From gmcgreevy at pwr-sys.com Thu Jan 1 16:09:21 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Thu Jan 1 16:18:57 2009 Subject: ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf Message-ID: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> When I run the mailscanner check I get the following error I have edited the file to match the %org-name% and have tried multiple combinations but I continue to get the error what is the correct format to fix this error here is what I have tried (mydomain is exactly what is in the %org-name% in my Mailscanner.conf) X-mydomain-MailScanner X-mydomain-COM-MailScanner mydomain-MailScanner -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090101/d88d4977/attachment.html From hvdkooij at vanderkooij.org Thu Jan 1 19:23:49 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Thu Jan 1 19:24:02 2009 Subject: ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> Message-ID: <495D1845.7030509@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg J. McGreevy wrote: > When I run the mailscanner check I get the following error ..... The error never made it to the mailinglist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkldGEMACgkQBvzDRVjxmYFl/wCcCzuelf1lshJYo7rePlQAiDNl vPsAoLkgE6dQlB5JzOkTQiKhDW1EEeay =NjCB -----END PGP SIGNATURE----- From gmcgreevy at pwr-sys.com Thu Jan 1 20:59:03 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Thu Jan 1 21:04:05 2009 Subject: ERROR: The "envelope_sender_header" in yourspam.assassin.prefs.conf References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> <495D1845.7030509@vanderkooij.org> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-mydomain-MailScanner-From ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Hugo van der Kooij Sent: Thu 1/1/2009 2:23 PM To: MailScanner discussion Subject: Re: ERROR: The "envelope_sender_header" in yourspam.assassin.prefs.conf -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg J. McGreevy wrote: > When I run the mailscanner check I get the following error ..... The error never made it to the mailinglist. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkldGEMACgkQBvzDRVjxmYFl/wCcCzuelf1lshJYo7rePlQAiDNl vPsAoLkgE6dQlB5JzOkTQiKhDW1EEeay =NjCB -----END PGP SIGNATURE----- -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5368 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090101/6f06df91/attachment.bin From glenn.steen at gmail.com Thu Jan 1 22:25:41 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 1 22:25:52 2009 Subject: ERROR: The "envelope_sender_header" in yourspam.assassin.prefs.conf In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> <495D1845.7030509@vanderkooij.org> <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> Message-ID: <223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com> 2009/1/1 Greg J. McGreevy : > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-mydomain-MailScanner-From > > So ... why didn't you try with that? :-) The "mydomain" part should be the value of %org-name%, so ... assuming yours is set to PWRSys, it should read X-PWRSys-MailScanner-From ... and nothing else;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From brent.addis at spit.gen.nz Thu Jan 1 23:21:42 2009 From: brent.addis at spit.gen.nz (Brent Addis) Date: Thu Jan 1 23:21:56 2009 Subject: Anti-phishing -- was Re: OT: Happy New Year In-Reply-To: <495BFF17.5060705@ecs.soton.ac.uk> References: <495BFF17.5060705@ecs.soton.ac.uk> Message-ID: <1230852102.22182.0.camel@baddis-laptop> Awesome Julian, I've been looking for something that would catch those. I'll stick it on our testbed tonight On Wed, 2008-12-31 at 23:24 +0000, Julian Field wrote: > > On 31/12/08 22:54, Kevin Miller wrote: > > Just a quick note to wish everyone a Happy (and spam free) New Year, > > especially Jules. Your hard work and giving spirit has certainly made > > the past year much nicer for all of us... > > > Many thanks! > > You might be interested I've been doing a bit of work with the > Google-hosted project "anti-phishing-email-reply" which you can find here: > http://code.google.com/p/anti-phishing-email-reply/ > > My aim was to create a trap for all those nasty spear-phishing attacks > and those endless "Temporary job offer" spams that some of you will get. > > I have created a little script (which is pretty obvious, source code is > given below) which just generates a list of addresses based on what's in > their file. I add that to my own list of known troublesome addresses, > which can have "*" wildcards in them, so you can do things like michael > loucas * @ gmail . com (extra spaces added to stop my stuff picking up > that address and killing this message). > > I then generate a bunch of SpamAssassin rules from that which detect any > of these few thousand addresses appearing anywhere in a message, with > lots of safeguards to protect against false alarms. It also compacts > them into only a hundred or two rules, instead of having 1 SpamAssassin > rule for each address! > > I then use SpamAssassin Rule Actions to do this: > SpamAssassin Rule Actions = ECS_MAIL_ACCESS=>store,not-deliver,forward > postmaster@ecs.soton.ac.uk,header "X-ECS-Mail-Access: was to _TO_" > > This lot fires whenever any of my SpamAssassin rules fires. It > 1) Adds a header "X-ECS-Mail-Access:" containing the list of original > recipient addresses, > 2) Stores a copy of the message > 3) Stops delivery to the original recipients > 4) Sends a copy to postmaster, where I have a Sieve rule firing on the > presence of the "X-ECS-Mail-Access:" header to store it in a folder > without cluttering up postmaster's inbox. > > My script, that builds all the SpamAssassin rules, works from a YP/NIS > map called "mail.access" which contains each email address from the > google list and my list in the first word of a line, looking like this > bad@domain.com REJECT > nasty@false.bank.com REJECT > I sort it so that the regular expressions created are more optimal for > Perl, so it can apply them faster to each message. > > My script that builds all the SpamAssassin rules is attached. > > My script that reads the google list and creates the YP/NIS map from it > is simply this: > > #!/bin/sh > echo Fetching phishing addresses... > rm -f /tmp/$$.blocks > /usr/local/bin/wget -O /tmp/$$.blocks > http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses > >/dev/null 2>&1 > echo Read `grep -v '^#' /tmp/$$.blocks | wc -l` addresses > > if [ -f /tmp/$$.blocks ]; then > sed -e 's/^#.*$//' < /tmp/$$.blocks | \ > cut -d, -f1 | \ > sort | \ > uniq | \ > grep -v '^$' | \ > awk '{ printf("%s\tREJECT\n",$1); }' > > /opt/yp/etc/mail.access.anti-phishing > rm -f /tmp/$$.blocks > cd /opt/yp; > ./ypmake; > fi > > The "ypcat -k mail.access" command at the start of Build.Phishing.Rules > basically reads my list in addition to the contents of the file > /opt/yp/etc/mail.access.anti-phishing mentioned in the code above, so > you can easily convert it to just use a temporary file and do all of > this lot on the same server. If you aren't using YP/NIS then you > obviously won't need the "ypmake" command either. > > I hope this is of some use to some of you. It traps "Temporary job > offer" spams and spear-phishing attacks very well indeed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090102/d1b385d0/attachment.html From gmcgreevy at pwr-sys.com Fri Jan 2 00:08:44 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Fri Jan 2 00:13:45 2009 Subject: ERROR: The "envelope_sender_header" inyourspam.assassin.prefs.conf References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com><495D1845.7030509@vanderkooij.org><567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> <223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> I did still getting the error ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Glenn Steen Sent: Thu 1/1/2009 5:25 PM To: MailScanner discussion Subject: Re: ERROR: The "envelope_sender_header" inyourspam.assassin.prefs.conf 2009/1/1 Greg J. McGreevy : > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-mydomain-MailScanner-From > > So ... why didn't you try with that? :-) The "mydomain" part should be the value of %org-name%, so ... assuming yours is set to PWRSys, it should read X-PWRSys-MailScanner-From ... and nothing else;) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4531 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090101/883b59ed/attachment.bin From glenn.steen at gmail.com Fri Jan 2 08:45:16 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 2 08:45:26 2009 Subject: ERROR: The "envelope_sender_header" inyourspam.assassin.prefs.conf In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> <495D1845.7030509@vanderkooij.org> <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> <223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> Message-ID: <223f97700901020045o16f7a017k663cb1ccb248b6db@mail.gmail.com> 2009/1/2 Greg J. McGreevy : > I did still getting the error > Ok, could you please post the settings in spam.assassin.prefs.conf as well as your %org-name% setting in MailScanner.conf? Just cut'n'paste, so that we can see them "as is". Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 2 08:50:20 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 2 08:50:31 2009 Subject: ERROR: The "envelope_sender_header" inyourspam.assassin.prefs.conf In-Reply-To: <223f97700901020045o16f7a017k663cb1ccb248b6db@mail.gmail.com> References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> <495D1845.7030509@vanderkooij.org> <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> <223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> <223f97700901020045o16f7a017k663cb1ccb248b6db@mail.gmail.com> Message-ID: <223f97700901020050m17367acbg40464ee318a2872e@mail.gmail.com> 2009/1/2 Glenn Steen : > 2009/1/2 Greg J. McGreevy : >> I did still getting the error >> > > Ok, could you please post the settings in spam.assassin.prefs.conf as > well as your %org-name% setting in MailScanner.conf? Just cut'n'paste, > so that we can see them "as is". As an example... I have %org-name% = ForstaAP-Fonden in MailScanner.conf and bayes_ignore_header X-ForstaAP-Fonden-MailScanner bayes_ignore_header X-ForstaAP-Fonden-MailScanner-SpamCheck bayes_ignore_header X-ForstaAP-Fonden-MailScanner-SpamScore bayes_ignore_header X-ForstaAP-Fonden-MailScanner-Information bayes_ignore_header X-ForstaAP-Fonden-MailScanner-Watermark ... in spam.assassin.prefs.conf ... Perhaps you missed some? Or have a non-header-lval-character in your %org-name% ....? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From maillists at conactive.com Fri Jan 2 10:31:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 2 10:31:26 2009 Subject: ERROR: The "envelope_sender_header" inyourspam.assassin.prefs.conf In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com> <495D1845.7030509@vanderkooij.org> <567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com> <223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> Message-ID: Greg J. McGreevy wrote on Thu, 1 Jan 2009 19:08:44 -0500: > I did still getting the error 1. it would be nice if you could change to a *readable* quoting format 2. it would be nice if you could be more verbose Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Fri Jan 2 11:19:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 2 11:19:51 2009 Subject: Anti-phishing -- was Re: OT: Happy New Year In-Reply-To: <1230852102.22182.0.camel@baddis-laptop> References: <495BFF17.5060705@ecs.soton.ac.uk> <1230852102.22182.0.camel@baddis-laptop> Message-ID: <495DF83F.7020507@ecs.soton.ac.uk> If you want some recent entries from my additional list, I'll send you the bottom hundred or so. On 1/1/09 23:21, Brent Addis wrote: > Awesome Julian, I've been looking for something that would catch those. > > I'll stick it on our testbed tonight > > > > On Wed, 2008-12-31 at 23:24 +0000, Julian Field wrote: >> On 31/12/08 22:54, Kevin Miller wrote: >> > Just a quick note to wish everyone a Happy (and spam free) New Year, >> > especially Jules. Your hard work and giving spirit has certainly made >> > the past year much nicer for all of us... >> > >> Many thanks! >> >> You might be interested I've been doing a bit of work with the >> Google-hosted project "anti-phishing-email-reply" which you can find here: >> http://code.google.com/p/anti-phishing-email-reply/ >> >> My aim was to create a trap for all those nasty spear-phishing attacks >> and those endless "Temporary job offer" spams that some of you will get. >> >> I have created a little script (which is pretty obvious, source code is >> given below) which just generates a list of addresses based on what's in >> their file. I add that to my own list of known troublesome addresses, >> which can have "*" wildcards in them, so you can do things like michael >> loucas * @ gmail . com (extra spaces added to stop my stuff picking up >> that address and killing this message). >> >> I then generate a bunch of SpamAssassin rules from that which detect any >> of these few thousand addresses appearing anywhere in a message, with >> lots of safeguards to protect against false alarms. It also compacts >> them into only a hundred or two rules, instead of having 1 SpamAssassin >> rule for each address! >> >> I then use SpamAssassin Rule Actions to do this: >> SpamAssassin Rule Actions = ECS_MAIL_ACCESS=>store,not-deliver,forward >> postmaster@ecs.soton.ac.uk ,header "X-ECS-Mail-Access: was to _TO_" >> >> This lot fires whenever any of my SpamAssassin rules fires. It >> 1) Adds a header "X-ECS-Mail-Access:" containing the list of original >> recipient addresses, >> 2) Stores a copy of the message >> 3) Stops delivery to the original recipients >> 4) Sends a copy to postmaster, where I have a Sieve rule firing on the >> presence of the "X-ECS-Mail-Access:" header to store it in a folder >> without cluttering up postmaster's inbox. >> >> My script, that builds all the SpamAssassin rules, works from a YP/NIS >> map called "mail.access" which contains each email address from the >> google list and my list in the first word of a line, looking like this >> bad@domain.com REJECT >> nasty@false.bank.com REJECT >> I sort it so that the regular expressions created are more optimal for >> Perl, so it can apply them faster to each message. >> >> My script that builds all the SpamAssassin rules is attached. >> >> My script that reads the google list and creates the YP/NIS map from it >> is simply this: >> >> #!/bin/sh >> echo Fetching phishing addresses... >> rm -f /tmp/$$.blocks >> /usr/local/bin/wget -O /tmp/$$.blocks >> http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses >> >/dev/null 2>&1 >> echo Read `grep -v '^#' /tmp/$$.blocks | wc -l` addresses >> >> if [ -f /tmp/$$.blocks ]; then >> sed -e 's/^#.*$//'< /tmp/$$.blocks | \ >> cut -d, -f1 | \ >> sort | \ >> uniq | \ >> grep -v '^$' | \ >> awk '{ printf("%s\tREJECT\n",$1); }'> >> /opt/yp/etc/mail.access.anti-phishing >> rm -f /tmp/$$.blocks >> cd /opt/yp; >> ./ypmake; >> fi >> >> The "ypcat -k mail.access" command at the start of Build.Phishing.Rules >> basically reads my list in addition to the contents of the file >> /opt/yp/etc/mail.access.anti-phishing mentioned in the code above, so >> you can easily convert it to just use a temporary file and do all of >> this lot on the same server. If you aren't using YP/NIS then you >> obviously won't need the "ypmake" command either. >> >> I hope this is of some use to some of you. It traps "Temporary job >> offer" spams and spear-phishing attacks very well indeed. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book atwww.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me atJules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key:http://www.jules.fm/julesfm.asc >> >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From campbell at cnpapers.com Fri Jan 2 13:59:27 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jan 2 13:59:52 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: References: <49510578.6050801@cnpapers.com> Message-ID: <495E1DBF.3090602@cnpapers.com> Just got back from the holidays, so my reply is a little overdue. Ugo Bellavance wrote: > Steve Campbell wrote: >> The topic seems to come up quite often, and although the answers are >> usually pretty much the same, I never really see much of a "Solved" >> reply. >> >> I upgraded from version 4.58, where I saw maybe 3 or 4 timeouts, to >> 4.71, and saw an immediate increase to around 100-300 timeouts. I ran >> all of the --debug and --debug-sa flavors of help I could think of. I >> reviewed the logs. I run a caching nameserver. And I zeroed out some >> RBL scores. I still have yet to find why this happens. I eventually >> upgraded to 4.72, and started using clamd. I still get the large >> numbers of timeouts. I would think that the fact that this doesn't >> happen with all of my large batches indicates I'm not using any dead >> RBLs. >> >> I'm still exploring the causes, but haven't had much luck. I find it >> odd that SA would really keep RBLs that have expired over time in >> their default files, so I really don't think it's that. I do all of >> my checking of RBLs in SA. I always do my configuration and language >> upgrades, and search for rpmnew and rpmsave files. This has happened >> on 3 different but very similar servers that I run. >> >> I'm not really asking for assistance here, but just wanted to let >> others who are seeing this problem to be aware that there is >> something unique triggering this. I'm fairly confident that it is not >> happening at all sites, but something here is causing it. It may not >> even be related to MS/SA, but totally something else. >> >> The most I could ask for is a small checklist of what to ensure I >> have set. Every time I try to use the debug procedures, the tests >> perform flawlessly with no errors. It is very sporadic. We receive >> those normal bursts of spam, but for the most part, the batches ares >> small. The average amount of email per day is usually around 10k >> emails, but I get the above stated 100-300 timeouts. I'm going to try >> and match batch numbers to timeouts and see if this will reveal >> anything. I only run 3 Children on a fairly hefty Dell PowerEdge, but >> I do use 30 messages per child. I don't think this is excessive thought. >> >> Hope everyone has a Happy Holiday. > > What is the machine? > The machines are all Dell PowerEdge servers. There are three servers involved. Two are well equipped. One is just used as an interface for our webmail users. Not a lot going through it. > Did you check the optimization section of the MAQ page on the wiki? No, I haven't, but I will. I have reviewed it before, but will look to see if anything has changed or been added. > > When running --debug --debug-sa, don't you find anything that is a bit > slow? Nothing at all. I would think that if something were causing these that were DNS or RBL related, it would show for most all of the batches, not just random batches. So I am guessing it is either network clutter or something else. I just don't know yet. But still, there is the situation where this all started to happen after an upgrade. I'm going to review in the upgraded conf files and see if I've missed something. I have reduced the number of children on all machines from 5 to 3. This has reduced the total of timeouts - which sort of points to machine capacity. I only use 10 messages per batch. The main machines have 1 GB of RAM. The actual number of emails going through MS is quite low; around 10K, but I have quite a large access file, and the number of emails getting to the machines are closer to 25k+. Thanks for the thoughts and ideas. I'll keep digging and maybe find something. steve From maxsec at gmail.com Fri Jan 2 15:05:22 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Fri Jan 2 15:05:30 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: <495E1DBF.3090602@cnpapers.com> References: <49510578.6050801@cnpapers.com> <495E1DBF.3090602@cnpapers.com> Message-ID: <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com> 2009/1/2 Steve Campbell : > Just got back from the holidays, so my reply is a little overdue. > > Ugo Bellavance wrote: >> >> Steve Campbell wrote: >>> >>> The topic seems to come up quite often, and although the answers are >>> usually pretty much the same, I never really see much of a "Solved" reply. >>> >>> I upgraded from version 4.58, where I saw maybe 3 or 4 timeouts, to 4.71, >>> and saw an immediate increase to around 100-300 timeouts. I ran all of the >>> --debug and --debug-sa flavors of help I could think of. I reviewed the >>> logs. I run a caching nameserver. And I zeroed out some RBL scores. I still >>> have yet to find why this happens. I eventually upgraded to 4.72, and >>> started using clamd. I still get the large numbers of timeouts. I would >>> think that the fact that this doesn't happen with all of my large batches >>> indicates I'm not using any dead RBLs. >>> >>> I'm still exploring the causes, but haven't had much luck. I find it odd >>> that SA would really keep RBLs that have expired over time in their default >>> files, so I really don't think it's that. I do all of my checking of RBLs in >>> SA. I always do my configuration and language upgrades, and search for >>> rpmnew and rpmsave files. This has happened on 3 different but very similar >>> servers that I run. >>> >>> I'm not really asking for assistance here, but just wanted to let others >>> who are seeing this problem to be aware that there is something unique >>> triggering this. I'm fairly confident that it is not happening at all sites, >>> but something here is causing it. It may not even be related to MS/SA, but >>> totally something else. >>> >>> The most I could ask for is a small checklist of what to ensure I have >>> set. Every time I try to use the debug procedures, the tests perform >>> flawlessly with no errors. It is very sporadic. We receive those normal >>> bursts of spam, but for the most part, the batches ares small. The average >>> amount of email per day is usually around 10k emails, but I get the above >>> stated 100-300 timeouts. I'm going to try and match batch numbers to >>> timeouts and see if this will reveal anything. I only run 3 Children on a >>> fairly hefty Dell PowerEdge, but I do use 30 messages per child. I don't >>> think this is excessive thought. >>> >>> Hope everyone has a Happy Holiday. >> >> What is the machine? >> > The machines are all Dell PowerEdge servers. There are three servers > involved. Two are well equipped. One is just used as an interface for our > webmail users. Not a lot going through it. >> >> Did you check the optimization section of the MAQ page on the wiki? > > No, I haven't, but I will. I have reviewed it before, but will look to see > if anything has changed or been added. >> >> When running --debug --debug-sa, don't you find anything that is a bit >> slow? > > Nothing at all. > > I would think that if something were causing these that were DNS or RBL > related, it would show for most all of the batches, not just random batches. > So I am guessing it is either network clutter or something else. I just > don't know yet. But still, there is the situation where this all started to > happen after an upgrade. I'm going to review in the upgraded conf files and > see if I've missed something. > > I have reduced the number of children on all machines from 5 to 3. This has > reduced the total of timeouts - which sort of points to machine capacity. I > only use 10 messages per batch. The main machines have 1 GB of RAM. The > actual number of emails going through MS is quite low; around 10K, but I > have quite a large access file, and the number of emails getting to the > machines are closer to 25k+. > > > Thanks for the thoughts and ideas. I'll keep digging and maybe find > something. > > steve > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Steve 1GB ram is pretty minimal for SA...depends what third party rules you got, but I'd consider increasing ram. I presume you've got a local caching nameserver and you've dropped most of the RBL's by giving them a zero score. Also trying using opendns as your forward query servers which can operate lot quicker than alot of ISP's DNS. -- Martin Hepworth Oxford, UK From campbell at cnpapers.com Fri Jan 2 18:27:04 2009 From: campbell at cnpapers.com (Steve Campbell) Date: Fri Jan 2 19:06:19 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com> References: <49510578.6050801@cnpapers.com> <495E1DBF.3090602@cnpapers.com> <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com> Message-ID: <495E5C78.7040805@cnpapers.com> Martin Hepworth wrote: > 2009/1/2 Steve Campbell : > >> Just got back from the holidays, so my reply is a little overdue. >> >> Ugo Bellavance wrote: >> >>> Steve Campbell wrote: >>> >>>> The topic seems to come up quite often, and although the answers are >>>> usually pretty much the same, I never really see much of a "Solved" reply. >>>> >>>> I upgraded from version 4.58, where I saw maybe 3 or 4 timeouts, to 4.71, >>>> and saw an immediate increase to around 100-300 timeouts. I ran all of the >>>> --debug and --debug-sa flavors of help I could think of. I reviewed the >>>> logs. I run a caching nameserver. And I zeroed out some RBL scores. I still >>>> have yet to find why this happens. I eventually upgraded to 4.72, and >>>> started using clamd. I still get the large numbers of timeouts. I would >>>> think that the fact that this doesn't happen with all of my large batches >>>> indicates I'm not using any dead RBLs. >>>> >>>> I'm still exploring the causes, but haven't had much luck. I find it odd >>>> that SA would really keep RBLs that have expired over time in their default >>>> files, so I really don't think it's that. I do all of my checking of RBLs in >>>> SA. I always do my configuration and language upgrades, and search for >>>> rpmnew and rpmsave files. This has happened on 3 different but very similar >>>> servers that I run. >>>> >>>> I'm not really asking for assistance here, but just wanted to let others >>>> who are seeing this problem to be aware that there is something unique >>>> triggering this. I'm fairly confident that it is not happening at all sites, >>>> but something here is causing it. It may not even be related to MS/SA, but >>>> totally something else. >>>> >>>> The most I could ask for is a small checklist of what to ensure I have >>>> set. Every time I try to use the debug procedures, the tests perform >>>> flawlessly with no errors. It is very sporadic. We receive those normal >>>> bursts of spam, but for the most part, the batches ares small. The average >>>> amount of email per day is usually around 10k emails, but I get the above >>>> stated 100-300 timeouts. I'm going to try and match batch numbers to >>>> timeouts and see if this will reveal anything. I only run 3 Children on a >>>> fairly hefty Dell PowerEdge, but I do use 30 messages per child. I don't >>>> think this is excessive thought. >>>> >>>> Hope everyone has a Happy Holiday. >>>> >>> What is the machine? >>> >>> >> The machines are all Dell PowerEdge servers. There are three servers >> involved. Two are well equipped. One is just used as an interface for our >> webmail users. Not a lot going through it. >> >>> Did you check the optimization section of the MAQ page on the wiki? >>> >> No, I haven't, but I will. I have reviewed it before, but will look to see >> if anything has changed or been added. >> >>> When running --debug --debug-sa, don't you find anything that is a bit >>> slow? >>> >> Nothing at all. >> >> I would think that if something were causing these that were DNS or RBL >> related, it would show for most all of the batches, not just random batches. >> So I am guessing it is either network clutter or something else. I just >> don't know yet. But still, there is the situation where this all started to >> happen after an upgrade. I'm going to review in the upgraded conf files and >> see if I've missed something. >> >> I have reduced the number of children on all machines from 5 to 3. This has >> reduced the total of timeouts - which sort of points to machine capacity. I >> only use 10 messages per batch. The main machines have 1 GB of RAM. The >> actual number of emails going through MS is quite low; around 10K, but I >> have quite a large access file, and the number of emails getting to the >> machines are closer to 25k+. >> >> >> Thanks for the thoughts and ideas. I'll keep digging and maybe find >> something. >> >> steve >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> > > > Steve > > 1GB ram is pretty minimal for SA...depends what third party rules you > got, but I'd consider increasing ram. > > I presume you've got a local caching nameserver and you've dropped > most of the RBL's by giving them a zero score. Also trying using > opendns as your forward query servers which can operate lot quicker > than alot of ISP's DNS. > > Martin, I see in 'top' that I am very thin on RAM at times, but it still doesn't definitively explain the randomness of the timeouts. We run our own DNS servers, and I use a caching nameserver on each server. We also use OpenDNS for certain purposes, but not mailserver instances. I guess the problem is more about the randomness. I don't think the upgrade of MS would have caused such a large difference. I was running SA 3 before and after the upgrade, so there shouldn't have been a large increase there. Now there could have been a big difference in the way SA was acting, but I'm not aware (ignorant is probably a better adjective for my knowledge) of any great changes. I am aware of the .cf file I can view to discover the RBLs that SA uses, so I could start zeroing out a lot of those. Does anyone, though, have a recommendation for what should be used (non-zero entries) as a general rule? Thanks From gmcgreevy at pwr-sys.com Fri Jan 2 19:25:27 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Fri Jan 2 19:30:38 2009 Subject: ERROR: The "envelope_sender_header"inyourspam.assassin.prefs.conf References: <567221C09601934AA5CE9762FDA09A5001C3CB@EXCHTEMP.biz.pwr-sys.com><495D1845.7030509@vanderkooij.org><567221C09601934AA5CE9762FDA09A5001C3CD@EXCHTEMP.biz.pwr-sys.com><223f97700901011425s7029c66bh30e11336c32b105c@mail.gmail.com><567221C09601934AA5CE9762FDA09A5001C3CE@EXCHTEMP.biz.pwr-sys.