Mail::SpamAssassin > > v2.006 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.340201 Module::Build > > 0.20 Net::CIDR::Lite > > 0.65 Net::DNS > > v0.003 Net::DNS::Resolver::Programmable > > 0.33 Net::LDAP > > 4.027 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.52 Test::Harness > > 1.23 Test::Manifest > > 1.98 Text::Balanced > > 1.35 URI > > 0.7701 version > > 0.70 YAML > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From roland at inbox4u.de Mon Aug 31 18:58:41 2009 From: roland at inbox4u.de (Ehle, Roland) Date: Mon Aug 31 19:00:32 2009 Subject: AW: TNEF Problems with version 4.78.14-1 In-Reply-To: References: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> <4A9C0C51.1090605@ecs.soton.ac.uk> Message-ID: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9E@ts-dc2.ts-webarts.local> Once again: Thank you very much Jules. Problem is fixed with the new version. "Expand TNEF = replace" is working fine now. Regards, Roland -----Urspr?ngliche Nachricht----- Von: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] Im Auftrag von Jules Field Gesendet: Montag, 31. August 2009 19:46 An: MailScanner discussion Betreff: Re: TNEF Problems with version 4.78.14-1 Many thanks for a thorough analysis of the symptoms, this enabled me to find the fault very quickly. All fixed and published as 4.78.15. Please download and try this version for me. It only actually appears when "Expand TNEF = replace". Cheers, Jules. On 31/08/2009 17:51, Ehle, Roland wrote: > > Hi all, > > My box seems to have a problem with TNEF encoded attachment. I am > running a rule, to replace winmail.dat from certain senders by the > "real" attachments. This rule has been working for months, until I > updated to Version 4.77.x > > E-Mails with attachment from that sender are put into quarantine and > are marked with "Message attempted to kill MailScanner". I was trying > to find a solution and even switched from external tnef decoder to the > internal one (as described here in the list), without success. I > updated the box to the latest beta version of MailScanner last night, > no change. > > I am running a 64-Bit version of CENTOS 5.x. > > When running MailScanner in debugging mode with an example message I > get the following results: > > In Debugging mode, not forking... > > Trying to setlogsock(unix) > > Building a message batch to scan... > > Have a batch of 1 message. > > MIME::Body::File->open > /var/spool/MailScanner/incoming/6843/n7VGDl9R030438/nwinmail.dat: No > such file or directory at /usr/lib/perl5/site_perl/5.8.8/MIME/Body.pm > line 435. > > Indeed the directory only contains the original attachment and not a > winmail.dat. > > Any help and/or hints are highly appreciated. > > Regards, > > Roland > > This is perl, v5.8.8 built for x86_64-linux-thread-multi > > This is CentOS release 5.3 (Final) > > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.78.14 > > Module versions are: > > 1.00 AnyDBM_File > > 1.30 Archive::Zip > > 0.23 bignum > > 1.04 Carp > > 2.02 Compress::Zlib > > 1.119 Convert::BinHex > > 0.17 Convert::TNEF > > 2.124 Data::Dumper > > 2.27 Date::Parse > > 1.00 DirHandle > > 1.05 Fcntl > > 2.74 File::Basename > > 2.09 File::Copy > > 2.01 FileHandle > > 1.08 File::Path > > 0.20 File::Temp > > 0.92 Filesys::Df > > 3.60 HTML::Entities > > 3.62 HTML::Parser > > 3.57 HTML::TokeParser > > 1.23 IO > > 1.14 IO::File > > 1.13 IO::Pipe > > 2.04 Mail::Header > > 1.89 Math::BigInt > > 0.22 Math::BigRat > > 3.05 MIME::Base64 > > 5.427 MIME::Decoder > > 5.427 MIME::Decoder::UU > > 5.427 MIME::Head > > 5.427 MIME::Parser > > 3.03 MIME::QuotedPrint > > 5.427 MIME::Tools > > 0.13 Net::CIDR > > 1.25 Net::IP > > 0.18 OLE::Storage_Lite > > 1.04 Pod::Escapes > > 3.08 Pod::Simple > > 1.09 POSIX > > 1.21 Scalar::Util > > 1.78 Socket > > 2.16 Storable > > 1.4 Sys::Hostname::Long > > 0.27 Sys::Syslog > > 1.26 Test::Pod > > 0.6 Test::Simple > > 1.68 Time::HiRes > > 1.02 Time::localtime > > Optional module versions are: > > 1.52 Archive::Tar > > 0.23 bignum > > 2.05 Business::ISBN > > 20081208 Business::ISBN::Data > > 1.15 Data::Dump > > 1.814 DB_File > > 1.25 DBD::SQLite > > 1.609 DBI > > 1.10 Digest > > 1.01 Digest::HMAC > > 2.39 Digest::MD5 > > 2.12 Digest::SHA1 > > 1.01 Encode::Detect > > 0.17008 Error > > 0.2603 ExtUtils::CBuilder > > 2.2002 ExtUtils::ParseXS > > 2.38 Getopt::Long > > 0.45 Inline > > 1.08 IO::String > > 1.10 IO::Zlib > > 2.21 IP::Country > > 0.29 Mail::ClamAV > > 3.002005 Mail::SpamAssassin > > v2.006 Mail::SPF > > 1.999001 Mail::SPF::Query > > 0.340201 Module::Build > > 0.20 Net::CIDR::Lite > > 0.65 Net::DNS > > v0.003 Net::DNS::Resolver::Programmable > > 0.33 Net::LDAP > > 4.027 NetAddr::IP > > 1.94 Parse::RecDescent > > missing SAVI > > 2.52 Test::Harness > > 1.23 Test::Manifest > > 1.98 Text::Balanced > > 1.35 URI > > 0.7701 version > > 0.70 YAML > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 Follow me at twitter.com/JulesFM and twitter.com/MailScanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From jonas at vrt.dk Mon Aug 31 22:12:14 2009 From: jonas at vrt.dk (Jonas A. Larsen) Date: Mon Aug 31 22:12:26 2009 Subject: TNEF Problems with version 4.78.14-1 In-Reply-To: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9E@ts-dc2.ts-webarts.local> References: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> <4A9C0C51.1090605@ecs.soton.ac.uk> <3DADD2A199CACA458008CE5EADDF2DFD027D283F9E@ts-dc2.ts-webarts.local> Message-ID: <000901ca2a7f$b69f0b10$23dd2130$@dk> Hi Roland This sounds like the same problem i had after updating. Great that you where able to give Julian the clues to find the problem. I bet my problems will be solved when I upgrade as well. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Ehle, Roland > Sent: 31. august 2009 19:59 > To: MailScanner discussion > Subject: AW: TNEF Problems with version 4.78.14-1 > > Once again: Thank you very much Jules. > > Problem is fixed with the new version. "Expand TNEF = replace" is working > fine now. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From raymond at prolocation.net Mon Aug 31 22:26:47 2009 From: raymond at prolocation.net (Raymond Dijkxhoorn) Date: Mon Aug 31 22:26:56 2009 Subject: TNEF Problems with version 4.78.14-1 In-Reply-To: <000901ca2a7f$b69f0b10$23dd2130$@dk> References: <3DADD2A199CACA458008CE5EADDF2DFD027D283F9D@ts-dc2.ts-webarts.local> <4A9C0C51.1090605@ecs.soton.ac.uk> <3DADD2A199CACA458008CE5EADDF2DFD027D283F9E@ts-dc2.ts-webarts.local> <000901ca2a7f$b69f0b10$23dd2130$@dk> Message-ID: Hi! > This sounds like the same problem i had after updating. > > Great that you where able to give Julian the clues to find the problem. > > I bet my problems will be solved when I upgrade as well. >> Once again: Thank you very much Jules. >> >> Problem is fixed with the new version. "Expand TNEF = replace" is working >> fine now. Yes its working here also again now. Thanks. We picked a temp solution to not use replace but i guess we forgot the mention it ;) Anyway also happy its fixed, thanks Jules! Bye, Raymond. From ssilva at sgvwater.com Mon Aug 31 22:30:38 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Aug 31 22:31:09 2009 Subject: TNEF corruption and crashes and massive problems after upgrading to 4.78.9 In-Reply-To: References: <002401ca27bb$bb4a0b40$31de21c0$@dk> <4A97D686.4020409@ecs.soton.ac.uk> <4A98890A.7010603@ecs.soton.ac.uk> Message-ID: on 8-28-2009 6:48 PM Jules Field spake the following: > > > On 28/08/2009 19:35, Scott Silva wrote: >> >> >>>> Are these variable values the recommended values? What are everyone >>>> else using? >>>> >>>> >>> I would try "TNEF Expander = external". >>> >>> >> Is that the current variable? Or should it be "TNEF Expander = >> /path/to/tnef" >> as it is in the docs? >> > Sorry, my mistake, it should be as you suggested and not "external". > Silly me :( The docs are correct, ignore my ramblings..... > > Jules > Just making sure that you didn't code something to magically find the binary for you. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090831/d808720d/signature.bin