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3D3@EXCHTEMP.biz.pwr-sys.com> fixed it it was a typo thanks for the reponse Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kai Schaetzl Sent: Fri 1/2/2009 5:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: ERROR: The "envelope_sender_header"inyourspam.assassin.prefs.conf Greg J. McGreevy wrote on Thu, 1 Jan 2009 19:08:44 -0500: > I did still getting the error 1. it would be nice if you could change to a *readable* quoting format 2. it would be nice if you could be more verbose Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4742 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090102/b58e4ec3/attachment.bin From mark at msapiro.net Sat Jan 3 01:14:13 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat Jan 3 01:14:31 2009 Subject: How to ignore some recipients in a SpamAssassin Rule Actions ruleset Message-ID: I have searched the list archives and the documentation wiki and haven't found an answer. In MailScanner.conf I have SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules In spamassassin_rule_actions.rules, what is the proper way to specify a null action for some recipient. I have FromOrTo: default SA_RULE_NAME=>action_list and that works fine. I want to exempt a recipient from these actions. I know for example that I could put To: user@example.com ZZZ_BOGUS_RULE=>action Where ZZZ_BOGUS_RULE is a non-existent rule, but that seems somewhat kludgey. The usual "yes" or "no" don't seem appropriate here as they aren't the kind of values that are expected for SpamAssassin Rule Actions. I found through experiment that To: user@example.com "" seems to work as does To: user@example.com SA_RULE_NAME=> and To: user@example.com SA_RULE_NAME but To: user@example.com , doesn't work. Is there a "correct" or a preferred way to do what I want? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ugob at lubik.ca Sat Jan 3 02:34:05 2009 From: ugob at lubik.ca (Ugo Bellavance) Date: Sat Jan 3 02:34:32 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: <495E5C78.7040805@cnpapers.com> References: <49510578.6050801@cnpapers.com> <495E1DBF.3090602@cnpapers.com> <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com> <495E5C78.7040805@cnpapers.com> Message-ID: Steve Campbell wrote: > > > Martin Hepworth wrote: >> 2009/1/2 Steve Campbell : >> >>> Just got back from the holidays, so my reply is a little overdue. >>> >>> Ugo Bellavance wrote: >>> >>>> Steve Campbell wrote: >>>> >>>>> The topic seems to come up quite often, and although the answers are >>>>> usually pretty much the same, I never really see much of a "Solved" >>>>> reply. >>>>> >>>>> I upgraded from version 4.58, where I saw maybe 3 or 4 timeouts, to >>>>> 4.71, >>>>> and saw an immediate increase to around 100-300 timeouts. I ran all >>>>> of the >>>>> --debug and --debug-sa flavors of help I could think of. I reviewed >>>>> the >>>>> logs. I run a caching nameserver. And I zeroed out some RBL scores. >>>>> I still >>>>> have yet to find why this happens. I eventually upgraded to 4.72, and >>>>> started using clamd. I still get the large numbers of timeouts. I >>>>> would >>>>> think that the fact that this doesn't happen with all of my large >>>>> batches >>>>> indicates I'm not using any dead RBLs. >>>>> >>>>> I'm still exploring the causes, but haven't had much luck. I find >>>>> it odd >>>>> that SA would really keep RBLs that have expired over time in their >>>>> default >>>>> files, so I really don't think it's that. I do all of my checking >>>>> of RBLs in >>>>> SA. I always do my configuration and language upgrades, and search for >>>>> rpmnew and rpmsave files. This has happened on 3 different but very >>>>> similar >>>>> servers that I run. >>>>> >>>>> I'm not really asking for assistance here, but just wanted to let >>>>> others >>>>> who are seeing this problem to be aware that there is something >>>>> unique >>>>> triggering this. I'm fairly confident that it is not happening at >>>>> all sites, >>>>> but something here is causing it. It may not even be related to >>>>> MS/SA, but >>>>> totally something else. >>>>> >>>>> The most I could ask for is a small checklist of what to ensure I have >>>>> set. Every time I try to use the debug procedures, the tests perform >>>>> flawlessly with no errors. It is very sporadic. We receive those >>>>> normal >>>>> bursts of spam, but for the most part, the batches ares small. The >>>>> average >>>>> amount of email per day is usually around 10k emails, but I get the >>>>> above >>>>> stated 100-300 timeouts. I'm going to try and match batch numbers to >>>>> timeouts and see if this will reveal anything. I only run 3 >>>>> Children on a >>>>> fairly hefty Dell PowerEdge, but I do use 30 messages per child. I >>>>> don't >>>>> think this is excessive thought. >>>>> >>>>> Hope everyone has a Happy Holiday. >>>>> >>>> What is the machine? >>>> >>>> >>> The machines are all Dell PowerEdge servers. There are three servers >>> involved. Two are well equipped. One is just used as an interface for >>> our >>> webmail users. Not a lot going through it. >>> >>>> Did you check the optimization section of the MAQ page on the wiki? >>>> >>> No, I haven't, but I will. I have reviewed it before, but will look >>> to see >>> if anything has changed or been added. >>> >>>> When running --debug --debug-sa, don't you find anything that is a bit >>>> slow? >>>> >>> Nothing at all. >>> >>> I would think that if something were causing these that were DNS or RBL >>> related, it would show for most all of the batches, not just random >>> batches. >>> So I am guessing it is either network clutter or something else. I just >>> don't know yet. But still, there is the situation where this all >>> started to >>> happen after an upgrade. I'm going to review in the upgraded conf >>> files and >>> see if I've missed something. >>> >>> I have reduced the number of children on all machines from 5 to 3. >>> This has >>> reduced the total of timeouts - which sort of points to machine >>> capacity. I >>> only use 10 messages per batch. The main machines have 1 GB of RAM. The >>> actual number of emails going through MS is quite low; around 10K, but I >>> have quite a large access file, and the number of emails getting to the >>> machines are closer to 25k+. >>> >>> >>> Thanks for the thoughts and ideas. I'll keep digging and maybe find >>> something. >>> >>> steve >>> >>> -- >>> MailScanner mailing list >>> mailscanner@lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >>> Before posting, read http://wiki.mailscanner.info/posting >>> >>> Support MailScanner development - buy the book off the website! >>> >>> >> >> >> Steve >> >> 1GB ram is pretty minimal for SA...depends what third party rules you >> got, but I'd consider increasing ram. >> >> I presume you've got a local caching nameserver and you've dropped >> most of the RBL's by giving them a zero score. Also trying using >> opendns as your forward query servers which can operate lot quicker >> than alot of ISP's DNS. >> >> > > Martin, > > I see in 'top' that I am very thin on RAM at times, but it still doesn't > definitively explain the randomness of the timeouts. We run our own DNS > servers, and I use a caching nameserver on each server. We also use > OpenDNS for certain purposes, but not mailserver instances. > > I guess the problem is more about the randomness. I don't think the > upgrade of MS would have caused such a large difference. I was running > SA 3 before and after the upgrade, so there shouldn't have been a large > increase there. Now there could have been a big difference in the way > SA was acting, but I'm not aware (ignorant is probably a better > adjective for my knowledge) of any great changes. Well, the randomness can be simply caused by swapping. For some reason, a system loads a little more in RAM that what your RAM can take, and it starts swapping. As Martin said, 1 G is minimal for a MailScanner/SA/AV system. Increasing your batch sizes to 30 may also help. But the first think I'd do is add another GB of ram. From alex at rtpty.com Sat Jan 3 05:28:00 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sat Jan 3 05:28:14 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: References: <49510578.6050801@cnpapers.com> <495E1DBF.3090602@cnpapers.com> <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com> <495E5C78.7040805@cnpapers.com> Message-ID: Although newer versions of postfix segfault instead of swap! ;-) On Jan 2, 2009, at 9:34 PM, Ugo Bellavance wrote: > Well, the randomness can be simply caused by swapping From MailScanner at ecs.soton.ac.uk Sat Jan 3 10:53:29 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 3 10:53:45 2009 Subject: How to ignore some recipients in a SpamAssassin Rule Actions ruleset In-Reply-To: References: Message-ID: <495F43A9.9080307@ecs.soton.ac.uk> As the default value for the setting is just blank, all you have to do is give blank as the value for the address. So the line just needs to read To: user@example.com That's all there is to it. Jules. On 3/1/09 01:14, Mark Sapiro wrote: > I have searched the list archives and the documentation wiki and > haven't found an answer. > > In MailScanner.conf I have > > SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules > > In spamassassin_rule_actions.rules, what is the proper way to specify a > null action for some recipient. I have > > > FromOrTo: default SA_RULE_NAME=>action_list > > and that works fine. I want to exempt a recipient from these actions. I > know for example that I could put > > To: user@example.com ZZZ_BOGUS_RULE=>action > > Where ZZZ_BOGUS_RULE is a non-existent rule, but that seems somewhat > kludgey. > > The usual "yes" or "no" don't seem appropriate here as they aren't the > kind of values that are expected for SpamAssassin Rule Actions. > > I found through experiment that > > To: user@example.com "" > > seems to work as does > > To: user@example.com SA_RULE_NAME=> > > and > > To: user@example.com SA_RULE_NAME > > but > > To: user@example.com , > > doesn't work. > > Is there a "correct" or a preferred way to do what I want? > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 3 11:13:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 3 11:13:28 2009 Subject: MailScanner ANNOUNCE: Stable release 4.74.12 Message-ID: <495F4846.8020207@ecs.soton.ac.uk> I have just released the first version for 2009, 4.74. The main fix this time is that all the symlink vulnerabilities have been fixed, though you were only ever vulnerable to these problems if you let users interactively login (using ssh, for example) to your MailScanner servers. If you restrict logins to system admins and other trusted users, you would never have had a problem anyway. Other than that, the SpamAssassin Rule Actions have been improved slightly, in that the "header" action can now contain the magic word "_TO_" which will be replaced by a list of all the original message recipients, very useful if you don't deliver the message but instead forward it to someone else for checking. TNEF had been upgraded to 1.4.5. Download as usual from www.mailscanner.info. The full Change Log is this: * New Features and Improvements * 1 Patch added to ClamAV & SpamAssassin easy-to-install package to make Mail::ClamAV Perl module handle ClamAV 0.94 correctly. Thanks to Steve Barber for telling me about this fix. 7 Upgraded to tnef 1.4.5. 9 The Spam Actions and its pals may now contain the "header" action with the special keyword "_TO_" anywhere in the header value. This will be replaced by a comma-separated list of the original recipients of the message. I wrote this for when I divert a message to the postmaster when it's detected as spam, for example. Then you can put Spam Actions = store forward postmaster@ecs.soton.ac.uk header "X-ECS-Recips-w ere: Sent to _TO_" I don't always want to include the list of recipients in the headers, as others object to their privacy being violated by everyone receiving the full list of recipients, so I can't use the "Add Envelope To Header". I *only* want to add this information to spam messages, so I know to whom they were originally addressed. 11 Another check to ensure it doesn't chmod /tmp on misconfigured systems. * Fixes * 2 Major work on removing symlink attack vulnerabilities affecting -autoupdate lock files. Note: This vulnerability only affected systems where normal interactive users could log in to the system, or create arbitrary symlinks in your filesystem. So the ISP-style setups were never vulnerable, as they didn't allow normal users to login or allow people to arbitrarily create symlinks in the filesystem. 2 Removed symlink attack vulnerabilities in SpamAssassin and tnef handlers. 6-2 Re-release to fix filesize problems. 7-2 Added missing "use" statement to WorkArea.pm. 7-3 Added missing tnef to Other Unix tarball distribution. Linux distributions unchanged. 8 Minor fix in handling of complicated "SpamAssassin Rule Actions". 10 Fixes for Locks creation bugs from Jeff Earickson. Non-RPM distribution should work rather better now. 12 Tiny (but important) fix to mcafee-autoupdate so that it will work properly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Timo.Jacobs at partners.de Sat Jan 3 12:04:36 2009 From: Timo.Jacobs at partners.de (Timo.Jacobs@partners.de) Date: Sat Jan 3 12:04:48 2009 Subject: Timo Jacobs is out of the office. Message-ID: I will be out of the office starting 29.12.2008 and will not return until 05.01.2009. I will respond to your message when I return. In urgent cases please contact Mr. Timo A. Schmidt (timo.schmidt@partners.de) Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Geschäftsführer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 From gmcgreevy at pwr-sys.com Sat Jan 3 16:16:22 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Sat Jan 3 16:22:51 2009 Subject: MailScanner --lint error Message-ID: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> I am getting the following error when I run the test Cannot match against destination IP address when resolving configuration option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm line 532 Don't know if this is bad or not but I would like to fix it. Thanks, Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090103/b3f206bb/attachment.html From maillists at conactive.com Sat Jan 3 17:55:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 3 17:55:35 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> Message-ID: Greg J. McGreevy wrote on Sat, 3 Jan 2009 11:16:22 -0500: > Cannot match against destination IP address when resolving configuration > option "dangerscan" at /usr/lib/MailScanner/MailScanner/Config.pm > line 532 I would assume that refers to the "Dangerous Content Scanning" option and that you changed that option to point to a rules file and in doing so added a linebreak or other error, so that this option gets crippled to "dangerscan". Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Sat Jan 3 19:12:32 2009 From: mark at msapiro.net (Mark Sapiro) Date: Sat Jan 3 19:12:41 2009 Subject: How to ignore some recipients in a SpamAssassin Rule Actions ruleset In-Reply-To: <495F43A9.9080307@ecs.soton.ac.uk> References: <495F43A9.9080307@ecs.soton.ac.uk> Message-ID: <20090103191232.GA896@msapiro> On Sat, Jan 03, 2009 at 10:53:29AM +0000, Julian Field wrote: > As the default value for the setting is just blank, all you have to do > is give blank as the value for the address. > > So the line just needs to read > To: user@example.com > > That's all there is to it. I've tried that. More specifically, I've tried To:user@example.com To:user@example.com and To:user@example.com where and are the respective characters, and none of those override the default rule action. > Jules. > > On 3/1/09 01:14, Mark Sapiro wrote: > >I have searched the list archives and the documentation wiki and > >haven't found an answer. > > > >In MailScanner.conf I have > > > >SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules > > > >In spamassassin_rule_actions.rules, what is the proper way to specify a > >null action for some recipient. I have > > > > > >FromOrTo: default SA_RULE_NAME=>action_list > > > >and that works fine. I want to exempt a recipient from these actions. I > >know for example that I could put > > > >To: user@example.com ZZZ_BOGUS_RULE=>action > > > >Where ZZZ_BOGUS_RULE is a non-existent rule, but that seems somewhat > >kludgey. > > > >The usual "yes" or "no" don't seem appropriate here as they aren't the > >kind of values that are expected for SpamAssassin Rule Actions. > > > >I found through experiment that > > > >To: user@example.com "" > > > >seems to work as does > > > >To: user@example.com SA_RULE_NAME=> > > > >and > > > >To: user@example.com SA_RULE_NAME > > > >but > > > >To: user@example.com , > > > >doesn't work. > > > >Is there a "correct" or a preferred way to do what I want? > > > > > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Sat Jan 3 19:29:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 3 19:30:18 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> Message-ID: <495FBCAE.60204@ecs.soton.ac.uk> On 3/1/09 16:16, Greg J. McGreevy wrote: > I am getting the following error when I run the test > Cannot match against destination IP address Due to the way that email is delivered by a mail server, you don't know the exact destination IP address until you're actually in the process of delivering the message. So you can't match against a destination IP address in a rule. So all rules that say To: 123.123.123.123 yes or anything similar are impossible to implement. It's not a restriction in what MailScanner can do, you really don't know the destination IP address until the message has been delivered. By which time it's too late. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 3 19:30:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 3 19:31:26 2009 Subject: How to ignore some recipients in a SpamAssassin Rule Actions ruleset In-Reply-To: <20090103191232.GA896@msapiro> References: <495F43A9.9080307@ecs.soton.ac.uk> <20090103191232.GA896@msapiro> Message-ID: <495FBCEF.3000806@ecs.soton.ac.uk> On 3/1/09 19:12, Mark Sapiro wrote: > On Sat, Jan 03, 2009 at 10:53:29AM +0000, Julian Field wrote: > >> As the default value for the setting is just blank, all you have to do >> is give blank as the value for the address. >> >> So the line just needs to read >> To: user@example.com >> >> That's all there is to it. >> > > > I've tried that. More specifically, I've tried > > To:user@example.com > To:user@example.com > and > To:user@example.com > > where and are the respective characters, and none of those override the default rule action. > Ah, hmmm...... the and thing is irrelevant. Put in a rule name that doesn't exist and it will work fine. I swear it worked for me. > > >> Jules. >> >> On 3/1/09 01:14, Mark Sapiro wrote: >> >>> I have searched the list archives and the documentation wiki and >>> haven't found an answer. >>> >>> In MailScanner.conf I have >>> >>> SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules >>> >>> In spamassassin_rule_actions.rules, what is the proper way to specify a >>> null action for some recipient. I have >>> >>> >>> FromOrTo: default SA_RULE_NAME=>action_list >>> >>> and that works fine. I want to exempt a recipient from these actions. I >>> know for example that I could put >>> >>> To: user@example.com ZZZ_BOGUS_RULE=>action >>> >>> Where ZZZ_BOGUS_RULE is a non-existent rule, but that seems somewhat >>> kludgey. >>> >>> The usual "yes" or "no" don't seem appropriate here as they aren't the >>> kind of values that are expected for SpamAssassin Rule Actions. >>> >>> I found through experiment that >>> >>> To: user@example.com "" >>> >>> seems to work as does >>> >>> To: user@example.com SA_RULE_NAME=> >>> >>> and >>> >>> To: user@example.com SA_RULE_NAME >>> >>> but >>> >>> To: user@example.com , >>> >>> doesn't work. >>> >>> Is there a "correct" or a preferred way to do what I want? >>> >>> >>> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gmcgreevy at pwr-sys.com Sat Jan 3 22:23:57 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Sat Jan 3 22:28:46 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. Thanks Again, Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Sat 1/3/2009 2:29 PM To: MailScanner discussion Subject: Re: MailScanner --lint error On 3/1/09 16:16, Greg J. McGreevy wrote: > I am getting the following error when I run the test > Cannot match against destination IP address Due to the way that email is delivered by a mail server, you don't know the exact destination IP address until you're actually in the process of delivering the message. So you can't match against a destination IP address in a rule. So all rules that say To: 123.123.123.123 yes or anything similar are impossible to implement. It's not a restriction in what MailScanner can do, you really don't know the destination IP address until the message has been delivered. By which time it's too late. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 5289 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090103/78f514bb/attachment.bin From MailScanner at ecs.soton.ac.uk Sun Jan 4 09:38:42 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 4 09:39:12 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> Message-ID: <496083A2.2090909@ecs.soton.ac.uk> Back in about July 2007, I posted a HOWTO which you may find helps you, as a lot of it is still quite valid. It had HOWTO in the subject line, and will be in the list archive. On 3/1/09 22:23, Greg J. McGreevy wrote: > Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. > > Thanks Again, > Greg > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sat 1/3/2009 2:29 PM > To: MailScanner discussion > Subject: Re: MailScanner --lint error > > > > > > On 3/1/09 16:16, Greg J. McGreevy wrote: > >> I am getting the following error when I run the test >> Cannot match against destination IP address >> > Due to the way that email is delivered by a mail server, you don't know > the exact destination IP address until you're actually in the process of > delivering the message. So you can't match against a destination IP > address in a rule. So all rules that say > To: 123.123.123.123 yes > or anything similar are impossible to implement. It's not a restriction > in what MailScanner can do, you really don't know the destination IP > address until the message has been delivered. By which time it's too late. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From traced at xpear.de Sun Jan 4 13:13:29 2009 From: traced at xpear.de (traced) Date: Sun Jan 4 13:13:41 2009 Subject: Unused domains =?utf-8?q?f=C3=BCr_spam_testing?= Message-ID: <4960B5F9.5060608@xpear.de> Hi guys, has someone of you unused domains, getting spam? I?ve got a strange problem... I?m getting not enough spam for my tests on different anti-spam strategies... ;) If you have such domains, that are not used anymore, I would be happy some of your spam :-) The mails are not read by me, just handled by scripts. Regards, Bastian From gmcgreevy at pwr-sys.com Sun Jan 4 16:36:01 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Sun Jan 4 16:40:51 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> you mean this one? http://article.gmane.org/gmane.mail.virus.mailscanner/54241/match=how-to What do you have your score set to for Mailscanner mine is currently set to 6 and 10 (defaults I guess) most of the stuff I am seeing is hitting 1.5 to 3 for the SA score (all Spam) should I set these lower or tune Spamassassin to get a higher score? I am looking for a good start to finish tuning plan for everything that will get the majority of Spam caught (Quarantined) I am ok with some false positives. Right now it is not doing a very good job catching anything. I need to get this tuned ASAP and would be willing to pay someone to tweak things a bit to get this working Thanks, Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field Sent: Sun 1/4/2009 4:38 AM To: MailScanner discussion Subject: Re: MailScanner --lint error Back in about July 2007, I posted a HOWTO which you may find helps you, as a lot of it is still quite valid. It had HOWTO in the subject line, and will be in the list archive. On 3/1/09 22:23, Greg J. McGreevy wrote: > Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. > > Thanks Again, > Greg > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sat 1/3/2009 2:29 PM > To: MailScanner discussion > Subject: Re: MailScanner --lint error > > > > > > On 3/1/09 16:16, Greg J. McGreevy wrote: > >> I am getting the following error when I run the test >> Cannot match against destination IP address >> > Due to the way that email is delivered by a mail server, you don't know > the exact destination IP address until you're actually in the process of > delivering the message. So you can't match against a destination IP > address in a rule. So all rules that say > To: 123.123.123.123 yes > or anything similar are impossible to implement. It's not a restriction > in what MailScanner can do, you really don't know the destination IP > address until the message has been delivered. By which time it's too late. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 For all your IT requirements visit www.transtec.co.uk -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 7513 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090104/c96956ed/attachment.bin From maillists at conactive.com Sun Jan 4 18:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 4 18:31:36 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> Message-ID: Greg J. McGreevy wrote on Sun, 4 Jan 2009 11:36:01 -0500: > What do you have your score set to for Mailscanner mine is currently > set to 6 and 10 (defaults I guess) most of the stuff I am seeing is > hitting 1.5 to 3 for the SA score (all Spam) should I set these lower > or tune Spamassassin to get a higher score? You want to tune SA and train your Bayes. -> http://spamassassin.apache.org/ -> http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions -> http://wiki.apache.org/spamassassin/ Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun Jan 4 18:45:07 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 4 18:45:27 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> Message-ID: <496103B3.2060600@ecs.soton.ac.uk> On 4/1/09 16:36, Greg J. McGreevy wrote: > you mean this one? > > http://article.gmane.org/gmane.mail.virus.mailscanner/54241/match=how-to > Yes, that's the one. > > What do you have your score set to for Mailscanner mine is currently set to 6 and 10 (defaults I guess) Yes, that's pretty much what I use. 6 certainly, I think my high score might be 9, but users can tweak it. > most of the stuff I am seeing is hitting 1.5 to 3 for the SA score (all Spam) should I set these lower or tune Spamassassin to get a higher score? Tune SA to get a higher score. Don't lower the 6 much or you'll start getting a lot of false positives. > I am looking for a good start to finish tuning plan for everything that will get the majority of Spam caught (Quarantined) I am ok with some false positives. Right now it is not doing a very good job catching anything. I need to get this tuned ASAP and would be willing to pay someone to tweak things a bit to get this working > What sort of spam is getting through? I stop most of my own stuff these days with BarricadeMX (www.fsl.com) which is a brilliant product, and actually very cheap once you take into account the amount of hardware investment it will save you. It has saved us a lot of cash, and my users love it. Also, take a look at my anti-spear-phishing posting from a few days ago (it was a thread about Happy New Year which morphed somewhat :) as I've got that problem pretty much cracked now too. Jules. > > > Thanks, > Greg > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sun 1/4/2009 4:38 AM > To: MailScanner discussion > Subject: Re: MailScanner --lint error > > > > Back in about July 2007, I posted a HOWTO which you may find helps you, > as a lot of it is still quite valid. It had HOWTO in the subject line, > and will be in the list archive. > > On 3/1/09 22:23, Greg J. McGreevy wrote: > >> Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. >> >> Thanks Again, >> Greg >> >> ________________________________ >> >> From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field >> Sent: Sat 1/3/2009 2:29 PM >> To: MailScanner discussion >> Subject: Re: MailScanner --lint error >> >> >> >> >> >> On 3/1/09 16:16, Greg J. McGreevy wrote: >> >> >>> I am getting the following error when I run the test >>> Cannot match against destination IP address >>> >>> >> Due to the way that email is delivered by a mail server, you don't know >> the exact destination IP address until you're actually in the process of >> delivering the message. So you can't match against a destination IP >> address in a rule. So all rules that say >> To: 123.123.123.123 yes >> or anything similar are impossible to implement. It's not a restriction >> in what MailScanner can do, you really don't know the destination IP >> address until the message has been delivered. By which time it's too late. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Sun Jan 4 20:13:41 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sun Jan 4 20:13:50 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> Message-ID: <72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com> 2009/1/4 Greg J. McGreevy : > you mean this one? > > http://article.gmane.org/gmane.mail.virus.mailscanner/54241/match=how-to > > What do you have your score set to for Mailscanner mine is currently set to 6 and 10 (defaults I guess) most of the stuff I am seeing is hitting 1.5 to 3 for the SA score (all Spam) should I set these lower or tune Spamassassin to get a higher score? I am looking for a good start to finish tuning plan for everything that will get the majority of Spam caught (Quarantined) I am ok with some false positives. Right now it is not doing a very good job catching anything. I need to get this tuned ASAP and would be willing to pay someone to tweak things a bit to get this working > > > Thanks, > Greg > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sun 1/4/2009 4:38 AM > To: MailScanner discussion > Subject: Re: MailScanner --lint error > > > > Back in about July 2007, I posted a HOWTO which you may find helps you, > as a lot of it is still quite valid. It had HOWTO in the subject line, > and will be in the list archive. > > On 3/1/09 22:23, Greg J. McGreevy wrote: >> Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. >> >> Thanks Again, >> Greg >> >> ________________________________ >> >> From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field >> Sent: Sat 1/3/2009 2:29 PM >> To: MailScanner discussion >> Subject: Re: MailScanner --lint error >> >> >> >> >> >> On 3/1/09 16:16, Greg J. McGreevy wrote: >> >>> I am getting the following error when I run the test >>> Cannot match against destination IP address >>> >> Due to the way that email is delivered by a mail server, you don't know >> the exact destination IP address until you're actually in the process of >> delivering the message. So you can't match against a destination IP >> address in a rule. So all rules that say >> To: 123.123.123.123 yes >> or anything similar are impossible to implement. It's not a restriction >> in what MailScanner can do, you really don't know the destination IP >> address until the message has been delivered. By which time it's too late. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Greg have a look at the MailScanner wiki and specifically the section on "Getting the most out of Spamassassin". It mentions several ways to improve scores for known spam. -- Martin Hepworth Oxford, UK From rich at mail.wvnet.edu Sun Jan 4 22:21:14 2009 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sun Jan 4 22:21:23 2009 Subject: Barracude BRBL ?? Message-ID: <4961365A.9080106@mail.wvnet.edu> I just recently heard about this service being offered for free by Barracuda Networks. See... http://www.linux.com/feature/155880 Has anyone else tried this in combination with MailScanner and SA and perhaps BarricadeMX? Any comments pro or con? Thanks. Richard Lynch WVNET -- / / -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090104/337864e4/attachment.html From traced at xpear.de Sun Jan 4 22:54:21 2009 From: traced at xpear.de (traced) Date: Sun Jan 4 22:54:32 2009 Subject: Barracude BRBL ?? In-Reply-To: <4961365A.9080106@mail.wvnet.edu> References: <4961365A.9080106@mail.wvnet.edu> Message-ID: <49613E1D.6020101@xpear.de> Richard Lynch schrieb: > > I just recently heard about this service being offered for free by > Barracuda Networks. See... > > http://www.linux.com/feature/155880 > > Has anyone else tried this in combination with MailScanner and SA and > perhaps BarricadeMX? Any comments pro or con? > > Thanks. > > Richard Lynch > WVNET > > > -- > / / > Hi Richard, read the comments under http://www.linux.com/feature/155880 there are so many thinks that seem to be negative. I will not use it. Regards, Bastian From alex at rtpty.com Sun Jan 4 23:44:46 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sun Jan 4 23:45:00 2009 Subject: =?iso-8859-1?q?Re=3A_Unused_domains_f=FCr_spam_testing?= In-Reply-To: <4960B5F9.5060608@xpear.de> References: <4960B5F9.5060608@xpear.de> Message-ID: <345017BD-717E-4126-9B70-06D5094D7C5E@rtpty.com> You could set one up by using a DNS subdomain. Grab one from http://freedns.afraid.org and point MX records at your server. Go to several misconfigured websites and put in spamtrap addresses, send a few messages out to newsgroups and subscribe to porn spam. Just my 2c, while you wait for others to help. On Jan 4, 2009, at 8:13 AM, traced wrote: > Hi guys, > has someone of you unused domains, getting spam? > I?ve got a strange problem... I?m getting not enough spam for my > tests on different anti-spam strategies... ;) > > If you have such domains, that are not used anymore, I would > be happy some of your spam :-) The mails are not read by me, > just handled by scripts. > > Regards, > Bastian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From alex at rtpty.com Sun Jan 4 23:46:34 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Sun Jan 4 23:46:48 2009 Subject: Barracude BRBL ?? In-Reply-To: <49613E1D.6020101@xpear.de> References: <4961365A.9080106@mail.wvnet.edu> <49613E1D.6020101@xpear.de> Message-ID: <5E9CB4C2-F21E-42F9-900D-AE0AE83FF02C@rtpty.com> Seems to be working quite well for me at several sites, with barely any false positives (which is strange for Barracuda). On Jan 4, 2009, at 5:54 PM, traced wrote: > read the comments under http://www.linux.com/feature/155880 there > are so many thinks that seem to be negative. I will not use it. From traced at xpear.de Sun Jan 4 23:58:20 2009 From: traced at xpear.de (traced) Date: Sun Jan 4 23:58:30 2009 Subject: Unused domains =?iso-8859-1?q?f=FCr_spam_testing?= In-Reply-To: <345017BD-717E-4126-9B70-06D5094D7C5E@rtpty.com> References: <4960B5F9.5060608@xpear.de> <345017BD-717E-4126-9B70-06D5094D7C5E@rtpty.com> Message-ID: <49614D1C.4000809@xpear.de> Alex Neuman van der Hans schrieb: > You could set one up by using a DNS subdomain. Grab one from > http://freedns.afraid.org and point MX records at your server. Go to > several misconfigured websites and put in spamtrap addresses, send a few > messages out to newsgroups and subscribe to porn spam. > > Just my 2c, while you wait for others to help. Hi, I have two dedicated domains for that, thats not the problem. The only thing is, that I don?t get enough spam on this domains, I tried so much, even casino newsletters, unsubscribing on porn spams etc... From dstraka at caspercollege.edu Mon Jan 5 00:18:40 2009 From: dstraka at caspercollege.edu (Daniel Straka) Date: Mon Jan 5 00:19:09 2009 Subject: Barracude BRBL ?? Message-ID: <4960EF7002000000000334D2@gw.caspercollege.edu> Richard, I've been using the BRBL for a few months now. No false positives reported yet, however it rarely picks up any SPAM that spamcop.net and spamhaus-ZEN haven' already picked up. But every little bit helps. Dan >>> Richard Lynch 01/04/09 3:21 PM >>> I just recently heard about this service being offered for free by Barracuda Networks. See... http://www.linux.com/feature/155880 Has anyone else tried this in combination with MailScanner and SA and perhaps BarricadeMX? Any comments pro or con? Thanks. Richard Lynch WVNET -- / / From david at bass.net.au Mon Jan 5 04:50:04 2009 From: david at bass.net.au (David Lee) Date: Mon Jan 5 04:50:18 2009 Subject: MailScanner not running on FreeBSD v6.4 Message-ID: <4961917C.3050703@bass.net.au> Hi All, I am currently attempting to install MailScanner (v4.67.6) on a FreeBSD 6.4 server via the ports system. However, when I try and start MailScanner I just get a whole bunch of processes. When starting MailScanner in debug mode I get the following results: # mailscanner --debug --debug-sa In Debugging mode, not forking... Trying to setlogsock(unix) ***** If 'awk' (with support for the function strftime) was available on your $PATH then all the SpamAssassin debug output would have the current time added to the start of every line, making debugging far easier. ***** SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp Fatal error 'Recurse on a private mutex.' at line 986 in file /usr/src/lib/libpthread/thread/thr_mutex.c (errno = 0) Abort trap: 6 While I could find references to this problem on the internet, I could not find a solution. Any one have any ideas what could be the problem? -- David From spamtrap71892316634 at anime.net Mon Jan 5 06:33:59 2009 From: spamtrap71892316634 at anime.net (Dan Hollis) Date: Mon Jan 5 06:34:12 2009 Subject: Barracude BRBL ?? In-Reply-To: <49613E1D.6020101@xpear.de> References: <4961365A.9080106@mail.wvnet.edu> <49613E1D.6020101@xpear.de> Message-ID: same tired old complaints you get from ANY rbl. "oh i got blocked and i swear our open relays didn't send any spam" "the BLs are just a huge global conspiracy to hold me down" etc etc On Sun, 4 Jan 2009, traced wrote: > Richard Lynch schrieb: >> >> I just recently heard about this service being offered for free by >> Barracuda Networks. See... >> >> http://www.linux.com/feature/155880 >> >> Has anyone else tried this in combination with MailScanner and SA and >> perhaps BarricadeMX? Any comments pro or con? >> >> Thanks. >> >> Richard Lynch >> WVNET >> >> >> -- >> / / >> > > Hi Richard, > read the comments under http://www.linux.com/feature/155880 there are so many > thinks that seem to be negative. I will not use it. > > Regards, > Bastian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! From hvdkooij at vanderkooij.org Mon Jan 5 07:06:42 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 5 07:06:52 2009 Subject: Barracude BRBL ?? In-Reply-To: <4961365A.9080106@mail.wvnet.edu> References: <4961365A.9080106@mail.wvnet.edu> Message-ID: <4961B182.9030702@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Lynch wrote: > > I just recently heard about this service being offered for free by > Barracuda Networks. See... > > http://www.linux.com/feature/155880 > > Has anyone else tried this in combination with MailScanner and SA and > perhaps BarricadeMX? Any comments pro or con? It seems most of the false positives are now taken care of. In fact the only ones being bothered by them are Barracuda users. who are not configuring their box right. For example not excluding your backup MX server(s) will result in a high noise to signal ratio from these boxes. So unless you properly point out that they are in act backup MX servers they may make it to the RBL. You can can get them off realy easy the first time . Just make sure you explain why it it there. It seems a little bit less acrate then the MAPS RBL (Trend Micro ERS) but not enough to keep paying Trend Micro. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklhsYAACgkQBvzDRVjxmYGkWgCgl4CNnqr8/RX7CVrZdPv1pXFy 4p0An3x7oe0gHM4na5dVtqw8VS15bQn9 =n/eI -----END PGP SIGNATURE----- From jonas at vrt.dk Mon Jan 5 10:00:30 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Mon Jan 5 10:00:41 2009 Subject: MailScanner and Symantec Endpoint Protection / Symantec Antivirus Message-ID: <009001c96f1c$714710e0$53d532a0$@dk> Hi all Happy New year. I recently got the option of deploying Symantec Endpoint Protection on my scanners. It seems what the license gives you the right to do, is install the older Symantec antivirus 10 for Linux. This seems to go pretty smooth, it even comes with deb's and rpm's. However as far as I can tell MailScanner does not have antivirus support for this version? There seems to be something called css and symscanengine, but it doesn't look like that's the version I got. My version has 2 daemon processes (symcfgd and rtvscand) and it has a cmdline scanner called sav. Do anybody use MailScanner with Symantec products? Do anybody know if the "normal" Symantec version (its my impression SEP/version 10 are the most used version of symantecs products) will work with MailScanner? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/e3d76616/attachment.html From andrew.colin at gmail.com Mon Jan 5 11:00:43 2009 From: andrew.colin at gmail.com (andrew colin) Date: Mon Jan 5 11:00:53 2009 Subject: Sanesecurity signatures are no longer being updated or distributed In-Reply-To: <49481827.8000708@sanesecurity.com> References: <4945A182.2050505@qustodium.net> <4947CA0D.8080809@nerc.ac.uk> <49481827.8000708@sanesecurity.com> Message-ID: <31da51d50901050300l2e6b03e5na11caa4a72b7ab3d@mail.gmail.com> 196.35.158.184 is the internet solutions caching server in SA, so your records are for multiple users sitting behind a transparent proxy. On Tue, Dec 16, 2008 at 11:05 PM, Steve Basford wrote: > > > Greg Matthews wrote: >> >> Anyone know if Sane Security are submitting signatures direct to ClamAV? I >> understand that many of their signatures would make their way into the >> official Clam updates. > > Sanesecurity signatures aren't being added into the ClamAV official > signatures... they are totally third-party sigs. > >> Sounds like a P2P distribution mech may have helped here. >> > Well, I've just managed to find a little time to do a little log checking, > now that the round-robin php script was turned off.. Checking the log for > today: > > Position: IP: number of hits for today > > 1 196.35.158.184 2,538 > 2 86.96.229.88 1,504 > 3 196.25.255.218 1,080 > 4 66.159.122.2 1,066 > 5 198.54.202.218 1,028 > 6 198.54.202.70 656 > 7 62.12.131.147 642 > 8 198.144.196.51 620 > 9 202.60.56.252 528 > 10 198.54.202.146 504 > 11 64.119.33.98 467 > 12 70.167.192.42 461 > 13 196.25.255.210 389 > 14 82.190.241.234 360 > 15 121.52.89.35 359 > 16 85.44.247.211 354 > 17 89.186.90.219 354 > 18 88.38.193.116 352 > 19 82.54.83.49 350 > 20 83.216.177.35 350 > 21 85.43.92.188 348 > 22 216.201.128.42 346 > 23 83.216.181.170 344 > 24 198.54.202.210 314 > 25 64.132.142.170 308 > 26 198.144.196.52 308 > 27 63.123.82.75 308 > 28 142.32.208.231 266 > 29 85.18.239.12 264 > 30 217.76.134.221 244 > 31 196.2.124.253 244 > 32 193.225.225.18 240 > 33 193.225.225.16 240 > 34 217.166.60.146 240 > 35 217.7.104.28 240 > 36 217.7.104.26 240 > 37 217.7.104.27 240 > 38 82.165.187.176 224 > 39 62.77.162.9 224 > 40 72.36.139.242 191 > 41 207.195.79.250 176 > 42 217.98.12.118 176 > 43 198.54.202.182 176 > 44 88.40.197.18 175 > 45 64.78.22.100 168 > 46 217.188.47.4 154 > 47 68.179.9.105 151 > 48 195.229.237.38 150 > 49 213.132.250.2 136 > 50 208.21.38.66 136 > > In other words, if people downloaded the sigs every hour, each ip should > only have 24 hits....as you can see, the above ips are WAY over that. > Checking the log in detail... it's seems people are setting the download > scripts to download every second.... all adding up to: 45,554 hits an hour, > add the fact that 45,554 hits would run a php script... guess that's why the > cpu usage was so high on a shared server and then got suspended. > > Signature Note: > > People have decided to mirror the last version of the public signatures: > > 1. The signatures were removed and a placeholder signature added, so that > hopefully people would quickly notice that their scripts needed to be > changed... as the server is still getting hammered by wget/curl requests > (approx 45,554 hits per hour) > > 2. NO SUPPORT will be given on these unofficially mirrored signatures, in > fact these mirrored signatures are already out of date, some false positives > have already been corrected and new signatures have already been added to my > private version of the signatures. > > Hope that helps, > > Steve > Sanesecurity > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- "Dru" To follow the path, look to the master, follow the master, walk with the master, see through the master, become the master. (zen) http://www.topdog.za.net/ From support-lists at petdoctors.co.uk Mon Jan 5 11:59:14 2009 From: support-lists at petdoctors.co.uk (Nigel Kendrick) Date: Mon Jan 5 11:59:23 2009 Subject: Spamassassin timeouts - Just an observation In-Reply-To: References: <49510578.6050801@cnpapers.com> <495E1DBF.3090602@cnpapers.com> <72cf361e0901020705h79fad4c8x9dc440faa83fcd2f@mail.gmail.com><495E5C78.7040805@cnpapers.com> Message-ID: I'm also coming in a bit late on this one, but I too noticed recently that my mail servers were experiencing more timeouts and were eating up a lot of CPU time and RAM, so that swapping had shot up. When I had a look at the issue, I noticed (in htop) that all the MailScanner processes were waiting for Spamassassin almost all the time and when I dug further, I found that ORDB had turned up again in MailScanner.conf. Now, I am pretty sure I removed ORDB from 'Spam list' on all my servers when it went offline, so is there any chance an update put it back in and then, more recently, ORDB has just stopped responding (rather thap FPing everything)? If the above is not the case then I am just going completely mad - but at least MailScanner is behaving again. From dgottsc at emory.edu Mon Jan 5 15:35:25 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Mon Jan 5 15:35:35 2009 Subject: Anti-phishing -- was Re: OT: Happy New Year In-Reply-To: <495BFF17.5060705@ecs.soton.ac.uk> References: <495BFF17.5060705@ecs.soton.ac.uk> Message-ID: Julian, Thanks for posting this! This has been a huge problem over the last 6 months for the University I work at. I spend a lot of my time combating this problem. The feed of email addresses will be great for preventing accounts from being compromised. We've tried several ways to be pro-active in stopping the phishing, but this seems like one of the best ways to stop the problem. How does one go about submitting addresses to the project? I could probably provide a few each week with the rate we receive them at. Thanks. David Gottschalk Emory University UTS Email Team -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, December 31, 2008 6:24 PM To: MailScanner discussion Subject: Anti-phishing -- was Re: OT: Happy New Year On 31/12/08 22:54, Kevin Miller wrote: > Just a quick note to wish everyone a Happy (and spam free) New Year, > especially Jules. Your hard work and giving spirit has certainly made > the past year much nicer for all of us... > Many thanks! You might be interested I've been doing a bit of work with the Google-hosted project "anti-phishing-email-reply" which you can find here: http://code.google.com/p/anti-phishing-email-reply/ My aim was to create a trap for all those nasty spear-phishing attacks and those endless "Temporary job offer" spams that some of you will get. I have created a little script (which is pretty obvious, source code is given below) which just generates a list of addresses based on what's in their file. I add that to my own list of known troublesome addresses, which can have "*" wildcards in them, so you can do things like michael loucas * @ gmail . com (extra spaces added to stop my stuff picking up that address and killing this message). I then generate a bunch of SpamAssassin rules from that which detect any of these few thousand addresses appearing anywhere in a message, with lots of safeguards to protect against false alarms. It also compacts them into only a hundred or two rules, instead of having 1 SpamAssassin rule for each address! I then use SpamAssassin Rule Actions to do this: SpamAssassin Rule Actions = ECS_MAIL_ACCESS=>store,not-deliver,forward postmaster@ecs.soton.ac.uk,header "X-ECS-Mail-Access: was to _TO_" This lot fires whenever any of my SpamAssassin rules fires. It 1) Adds a header "X-ECS-Mail-Access:" containing the list of original recipient addresses, 2) Stores a copy of the message 3) Stops delivery to the original recipients 4) Sends a copy to postmaster, where I have a Sieve rule firing on the presence of the "X-ECS-Mail-Access:" header to store it in a folder without cluttering up postmaster's inbox. My script, that builds all the SpamAssassin rules, works from a YP/NIS map called "mail.access" which contains each email address from the google list and my list in the first word of a line, looking like this bad@domain.com REJECT nasty@false.bank.com REJECT I sort it so that the regular expressions created are more optimal for Perl, so it can apply them faster to each message. My script that builds all the SpamAssassin rules is attached. My script that reads the google list and creates the YP/NIS map from it is simply this: #!/bin/sh echo Fetching phishing addresses... rm -f /tmp/$$.blocks /usr/local/bin/wget -O /tmp/$$.blocks http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses >/dev/null 2>&1 echo Read `grep -v '^#' /tmp/$$.blocks | wc -l` addresses if [ -f /tmp/$$.blocks ]; then sed -e 's/^#.*$//' < /tmp/$$.blocks | \ cut -d, -f1 | \ sort | \ uniq | \ grep -v '^$' | \ awk '{ printf("%s\tREJECT\n",$1); }' > /opt/yp/etc/mail.access.anti-phishing rm -f /tmp/$$.blocks cd /opt/yp; ./ypmake; fi The "ypcat -k mail.access" command at the start of Build.Phishing.Rules basically reads my list in addition to the contents of the file /opt/yp/etc/mail.access.anti-phishing mentioned in the code above, so you can easily convert it to just use a temporary file and do all of this lot on the same server. If you aren't using YP/NIS then you obviously won't need the "ypmake" command either. I hope this is of some use to some of you. It traps "Temporary job offer" spams and spear-phishing attacks very well indeed. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From MailScanner at ecs.soton.ac.uk Mon Jan 5 16:27:40 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 5 16:28:05 2009 Subject: Anti-phishing -- was Re: OT: Happy New Year In-Reply-To: References: <495BFF17.5060705@ecs.soton.ac.uk> Message-ID: <496234FC.3030803@ecs.soton.ac.uk> No problem. I don't know how you submit addresses to them, you'll have to find out who runs the project. I just use their results at the moment, together with my own list (which contains things like michaelloucas*@gmail.com which stops lots of "job opportunity" spams). On 5/1/09 15:35, Gottschalk, David wrote: > Julian, > Thanks for posting this! This has been a huge problem over the last 6 months for the University I work at. I spend a lot of my time combating this problem. The feed of email addresses will be great for preventing accounts from being compromised. We've tried several ways to be pro-active in stopping the phishing, but this seems like one of the best ways to stop the problem. How does one go about submitting addresses to the project? I could probably provide a few each week with the rate we receive them at. > > Thanks. > > David Gottschalk > Emory University > UTS Email Team > > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Wednesday, December 31, 2008 6:24 PM > To: MailScanner discussion > Subject: Anti-phishing -- was Re: OT: Happy New Year > > > > On 31/12/08 22:54, Kevin Miller wrote: > >> Just a quick note to wish everyone a Happy (and spam free) New Year, >> especially Jules. Your hard work and giving spirit has certainly made >> the past year much nicer for all of us... >> >> > Many thanks! > > You might be interested I've been doing a bit of work with the Google-hosted project "anti-phishing-email-reply" which you can find here: > http://code.google.com/p/anti-phishing-email-reply/ > > My aim was to create a trap for all those nasty spear-phishing attacks and those endless "Temporary job offer" spams that some of you will get. > > I have created a little script (which is pretty obvious, source code is given below) which just generates a list of addresses based on what's in their file. I add that to my own list of known troublesome addresses, which can have "*" wildcards in them, so you can do things like michael loucas * @ gmail . com (extra spaces added to stop my stuff picking up that address and killing this message). > > I then generate a bunch of SpamAssassin rules from that which detect any of these few thousand addresses appearing anywhere in a message, with lots of safeguards to protect against false alarms. It also compacts them into only a hundred or two rules, instead of having 1 SpamAssassin rule for each address! > > I then use SpamAssassin Rule Actions to do this: > SpamAssassin Rule Actions = ECS_MAIL_ACCESS=>store,not-deliver,forward > postmaster@ecs.soton.ac.uk,header "X-ECS-Mail-Access: was to _TO_" > > This lot fires whenever any of my SpamAssassin rules fires. It > 1) Adds a header "X-ECS-Mail-Access:" containing the list of original recipient addresses, > 2) Stores a copy of the message > 3) Stops delivery to the original recipients > 4) Sends a copy to postmaster, where I have a Sieve rule firing on the presence of the "X-ECS-Mail-Access:" header to store it in a folder without cluttering up postmaster's inbox. > > My script, that builds all the SpamAssassin rules, works from a YP/NIS map called "mail.access" which contains each email address from the google list and my list in the first word of a line, looking like this bad@domain.com REJECT nasty@false.bank.com REJECT I sort it so that the regular expressions created are more optimal for Perl, so it can apply them faster to each message. > > My script that builds all the SpamAssassin rules is attached. > > My script that reads the google list and creates the YP/NIS map from it is simply this: > > #!/bin/sh > echo Fetching phishing addresses... > rm -f /tmp/$$.blocks > /usr/local/bin/wget -O /tmp/$$.blocks > http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses > >/dev/null 2>&1 > echo Read `grep -v '^#' /tmp/$$.blocks | wc -l` addresses > > if [ -f /tmp/$$.blocks ]; then > sed -e 's/^#.*$//'< /tmp/$$.blocks | \ > cut -d, -f1 | \ > sort | \ > uniq | \ > grep -v '^$' | \ > awk '{ printf("%s\tREJECT\n",$1); }'> /opt/yp/etc/mail.access.anti-phishing > rm -f /tmp/$$.blocks > cd /opt/yp; > ./ypmake; > fi > > The "ypcat -k mail.access" command at the start of Build.Phishing.Rules basically reads my list in addition to the contents of the file /opt/yp/etc/mail.access.anti-phishing mentioned in the code above, so you can easily convert it to just use a temporary file and do all of this lot on the same server. If you aren't using YP/NIS then you obviously won't need the "ypmake" command either. > > I hope this is of some use to some of you. It traps "Temporary job offer" spams and spear-phishing attacks very well indeed. > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Mon Jan 5 17:08:51 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Mon Jan 5 17:09:05 2009 Subject: Unused domains =?iso-8859-1?q?f=FCr_spam_testing?= In-Reply-To: <49614D1C.4000809@xpear.de> References: <4960B5F9.5060608@xpear.de> <345017BD-717E-4126-9B70-06D5094D7C5E@rtpty.com> <49614D1C.4000809@xpear.de> Message-ID: <49623EA3.2040004@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 traced wrote: > > Alex Neuman van der Hans schrieb: >> You could set one up by using a DNS subdomain. Grab one from >> http://freedns.afraid.org and point MX records at your server. Go to >> several misconfigured websites and put in spamtrap addresses, send a >> few messages out to newsgroups and subscribe to porn spam. >> >> Just my 2c, while you wait for others to help. > > Hi, I have two dedicated domains for that, thats not the problem. > The only thing is, that I don?t get enough spam on this domains, > I tried so much, even casino newsletters, unsubscribing on porn > spams etc... The trick is to actualy use them. Not just feed them to a few grinders. I find that having them on webpages and mailinglist archive pages is the best way to attract attention. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkliPqEACgkQBvzDRVjxmYEqYwCfWq2V1XKoAi7Qs5aUlCYX5qTJ Sw8An2avwVzs5lMro4qCH1ladc8HNVLy =q5w+ -----END PGP SIGNATURE----- From ssilva at sgvwater.com Mon Jan 5 18:10:43 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 18:11:12 2009 Subject: Timo Jacobs is out of the office. In-Reply-To: References: Message-ID: on 1-3-2009 4:04 AM Timo.Jacobs@partners.de spake the following: > I will be out of the office starting 29.12.2008 and will not return until > 05.01.2009. > > I will respond to your message when I return. > In urgent cases please contact Mr. Timo A. Schmidt > (timo.schmidt@partners.de) > > Partners Software GmbH / Zum Alten Speicher 11 / 28759 Bremen / Eingetragen unter HRB Bremen 14440 / Gesch?ftsf?hrer: Wolfgang Brinker und Kai Hannemann / Telefon 0049 (0)421 66945-0 -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Now that you are back, you need to fix your auto responder to stop spamming mailing lists, or send your list traffic to a different address. May I suggest reading through Gmane with a newsreader? -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/928d15f5/signature.bin From ssilva at sgvwater.com Mon Jan 5 18:31:18 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 18:31:42 2009 Subject: Barracude BRBL ?? In-Reply-To: <4960EF7002000000000334D2@gw.caspercollege.edu> References: <4960EF7002000000000334D2@gw.caspercollege.edu> Message-ID: on 1-4-2009 4:18 PM Daniel Straka spake the following: > Richard, > > I've been using the BRBL for a few months now. No false positives reported yet, however it rarely picks up any SPAM that spamcop.net and spamhaus-ZEN haven't already picked up. But every little bit helps. > > Dan > Then it might be good for those of us that have been "outed" by spamhaus, but don't have enough traffic to justify paying for a feed. I will stick it in spamassassin with a low score for a month or two and see how it hits for me. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/a21add8a/signature.bin From traced at xpear.de Mon Jan 5 18:32:23 2009 From: traced at xpear.de (traced@xpear.de) Date: Mon Jan 5 18:32:33 2009 Subject: Unused domains =?utf-8?q?f=C3=BCr_spam_testing?= In-Reply-To: <49623EA3.2040004@vanderkooij.org> References: <4960B5F9.5060608@xpear.de> <345017BD-717E-4126-9B70-06D5094D7C5E@rtpty.com> <49614D1C.4000809@xpear.de> <49623EA3.2040004@vanderkooij.org> Message-ID: <06b2cb0c32eca9ac8ff9b5d56c16a4a7@localhost> On Mon, 05 Jan 2009 18:08:51 +0100, Hugo van der Kooij wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > traced wrote: >> >> Alex Neuman van der Hans schrieb: >>> You could set one up by using a DNS subdomain. Grab one from >>> http://freedns.afraid.org and point MX records at your server. Go to >>> several misconfigured websites and put in spamtrap addresses, send a >>> few messages out to newsgroups and subscribe to porn spam. >>> >>> Just my 2c, while you wait for others to help. >> >> Hi, I have two dedicated domains for that, thats not the problem. >> The only thing is, that I don?t get enough spam on this domains, >> I tried so much, even casino newsletters, unsubscribing on porn >> spams etc... > > The trick is to actualy use them. Not just feed them to a few grinders. > I find that having them on webpages and mailinglist archive pages is the > best way to attract attention. > > Hugo. Hmm.. like having them in a signature when posting in lists? Or using them for posting in lists? Bastian > From traced at xpear.de Mon Jan 5 18:37:36 2009 From: traced at xpear.de (traced@xpear.de) Date: Mon Jan 5 18:37:44 2009 Subject: totally OT: Mailing lists / reader program? Message-ID: Hi, just one little question; Are you reading lists with standard email progs like thunderbird, or are there other good programs, with better handling on the topics? Regards, Bastian From traced at xpear.de Mon Jan 5 18:38:54 2009 From: traced at xpear.de (traced@xpear.de) Date: Mon Jan 5 18:39:08 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> Message-ID: <784960fe4bbb4f82a489b7173451ae92@localhost> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva wrote: > I will stick it in spamassassin with a low score for a month or two and see > how it hits for me. > Are there ready to use rules in SA, or must they be written first? Bastian From ssilva at sgvwater.com Mon Jan 5 19:05:28 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 19:05:49 2009 Subject: Barracude BRBL ?? In-Reply-To: <784960fe4bbb4f82a489b7173451ae92@localhost> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> Message-ID: on 1-5-2009 10:38 AM traced@xpear.de spake the following: > On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva > wrote: > >> I will stick it in spamassassin with a low score for a month or two and > see >> how it hits for me. >> > > Are there ready to use rules in SA, or must they be written first? > > Bastian Just wrote a set. Took 5 minutes. header RCVD_IN_BRBL eval:check_rbl('brbl', 'b.barracudacentral.org.') describe RCVD_IN_BRBL Received via a relay in BRBL tflags RCVD_IN_BRBL net score RCVD_IN_BRBL 0 0.50 0 0.50 I got 2 hits in less than a minute of adding the rule. Now to check if it FP's on our traffic. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/8dd14dcf/signature.bin From ssilva at sgvwater.com Mon Jan 5 19:09:42 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 19:10:11 2009 Subject: totally OT: Mailing lists / reader program? In-Reply-To: References: Message-ID: on 1-5-2009 10:37 AM traced@xpear.de spake the following: > Hi, just one little question; > Are you reading lists with standard email progs like thunderbird, > or are there other good programs, with better handling on the topics? > > Regards, > Bastian I am reading the lists with thunderbird, but through the newsfeeds at gmane.org. That way I never have to worry about bounces or spam detection on my end dropping something. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/443ed754/signature.bin From ssilva at sgvwater.com Mon Jan 5 19:08:12 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 19:15:12 2009 Subject: MailScanner and Symantec Endpoint Protection / Symantec Antivirus In-Reply-To: <009001c96f1c$714710e0$53d532a0$@dk> References: <009001c96f1c$714710e0$53d532a0$@dk> Message-ID: > > > Do anybody know if the ?normal? Symantec version (its my impression > SEP/version 10 are the most used version of symantecs products) will > work with MailScanner? > In the past, Julian has added support for other scanners if you provide him with a fully licensed copy to use for testing and future devel. How you would do this under any corporate licensing is up to you, Symantec, and your legal department to figure out. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/148d46a2/signature.bin From traced at xpear.de Mon Jan 5 20:08:55 2009 From: traced at xpear.de (traced) Date: Mon Jan 5 20:09:06 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> Message-ID: <496268D7.1090904@xpear.de> Scott Silva schrieb: > on 1-5-2009 10:38 AM traced@xpear.de spake the following: >> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva >> wrote: >> >>> I will stick it in spamassassin with a low score for a month or two and >> see >>> how it hits for me. >>> >> Are there ready to use rules in SA, or must they be written first? >> >> Bastian > Just wrote a set. Took 5 minutes. > > > header RCVD_IN_BRBL eval:check_rbl('brbl', 'b.barracudacentral.org.') > describe RCVD_IN_BRBL Received via a relay in BRBL > tflags RCVD_IN_BRBL net > score RCVD_IN_BRBL 0 0.50 0 0.50 > > I got 2 hits in less than a minute of adding the rule. > > Now to check if it FP's on our traffic. > Nice, thank you! From ssilva at sgvwater.com Mon Jan 5 20:33:18 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 20:33:41 2009 Subject: Barracude BRBL ?? In-Reply-To: <496268D7.1090904@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <496268D7.1090904@xpear.de> Message-ID: on 1-5-2009 12:08 PM traced spake the following: > > > Scott Silva schrieb: >> on 1-5-2009 10:38 AM traced@xpear.de spake the following: >>> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva >>> wrote: >>> >>>> I will stick it in spamassassin with a low score for a month or two and >>> see >>>> how it hits for me. >>>> >>> Are there ready to use rules in SA, or must they be written first? >>> >>> Bastian >> Just wrote a set. Took 5 minutes. >> >> >> header RCVD_IN_BRBL eval:check_rbl('brbl', >> 'b.barracudacentral.org.') >> describe RCVD_IN_BRBL Received via a relay in BRBL >> tflags RCVD_IN_BRBL net >> score RCVD_IN_BRBL 0 0.50 0 0.50 >> >> I got 2 hits in less than a minute of adding the rule. >> >> Now to check if it FP's on our traffic. >> > > Nice, thank you! I believe you have to register to use it. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/213f3de4/signature.bin From traced at xpear.de Mon Jan 5 20:43:20 2009 From: traced at xpear.de (traced) Date: Mon Jan 5 20:43:31 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <496268D7.1090904@xpear.de> Message-ID: <496270E8.405@xpear.de> Scott Silva schrieb: > on 1-5-2009 12:08 PM traced spake the following: >> >> Scott Silva schrieb: >>> on 1-5-2009 10:38 AM traced@xpear.de spake the following: >>>> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva >>>> wrote: >>>> >>>>> I will stick it in spamassassin with a low score for a month or two and >>>> see >>>>> how it hits for me. >>>>> >>>> Are there ready to use rules in SA, or must they be written first? >>>> >>>> Bastian >>> Just wrote a set. Took 5 minutes. >>> >>> >>> header RCVD_IN_BRBL eval:check_rbl('brbl', >>> 'b.barracudacentral.org.') >>> describe RCVD_IN_BRBL Received via a relay in BRBL >>> tflags RCVD_IN_BRBL net >>> score RCVD_IN_BRBL 0 0.50 0 0.50 >>> >>> I got 2 hits in less than a minute of adding the rule. >>> >>> Now to check if it FP's on our traffic. >>> >> Nice, thank you! > I believe you have to register to use it. > > I did that today, very quick and with no problems. From alex at rtpty.com Mon Jan 5 20:45:40 2009 From: alex at rtpty.com (Alex Neuman van der Hans) Date: Mon Jan 5 20:46:00 2009 Subject: OT but somewhat relevant Message-ID: Could BIND be set up to query FROM several op addresses in a round robin fashion? how about with iptables? The reason I ask is that some multihomed sites with multiple ISP connections could then balance queries to RBLs to even out the traffic. From MailScanner at ecs.soton.ac.uk Mon Jan 5 20:47:41 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 5 20:48:07 2009 Subject: totally OT: Mailing lists / reader program? In-Reply-To: References: Message-ID: <496271ED.4030202@ecs.soton.ac.uk> I use Thunderbird too, because I prefer the raw list and like to read every post. But your alternatives include the newsgroup at Gmane (news readers are very mature applications as they have been around for so long), or even the RSS feed if you can find a thread-capable RSS reader you prefer. I find it quite handy for quickly flicking through the list on my iPhone. On 5/1/09 18:37, traced@xpear.de wrote: > Hi, just one little question; > Are you reading lists with standard email progs like thunderbird, > or are there other good programs, with better handling on the topics? > > Regards, > Bastian > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 5 20:54:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 5 20:54:25 2009 Subject: MailScanner and Symantec Endpoint Protection / Symantec Antivirus In-Reply-To: References: <009001c96f1c$714710e0$53d532a0$@dk> Message-ID: <4962736D.6000109@ecs.soton.ac.uk> On 5/1/09 19:08, Scott Silva wrote: > > >> >> >> Do anybody know if the ?normal? Symantec version (its my impression >> SEP/version 10 are the most used version of symantecs products) will >> work with MailScanner? >> >> > > In the past, Julian has added support for other scanners if you provide him > with a fully licensed copy to use for testing and future devel. How you would > do this under any corporate licensing is up to you, Symantec, and your legal > department to figure out. > Yes, just get me a fully working licensed copy to develop from on my servers. It won't ever leave my systems, I've got a reputation to protect :) And a healthy donation would help quite a lot too! ;-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From traced at xpear.de Mon Jan 5 21:46:19 2009 From: traced at xpear.de (traced) Date: Mon Jan 5 21:46:30 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> Message-ID: <49627FAB.708@xpear.de> Scott Silva schrieb: > on 1-5-2009 10:38 AM traced@xpear.de spake the following: >> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva >> wrote: >> >>> I will stick it in spamassassin with a low score for a month or two and >> see >>> how it hits for me. >>> >> Are there ready to use rules in SA, or must they be written first? >> >> Bastian > Just wrote a set. Took 5 minutes. > > > header RCVD_IN_BRBL eval:check_rbl('brbl', 'b.barracudacentral.org.') > describe RCVD_IN_BRBL Received via a relay in BRBL > tflags RCVD_IN_BRBL net > score RCVD_IN_BRBL 0 0.50 0 0.50 > > I got 2 hits in less than a minute of adding the rule. > > Now to check if it FP's on our traffic. > Where in the Mailscanner setup did you insert this rule? In the spam.assassin.prefs.conf or did you write a dedicated file under /usr/share/spamassassin? Thanks, Bastian From ssilva at sgvwater.com Mon Jan 5 21:57:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 21:58:19 2009 Subject: Barracude BRBL ?? In-Reply-To: <49627FAB.708@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <49627FAB.708@xpear.de> Message-ID: on 1-5-2009 1:46 PM traced spake the following: > Scott Silva schrieb: >> on 1-5-2009 10:38 AM traced@xpear.de spake the following: >>> On Mon, 05 Jan 2009 10:31:18 -0800, Scott Silva >>> wrote: >>> >>>> I will stick it in spamassassin with a low score for a month or two and >>> see >>>> how it hits for me. >>>> >>> Are there ready to use rules in SA, or must they be written first? >>> >>> Bastian >> Just wrote a set. Took 5 minutes. >> >> >> header RCVD_IN_BRBL eval:check_rbl('brbl', >> 'b.barracudacentral.org.') >> describe RCVD_IN_BRBL Received via a relay in BRBL >> tflags RCVD_IN_BRBL net >> score RCVD_IN_BRBL 0 0.50 0 0.50 >> >> I got 2 hits in less than a minute of adding the rule. >> >> Now to check if it FP's on our traffic. >> > > Where in the Mailscanner setup did you insert this rule? In the > spam.assassin.prefs.conf or did you write a dedicated file under > /usr/share/spamassassin? > > Thanks, > Bastian I just stick them in spam.assassin.prefs.conf. I usually group all the custom rules near the end for consistency. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/b4e7b04c/signature.bin From ssilva at sgvwater.com Mon Jan 5 22:00:45 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 5 22:05:15 2009 Subject: OT but somewhat relevant In-Reply-To: References: Message-ID: on 1-5-2009 12:45 PM Alex Neuman van der Hans spake the following: > > Could BIND be set up to query FROM several op addresses in a round robin > fashion? how about with iptables? > > The reason I ask is that some multihomed sites with multiple ISP > connections could then balance queries to RBLs to even out the traffic. > I suppose you could have a dns name as a forwarder, and then have multiple a records for that name with a very short TTL. That might randomly toss things around some. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/eed7138c/signature.bin From steve.swaney at fsl.com Mon Jan 5 23:15:41 2009 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jan 5 23:15:51 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <496268D7.1090904@xpear.de> Message-ID: <057301c96f8b$874d7ef0$95e87cd0$@swaney@fsl.com> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > Sent: Monday, January 05, 2009 3:33 PM > To: mailscanner@lists.mailscanner.info > Subject: Re: Barracude BRBL ?? > I discussed this thread with Steve Freegard before responding and we can only add that we've had similar experiences with the BRBL; it doesn't appear to catch anything extra that Spamhaus Zen, Spamcop or other tests / RBLs already catch - but as always YMMV and you should try it for yourself. And as an aside, using a combination of free RBLs and the other BarricadeMX tests instead of purchasing a Spamhaus subscription gave us excellent results on our scanning service bureau gateways; results that were at least equivalent to purchasing the Spamhaus subscription. This setup could easily save money for larger sites since our Spamhaus subscription would have been more than the cost of BarricadeMX for our site. And on a side note BarricadeMX 2.2 adds support for the Google phishing project (similar to what Julian has added to MailScanner; except rejections are done at the SMTP phase). It should released late this week. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com Accurate and affordable anti-spam solutions From maillists at conactive.com Mon Jan 5 23:31:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 5 23:31:27 2009 Subject: Barracude BRBL ?? In-Reply-To: <49627FAB.708@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <49627FAB.708@xpear.de> Message-ID: Traced wrote on Mon, 05 Jan 2009 22:46:19 +0100: > Where in the Mailscanner setup did you insert this rule? In the > spam.assassin.prefs.conf or did you write a dedicated file under > /usr/share/spamassassin? Not in any of these locations. Put all your own rules in your own file(s) named .conf and put them in /etc/mail/spamassassin. That way they won't ever get overwritten and are easily maintained. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gmcgreevy at pwr-sys.com Tue Jan 6 03:44:22 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Tue Jan 6 03:49:17 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com><495FBCAE.60204@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com><496083A2.2090909@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> <72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> Ok more issues I now have the following error when I run the test Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1937 Unrecognised keyword "spamassassinprefsfile" at line 2789 at /usr/lib/MailScanner/MailScanner/Config.pm line 1940 Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm line 1945 I added the list to the sa-update per your instructions but I have no idea to tell if it is in fact working any insight on this would be helpful also Rules do jour does not appear to be present in my install so I skipped those steps is that correct? Also If I create a new User called spam and have all of my users forward their spam there to train bayes will that mess up the tests becuse they will be seen as all forwards? I am kind off at my wits end with this and about to throw in the towel. I need professional help and am willing to pay yes that is correct pay real money to get this tuned. Please respond with your contact info and I can arrange remote access to the server. Thanks, Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Martin Hepworth Sent: Sun 1/4/2009 3:13 PM To: MailScanner discussion Subject: Re: MailScanner --lint error 2009/1/4 Greg J. McGreevy : > you mean this one? > > http://article.gmane.org/gmane.mail.virus.mailscanner/54241/match=how-to > > What do you have your score set to for Mailscanner mine is currently set to 6 and 10 (defaults I guess) most of the stuff I am seeing is hitting 1.5 to 3 for the SA score (all Spam) should I set these lower or tune Spamassassin to get a higher score? I am looking for a good start to finish tuning plan for everything that will get the majority of Spam caught (Quarantined) I am ok with some false positives. Right now it is not doing a very good job catching anything. I need to get this tuned ASAP and would be willing to pay someone to tweak things a bit to get this working > > > Thanks, > Greg > > ________________________________ > > From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field > Sent: Sun 1/4/2009 4:38 AM > To: MailScanner discussion > Subject: Re: MailScanner --lint error > > > > Back in about July 2007, I posted a HOWTO which you may find helps you, > as a lot of it is still quite valid. It had HOWTO in the subject line, > and will be in the list archive. > > On 3/1/09 22:23, Greg J. McGreevy wrote: >> Thanks Julian everyone has been very helpful here. I do however have some additional questions I need to fine tune the spamassassin/MailScanner to catch more SPAM it does not seem like it is catching very much. everything is installed with defaults any step by step tuning is appreciated. Also I went here http://corebsd.com/node/6 for the Mailwatch install for the Qaurantine release info (which made sense to me) but the entries I added brought me back here with the errors described earlier. I have since removed them. >> >> Thanks Again, >> Greg >> >> ________________________________ >> >> From: mailscanner-bounces@lists.mailscanner.info on behalf of Julian Field >> Sent: Sat 1/3/2009 2:29 PM >> To: MailScanner discussion >> Subject: Re: MailScanner --lint error >> >> >> >> >> >> On 3/1/09 16:16, Greg J. McGreevy wrote: >> >>> I am getting the following error when I run the test >>> Cannot match against destination IP address >>> >> Due to the way that email is delivered by a mail server, you don't know >> the exact destination IP address until you're actually in the process of >> delivering the message. So you can't match against a destination IP >> address in a rule. So all rules that say >> To: 123.123.123.123 yes >> or anything similar are impossible to implement. It's not a restriction >> in what MailScanner can do, you really don't know the destination IP >> address until the message has been delivered. By which time it's too late. >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> For all your IT requirements visit www.transtec.co.uk >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > For all your IT requirements visit www.transtec.co.uk > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > Greg have a look at the MailScanner wiki and specifically the section on "Getting the most out of Spamassassin". It mentions several ways to improve scores for known spam. -- Martin Hepworth Oxford, UK -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 10305 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090105/a352460f/attachment-0001.bin From jonas at vrt.dk Tue Jan 6 09:05:27 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Jan 6 09:05:35 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <49627FAB.708@xpear.de> Message-ID: <003501c96fdd$eafc7940$c0f56bc0$@dk> Do note that if you do not use last-external in the rules it will check all ip's in the header, which on our systems caused A LOT of FP's. If I remember correctly that was also the concensus on the SA list when the barracuda list was introduced a couple of motnhs ago. Our experience is that it catched A LOT of spam that spamhaus/sorbs etc does not. SO I definitely recommend it, but not with a terrible high score, and definitely not for use in an mta. Just my 5 cents. Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From maillists at conactive.com Tue Jan 6 10:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 10:31:37 2009 Subject: Barracude BRBL ?? In-Reply-To: <003501c96fdd$eafc7940$c0f56bc0$@dk> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <784960fe4bbb4f82a489b7173451ae92@localhost> <49627FAB.708@xpear.de> <003501c96fdd$eafc7940$c0f56bc0$@dk> Message-ID: you should reply to the original question you reply to and not hook on to an answer. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From btj at havleik.no Tue Jan 6 10:35:30 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Tue Jan 6 10:35:47 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory Message-ID: <20090106113530.41bc2d32@btj-laptop.asp-as.no> I upgraded to version 4.74 and I now get a lot of these in the log..: Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting Why? And what can I do to fix this? Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj@havleik.no ----------------------------------------------------------------------------------------------- Someone wrote: "I understand that if you play a Windows CD backwards you hear strange Satanic messages" To which someone replied: "It's even worse than that; play it forwards and it installs Windows" ----------------------------------------------------------------------------------------------- From maillists at conactive.com Tue Jan 6 10:58:50 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 10:59:00 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> <72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> Message-ID: Greg J. McGreevy wrote on Mon, 5 Jan 2009 22:44:22 -0500: > Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1937 > Unrecognised keyword "spamassassinprefsfile" at line 2789 at /usr/lib/MailScanner/MailScanner/Config.pm > line 1940 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm > line 1945 There is no such option. The only one I can find is "MCP SpamAssassin Prefs File". Is that the one you edited? I find that you are making the same mistake over and over: you post some error and that's it. The *least* you would do with the above is go to line 2789 and show us that line and the surroundings and tell us what you did. (My MailScanner.conf stops at 2788, though.) > > I added the list to the sa-update per your instructions per "whose" instructions? but I have > no idea to tell if it is in fact working you look in /var/lib/spamassassin if it gets filled. It's explained all there where I pointed you earlier: http://wiki.apache.org/spamassassin/RuleUpdates any insight on this would > be helpful also Rules do jour does not appear to be present in my > install so I skipped those steps is that correct? rules du jour is deprecated, one should use channels. Which tutorial did you follow? Again, you make the mistake of not giving any insight of what you really did. I don't see that Martin gave you instructions in this regard and I can't find a section "Getting the most out of Spamassassin" on the MS wiki (although I think I remember there was one). So, what exactly are you referring to? > > Also If I create a new User called spam and have all of my users forward > their spam there to train bayes will that mess up the tests becuse > they will be seen as all forwards? Again from the SA wiki, this may be helpful: http://wiki.apache.org/spamassassin/ResendingMailWithHeaders > I am kind off at my wits end with this and about to throw in the towel. I think you are just not following instructions (whichever you used) careful enough. Or you used the wrong instructions (those corebsd instructions are not how I would do an install on CentOS) or are mixing them (there's often more than one way to do it right, but you usually can't mix them). Also, you don't seem to keep "old working good configuration", so you can easily check where the mistake was made. Anyway, if you are interested, you can contact me under the address I use here and we can arrange something. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Tue Jan 6 11:22:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 11:22:23 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090106113530.41bc2d32@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> Message-ID: <49633EDC.4020709@ecs.soton.ac.uk> What OS? What distribution of MailScanner? Did you install all the parts of MailScanner, including any new scripts I might have added to the "bin" directory? If you only install half of it, funnily enough it won't work :-) Jules. On 6/1/09 10:35, Bj?rn T Johansen wrote: > I upgraded to version 4.74 and I now get a lot of these in the log..: > > Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes > Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such > file or directory > Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting > > > Why? And what can I do to fix this? > > > Regards, > > BTJ > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From btj at havleik.no Tue Jan 6 11:44:43 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Tue Jan 6 11:45:02 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49633EDC.4020709@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> Message-ID: <20090106124443.3882cea3@btj-laptop.asp-as.no> I just ran the install.sh script like I always do... I am running on Linux, Ubuntu Server and use the tar.gz distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD / Other Linux / Other Unix ) Do I need to do more? I had version 4.70 before I upgraded.... BTJ On Tue, 06 Jan 2009 11:22:04 +0000 Julian Field wrote: > What OS? What distribution of MailScanner? Did you install all the parts > of MailScanner, including any new scripts I might have added to the > "bin" directory? > If you only install half of it, funnily enough it won't work :-) > > Jules. > > On 6/1/09 10:35, Bj?rn T Johansen wrote: > > I upgraded to version 4.74 and I now get a lot of these in the log..: > > > > Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes > > Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > > such file or directory > > Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > > Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting > > > > > > Why? And what can I do to fix this? > > > > > > Regards, > > > > BTJ > > > > > > Jules > From MailScanner at ecs.soton.ac.uk Tue Jan 6 11:56:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 11:56:47 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090106124443.3882cea3@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> Message-ID: <496346EB.1070200@ecs.soton.ac.uk> On 6/1/09 11:44, Bj?rn T Johansen wrote: > I just ran the install.sh script like I always do... > I am running on Linux, Ubuntu Server and use the tar.gz distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD / Other Linux / Other > Unix ) > > > Do I need to do more? I had version 4.70 before I upgraded.... > There's a new script in the bin directory called mailscanner_create_locks, you need to make sure MailScanner can run that from /opt/MailScanner/bin. > > BTJ > > On Tue, 06 Jan 2009 11:22:04 +0000 > Julian Field wrote: > > >> What OS? What distribution of MailScanner? Did you install all the parts >> of MailScanner, including any new scripts I might have added to the >> "bin" directory? >> If you only install half of it, funnily enough it won't work :-) >> >> Jules. >> >> On 6/1/09 10:35, Bj?rn T Johansen wrote: >> >>> I upgraded to version 4.74 and I now get a lot of these in the log..: >>> >>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes >>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No >>> such file or directory >>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, >>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting >>> >>> >>> Why? And what can I do to fix this? >>> >>> >>> Regards, >>> >>> BTJ >>> >>> >>> >> Jules >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 6 12:11:05 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 12:11:24 2009 Subject: Fedora 10 packaging help required Message-ID: <49634A59.4090606@ecs.soton.ac.uk> I've got a problem caused by Fedora 10. They have changed the RPM build structure so that RPMs now build under ~/rpmbuild instead of /usr/src/redhat. But that's not the problem. The problem is that the site_perl directory is now under /usr/local/lib/perl5 and not /usr/lib/perl5. But if you specify a "PREFIX" in the call to Makefile.PL to generate the Makefile, like I always have done, then the perl-site-specific directories are set wrong, it leaves them under /usr/lib/perl5. What I need to know is how I can build the perl module in a BUILDROOT directory (so just building it can't over-write any existing files), while getting all the site-specific stuff correct that has changed in Fedora 10. I have read the man page for ExtUtils::MakeMaker and have tried all sorts of things, but it won't get it right with just a few options to "perl Makefile.PL". Any Fedora 10 experts out there who know how to do this? The only perl modules I have looked at on the Fedora 10 project site have hideously complicated spec files, and I'm not at all confident that a total rewrite of all my spec files is either (a) warranted, or (b) not going to break compatibility with previous OSs. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From btj at havleik.no Tue Jan 6 12:16:34 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Tue Jan 6 12:17:07 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <496346EB.1070200@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> Message-ID: <20090106131634.776f66e4@btj-laptop.asp-as.no> I think MailScanner can run the script, at least I have the following...: (and running the script gives no error messages...) ls /var/spool/MailScanner/incoming/Locks/ -l total 1 -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock But MS.bayes.rebuild.lock is missing? BTJ On Tue, 06 Jan 2009 11:56:27 +0000 Julian Field wrote: > > > On 6/1/09 11:44, Bj?rn T Johansen wrote: > > I just ran the install.sh script like I always do... > > I am running on Linux, Ubuntu Server and use the tar.gz distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD / Other Linux / Other > > Unix ) > > > > > > Do I need to do more? I had version 4.70 before I upgraded.... > > > There's a new script in the bin directory called > mailscanner_create_locks, you need to make sure MailScanner can run that > from /opt/MailScanner/bin. > > > > BTJ > > > > On Tue, 06 Jan 2009 11:22:04 +0000 > > Julian Field wrote: > > > > > >> What OS? What distribution of MailScanner? Did you install all the parts > >> of MailScanner, including any new scripts I might have added to the > >> "bin" directory? > >> If you only install half of it, funnily enough it won't work :-) > >> > >> Jules. > >> > >> On 6/1/09 10:35, Bj?rn T Johansen wrote: > >> > >>> I upgraded to version 4.74 and I now get a lot of these in the log..: > >>> > >>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes > >>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > >>> such file or directory > >>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > >>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting > >>> > >>> > >>> Why? And what can I do to fix this? > >>> > >>> > >>> Regards, > >>> > >>> BTJ > >>> > >>> > >>> > >> Jules > >> > >> > > > > > > Jules > = From cde at alunys.com Tue Jan 6 13:07:14 2009 From: cde at alunys.com (Cedric Devillers) Date: Tue Jan 6 13:10:15 2009 Subject: Fedora 10 packaging help required In-Reply-To: <49634A59.4090606@ecs.soton.ac.uk> References: <49634A59.4090606@ecs.soton.ac.uk> Message-ID: <49635782.4050109@alunys.com> Julian Field wrote: > I've got a problem caused by Fedora 10. > They have changed the RPM build structure so that RPMs now build under > ~/rpmbuild instead of /usr/src/redhat. But that's not the problem. > > The problem is that the site_perl directory is now under > /usr/local/lib/perl5 and not /usr/lib/perl5. But if you specify a > "PREFIX" in the call to Makefile.PL to generate the Makefile, like I > always have done, then the perl-site-specific directories are set wrong, > it leaves them under /usr/lib/perl5. > > What I need to know is how I can build the perl module in a BUILDROOT > directory (so just building it can't over-write any existing files), > while getting all the site-specific stuff correct that has changed in > Fedora 10. > > I have read the man page for ExtUtils::MakeMaker and have tried all > sorts of things, but it won't get it right with just a few options to > "perl Makefile.PL". > > Any Fedora 10 experts out there who know how to do this? > > The only perl modules I have looked at on the Fedora 10 project site > have hideously complicated spec files, and I'm not at all confident that > a total rewrite of all my spec files is either (a) warranted, or (b) not > going to break compatibility with previous OSs. > > Jules > Maybe you can try to define on top of your spec file these macros : %perl_sitelib and/or %perl_vendorlib -- Visitez notre nouveau site web: www.amstergroup.com From maillists at conactive.com Tue Jan 6 13:10:37 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 13:10:53 2009 Subject: Fedora 10 packaging help required In-Reply-To: <49634A59.4090606@ecs.soton.ac.uk> References: <49634A59.4090606@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Tue, 06 Jan 2009 12:11:05 +0000: > Any Fedora 10 experts out there who know how to do this? why not ask on the Fedora devel list? (I assume there is one.) I mean they should know about the problems their changes create for third -party packagers. *If nobody speaks up, nobody will listen.* And they should also be able to give you the *definitive* guide for solving that (at least I would hope so). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jan 6 13:12:40 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 13:12:50 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090106131634.776f66e4@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> Message-ID: Bj?rn T Johansen wrote on Tue, 6 Jan 2009 13:16:34 +0100: > But MS.bayes.rebuild.lock is missing? right. Julian, we are talking here about the lock file for SA rebuilds, not about virus scanner lockfiles. It doesn't look like this file gets created by mailscanner_create_locks. Is it created for each SA run to make sure you do not timeout SA when it starts an automatic expire? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Tue Jan 6 13:53:31 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 13:53:44 2009 Subject: [Simon Walter] Bug#506353: mailscanner: many scripts allow local users to overwrite arbitrary files, and more, via symlink attacks In-Reply-To: <49428EF4.2000903@vanderkooij.org> References: <49422B24.7040900@ecs.soton.ac.uk> <49422EFA.2020801@ecs.soton.ac.uk> <7EF0EE5CB3B263488C8C18823239BEBA056F89AC@HC-MBX02.herefordshire.gov.uk> <494250AB.2010305@ecs.soton.ac.uk> <49428EF4.2000903@vanderkooij.org> Message-ID: Hugo van der Kooij wrote on Fri, 12 Dec 2008 17:19:00 +0100: > Care to share it with the rest of the world? Put it online somewhere if > you want others to enjoy it too. I just checked it with the latest MS and added a bit of explanation. You can get it from http://winware.org/centos/updatems.zip The first script downloads and updates MS, the second updates the conf. Comments welcome (suggest PM). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From john at tradoc.fr Tue Jan 6 14:13:27 2009 From: john at tradoc.fr (John Wilcock) Date: Tue Jan 6 14:13:48 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> Message-ID: <49636707.5060608@tradoc.fr> Le 06/01/2009 14:12, Kai Schaetzl a ?crit : > Bj?rn T Johansen wrote on Tue, 6 Jan 2009 13:16:34 +0100: > >> > But MS.bayes.rebuild.lock is missing? > > right. Julian, we are talking here about the lock file for SA rebuilds, > not about virus scanner lockfiles. It doesn't look like this file gets > created by mailscanner_create_locks. Is it created for each SA run to make > sure you do not timeout SA when it starts an automatic expire? FWIW, I'm getting the same error logged on a fresh install of 4.74.13-2 on a new gentoo box (the gentoo ebuild is based on the tar.gz distribution, and I've updated it to install the mailscanner_create_locks file). RPM users aren't reporting this AFAICT, so maybe there's an omission in the tar.gz version of mailscanner_create_locks. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Tue Jan 6 15:37:24 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 15:37:48 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> Message-ID: <49637AB4.90408@ecs.soton.ac.uk> On 6/1/09 13:12, Kai Schaetzl wrote: > Bj?rn T Johansen wrote on Tue, 6 Jan 2009 13:16:34 +0100: > > >> But MS.bayes.rebuild.lock is missing? >> > > right. Julian, we are talking here about the lock file for SA rebuilds, > not about virus scanner lockfiles. Okay, yes. > It doesn't look like this file gets > created by mailscanner_create_locks. No, it's not. > Is it created for each SA run to make > sure you do not timeout SA when it starts an automatic expire? > It's created so that, when one MailScanner child starts an expiry run of the SA Bayes database, other children know not to do the same. I suspect it also tells the other children that the Bayes database is locked, so don't wait for it if the MailScanner.conf says to not wait for it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Tue Jan 6 15:38:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 15:38:54 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090106131634.776f66e4@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> Message-ID: <49637AFA.6040905@ecs.soton.ac.uk> I'll try to remember to check on this one later and get back to you. On 6/1/09 12:16, Bj?rn T Johansen wrote: > I think MailScanner can run the script, at least I have the following...: > (and running the script gives no error messages...) > > ls /var/spool/MailScanner/incoming/Locks/ -l > total 1 > -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock > -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock > -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock > -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock > -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock > -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock > > > But MS.bayes.rebuild.lock is missing? > > > > BTJ > > On Tue, 06 Jan 2009 11:56:27 +0000 > Julian Field wrote: > > >> On 6/1/09 11:44, Bj?rn T Johansen wrote: >> >>> I just ran the install.sh script like I always do... >>> I am running on Linux, Ubuntu Server and use the tar.gz distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD / Other Linux / Other >>> Unix ) >>> >>> >>> Do I need to do more? I had version 4.70 before I upgraded.... >>> >>> >> There's a new script in the bin directory called >> mailscanner_create_locks, you need to make sure MailScanner can run that >> from /opt/MailScanner/bin. >> >>> BTJ >>> >>> On Tue, 06 Jan 2009 11:22:04 +0000 >>> Julian Field wrote: >>> >>> >>> >>>> What OS? What distribution of MailScanner? Did you install all the parts >>>> of MailScanner, including any new scripts I might have added to the >>>> "bin" directory? >>>> If you only install half of it, funnily enough it won't work :-) >>>> >>>> Jules. >>>> >>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: >>>> >>>> >>>>> I upgraded to version 4.74 and I now get a lot of these in the log..: >>>>> >>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 messages, 7216 bytes >>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No >>>>> such file or directory >>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks could not open /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, >>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content Scanning: Starting >>>>> >>>>> >>>>> Why? And what can I do to fix this? >>>>> >>>>> >>>>> Regards, >>>>> >>>>> BTJ >>>>> >>>>> >>>>> >>>>> >>>> Jules >>>> >>>> >>>> >>> >>> >> Jules >> >> > = > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Tue Jan 6 15:51:25 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 15:51:36 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49637AB4.90408@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AB4.90408@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Tue, 06 Jan 2009 15:37:24 +0000: > It's created so that, when one MailScanner child starts an expiry run of > the SA Bayes database, other children know not to do the same. Hm, so it's only created when an expiry gets started? How does MS get to know this? I mean it's SA that determines if it's time or not, not MS. The obvious short-term workaround for those people experiencing the problem then is to set bayes_auto_expire to 0 until the real solution is available. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From wsavenbe at hotmail.com Tue Jan 6 16:19:05 2009 From: wsavenbe at hotmail.com (Wim Savenberg) Date: Tue Jan 6 16:19:15 2009 Subject: Mail Scanned Several Times .... Message-ID: Hi Mailwatch gurus, I am facing a problem with Mailwatch & Mailscanner (4.66). All mails are scanned several times resulting in (serious) delays. Has anybody seen this problem before and most important how can it be solved .... Your help is highly appreciated ..... Many thanks in advance WimS _________________________________________________________________ Vanaf nu heb je je vrienden overal bij! http://www.windowslivemobile.msn.com/?mkt=nl-be -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/7b223a34/attachment.html From ssilva at sgvwater.com Tue Jan 6 16:44:20 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 6 16:44:49 2009 Subject: Mail Scanned Several Times .... In-Reply-To: References: Message-ID: on 1-6-2009 8:19 AM Wim Savenberg spake the following: > Hi Mailwatch gurus, > > I am facing a problem with Mailwatch & Mailscanner (4.66). All mails are > scanned several times resulting in (serious) delays. > Has anybody seen this problem before and most important how can it be > solved .... > > Your help is highly appreciated ..... > > > Many thanks in advance > > WimS Have you tried updating to a current version? There have been recent changes to work with the latest version of ClamAV. If you have updated ClamAV, but haven't updated MailScanner, you can have this problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/331ae7e3/signature.bin From prandal at herefordshire.gov.uk Tue Jan 6 16:45:14 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Tue Jan 6 16:49:41 2009 Subject: Mail Scanned Several Times .... In-Reply-To: References: Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0587CBB8@HC-MBX02.herefordshire.gov.uk> 4.66 is ancient. If you can, upgrade to the current 4.74.13 and try again. In the meantime, your operating system and MTA details could be useful. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ________________________________ From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Wim Savenberg Sent: 06 January 2009 16:19 To: mailscanner@lists.mailscanner.info Subject: Mail Scanned Several Times .... Hi Mailwatch gurus, I am facing a problem with Mailwatch & Mailscanner (4.66). All mails are scanned several times resulting in (serious) delays. Has anybody seen this problem before and most important how can it be solved .... Your help is highly appreciated ..... Many thanks in advance WimS ________________________________ Maakt je online leven een feest. Windows Live -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/2e80f198/attachment.html From maillists at conactive.com Tue Jan 6 17:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 17:31:28 2009 Subject: Mail Scanned Several Times .... In-Reply-To: References: Message-ID: Wim Savenberg wrote on Tue, 6 Jan 2009 17:19:05 +0100: > I am facing a problem with Mailwatch & Mailscanner (4.66). All mails > are scanned several times resulting in (serious) delays. > Has anybody seen this problem before and most important how can it be solved .... This has nothing to do with Mailwatch unless the data in Mailwatch is wrong. To determine this check the data from Mailwatch against the data in your mailscanner.log. If it turns out that mail really gets scanned several times you may want to provide a little bit of information about your system (at the moment I don't see that you provided any) and think about when this started. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From traced at xpear.de Tue Jan 6 19:48:30 2009 From: traced at xpear.de (traced) Date: Tue Jan 6 19:48:41 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> Message-ID: <4963B58E.4020806@xpear.de> Scott Silva schrieb: > on 1-4-2009 4:18 PM Daniel Straka spake the following: >> Richard, >> >> I've been using the BRBL for a few months now. No false positives reported yet, > > however it rarely picks up any SPAM that spamcop.net and spamhaus-ZEN haven't > > already picked up. But every little bit helps. >> Dan >> > > Then it might be good for those of us that have been "outed" by spamhaus, but > don't have enough traffic to justify paying for a feed. > I will stick it in spamassassin with a low score for a month or two and see > how it hits for me. > > > I did that too, and must say that 70-80% of all messages tagged by BRBL with a low test score are ham, the other 20-30% are really spam. With a low score that might be good to lift up the real spams, so that they don?t slip under the required SA score. But with this rate, I will never use this RBL in my policyd-weight setup. Regards, Bastian From maillists at conactive.com Tue Jan 6 21:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 6 21:31:36 2009 Subject: Barracude BRBL ?? In-Reply-To: <4963B58E.4020806@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> Message-ID: Traced wrote on Tue, 06 Jan 2009 20:48:30 +0100: > I did that too, and must say that 70-80% of all messages tagged by BRBL > with a low test score are ham, the other 20-30% are really spam. With a > low score that might be good to lift up the real spams, so that they > don?t slip under the required SA score. with such a hit distribution you can just randomly add scores and get the same or even better results. Reminds me of the "Luckyseven" list: http://www.dnsbl.com/2007/10/fiveten-blacklist-not-accurate.html Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From traced at xpear.de Tue Jan 6 21:58:08 2009 From: traced at xpear.de (traced) Date: Tue Jan 6 21:58:22 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> Message-ID: <4963D3F0.8000702@xpear.de> Kai Schaetzl schrieb: > Traced wrote on Tue, 06 Jan 2009 20:48:30 +0100: > >> I did that too, and must say that 70-80% of all messages tagged by BRBL >> with a low test score are ham, the other 20-30% are really spam. With a >> low score that might be good to lift up the real spams, so that they >> don?t slip under the required SA score. > > with such a hit distribution you can just randomly add scores and get the > same or even better results. Reminds me of the "Luckyseven" list: > http://www.dnsbl.com/2007/10/fiveten-blacklist-not-accurate.html > > Kai > Got to watch it for a week or two, but BRBL seems to be nothing that makes me forget all my spam worries :) From MailScanner at ecs.soton.ac.uk Tue Jan 6 22:20:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 6 22:20:31 2009 Subject: Anti-spear-phishing, round 2 Message-ID: <4963D91A.9060304@ecs.soton.ac.uk> I have done a load of work on my script that uses the anti-spear-phishing addresses database. The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: Spear.Phishing.Rules.gz Type: application/x-gzip Size: 1710 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/3a7da8b0/Spear.Phishing.Rules.gz From ssilva at sgvwater.com Tue Jan 6 22:23:07 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 6 22:23:53 2009 Subject: Barracude BRBL ?? In-Reply-To: <4963B58E.4020806@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> Message-ID: >> > > I did that too, and must say that 70-80% of all messages tagged by BRBL > with a low test score are ham, the other 20-30% are really spam. With a > low score that might be good to lift up the real spams, so that they > don?t slip under the required SA score. > > But with this rate, I will never use this RBL in my policyd-weight setup. > Strange, because for the 24 or so hours I have been running it, I'm hitting over 97% spam. I haven't looked at the other 3 % to see if it is actually ham or FN's. Good enough for me to add more than half a point, but not more than 3 points. I don't want this one list too strong unless I can hit 100%. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/cf8483b0/signature.bin From ssilva at sgvwater.com Tue Jan 6 22:45:35 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Tue Jan 6 22:45:59 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> Message-ID: on 1-6-2009 2:23 PM Scott Silva spake the following: > >> I did that too, and must say that 70-80% of all messages tagged by BRBL >> with a low test score are ham, the other 20-30% are really spam. With a >> low score that might be good to lift up the real spams, so that they >> don?t slip under the required SA score. >> >> But with this rate, I will never use this RBL in my policyd-weight setup. >> > Strange, because for the 24 or so hours I have been running it, I'm hitting > over 97% spam. > > I haven't looked at the other 3 % to see if it is actually ham or FN's. > > Good enough for me to add more than half a point, but not more than 3 points. > > I don't want this one list too strong unless I can hit 100%. > > Further research shows that (at least on my system) there were only 3 actual ham messages, and they were from the same address. The rest were spam that scored just under the radar. So a point or two would at least get those into low scoring and get tagged. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/8807a1fd/signature.bin From ka at pacific.net Wed Jan 7 00:54:56 2009 From: ka at pacific.net (Ken A) Date: Wed Jan 7 00:55:10 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> Message-ID: <4963FD60.1080306@pacific.net> Scott Silva wrote: > >> I did that too, and must say that 70-80% of all messages tagged by BRBL >> with a low test score are ham, the other 20-30% are really spam. With a >> low score that might be good to lift up the real spams, so that they >> don?t slip under the required SA score. >> >> But with this rate, I will never use this RBL in my policyd-weight setup. >> > Strange, because for the 24 or so hours I have been running it, I'm hitting > over 97% spam. > > I haven't looked at the other 3 % to see if it is actually ham or FN's. > > Good enough for me to add more than half a point, but not more than 3 points. > > I don't want this one list too strong unless I can hit 100%. > > We see pretty good results from BRBL too, but there are some FPs. We have home and business dialup and dsl (ISP) users. I've found it's good in META with Botnet rules. META with DCC and Razor also hits good, but may FP once in a while. Ken -- Ken Anderson http://www.pacific.net/ From gmcgreevy at pwr-sys.com Wed Jan 7 00:55:01 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Wed Jan 7 01:00:00 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com><495FBCAE.60204@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com><496083A2.2090909@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com><72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com><567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3E0@EXCHTEMP.biz.pwr-sys.com> Nope did not touch that one and I did not edit the MailScanner.conf file followed this one below that Julian sent me did not miss anything with the exception of the Rules de jour which was not in my version and I have since undone all of the entries. http://article.gmane.org/gmane.mail.virus.mailscanner/54241/match=how-to Yes huge problem with this open source stuff is the piss poor documentation and ridled with mistake how to's. I am extremely meticulous and methodical on everything I do and leave bread crumbs so I can always go back to a known good configuration. Yes I used different how tos because of the missing/incorrect configuration steps posted in all of them. Does not seem like anyone starts from a base fresh install so pre-requisites are assumed. I would like some help let me know when you are avaialable Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kai Schaetzl Sent: Tue 1/6/2009 5:58 AM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner --lint error Greg J. McGreevy wrote on Mon, 5 Jan 2009 22:44:22 -0500: > Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1937 > Unrecognised keyword "spamassassinprefsfile" at line 2789 at /usr/lib/MailScanner/MailScanner/Config.pm > line 1940 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm > line 1945 There is no such option. The only one I can find is "MCP SpamAssassin Prefs File". Is that the one you edited? I find that you are making the same mistake over and over: you post some error and that's it. The *least* you would do with the above is go to line 2789 and show us that line and the surroundings and tell us what you did. (My MailScanner.conf stops at 2788, though.) > > I added the list to the sa-update per your instructions per "whose" instructions? but I have > no idea to tell if it is in fact working you look in /var/lib/spamassassin if it gets filled. It's explained all there where I pointed you earlier: http://wiki.apache.org/spamassassin/RuleUpdates any insight on this would > be helpful also Rules do jour does not appear to be present in my > install so I skipped those steps is that correct? rules du jour is deprecated, one should use channels. Which tutorial did you follow? Again, you make the mistake of not giving any insight of what you really did. I don't see that Martin gave you instructions in this regard and I can't find a section "Getting the most out of Spamassassin" on the MS wiki (although I think I remember there was one). So, what exactly are you referring to? > > Also If I create a new User called spam and have all of my users forward > their spam there to train bayes will that mess up the tests becuse > they will be seen as all forwards? Again from the SA wiki, this may be helpful: http://wiki.apache.org/spamassassin/ResendingMailWithHeaders > I am kind off at my wits end with this and about to throw in the towel. I think you are just not following instructions (whichever you used) careful enough. Or you used the wrong instructions (those corebsd instructions are not how I would do an install on CentOS) or are mixing them (there's often more than one way to do it right, but you usually can't mix them). Also, you don't seem to keep "old working good configuration", so you can easily check where the mistake was made. Anyway, if you are interested, you can contact me under the address I use here and we can arrange something. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 7597 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090106/e7085925/attachment-0001.bin From brian at datamatters.com.au Wed Jan 7 01:24:34 2009 From: brian at datamatters.com.au (Brian) Date: Wed Jan 7 01:30:14 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49636707.5060608@tradoc.fr> Message-ID: John Wilcock tradoc.fr> writes: > RPM users aren't reporting this AFAICT, so maybe there's an omission in > the tar.gz version of mailscanner_create_locks. > > John. > Guys, I've just upgraded an RPM based system (centos 5.2) to 4.74.13 and I am also getting those messages. Mail seems to be passing through OK though. Cheers. From root at doctor.nl2k.ab.ca Wed Jan 7 01:51:34 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Jan 7 01:52:52 2009 Subject: [mkettler_sa@verizon.net: {?} Re: Change the score of BAYES_9*] Message-ID: <20090107015134.GA19127@doctor.nl2k.ab.ca> ----- Forwarded message from Matt Kettler ----- Resent-From: doctor@doctor.nl2k.ab.ca Resent-Date: Tue, 6 Jan 2009 18:45:27 -0700 Resent-Message-ID: <20090107014527.GA18581@doctor.nl2k.ab.ca> Resent-To: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem" X-Spam-Filter: check_local@doctor.nl2k.ab.ca by digitalanswers.org Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=FM_FAKE_HELO_VERIZON,SPF_PASS X-Spam-Check-By: apache.org Date: Tue, 06 Jan 2009 09:22:59 -0500 From: Matt Kettler Subject: {?} Re: Change the score of BAYES_9* In-reply-to: <20090106140437.GD21804@doctor.nl2k.ab.ca> To: The Doctor Cc: users@spamassassin.apache.org User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) X-Virus-Checked: Checked by ClamAV on apache.org X-Null-Tag: 9af02e63e6b3c80e2755983332dc2d23 X-Null-Tag: 556d7327031958ae6624ba91a8da74b5 X-NetKnow-InComing-4-74-11-1-MailScanner-Information: Please contact the ISP for more information X-NetKnow-InComing-4-74-11-1-MailScanner-ID: n06ENXaK001680 X-NetKnow-InComing-4-74-11-1-MailScanner: Found to be clean X-NetKnow-InComing-4-74-11-1-MailScanner-IP-Protocol: IPv4 X-NetKnow-InComing-4-74-11-1-MailScanner-From: users-return-75302-doctor=doctor.nl2k.ab.ca@spamassassin.apache.org X-NetKnow-InComing-4-74-11-1-MailScanner-Watermark: 1231683820.25552@DlJmd9t7mtKE/PwNelD6hw X-Spam-Status: Yes, Yes X-NetKnow-InComing-4-74-13-2-MailScanner-Information: Please contact the ISP for more information X-NetKnow-InComing-4-74-13-2-MailScanner-ID: n071jS71018880 X-NetKnow-InComing-4-74-13-2-MailScanner: Found to be clean X-NetKnow-InComing-4-74-13-2-MailScanner-IP-Protocol: IPv4 X-NetKnow-InComing-4-74-13-2-MailScanner-From: doctor@doctor.nl2k.ab.ca X-NetKnow-InComing-4-74-13-2-MailScanner-Watermark: 1231724733.93268@LThgVLdFle6EPiwq+Av6qg The Doctor wrote: > I wish to make a system-wide change for BAYES_95 and BAYES_99 to > score 1000.0 . 999.999% of those e-mail scoringthat high > are worthy of GTUBE status. > > How can make that change systemwide? > in local.cf add: score BAYES_95 1000.0 score BAYES_99 1000.0 If you use spamd or an API level tool that caches a Mail::SpamAssassin object (ie: MailScanner), it will need to be restarted to read the new config. However, I will warn you this is a bit dangerous. Theoretically, the false positive rate of those two should be 5%. (ie: 5% of the mail they match is nonspam mail). That said, I also don't understand why such a strong score. That's higher than a manual whitelisting will compensate for (-100). Do you really want this to be so high that it over-rides your explicit whitelists? Why not use something like 20 or 50? GTUBE is scored so high because it needs to over-ride any whitelisting. But nothing else should ever need such a high score. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ----- End forwarded message ----- Yes I still run MailScanner and have adjust the local.cf but still see the default BAYES_9* score. Why is that score not changing? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From hvdkooij at vanderkooij.org Wed Jan 7 10:48:41 2009 From: hvdkooij at vanderkooij.org (Hugo van der Kooij) Date: Wed Jan 7 10:49:00 2009 Subject: Fedora 10 packaging help required In-Reply-To: <49634A59.4090606@ecs.soton.ac.uk> References: <49634A59.4090606@ecs.soton.ac.uk> Message-ID: <49648889.1090302@vanderkooij.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Field wrote: > I've got a problem caused by Fedora 10. > They have changed the RPM build structure so that RPMs now build under > ~/rpmbuild instead of /usr/src/redhat. But that's not the problem. > > The problem is that the site_perl directory is now under > /usr/local/lib/perl5 and not /usr/lib/perl5. But if you specify a > "PREFIX" in the call to Makefile.PL to generate the Makefile, like I > always have done, then the perl-site-specific directories are set wrong, > it leaves them under /usr/lib/perl5. Have you looked at a tool like: https://admin.fedoraproject.org/pkgdb/packages/name/perl-Package-Generator I recall haveing seen a few minor items with the current spec files that might explain yor current issues. Need to look at them again. Hugo. - -- hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. Nid wyf yn y swyddfa ar hyn o bryd. Anfonwch unrhyw waith i'w gyfieithu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklkiIcACgkQBvzDRVjxmYHsTACginjmnbmQbOnrHxCkkFG0XG8a c2IAnjg4viJeuQMujFed5wE8PbvWssm+ =RJWV -----END PGP SIGNATURE----- From mailscanner at barendse.to Wed Jan 7 10:49:57 2009 From: mailscanner at barendse.to (Remco Barendse) Date: Wed Jan 7 10:50:14 2009 Subject: MailScanner ANNOUNCE: Stable release 4.74.12 In-Reply-To: <495F4840.8050603@ecs.soton.ac.uk> References: <495F4840.8050603@ecs.soton.ac.uk> Message-ID: On Sat, 3 Jan 2009, Julian Field wrote: > TNEF had been upgraded to 1.4.5. Thanks for the update Julian! I installed MailScanner on Centos 4.7 and got this : Installing tnef decoder error: Failed dependencies: libc.so.6(GLIBC_2.4) is needed by tnef-1.4.5-1.i386 rtld(GNU_HASH) is needed by tnef-1.4.5-1.i386 Does this signal a significant problem? Remco From prandal at herefordshire.gov.uk Wed Jan 7 10:57:47 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Wed Jan 7 10:58:10 2009 Subject: Could not open Bayes rebuild lockfile /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no><49636707.5060608@tradoc.fr> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA0587CCDC@HC-MBX02.herefordshire.gov.uk> Works for me on CentOS 5.2 and MailScanner 4.74.13. Cheers, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brian Sent: 07 January 2009 01:25 To: mailscanner@lists.mailscanner.info Subject: Re: Could not open Bayes rebuild lockfile /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock,No such file or directory John Wilcock tradoc.fr> writes: > RPM users aren't reporting this AFAICT, so maybe there's an omission > in the tar.gz version of mailscanner_create_locks. > > John. > Guys, I've just upgraded an RPM based system (centos 5.2) to 4.74.13 and I am also getting those messages. Mail seems to be passing through OK though. Cheers. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Jan 7 11:06:02 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 11:06:25 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49637AFA.6040905@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> Message-ID: <49648C9A.3060706@ecs.soton.ac.uk> Attached are two scripts. Both are gzipped to save bandwidth. "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you use the "Other Unix" distribution of MailScanner. "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed to "mailscanner_create_locks" if you use either of the RPM distributions of MailScanner. Don't forget to make it executable! cd /usr/sbin chmod a+rx mailscanner_create_locks Please let me know if this fixes the problem. On 6/1/09 15:38, Julian Field wrote: > I'll try to remember to check on this one later and get back to you. > > On 6/1/09 12:16, Bj?rn T Johansen wrote: >> I think MailScanner can run the script, at least I have the >> following...: >> (and running the script gives no error messages...) >> >> ls /var/spool/MailScanner/incoming/Locks/ -l >> total 1 >> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock >> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock >> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock >> >> >> But MS.bayes.rebuild.lock is missing? >> >> >> >> BTJ >> >> On Tue, 06 Jan 2009 11:56:27 +0000 >> Julian Field wrote: >> >>> On 6/1/09 11:44, Bj?rn T Johansen wrote: >>>> I just ran the install.sh script like I always do... >>>> I am running on Linux, Ubuntu Server and use the tar.gz >>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD >>>> / Other Linux / Other >>>> Unix ) >>>> >>>> >>>> Do I need to do more? I had version 4.70 before I upgraded.... >>>> >>> There's a new script in the bin directory called >>> mailscanner_create_locks, you need to make sure MailScanner can run >>> that >>> from /opt/MailScanner/bin. >>>> BTJ >>>> >>>> On Tue, 06 Jan 2009 11:22:04 +0000 >>>> Julian Field wrote: >>>> >>>> >>>>> What OS? What distribution of MailScanner? Did you install all the >>>>> parts >>>>> of MailScanner, including any new scripts I might have added to the >>>>> "bin" directory? >>>>> If you only install half of it, funnily enough it won't work :-) >>>>> >>>>> Jules. >>>>> >>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: >>>>> >>>>>> I upgraded to version 4.74 and I now get a lot of these in the >>>>>> log..: >>>>>> >>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 >>>>>> messages, 7216 bytes >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes >>>>>> rebuild lock file >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No >>>>>> such file or directory >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks >>>>>> could not open >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, >>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content >>>>>> Scanning: Starting >>>>>> >>>>>> >>>>>> Why? And what can I do to fix this? >>>>>> >>>>>> >>>>>> Regards, >>>>>> >>>>>> BTJ >>>>>> >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> >>>> >>> Jules >>> >> = > > Jules > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner_create_locks.redhat.gz Type: application/gzip Size: 986 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/86b43c90/mailscanner_create_locks.redhat.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner_create_locks.gz Type: application/gzip Size: 982 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/86b43c90/mailscanner_create_locks.bin From chokimbo at gmail.com Wed Jan 7 11:15:58 2009 From: chokimbo at gmail.com (ichwan nur hakim) Date: Wed Jan 7 11:16:07 2009 Subject: Good config for Mailscanner Message-ID: <928434630901070315w2edb25bboee5cb4184a1a68@mail.gmail.com> Hi guys, I have ben install Mailscanner in opensuse 10.3 and success, but I am still receipt much SPAM in my email, how powerful that settingan mainscanner..??? any advice for SpamasassinScore..??? default value is 10, maybe i must set to 1 so powerfull. Thank's -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/4cbbc54c/attachment.html From maillists at conactive.com Wed Jan 7 11:31:21 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 11:31:34 2009 Subject: [mkettler_sa@verizon.net: {?} Change the score of BAYES_9*] In-Reply-To: <20090107015134.GA19127@doctor.nl2k.ab.ca> References: <20090107015134.GA19127@doctor.nl2k.ab.ca> Message-ID: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the wrote on Tue, 6 Jan 2009 18:51:34 -0700: > The Root of theProblem yes, indeed. Can you please stop this? Thanks. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Jan 7 11:31:21 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 11:31:35 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49636707.5060608@tradoc.fr> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49636707.5060608@tradoc.fr> Message-ID: John Wilcock wrote on Tue, 06 Jan 2009 15:13:27 +0100: > RPM users aren't reporting this AFAICT, so maybe there's an omission in > the tar.gz version of mailscanner_create_locks. Don't think so. As I've been working on some bayes stuff yesterday I had the chance to see the "original" expiry lock from sa-learn and it's "bayes.lock". It gets created when SA starts an expiry run and appears in the Bayes directory. As MailScanner uses the SA Perl module the procedure there is slightly different and you get "MS.bayes.rebuild.lock". Either because the Perl module uses a slightly different name and prefixes it with "MS" or because Julian tells it to name it like this. Before the changes to the lock path this occurred in the Bayes directory, now it occurs in the general MS lock directory and I assume there's missing some permission. Or it still gets created in the Bayes dir (have a look) but looked for in the other place. As all the fixes were about virusscanner wrappers that one got easily overlooked, especially if auto-expiry is switched off ;-) As I already wrote in another message the quick fix is to set bayes_auto_expire to 0 in you spamassassin.prefs.conf and do a nightly "sa-learn --force-expiry". This is actually a good thing to do, anyway. Just leaving it "as is" does work but will slow down your processing as your SA obviously is trying to expire with each run. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jan 7 11:32:37 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 11:32:59 2009 Subject: Could not open Bayes rebuild lockfile /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0587CCDC@HC-MBX02.herefordshire.gov.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no><49636707.5060608@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBA0587CCDC@HC-MBX02.herefordshire.gov.uk> Message-ID: <496492D5.3080804@ecs.soton.ac.uk> It will work on systems with "Run As User = root" or "Run As User =". Other users will have trouble, and need the replacement mailscanner_create_locks in my other post. On 7/1/09 10:57, Randal, Phil wrote: > Works for me on CentOS 5.2 and MailScanner 4.74.13. > > Cheers, > > Phil > -- > Phil Randal | Networks Engineer > Herefordshire Council | Deputy Chief Executive's Office | I.C.T. > Services Division > Thorn Office Centre, Rotherwas, Hereford, HR2 6JT > Tel: 01432 260160 > email: prandal@herefordshire.gov.uk > > Any opinion expressed in this e-mail or any attached files are those of > the individual and not necessarily those of Herefordshire Council. > > This e-mail and any attached files are confidential and intended solely > for the use of the addressee. This communication may contain material > protected by law from being passed on. If you are not the intended > recipient and have received this e-mail in error, you are advised that > any use, dissemination, forwarding, printing or copying of this e-mail > is strictly prohibited. If you have received this e-mail in error please > contact the sender immediately and destroy all copies of it. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info > [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Brian > Sent: 07 January 2009 01:25 > To: mailscanner@lists.mailscanner.info > Subject: Re: Could not open Bayes rebuild lockfile > /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock,No such file > or directory > > John Wilcock tradoc.fr> writes: > > > >> RPM users aren't reporting this AFAICT, so maybe there's an omission >> in the tar.gz version of mailscanner_create_locks. >> >> John. >> >> > > > Guys, > > I've just upgraded an RPM based system (centos 5.2) to 4.74.13 and I am > also getting those messages. Mail seems to be passing through OK though. > > > Cheers. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From btj at havleik.no Wed Jan 7 11:39:39 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Wed Jan 7 11:44:47 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49648C9A.3060706@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> Message-ID: <20090107123939.1e2015c6@btj-laptop.asp-as.no> Well, the log message disappeared and I got two more lock files in the Lock directory... :) BTJ On Wed, 07 Jan 2009 11:06:02 +0000 Julian Field wrote: > Attached are two scripts. Both are gzipped to save bandwidth. > "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you > use the "Other Unix" distribution of MailScanner. > "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed > to "mailscanner_create_locks" if you use either of the RPM distributions > of MailScanner. > > Don't forget to make it executable! > cd /usr/sbin > chmod a+rx mailscanner_create_locks > > Please let me know if this fixes the problem. > > On 6/1/09 15:38, Julian Field wrote: > > I'll try to remember to check on this one later and get back to you. > > > > On 6/1/09 12:16, Bj?rn T Johansen wrote: > >> I think MailScanner can run the script, at least I have the > >> following...: > >> (and running the script gives no error messages...) > >> > >> ls /var/spool/MailScanner/incoming/Locks/ -l > >> total 1 > >> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock > >> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock > >> > >> > >> But MS.bayes.rebuild.lock is missing? > >> > >> > >> > >> BTJ > >> > >> On Tue, 06 Jan 2009 11:56:27 +0000 > >> Julian Field wrote: > >> > >>> On 6/1/09 11:44, Bj?rn T Johansen wrote: > >>>> I just ran the install.sh script like I always do... > >>>> I am running on Linux, Ubuntu Server and use the tar.gz > >>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD > >>>> / Other Linux / Other > >>>> Unix ) > >>>> > >>>> > >>>> Do I need to do more? I had version 4.70 before I upgraded.... > >>>> > >>> There's a new script in the bin directory called > >>> mailscanner_create_locks, you need to make sure MailScanner can run > >>> that > >>> from /opt/MailScanner/bin. > >>>> BTJ > >>>> > >>>> On Tue, 06 Jan 2009 11:22:04 +0000 > >>>> Julian Field wrote: > >>>> > >>>> > >>>>> What OS? What distribution of MailScanner? Did you install all the > >>>>> parts > >>>>> of MailScanner, including any new scripts I might have added to the > >>>>> "bin" directory? > >>>>> If you only install half of it, funnily enough it won't work :-) > >>>>> > >>>>> Jules. > >>>>> > >>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: > >>>>> > >>>>>> I upgraded to version 4.74 and I now get a lot of these in the > >>>>>> log..: > >>>>>> > >>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 > >>>>>> messages, 7216 bytes > >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes > >>>>>> rebuild lock file > >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > >>>>>> such file or directory > >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks > >>>>>> could not open > >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > >>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content > >>>>>> Scanning: Starting > >>>>>> > >>>>>> > >>>>>> Why? And what can I do to fix this? > >>>>>> > >>>>>> > >>>>>> Regards, > >>>>>> > >>>>>> BTJ > >>>>>> > >>>>>> > >>>>>> > >>>>> Jules > >>>>> > >>>>> > >>>> > >>> Jules > >>> > >> = > > > > Jules > > > > Jules > From btj at havleik.no Wed Jan 7 11:46:39 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Wed Jan 7 11:47:04 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <49648C9A.3060706@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> Message-ID: <20090107124639.4fc576a4@btj-laptop.asp-as.no> One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue only grew larger...) BTJ On Wed, 07 Jan 2009 11:06:02 +0000 Julian Field wrote: > Attached are two scripts. Both are gzipped to save bandwidth. > "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you > use the "Other Unix" distribution of MailScanner. > "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed > to "mailscanner_create_locks" if you use either of the RPM distributions > of MailScanner. > > Don't forget to make it executable! > cd /usr/sbin > chmod a+rx mailscanner_create_locks > > Please let me know if this fixes the problem. > > On 6/1/09 15:38, Julian Field wrote: > > I'll try to remember to check on this one later and get back to you. > > > > On 6/1/09 12:16, Bj?rn T Johansen wrote: > >> I think MailScanner can run the script, at least I have the > >> following...: > >> (and running the script gives no error messages...) > >> > >> ls /var/spool/MailScanner/incoming/Locks/ -l > >> total 1 > >> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock > >> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock > >> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock > >> > >> > >> But MS.bayes.rebuild.lock is missing? > >> > >> > >> > >> BTJ > >> > >> On Tue, 06 Jan 2009 11:56:27 +0000 > >> Julian Field wrote: > >> > >>> On 6/1/09 11:44, Bj?rn T Johansen wrote: > >>>> I just ran the install.sh script like I always do... > >>>> I am running on Linux, Ubuntu Server and use the tar.gz > >>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD > >>>> / Other Linux / Other > >>>> Unix ) > >>>> > >>>> > >>>> Do I need to do more? I had version 4.70 before I upgraded.... > >>>> > >>> There's a new script in the bin directory called > >>> mailscanner_create_locks, you need to make sure MailScanner can run > >>> that > >>> from /opt/MailScanner/bin. > >>>> BTJ > >>>> > >>>> On Tue, 06 Jan 2009 11:22:04 +0000 > >>>> Julian Field wrote: > >>>> > >>>> > >>>>> What OS? What distribution of MailScanner? Did you install all the > >>>>> parts > >>>>> of MailScanner, including any new scripts I might have added to the > >>>>> "bin" directory? > >>>>> If you only install half of it, funnily enough it won't work :-) > >>>>> > >>>>> Jules. > >>>>> > >>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: > >>>>> > >>>>>> I upgraded to version 4.74 and I now get a lot of these in the > >>>>>> log..: > >>>>>> > >>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 > >>>>>> messages, 7216 bytes > >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes > >>>>>> rebuild lock file > >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > >>>>>> such file or directory > >>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks > >>>>>> could not open > >>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > >>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content > >>>>>> Scanning: Starting > >>>>>> > >>>>>> > >>>>>> Why? And what can I do to fix this? > >>>>>> > >>>>>> > >>>>>> Regards, > >>>>>> > >>>>>> BTJ > >>>>>> > >>>>>> > >>>>>> > >>>>> Jules > >>>>> > >>>>> > >>>> > >>> Jules > >>> > >> = > > > > Jules > > > > Jules > From brian at datamatters.com.au Wed Jan 7 12:01:15 2009 From: brian at datamatters.com.au (Brian) Date: Wed Jan 7 12:01:36 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> Message-ID: Bj?rn T Johansen havleik.no> writes: > > One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue > only grew larger...) > Me too. Mail is sitting in the queue. From maillists at conactive.com Wed Jan 7 12:14:13 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 12:14:26 2009 Subject: Could not open Bayes rebuild lockfile /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <7EF0EE5CB3B263488C8C18823239BEBA0587CCDC@HC-MBX02.herefordshire.gov.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49636707.5060608@tradoc.fr> <7EF0EE5CB3B263488C8C18823239BEBA0587CCDC@HC-MBX02.herefordshire.gov.uk> Message-ID: Phil Randal wrote on Wed, 7 Jan 2009 10:57:47 -0000: > Works for me on CentOS 5.2 and MailScanner 4.74.13. It doesn't, you (like me) just don't encounter it as no expiry is triggered. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Jan 7 12:14:13 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 12:14:26 2009 Subject: MailScanner ANNOUNCE: Stable release 4.74.12 In-Reply-To: References: <495F4840.8050603@ecs.soton.ac.uk> Message-ID: Remco Barendse wrote on Wed, 7 Jan 2009 11:49:57 +0100 (CET): > Does this signal a significant problem? it won't install ;-) glibc on CentOS 4 is 2.3 and this package requires 2.4. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Wed Jan 7 12:14:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 12:14:26 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3E0@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> <72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> <567221C09601934AA5CE9762FDA09A5001C3E0@EXCHTEMP.biz.pwr-sys.co Message-ID: m> Reply-To: mailscanner@lists.mailscanner.info Greg J. McGreevy wrote on Tue, 6 Jan 2009 19:55:01 -0500: > followed this one below that Julian sent me did not miss anything > with the exception of the Rules de jour which was not in my version > and I have since undone all of the entries. The rules du jour was missing because you never added it and as it was the old method of getting some updated third-party rules that's perfectly okay. But you must have added some wrong stuff either to MailScanner.conf or to a ruleset file to get that error message, incorrect rules in spamassassin.prefs.conf wouldn't throw that. > Yes huge problem with this open source stuff is the piss poor documentation I disagree. Both MailScanner and SA are documented quite good. But administering a mail/mail scanning server is a complex task, so there's no simple step-by-step tutorial available as each setup is slightly different. As for extra rules I just removed most extra rules from my setups as they are catching too few and are not worth it anymore. Especially the SARE rules are out-dated. So, after removal of all changes, does your MS work basically now? > I would like some help let me know when you are avaialable I'll mail you. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From root at doctor.nl2k.ab.ca Wed Jan 7 12:35:19 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Jan 7 12:36:49 2009 Subject: [mkettler_sa@verizon.net: {?} Change the score of BAYES_9*] In-Reply-To: References: <20090107015134.GA19127@doctor.nl2k.ab.ca> Message-ID: <20090107123519.GB9053@doctor.nl2k.ab.ca> On Wed, Jan 07, 2009 at 12:31:21PM +0100, Kai Schaetzl wrote: > "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the wrote > on Tue, 6 Jan 2009 18:51:34 -0700: > > > The Root of theProblem > > yes, indeed. Can you please stop this? Thanks. > > Kai > Nice humour? Can I have an answer to the question pointed out? too much getting through here! > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 7 12:38:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 12:38:49 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090107124639.4fc576a4@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> Message-ID: <4964A243.30003@ecs.soton.ac.uk> Can you try the attached SA.pm and let me know if it's any better. Sorry, file locking problems (as usual!). On 7/1/09 11:46, Bj?rn T Johansen wrote: > One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue only grew larger...) > > BTJ > > On Wed, 07 Jan 2009 11:06:02 +0000 > Julian Field wrote: > > >> Attached are two scripts. Both are gzipped to save bandwidth. >> "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you >> use the "Other Unix" distribution of MailScanner. >> "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed >> to "mailscanner_create_locks" if you use either of the RPM distributions >> of MailScanner. >> >> Don't forget to make it executable! >> cd /usr/sbin >> chmod a+rx mailscanner_create_locks >> >> Please let me know if this fixes the problem. >> >> On 6/1/09 15:38, Julian Field wrote: >> >>> I'll try to remember to check on this one later and get back to you. >>> >>> On 6/1/09 12:16, Bj?rn T Johansen wrote: >>> >>>> I think MailScanner can run the script, at least I have the >>>> following...: >>>> (and running the script gives no error messages...) >>>> >>>> ls /var/spool/MailScanner/incoming/Locks/ -l >>>> total 1 >>>> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock >>>> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock >>>> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock >>>> >>>> >>>> But MS.bayes.rebuild.lock is missing? >>>> >>>> >>>> >>>> BTJ >>>> >>>> On Tue, 06 Jan 2009 11:56:27 +0000 >>>> Julian Field wrote: >>>> >>>> >>>>> On 6/1/09 11:44, Bj?rn T Johansen wrote: >>>>> >>>>>> I just ran the install.sh script like I always do... >>>>>> I am running on Linux, Ubuntu Server and use the tar.gz >>>>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD >>>>>> / Other Linux / Other >>>>>> Unix ) >>>>>> >>>>>> >>>>>> Do I need to do more? I had version 4.70 before I upgraded.... >>>>>> >>>>>> >>>>> There's a new script in the bin directory called >>>>> mailscanner_create_locks, you need to make sure MailScanner can run >>>>> that >>>>> from /opt/MailScanner/bin. >>>>> >>>>>> BTJ >>>>>> >>>>>> On Tue, 06 Jan 2009 11:22:04 +0000 >>>>>> Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>>> What OS? What distribution of MailScanner? Did you install all the >>>>>>> parts >>>>>>> of MailScanner, including any new scripts I might have added to the >>>>>>> "bin" directory? >>>>>>> If you only install half of it, funnily enough it won't work :-) >>>>>>> >>>>>>> Jules. >>>>>>> >>>>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: >>>>>>> >>>>>>> >>>>>>>> I upgraded to version 4.74 and I now get a lot of these in the >>>>>>>> log..: >>>>>>>> >>>>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 >>>>>>>> messages, 7216 bytes >>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes >>>>>>>> rebuild lock file >>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No >>>>>>>> such file or directory >>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks >>>>>>>> could not open >>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, >>>>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content >>>>>>>> Scanning: Starting >>>>>>>> >>>>>>>> >>>>>>>> Why? And what can I do to fix this? >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> BTJ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> >>>>>>> >>>>> Jules >>>>> >>>>> >>>> = >>>> >>> Jules >>> >>> >> Jules >> >> > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.gz Type: application/gzip Size: 12726 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/44397fd0/SA.pm.bin From btj at havleik.no Wed Jan 7 12:53:02 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Wed Jan 7 12:53:36 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964A243.30003@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> Message-ID: <20090107135302.6cf5ca15@btj-laptop.asp-as.no> Yes, that seems to be working... Thx... :) BTJ On Wed, 07 Jan 2009 12:38:27 +0000 Julian Field wrote: > Can you try the attached SA.pm and let me know if it's any better. > Sorry, file locking problems (as usual!). > > > On 7/1/09 11:46, Bj?rn T Johansen wrote: > > One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue only grew larger...) > > > > BTJ > > > > On Wed, 07 Jan 2009 11:06:02 +0000 > > Julian Field wrote: > > > > > >> Attached are two scripts. Both are gzipped to save bandwidth. > >> "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you > >> use the "Other Unix" distribution of MailScanner. > >> "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed > >> to "mailscanner_create_locks" if you use either of the RPM distributions > >> of MailScanner. > >> > >> Don't forget to make it executable! > >> cd /usr/sbin > >> chmod a+rx mailscanner_create_locks > >> > >> Please let me know if this fixes the problem. > >> > >> On 6/1/09 15:38, Julian Field wrote: > >> > >>> I'll try to remember to check on this one later and get back to you. > >>> > >>> On 6/1/09 12:16, Bj?rn T Johansen wrote: > >>> > >>>> I think MailScanner can run the script, at least I have the > >>>> following...: > >>>> (and running the script gives no error messages...) > >>>> > >>>> ls /var/spool/MailScanner/incoming/Locks/ -l > >>>> total 1 > >>>> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock > >>>> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock > >>>> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock > >>>> > >>>> > >>>> But MS.bayes.rebuild.lock is missing? > >>>> > >>>> > >>>> > >>>> BTJ > >>>> > >>>> On Tue, 06 Jan 2009 11:56:27 +0000 > >>>> Julian Field wrote: > >>>> > >>>> > >>>>> On 6/1/09 11:44, Bj?rn T Johansen wrote: > >>>>> > >>>>>> I just ran the install.sh script like I always do... > >>>>>> I am running on Linux, Ubuntu Server and use the tar.gz > >>>>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD > >>>>>> / Other Linux / Other > >>>>>> Unix ) > >>>>>> > >>>>>> > >>>>>> Do I need to do more? I had version 4.70 before I upgraded.... > >>>>>> > >>>>>> > >>>>> There's a new script in the bin directory called > >>>>> mailscanner_create_locks, you need to make sure MailScanner can run > >>>>> that > >>>>> from /opt/MailScanner/bin. > >>>>> > >>>>>> BTJ > >>>>>> > >>>>>> On Tue, 06 Jan 2009 11:22:04 +0000 > >>>>>> Julian Field wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> What OS? What distribution of MailScanner? Did you install all the > >>>>>>> parts > >>>>>>> of MailScanner, including any new scripts I might have added to the > >>>>>>> "bin" directory? > >>>>>>> If you only install half of it, funnily enough it won't work :-) > >>>>>>> > >>>>>>> Jules. > >>>>>>> > >>>>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: > >>>>>>> > >>>>>>> > >>>>>>>> I upgraded to version 4.74 and I now get a lot of these in the > >>>>>>>> log..: > >>>>>>>> > >>>>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 > >>>>>>>> messages, 7216 bytes > >>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes > >>>>>>>> rebuild lock file > >>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > >>>>>>>> such file or directory > >>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks > >>>>>>>> could not open > >>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > >>>>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content > >>>>>>>> Scanning: Starting > >>>>>>>> > >>>>>>>> > >>>>>>>> Why? And what can I do to fix this? > >>>>>>>> > >>>>>>>> > >>>>>>>> Regards, > >>>>>>>> > >>>>>>>> BTJ > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> Jules > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> Jules > >>>>> > >>>>> > >>>> = > >>>> > >>> Jules > >>> > >>> > >> Jules > >> > >> > > > > > > Jules > From maillists at conactive.com Wed Jan 7 13:16:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 13:16:23 2009 Subject: [mkettler_sa@verizon.net: {?} Change the score of BAYES_9*] In-Reply-To: <20090107123519.GB9053@doctor.nl2k.ab.ca> References: <20090107015134.GA19127@doctor.nl2k.ab.ca> <20090107123519.GB9053@doctor.nl2k.ab.ca> Message-ID: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the wrote on Wed, 7 Jan 2009 05:35:19 -0700: > Nice humour? > > > Can I have an answer to the question pointed out? > > too much getting through here! That's not my problem. I can assure you that you are *not* behaving nice, humour or not. You posted a question on another mailing list, you got a good and correct answer there, you forwarded that answer to another (this) mailing list for no good reason and without any explanation and when somebody asks you to stop that (in anticipation of more) you demand an answer? Do you think this is appropriate behavior? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From root at doctor.nl2k.ab.ca Wed Jan 7 13:29:38 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Wed Jan 7 13:30:50 2009 Subject: [mkettler_sa@verizon.net: {?} Change the score of BAYES_9*] In-Reply-To: References: <20090107015134.GA19127@doctor.nl2k.ab.ca> <20090107123519.GB9053@doctor.nl2k.ab.ca> Message-ID: <20090107132937.GA15610@doctor.nl2k.ab.ca> On Wed, Jan 07, 2009 at 02:16:12PM +0100, Kai Schaetzl wrote: > "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the wrote > on Wed, 7 Jan 2009 05:35:19 -0700: > > > Nice humour? > > > > > > Can I have an answer to the question pointed out? > > > > too much getting through here! > > That's not my problem. I can assure you that you are *not* behaving nice, > humour or not. > You posted a question on another mailing list, you got a good and correct > answer there, you forwarded that answer to another (this) mailing list for > no good reason and without any explanation and when somebody asks you to > stop that (in anticipation of more) you demand an answer? Do you think > this is appropriate behavior? > I was referring to the point hey make about MAilSCanner. Weirdly enough the other box running MailScanner is using the higher value but not this one. That is a little confusing. > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From memmas at otenet.gr Wed Jan 7 14:32:57 2009 From: memmas at otenet.gr (memmas) Date: Wed Jan 7 14:33:05 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. Message-ID: <4964BD19.2040607@otenet.gr> I'm using slackware 12.2 postfix 2.5.5 ClamAV 0.94.2 Spamassassin 3.2.5 after upgrade to 4.74 (same applies to beta) I get a loop in mail log and nothing happening, mail are stuck in queue. Jan 7 16:03:47 devel MailScanner[22474]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 7 16:03:47 devel MailScanner[22474]: Read 848 hostnames from the phishing whitelist Jan 7 16:03:47 devel MailScanner[22474]: Read 3820 hostnames from the phishing blacklist Jan 7 16:03:47 devel MailScanner[22474]: Using SpamAssassin results cache Jan 7 16:03:47 devel MailScanner[22474]: Connected to SpamAssassin cache database Jan 7 16:03:47 devel MailScanner[22474]: Enabling SpamAssassin auto-whitelist functionality... Jan 7 16:03:49 devel MailScanner[22474]: I have found clamav scanners installed, and will use them all by default. Jan 7 16:03:49 devel MailScanner[22474]: Using locktype = flock Jan 7 16:03:52 devel MailScanner[22530]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 7 16:03:52 devel MailScanner[22530]: Read 848 hostnames from the phishing whitelist Jan 7 16:03:52 devel MailScanner[22530]: Read 3820 hostnames from the phishing blacklist Jan 7 16:03:52 devel MailScanner[22530]: Using SpamAssassin results cache Jan 7 16:03:52 devel MailScanner[22530]: Connected to SpamAssassin cache database Jan 7 16:03:52 devel MailScanner[22530]: Enabling SpamAssassin auto-whitelist functionality... Jan 7 16:03:54 devel MailScanner[22530]: I have found clamav scanners installed, and will use them all by default. Jan 7 16:03:54 devel MailScanner[22530]: Using locktype = flock Jan 7 16:03:57 devel MailScanner[22586]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 7 16:03:57 devel MailScanner[22586]: Read 848 hostnames from the phishing whitelist Jan 7 16:03:57 devel MailScanner[22586]: Read 3820 hostnames from the phishing blacklist Jan 7 16:03:57 devel MailScanner[22586]: Using SpamAssassin results cache Jan 7 16:03:57 devel MailScanner[22586]: Connected to SpamAssassin cache database Jan 7 16:03:57 devel MailScanner[22586]: Enabling SpamAssassin auto-whitelist functionality... Jan 7 16:03:59 devel MailScanner[22586]: I have found clamav scanners installed, and will use them all by default. Jan 7 16:03:59 devel MailScanner[22586]: Using locktype = flock thanks From maillists at conactive.com Wed Jan 7 14:41:49 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 14:42:15 2009 Subject: [mkettler_sa@verizon.net: {?} Change the score of BAYES_9*] In-Reply-To: <20090107132937.GA15610@doctor.nl2k.ab.ca> References: <20090107015134.GA19127@doctor.nl2k.ab.ca> <20090107123519.GB9053@doctor.nl2k.ab.ca> <20090107132937.GA15610@doctor.nl2k.ab.ca> Message-ID: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of the wrote on Wed, 7 Jan 2009 06:29:38 -0700: > I was referring to the point hey make about MAilSCanner. you were not referring to anything, you just forwarded something without any further explanation. If you have a question please start a new thread and ask in a way everybody understands. And you may want to provide some details. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From steve.freegard at fsl.com Wed Jan 7 15:07:58 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Wed Jan 7 15:08:08 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964BD19.2040607@otenet.gr> References: <4964BD19.2040607@otenet.gr> Message-ID: <4964C54E.5040400@fsl.com> memmas wrote: > I'm using slackware 12.2 > postfix 2.5.5 > ClamAV 0.94.2 > Spamassassin 3.2.5 > > after upgrade to 4.74 (same applies to beta) I get a loop in mail log > and nothing happening, mail are stuck in queue. > Run - 'MailScanner --debug' and post the output. Regards, Steve. From MailScanner at ecs.soton.ac.uk Wed Jan 7 15:10:16 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 15:10:38 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <20090107135302.6cf5ca15@btj-laptop.asp-as.no> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> Message-ID: <4964C5D8.3080308@ecs.soton.ac.uk> You might want to try 4.74.15-1 as I have just released that and it contains a better version of the fix I have given you. If you do try it, please let me know if it works okay. On 7/1/09 12:53, Bj?rn T Johansen wrote: > Yes, that seems to be working... Thx... :) > > BTJ > > On Wed, 07 Jan 2009 12:38:27 +0000 > Julian Field wrote: > > >> Can you try the attached SA.pm and let me know if it's any better. >> Sorry, file locking problems (as usual!). >> >> >> On 7/1/09 11:46, Bj?rn T Johansen wrote: >> >>> One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue only grew larger...) >>> >>> BTJ >>> >>> On Wed, 07 Jan 2009 11:06:02 +0000 >>> Julian Field wrote: >>> >>> >>> >>>> Attached are two scripts. Both are gzipped to save bandwidth. >>>> "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you >>>> use the "Other Unix" distribution of MailScanner. >>>> "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed >>>> to "mailscanner_create_locks" if you use either of the RPM distributions >>>> of MailScanner. >>>> >>>> Don't forget to make it executable! >>>> cd /usr/sbin >>>> chmod a+rx mailscanner_create_locks >>>> >>>> Please let me know if this fixes the problem. >>>> >>>> On 6/1/09 15:38, Julian Field wrote: >>>> >>>> >>>>> I'll try to remember to check on this one later and get back to you. >>>>> >>>>> On 6/1/09 12:16, Bj?rn T Johansen wrote: >>>>> >>>>> >>>>>> I think MailScanner can run the script, at least I have the >>>>>> following...: >>>>>> (and running the script gives no error messages...) >>>>>> >>>>>> ls /var/spool/MailScanner/incoming/Locks/ -l >>>>>> total 1 >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock >>>>>> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock >>>>>> >>>>>> >>>>>> But MS.bayes.rebuild.lock is missing? >>>>>> >>>>>> >>>>>> >>>>>> BTJ >>>>>> >>>>>> On Tue, 06 Jan 2009 11:56:27 +0000 >>>>>> Julian Field wrote: >>>>>> >>>>>> >>>>>> >>>>>>> On 6/1/09 11:44, Bj?rn T Johansen wrote: >>>>>>> >>>>>>> >>>>>>>> I just ran the install.sh script like I always do... >>>>>>>> I am running on Linux, Ubuntu Server and use the tar.gz >>>>>>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD >>>>>>>> / Other Linux / Other >>>>>>>> Unix ) >>>>>>>> >>>>>>>> >>>>>>>> Do I need to do more? I had version 4.70 before I upgraded.... >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> There's a new script in the bin directory called >>>>>>> mailscanner_create_locks, you need to make sure MailScanner can run >>>>>>> that >>>>>>> from /opt/MailScanner/bin. >>>>>>> >>>>>>> >>>>>>>> BTJ >>>>>>>> >>>>>>>> On Tue, 06 Jan 2009 11:22:04 +0000 >>>>>>>> Julian Field wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> What OS? What distribution of MailScanner? Did you install all the >>>>>>>>> parts >>>>>>>>> of MailScanner, including any new scripts I might have added to the >>>>>>>>> "bin" directory? >>>>>>>>> If you only install half of it, funnily enough it won't work :-) >>>>>>>>> >>>>>>>>> Jules. >>>>>>>>> >>>>>>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> I upgraded to version 4.74 and I now get a lot of these in the >>>>>>>>>> log..: >>>>>>>>>> >>>>>>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 >>>>>>>>>> messages, 7216 bytes >>>>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes >>>>>>>>>> rebuild lock file >>>>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No >>>>>>>>>> such file or directory >>>>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks >>>>>>>>>> could not open >>>>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, >>>>>>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content >>>>>>>>>> Scanning: Starting >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Why? And what can I do to fix this? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> BTJ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Jules >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> Jules >>>>>>> >>>>>>> >>>>>>> >>>>>> = >>>>>> >>>>>> >>>>> Jules >>>>> >>>>> >>>>> >>>> Jules >>>> >>>> >>>> >>> >>> >> Jules >> >> Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 7 15:12:10 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 15:12:57 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> Message-ID: <4964C64A.8040207@ecs.soton.ac.uk> On 7/1/09 12:01, Brian wrote: > Bj?rn T Johansen havleik.no> writes: > > >> One problem... Mail is never delivered with the new lock files.... (never = >> > waited 5 minutes but the queue > >> only grew larger...) >> >> > > Me too. Mail is sitting in the queue. > > Try 4.74.15-1. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 7 15:12:30 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 15:12:58 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964BD19.2040607@otenet.gr> References: <4964BD19.2040607@otenet.gr> Message-ID: <4964C65E.5090504@ecs.soton.ac.uk> Try 4.74.15-1. On 7/1/09 14:32, memmas wrote: > I'm using slackware 12.2 > postfix 2.5.5 > ClamAV 0.94.2 > Spamassassin 3.2.5 > > after upgrade to 4.74 (same applies to beta) I get a loop in mail log > and nothing happening, mail are stuck in queue. > > Jan 7 16:03:47 devel MailScanner[22474]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > Jan 7 16:03:47 devel MailScanner[22474]: Read 848 hostnames from the > phishing whitelist > Jan 7 16:03:47 devel MailScanner[22474]: Read 3820 hostnames from the > phishing blacklist > Jan 7 16:03:47 devel MailScanner[22474]: Using SpamAssassin results > cache > Jan 7 16:03:47 devel MailScanner[22474]: Connected to SpamAssassin > cache database > Jan 7 16:03:47 devel MailScanner[22474]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 7 16:03:49 devel MailScanner[22474]: I have found clamav scanners > installed, and will use them all by default. > Jan 7 16:03:49 devel MailScanner[22474]: Using locktype = flock > Jan 7 16:03:52 devel MailScanner[22530]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > Jan 7 16:03:52 devel MailScanner[22530]: Read 848 hostnames from the > phishing whitelist > Jan 7 16:03:52 devel MailScanner[22530]: Read 3820 hostnames from the > phishing blacklist > Jan 7 16:03:52 devel MailScanner[22530]: Using SpamAssassin results > cache > Jan 7 16:03:52 devel MailScanner[22530]: Connected to SpamAssassin > cache database > Jan 7 16:03:52 devel MailScanner[22530]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 7 16:03:54 devel MailScanner[22530]: I have found clamav scanners > installed, and will use them all by default. > Jan 7 16:03:54 devel MailScanner[22530]: Using locktype = flock > Jan 7 16:03:57 devel MailScanner[22586]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > Jan 7 16:03:57 devel MailScanner[22586]: Read 848 hostnames from the > phishing whitelist > Jan 7 16:03:57 devel MailScanner[22586]: Read 3820 hostnames from the > phishing blacklist > Jan 7 16:03:57 devel MailScanner[22586]: Using SpamAssassin results > cache > Jan 7 16:03:57 devel MailScanner[22586]: Connected to SpamAssassin > cache database > Jan 7 16:03:57 devel MailScanner[22586]: Enabling SpamAssassin > auto-whitelist functionality... > Jan 7 16:03:59 devel MailScanner[22586]: I have found clamav scanners > installed, and will use them all by default. > Jan 7 16:03:59 devel MailScanner[22586]: Using locktype = flock > > thanks Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Wed Jan 7 15:34:18 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Wed Jan 7 15:34:32 2009 Subject: Good config for Mailscanner In-Reply-To: <928434630901070315w2edb25bboee5cb4184a1a68@mail.gmail.com> References: <928434630901070315w2edb25bboee5cb4184a1a68@mail.gmail.com> Message-ID: <72cf361e0901070734k57cb147cqd93158276208c28f@mail.gmail.com> 2009/1/7 ichwan nur hakim : > Hi guys, > > I have ben install Mailscanner in opensuse 10.3 and success, but I am still > receipt much SPAM in my email, how powerful that settingan mainscanner..??? > any advice for SpamasassinScore..??? default value is 10, maybe i must set > to 1 so powerfull. > > Thank's > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > hi theres a section in the wiki about getting the most out of spamassassin. Tuning this can take a little time for you're environment. Alot of people run spam score at 5 and high spam at 10. they deliver below five, tag at 5 and dump at 10. If you can put up a web page with an example email (full headers in mbox format). people can run it over their systems and see which extra rules to add first. -- Martin Hepworth Oxford, UK From memmas at otenet.gr Wed Jan 7 15:35:24 2009 From: memmas at otenet.gr (memmas) Date: Wed Jan 7 15:35:31 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964C54E.5040400@fsl.com> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> Message-ID: <4964CBBC.8090909@otenet.gr> This the output: In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... and pretty much stuck. Try 4.74.15-1 unfortunately the same result. thanks Steve Freegard wrote: > memmas wrote: >> I'm using slackware 12.2 >> postfix 2.5.5 >> ClamAV 0.94.2 >> Spamassassin 3.2.5 >> >> after upgrade to 4.74 (same applies to beta) I get a loop in mail log >> and nothing happening, mail are stuck in queue. >> > > Run - 'MailScanner --debug' and post the output. > > Regards, > Steve. From maillists at conactive.com Wed Jan 7 15:57:43 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 15:57:56 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964C64A.8040207@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964C64A.8040207@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jan 2009 15:12:10 +0000: > Try 4.74.15-1. Applied and working fine. Cannot comment on the specific lock problem, though, as you know ;-) BTW: there's always an errant "error reading information on service sendmail: No such file or directory" on postfix systems. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From gmcgreevy at pwr-sys.com Wed Jan 7 15:56:47 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Wed Jan 7 16:02:10 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com><495FBCAE.60204@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com><496083A2.2090909@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com><72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com><567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3E6@EXCHTEMP.biz.pwr-sys.com> I sent a message to you Kai did you get it? Greg ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kai Schaetzl Sent: Tue 1/6/2009 5:58 AM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner --lint error Greg J. McGreevy wrote on Mon, 5 Jan 2009 22:44:22 -0500: > Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1937 > Unrecognised keyword "spamassassinprefsfile" at line 2789 at /usr/lib/MailScanner/MailScanner/Config.pm > line 1940 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm > line 1945 There is no such option. The only one I can find is "MCP SpamAssassin Prefs File". Is that the one you edited? I find that you are making the same mistake over and over: you post some error and that's it. The *least* you would do with the above is go to line 2789 and show us that line and the surroundings and tell us what you did. (My MailScanner.conf stops at 2788, though.) > > I added the list to the sa-update per your instructions per "whose" instructions? but I have > no idea to tell if it is in fact working you look in /var/lib/spamassassin if it gets filled. It's explained all there where I pointed you earlier: http://wiki.apache.org/spamassassin/RuleUpdates any insight on this would > be helpful also Rules do jour does not appear to be present in my > install so I skipped those steps is that correct? rules du jour is deprecated, one should use channels. Which tutorial did you follow? Again, you make the mistake of not giving any insight of what you really did. I don't see that Martin gave you instructions in this regard and I can't find a section "Getting the most out of Spamassassin" on the MS wiki (although I think I remember there was one). So, what exactly are you referring to? > > Also If I create a new User called spam and have all of my users forward > their spam there to train bayes will that mess up the tests becuse > they will be seen as all forwards? Again from the SA wiki, this may be helpful: http://wiki.apache.org/spamassassin/ResendingMailWithHeaders > I am kind off at my wits end with this and about to throw in the towel. I think you are just not following instructions (whichever you used) careful enough. Or you used the wrong instructions (those corebsd instructions are not how I would do an install on CentOS) or are mixing them (there's often more than one way to do it right, but you usually can't mix them). Also, you don't seem to keep "old working good configuration", so you can easily check where the mistake was made. Anyway, if you are interested, you can contact me under the address I use here and we can arrange something. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 6509 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/ce9f3480/attachment-0001.bin From maillists at conactive.com Wed Jan 7 16:02:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 16:02:33 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964CBBC.8090909@otenet.gr> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> Message-ID: might be helpful to know from which version you upgraded and how you make postfix and mailscanner work together. (I remember there where at least two methods in the past.) You had these already running for a while with your last MS setup? postfix 2.5.5 ClamAV 0.94.2 Spamassassin 3.2.5 Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jan 7 16:12:46 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 16:13:07 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964CBBC.8090909@otenet.gr> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> Message-ID: <4964D47E.6060501@ecs.soton.ac.uk> On 7/1/09 15:35, memmas wrote: > This the output: > > In Debugging mode, not forking... > Trying to setlogsock(unix) > Building a message batch to scan... > > and pretty much stuck. > > Try 4.74.15-1 unfortunately the same result. And you've properly installed it all, including the mailscanner_create_locks script and everything? Do a "MailScanner --lint" for us, and tell us what distribution you are using, what operating system, stuff like that. > > thanks > Steve Freegard wrote: >> memmas wrote: >>> I'm using slackware 12.2 >>> postfix 2.5.5 >>> ClamAV 0.94.2 >>> Spamassassin 3.2.5 >>> >>> after upgrade to 4.74 (same applies to beta) I get a loop in mail >>> log and nothing happening, mail are stuck in queue. >>> >> >> Run - 'MailScanner --debug' and post the output. >> >> Regards, >> Steve. > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Wed Jan 7 16:13:34 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 16:13:53 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964C64A.8040207@ecs.soton.ac.uk> Message-ID: <4964D4AE.8070701@ecs.soton.ac.uk> On 7/1/09 15:57, Kai Schaetzl wrote: > Julian Field wrote on Wed, 07 Jan 2009 15:12:10 +0000: > > >> Try 4.74.15-1. >> > > Applied and working fine. Cannot comment on the specific lock problem, > though, as you know ;-) > BTW: there's always an errant "error reading information on service > sendmail: No such file or directory" on postfix systems. > What generates that and when? Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Wed Jan 7 17:05:34 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 17:05:46 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964D4AE.8070701@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964C64A.8040207@ecs.soton.ac.uk> <4964D4AE.8070701@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jan 2009 16:13:34 +0000: > > BTW: there's always an errant "error reading information on service > > sendmail: No such file or directory" on postfix systems. > > > What generates that and when? The mailscanner*.rpm when upgrading an installation that has postfix as MTA installed. If I remember right the rpm isn't able to adjust the MailScanner.conf correctly, either, when you install it the first time. e.g. it sets MTA = sendmail, although the installed MTA is postfix. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From memmas at otenet.gr Wed Jan 7 17:12:41 2009 From: memmas at otenet.gr (memmas) Date: Wed Jan 7 17:12:49 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> Message-ID: <4964E289.2030404@otenet.gr> Now it's running, Something went wrong when copying old configs to new MailScanner probably. MailScanner --lint gave some errors but it's working. I'm upgrading from 4.73.4-2. My system was up and running before the upgrade with same versions of clamav and spamassassin. I 'm using Clamd not the Mail::ClamAV perl module Spamassassin 3.2.5 perl 5.10.0 slackware packages MailScanner --debug still stucks though. The output of MailScanner --lint was: Trying to setlogsock(unix) Read 848 hostnames from the phishing whitelist Read 4020 hostnames from the phishing blacklist Checking version numbers... Version installed (4.74.15) does not match version stated in MailScanner.conf file (4.74.13), you may want to run upgrade_MailScanner_conf to ensure your MailScanner.conf file contains all the latest settings. MailScanner setting GID to (76) MailScanner setting UID to (76) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": razorhome = /var/spool/MailScanner/razor/ config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": logfile = razor-agent.log SpamAssassin reported an error. I have found clamd scanners installed, and will use them all by default. Using locktype = posix MailScanner.conf says "Virus Scanners = auto" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting ERROR::Permissions Problem. Clamd was denied access to /var/spool/MailScanner/incoming/18354 =========================================================================== If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. -------------------------------- thanks Kai Schaetzl wrote: > might be helpful to know from which version you upgraded and how you make > postfix and mailscanner work together. (I remember there where at least > two methods in the past.) You had these already running for a while with > your last MS setup? > postfix 2.5.5 > ClamAV 0.94.2 > Spamassassin 3.2.5 > > Kai > > From maillists at conactive.com Wed Jan 7 17:28:59 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 17:29:12 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964E289.2030404@otenet.gr> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> Message-ID: Memmas wrote on Wed, 07 Jan 2009 19:12:41 +0200: > MailScanner.conf file (4.74.13), you may want to run > upgrade_MailScanner_conf you may want ;-) > config: failed to parse line, skipping, in > "/etc/mail/spamassassin/local.cf": razorhome = /var/spool/MailScanner/razor/ > config: failed to parse line, skipping, in > "/etc/mail/spamassassin/local.cf": logfile = razor-agent.log I'm not using razor. Either you didn't enable the razor plugin or that syntax is wrong. Also, you should compare local.cf and MailScanner's own spamassassin.prefs.conf for duplicates. (or you may want to stop using one of the two files.) > ERROR::Permissions Problem. Clamd was denied access to > /var/spool/MailScanner/incoming/18354 read http://wiki.mailscanner.info/doku.php? id=documentation:anti_virus:clamav:switch_to_rpm_clamd Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From memmas at otenet.gr Wed Jan 7 17:53:29 2009 From: memmas at otenet.gr (memmas) Date: Wed Jan 7 17:53:37 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> Message-ID: <4964EC19.8090304@otenet.gr> Kai Schaetzl wrote: >> config: failed to parse line, skipping, in >> "/etc/mail/spamassassin/local.cf": razorhome = /var/spool/MailScanner/razor/ >> config: failed to parse line, skipping, in >> "/etc/mail/spamassassin/local.cf": logfile = razor-agent.log >> > > I'm not using razor. Either you didn't enable the razor plugin or that syntax > is wrong. Also, you should compare local.cf and MailScanner's own > spamassassin.prefs.conf for duplicates. (or you may want to stop using one of > the two files.) > > actually only razor_config /var/spool/MailScanner/razor/razor.conf is needed. other options are in spam.assassin.prefs.conf >> ERROR::Permissions Problem. Clamd was denied access to >> /var/spool/MailScanner/incoming/18354 >> > > read http://wiki.mailscanner.info/doku.php? > id=documentation:anti_virus:clamav:switch_to_rpm_clamd > > Thanks I used Incoming Work User = clamav instead of Incoming Work Group = clamav Well now all working and 'MailScanner --lint' gives no errors. 'MailScanner --debug' still stuck, Should I worry about it? Thanks everyone for your help. memmas From maillists at conactive.com Wed Jan 7 18:05:51 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 18:06:05 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964EC19.8090304@otenet.gr> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> <4964EC19.8090304@otenet.gr> Message-ID: Memmas wrote on Wed, 07 Jan 2009 19:53:29 +0200: > 'MailScanner --debug' still stuck, Should I worry about it? If I recall correctly, you have to stop the MailScanner daemon, put something in the queue and then start MailScanner --debug. If there is nothing to scan it may well appear to be stuck with --debug. I think Julian recently added an option to specify a different queue directory. With that you could keep MS running and debug at the same time. If mail flows and everything seems to be fine what you see with MailScanner --debug is just to be expected I'd say. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Wed Jan 7 18:15:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 18:15:55 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> <4964EC19.8090304@otenet.gr> Message-ID: <4964F144.8010001@ecs.soton.ac.uk> On 7/1/09 18:05, Kai Schaetzl wrote: > Memmas wrote on Wed, 07 Jan 2009 19:53:29 +0200: > > >> 'MailScanner --debug' still stuck, Should I worry about it? >> > > If I recall correctly, you have to stop the MailScanner daemon, put > something in the queue and then start MailScanner --debug. If there is > nothing to scan it may well appear to be stuck with --debug. Correct. It will sit and wait for some mail to come in, but if you have done a "service MailScanner stop" then no mail will come in. > I think > Julian recently added an option to specify a different queue directory. > Run "MailScanner --help" to see all the command-line options. > With that you could keep MS running and debug at the same time. > If mail flows and everything seems to be fine what you see with > MailScanner --debug is just to be expected I'd say. > You can run "service MailScanner startin" which starts up the MTA (postfix/sendmail/whatever) so that mail can come in, then run "MailScanner --debug" to process 1 batch of incoming mail and then stop. Once everything is working happily, just do "service MailScanner restart" to start up everything normally. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From memmas at otenet.gr Wed Jan 7 18:57:56 2009 From: memmas at otenet.gr (memmas) Date: Wed Jan 7 18:58:03 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964F144.8010001@ecs.soton.ac.uk> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> <4964EC19.8090304@otenet.gr> <4964F144.8010001@ecs.soton.ac.uk> Message-ID: <4964FB34.4050206@otenet.gr> MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Building a message batch to scan... Have a batch of 1 message. max message size is '200k' Stopping now as you are debugging me. So everything work fine. Thank you memmas Julian Field wrote: > > > On 7/1/09 18:05, Kai Schaetzl wrote: >> Memmas wrote on Wed, 07 Jan 2009 19:53:29 +0200: >> >> >>> 'MailScanner --debug' still stuck, Should I worry about it? >>> >> >> If I recall correctly, you have to stop the MailScanner daemon, put >> something in the queue and then start MailScanner --debug. If there is >> nothing to scan it may well appear to be stuck with --debug. > Correct. It will sit and wait for some mail to come in, but if you > have done a "service MailScanner stop" then no mail will come in. >> I think >> Julian recently added an option to specify a different queue directory. >> > Run "MailScanner --help" to see all the command-line options. >> With that you could keep MS running and debug at the same time. >> If mail flows and everything seems to be fine what you see with >> MailScanner --debug is just to be expected I'd say. >> > You can run "service MailScanner startin" which starts up the MTA > (postfix/sendmail/whatever) so that mail can come in, then run > "MailScanner --debug" to process 1 batch of incoming mail and then > stop. Once everything is working happily, just do "service MailScanner > restart" to start up everything normally. > > Jules > From maillists at conactive.com Wed Jan 7 19:23:26 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 19:23:39 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: <4964F144.8010001@ecs.soton.ac.uk> References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> <4964EC19.8090304@otenet.gr> <4964F144.8010001@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Wed, 07 Jan 2009 18:15:32 +0000: > You can run "service MailScanner startin" or just service MailScanner stopms when everything is running? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From cooper at hmcnetworks.com Wed Jan 7 19:55:16 2009 From: cooper at hmcnetworks.com (Al Cooper) Date: Wed Jan 7 19:57:13 2009 Subject: Blocking incoming email address to one domain Message-ID: <023b01c97101$dd1a15b0$974e4110$@com> Good Afternoon, I have MailScanner 4.68.8 running on a multi-domain mail server. One of my domains wants to block one email address from being delivered to that domain only. The same email address needs to be delivered to all my other domains. Is it possible to do this through MailScanner? If yes, what is the best way to do this. Thanks for any help you can offer, Al From MailScanner at ecs.soton.ac.uk Wed Jan 7 20:01:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 20:01:30 2009 Subject: After upgrade to MS 4.74 mails are stuck in queue. In-Reply-To: References: <4964BD19.2040607@otenet.gr> <4964C54E.5040400@fsl.com> <4964CBBC.8090909@otenet.gr> <4964E289.2030404@otenet.gr> <4964EC19.8090304@otenet.gr> <4964F144.8010001@ecs.soton.ac.uk> Message-ID: <49650A04.6080506@ecs.soton.ac.uk> On 7/1/09 19:23, Kai Schaetzl wrote: > Julian Field wrote on Wed, 07 Jan 2009 18:15:32 +0000: > > >> You can run "service MailScanner startin" >> > > or just service MailScanner stopms when everything is running? > True. I always forget that one :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From shuttlebox at gmail.com Wed Jan 7 20:24:32 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Wed Jan 7 20:24:41 2009 Subject: Blocking incoming email address to one domain In-Reply-To: <023b01c97101$dd1a15b0$974e4110$@com> References: <023b01c97101$dd1a15b0$974e4110$@com> Message-ID: <625385e30901071224m348b45d7q3d79c1625f2f79ae@mail.gmail.com> On Wed, Jan 7, 2009 at 8:55 PM, Al Cooper wrote: > Good Afternoon, > > I have MailScanner 4.68.8 running on a multi-domain mail server. One of my > domains wants to block one email address from being delivered to that domain > only. The same email address needs to be delivered to all my other domains. > Is it possible to do this through MailScanner? If yes, what is the best way > to do this. Rulesets. Look at the readme and example files that came with MailScanner. -- /peter From maillists at conactive.com Wed Jan 7 20:30:28 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Wed Jan 7 20:30:39 2009 Subject: Blocking incoming email address to one domain In-Reply-To: <023b01c97101$dd1a15b0$974e4110$@com> References: <023b01c97101$dd1a15b0$974e4110$@com> Message-ID: Al Cooper wrote on Wed, 7 Jan 2009 12:55:16 -0700: > If yes, what is the best way > to do this. http://wiki.mailscanner.info/doku.php? id=documentation:configuration:rulesets:examples&s=blacklist (this is the same es the EXAMPLES file that got installed with MailScanner!) look at 2 and 8. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From ssilva at sgvwater.com Wed Jan 7 20:31:16 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 7 20:31:42 2009 Subject: Barracude BRBL ?? In-Reply-To: <4963FD60.1080306@pacific.net> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> <4963FD60.1080306@pacific.net> Message-ID: on 1-6-2009 4:54 PM Ken A spake the following: > Scott Silva wrote: >> >>> I did that too, and must say that 70-80% of all messages tagged by BRBL >>> with a low test score are ham, the other 20-30% are really spam. With a >>> low score that might be good to lift up the real spams, so that they >>> don?t slip under the required SA score. >>> >>> But with this rate, I will never use this RBL in my policyd-weight >>> setup. >>> >> Strange, because for the 24 or so hours I have been running it, I'm >> hitting >> over 97% spam. >> >> I haven't looked at the other 3 % to see if it is actually ham or FN's. >> >> Good enough for me to add more than half a point, but not more than 3 >> points. >> >> I don't want this one list too strong unless I can hit 100%. >> >> > > We see pretty good results from BRBL too, but there are some FPs. We > have home and business dialup and dsl (ISP) users. I've found it's good > in META with Botnet rules. META with DCC and Razor also hits good, but > may FP once in a while. > > Ken > > I usually set my roamers to either auth, or use the webmail system if they are out and about. One of our attorneys was so firewalled by his ISP I had to set up a vpn for him while he was recouping from some surgery. I guess nothing is perfect, and it is too bad that we have to jump through all these hoops just to stop some bastard from flooding your users with fake v1@gr@ spams. Just how many people are that stupid to actually BUY something from these bozo's? I am in the wrong line of work! ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/bf6829a1/signature.bin From traced at xpear.de Wed Jan 7 20:43:08 2009 From: traced at xpear.de (traced) Date: Wed Jan 7 20:43:21 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> <4963FD60.1080306@pacific.net> Message-ID: <496513DC.3090207@xpear.de> Scott Silva schrieb: > on 1-6-2009 4:54 PM Ken A spake the following: >> Scott Silva wrote: >>> > > I guess nothing is perfect, and it is too bad that we have to jump through all > these hoops just to stop some bastard from flooding your users with fake > v1@gr@ spams. Just how many people are that stupid to actually BUY something > from these bozo's? > I am in the wrong line of work! ;-P > > > If just one of the million recipients is so stupid, the spammers are happy. Sending millions of mails is very low at cost I think when you have some botnets working for you. I read a few days ago that 1,5 million addresses (maybe the most are "cold") only cost about 100-150US$. Bastian From dgottsc at emory.edu Wed Jan 7 21:00:38 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Wed Jan 7 21:00:47 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4963D91A.9060304@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> Message-ID: Julian, Thanks for posting this! This is going to make my life a lot easier. I plan on installing it on all of my machines with mailscanner. I'll let you know how well it works. I've got it installed on one machine right now, I'm just trying to figure out how to get the spam assassin rule actions to work properly right now. For some reason it's not following the rule actions even though it matches it. David Gottschalk Emory University UTS Messaging Team -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Tuesday, January 06, 2009 5:20 PM To: MailScanner discussion Subject: Anti-spear-phishing, round 2 I have done a load of work on my script that uses the anti-spear-phishing addresses database. The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) Cheers, Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From ssilva at sgvwater.com Wed Jan 7 21:16:30 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 7 21:16:48 2009 Subject: Barracude BRBL ?? In-Reply-To: <496513DC.3090207@xpear.de> References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> <4963FD60.1080306@pacific.net> <496513DC.3090207@xpear.de> Message-ID: on 1-7-2009 12:43 PM traced spake the following: > > > Scott Silva schrieb: >> on 1-6-2009 4:54 PM Ken A spake the following: >>> Scott Silva wrote: >>>> >> >> I guess nothing is perfect, and it is too bad that we have to jump >> through all >> these hoops just to stop some bastard from flooding your users with fake >> v1@gr@ spams. Just how many people are that stupid to actually BUY >> something >> from these bozo's? >> I am in the wrong line of work! ;-P >> >> >> > > If just one of the million recipients is so stupid, the spammers are > happy. Then we need to beat that one guy! ;-P It has to be a guy, because why would a woman want v1@gr@? Sending millions of mails is very low at cost I think when you > have some botnets working for you. I read a few days ago that 1,5 > million addresses (maybe the most are "cold") only cost about 100-150US$. > It looks like selling the lists is the big business! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/6d0af303/signature.bin From ssilva at sgvwater.com Wed Jan 7 21:19:55 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Wed Jan 7 21:25:14 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964C5D8.3080308@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> Message-ID: on 1-7-2009 7:10 AM Julian Field spake the following: > You might want to try 4.74.15-1 as I have just released that and it > contains a better version of the fix I have given you. > > If you do try it, please let me know if it works okay. > This was a fairly major change to MailScanner. You have to expect a few bugs. I am one of the lucky ones who run sendmail, so I didn't have any problems. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/31cf53b6/signature.bin From steve.swaney at fsl.com Wed Jan 7 21:36:50 2009 From: steve.swaney at fsl.com (Stephen Swaney) Date: Wed Jan 7 21:37:01 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> <4963FD60.1080306@pacific.net> <496513DC.3090207@xpear.de> Message-ID: <0a3201c97110$0ca33dd0$25e9b970$@swaney@fsl.com> > > > Sending millions of mails is very low at cost I think when you > > have some botnets working for you. I read a few days ago that 1,5 > > million addresses (maybe the most are "cold") only cost about 100- > 150US$. > > > It looks like selling the lists is the big business! > Not really. Here's a recent, accurate and interesting article on how the spam business works :) http://www.washingtonpost.com/wp-dyn/content/article/2008/12/12/AR2008121203445.html Steve Steve Swaney steve@fsl.com www.fsl.com The most cost effective and accurate anti-spam solutions From MailScanner at ecs.soton.ac.uk Wed Jan 7 22:14:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Wed Jan 7 22:14:27 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> Message-ID: <4965292E.1070209@ecs.soton.ac.uk> On 7/1/09 21:00, Gottschalk, David wrote: > Julian, > Thanks for posting this! This is going to make my life a lot easier. I plan on installing it on all of my machines with mailscanner. I'll let you know how well it works. I've got it installed on one machine right now, I'm just trying to figure out how to get the spam assassin rule actions to work properly right now. For some reason it's not following the rule actions even though it matches it. > Check your maillog, that will show if anything is wrong. Don't put a comma in the text of the header for starters, it breaks my parser :-( If you get really stuck, feel free to ask for help :) Jules. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, January 06, 2009 5:20 PM > To: MailScanner discussion > Subject: Anti-spear-phishing, round 2 > > I have done a load of work on my script that uses the anti-spear-phishing addresses database. > > The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. > > I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! > > I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. > > It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... > > You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. > > It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. > > It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. > > The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. > > My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. > > Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) > > Cheers, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From traced at xpear.de Wed Jan 7 23:25:22 2009 From: traced at xpear.de (traced) Date: Wed Jan 7 23:25:36 2009 Subject: Barracude BRBL ?? In-Reply-To: References: <4960EF7002000000000334D2@gw.caspercollege.edu> <4963B58E.4020806@xpear.de> <4963FD60.1080306@pacific.net> <496513DC.3090207@xpear.de> Message-ID: <496539E2.4070704@xpear.de> Scott Silva schrieb: > on 1-7-2009 12:43 PM traced spake the following: >> >> Scott Silva schrieb: >>> on 1-6-2009 4:54 PM Ken A spake the following: >>>> Scott Silva wrote: >>>>> >>> I guess nothing is perfect, and it is too bad that we have to jump >>> through all >>> these hoops just to stop some bastard from flooding your users with fake >>> v1@gr@ spams. Just how many people are that stupid to actually BUY >>> something >>> from these bozo's? >>> I am in the wrong line of work! ;-P >>> >>> >>> >> If just one of the million recipients is so stupid, the spammers are >> happy. > > Then we need to beat that one guy! ;-P > It has to be a guy, because why would a woman want v1@gr@? > > > Sending millions of mails is very low at cost I think when you >> have some botnets working for you. I read a few days ago that 1,5 >> million addresses (maybe the most are "cold") only cost about 100-150US$. >> > It looks like selling the lists is the big business! > > > Perhaps we should take our hard learned knowledge, and switch over to "the dark side" :) Hey, they have cookies! ^^ From rob at robhq.com Thu Jan 8 00:49:16 2009 From: rob at robhq.com (Rob Freeman) Date: Thu Jan 8 00:49:25 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4965292E.1070209@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> Message-ID: Sorry I missed this, and I did try to go back in the mailing list and try to download it, but it just came back as a .bin file here in firefox to download. Can someone provide a link? Thanks in advance Rob On Wed, Jan 7, 2009 at 4:14 PM, Julian Field wrote: > > > On 7/1/09 21:00, Gottschalk, David wrote: > >> Julian, >> Thanks for posting this! This is going to make my life a lot easier. I >> plan on installing it on all of my machines with mailscanner. I'll let you >> know how well it works. I've got it installed on one machine right now, I'm >> just trying to figure out how to get the spam assassin rule actions to work >> properly right now. For some reason it's not following the rule actions even >> though it matches it. >> >> > Check your maillog, that will show if anything is wrong. Don't put a comma > in the text of the header for starters, it breaks my parser :-( > > If you get really stuck, feel free to ask for help :) > > Jules. > > -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto: >> mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Tuesday, January 06, 2009 5:20 PM >> To: MailScanner discussion >> Subject: Anti-spear-phishing, round 2 >> >> I have done a load of work on my script that uses the anti-spear-phishing >> addresses database. >> >> The main thing is now that it is pretty much a finished script, and is >> directly usable by you guys without you having to do much to it except read >> the settings at the top and tweak the filenames if you want to change where >> it puts things. >> >> I have taken a lot of care to ensure that this won't match any false >> alarms, I don't just dumbly look for the strings in any surrounding text, >> which certain commercial AV vendors have been caught doing in the past! >> >> I make a suggestion in the comments at the top of the script about how I >> use the rule within MailScanner, you probably want to do something similar, >> and not just delete anything that matches, just in case you do get any false >> alarms. >> >> It also looks for numbers at the end of the username bit of the address, >> and assumes that these are numbers which the scammers may change; so if it >> finds them, it replaces them with a pattern that will match any number >> instead. There's starting to be a lot of this about, as it's the easiest way >> for the scammers to try to defeat simple address lists targeted against >> them, while still being able to remember what addresses they have to check >> for replies from your dumb users. :-) I thought I would make it a tiny bit >> harder for them... >> >> You can also add addresses of your own (which can include "*" as a >> wildcard character to mean "any series of valid characters" in the email >> address), one address per line, in an optional extra file. Again, read the >> top of the script and you'll see it mentioned there. That file is optional, >> it doesn't matter if it doesn't exist. As a starter, you might want to put m >> i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in >> that file, as it will nicely catch a lot of "Job opportunity" spams. >> >> It looks for any of these addresses appearing **anywhere** in the message, >> not just in the headers. So if you start talking to people about these >> addresses, don't be surprised when the messages get caught by the trap. >> >> It does a "wget", so make sure you have that binary installed, or else >> change the script to fetch the file by some other means. >> >> The very end of the script does a "service MailScanner restart", so if you >> need some other command to restart MailScanner, then edit it for your >> system. It needs to be a "restart" and not a "reload" as I have to force it >> to re-build the database of SpamAssassin rules. >> >> My aim was that, on a RedHat system running MailScanner, you could just >> copy the script into /etc/cron.hourly and make it executable, and it will >> just get on with the job for you. I do advise you read the bit in the script >> about "SpamAssassin Rule Actions" though. >> >> Please do let me know how you would like me to improve it, and tell me >> what you think of it in general (be polite, now! :-) >> >> Cheers, >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP >> public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and dangerous content by >> MailScanner, and is believed to be clean. >> >> >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090107/2fae3068/attachment.html From john at tradoc.fr Thu Jan 8 08:26:43 2009 From: john at tradoc.fr (John Wilcock) Date: Thu Jan 8 08:26:58 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964C5D8.3080308@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> Message-ID: <4965B8C3.6080001@tradoc.fr> Le 07/01/2009 16:10, Julian Field a ?crit : > You might want to try 4.74.15-1 as I have just released that and it > contains a better version of the fix I have given you. I've just tried that on my newly-installed gentoo box - MS doesn't process mail; MailScanner --debug gives Can't locate object method "rewind" via package "FileHandle" at /usr/lib/MailScanner/MailScanner/SA.pm line 457 MailScanner --version (full output attached just in case) tells me that I have version 2.01 of the FileHandle module, which on gentoo at least is provided by the main perl package, of which I'm running the latest version (5.8.8-r5). Anything else to check? John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr -------------- next part -------------- This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.17 bignum 1.04 Carp 2.015 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.21 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.22 IO 1.13 IO::File 1.13 IO::Pipe 1.77 Mail::Header 1.77 Math::BigInt 0.15 Math::BigRat 3.07 MIME::Base64 5.420 MIME::Decoder 5.420 MIME::Decoder::UU 5.420 MIME::Head 5.420 MIME::Parser 3.07 MIME::QuotedPrint 5.420 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.14 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 2.16 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.40 Archive::Tar 0.17 bignum missing Business::ISBN missing Business::ISBN::Data missing Data::Dump 1.815 DB_File 1.14 DBD::SQLite 1.601 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 missing Encode::Detect missing Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long missing Inline 1.08 IO::String 1.07 IO::Zlib 2.23 IP::Country missing Mail::ClamAV 3.002005 Mail::SpamAssassin missing Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS missing Net::DNS::Resolver::Programmable missing Net::LDAP missing NetAddr::IP missing Parse::RecDescent missing SAVI 2.64 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.35 URI missing version 0.65 YAML From MailScanner at ecs.soton.ac.uk Thu Jan 8 09:29:55 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 8 09:30:15 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965B8C3.6080001@tradoc.fr> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> Message-ID: <4965C793.7010105@ecs.soton.ac.uk> On 8/1/09 08:26, John Wilcock wrote: > Le 07/01/2009 16:10, Julian Field a ?crit : >> You might want to try 4.74.15-1 as I have just released that and it >> contains a better version of the fix I have given you. > > I've just tried that on my newly-installed gentoo box - MS doesn't > process mail; MailScanner --debug gives > > Can't locate object method "rewind" via package "FileHandle" at > /usr/lib/MailScanner/MailScanner/SA.pm line 457 > I've changed the "rewind" to "setpos(0,0)" and attached a new SA.pm for you to try. Please let me know if this fixes the problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: SA.pm.zip Type: application/zip Size: 12948 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/812fd7c5/SA.pm.zip From john at tradoc.fr Thu Jan 8 10:06:40 2009 From: john at tradoc.fr (John Wilcock) Date: Thu Jan 8 10:06:52 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965C793.7010105@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965C793.7010105@ecs.soton.ac.uk> Message-ID: <4965D030.6030807@tradoc.fr> Le 08/01/2009 10:29, Julian Field a ?crit : >> Can't locate object method "rewind" via package "FileHandle" at >> /usr/lib/MailScanner/MailScanner/SA.pm line 457 >> > I've changed the "rewind" to "setpos(0,0)" and attached a new SA.pm for > you to try. Please let me know if this fixes the problem. 'fraid not. Usage: IO::Seekable::setpos(handle, pos) at /usr/lib/MailScanner/MailScanner/SA.pm line 457. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From MailScanner at ecs.soton.ac.uk Thu Jan 8 10:34:23 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 8 10:34:49 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965D030.6030807@tradoc.fr> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965C793.7010105@ecs.soton.ac.uk> <4965D030.6030807@tradoc.fr> Message-ID: <4965D6AF.8010608@ecs.soton.ac.uk> On 8/1/09 10:06, John Wilcock wrote: > Le 08/01/2009 10:29, Julian Field a ?crit : >>> Can't locate object method "rewind" via package "FileHandle" at >>> /usr/lib/MailScanner/MailScanner/SA.pm line 457 >>> >> I've changed the "rewind" to "setpos(0,0)" and attached a new SA.pm for >> you to try. Please let me know if this fixes the problem. > > 'fraid not. > > Usage: IO::Seekable::setpos(handle, pos) at > /usr/lib/MailScanner/MailScanner/SA.pm line 457. Idiot :-( (me, that is) Do a search and replace in that file and change "setpos" to "seek". Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From john at tradoc.fr Thu Jan 8 12:23:40 2009 From: john at tradoc.fr (John Wilcock) Date: Thu Jan 8 12:23:59 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965D6AF.8010608@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965C793.7010105@ecs.soton.ac.uk> <4965D030.6030807@tradoc.fr> <4965D6AF.8010608@ecs.soton.ac.uk> Message-ID: <4965F04C.4050706@tradoc.fr> Le 08/01/2009 11:34, Julian Field a ?crit : >> Usage: IO::Seekable::setpos(handle, pos) at >> /usr/lib/MailScanner/MailScanner/SA.pm line 457. > Idiot :-( (me, that is) > > Do a search and replace in that file and change "setpos" to "seek". That's more like it! Thanks Jules - and may the New Year bring what you're waiting for... John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maillists at conactive.com Thu Jan 8 12:31:14 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 12:31:26 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965F04C.4050706@tradoc.fr> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965F04C.4050706@tradoc.fr Message-ID: > Reply-To: mailscanner@lists.mailscanner.info John Wilcock wrote on Thu, 08 Jan 2009 13:23:40 +0100: > That's more like it! Nevertheless, you may want to stop rebuilding Bayes during heavy production hours and move it to a nightly cron job. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From submit at zuka.net Thu Jan 8 12:13:34 2009 From: submit at zuka.net (submit@zuka.net) Date: Thu Jan 8 13:44:57 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 Message-ID: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> Right off the top I need to ask you all to bear with me. I have not had to administer my email server in a number of years as I had another person doing it. Now, he has left and so here I am trying to make this work and at this point, no mail is flowing but the mail queue is growing. I updated MailScanner and Clam/Spamassassin using Julian's install routines. All seemed to go OK but the mail queue seems to be stuck and I have a few errors when I lint the install. I know some other have had some issues with the mail queue after this upgrade but I am not sure it is the same issues here. I have been up all night trying to get this to work so I really could use some help with this. Here is the output of MailScanner --lint [root@rosewood ~]# MailScanner --lint Trying to setlogsock(unix) Read 848 hostnames from the phishing whitelist Read 4096 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 3 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 60 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.74.13) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (80) MailScanner setting UID to (80) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied ... obviously this one is an issue but not sure why it cannot access it. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file config: configuration file "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe you need to use the -C switch, or remove the old config files? Skipping this file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. .... and then a bunch more of the preceeding errors SpamAssassin reported an error. Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist MailScanner -V Running on Linux rosewood.zuka.net 2.6.9-34.ELsmp #1 SMP Thu Mar 9 06:23:23 GMT 2006 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 4.3 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.74.13 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.02 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.10 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML I really could use some help here. Really need sleep but will have some clients yelling because they are not receiving email. Thanks Dave From Denis.Beauchemin at USherbrooke.ca Thu Jan 8 13:58:29 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 8 13:58:48 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> Message-ID: <49660685.80304@USherbrooke.ca> submit@zuka.net a ?crit : > Right off the top I need to ask you all to bear with me. I have not > had to administer my email server in a number of years as I had > another person doing it. Now, he has left and so here I am trying to > make this work and at this point, no mail is flowing but the mail > queue is growing. > > I updated MailScanner and Clam/Spamassassin using Julian's install > routines. All seemed to go OK but the mail queue seems to be stuck and > I have a few errors when I lint the install. I know some other have > had some issues with the mail queue after this upgrade but I am not > sure it is the same issues here. I have been up all night trying to > get this to work so I really could use some help with this. > > Here is the output of MailScanner --lint > > [root@rosewood ~]# MailScanner --lint > Trying to setlogsock(unix) > Read 848 hostnames from the phishing whitelist > Read 4096 hostnames from the phishing blacklist > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 3 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 60 whitelist entries > Checking version numbers... > Version number in MailScanner.conf (4.74.13) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (80) > MailScanner setting UID to (80) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: path "//.spamassassin/user_prefs" is inaccessible: Permission > denied > > ... obviously this one is an issue but not sure why it cannot access it. > > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" > requires version 3.002003 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" > requires version 3.002003 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" > requires version 3.002003 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" > requires version 3.002003 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file > config: configuration file > "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" > requires version 3.002003 of SpamAssassin, but this is code version > 3.002005. Maybe you need to use the -C switch, or remove the old > config files? Skipping this file at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line 372. > Dave, On my RHEL 4.6 server my SA files are located in /var/lib/spamassassin, so I would delete the ones in /etc/mail/spamassassin/updates* For your permission problem, you must be usins Postfix so try to access the file under the postfix user. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From MailScanner at ecs.soton.ac.uk Thu Jan 8 14:12:35 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 8 14:12:57 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4965F04C.4050706@tradoc.fr> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965C793.7010105@ecs.soton.ac.uk> <4965D030.6030807@tradoc.fr> <4965D6AF.8010608@ecs.soton.ac.uk> <4965F04C.4050706@tradoc.fr> Message-ID: <496609D3.2000501@ecs.soton.ac.uk> On 8/1/09 12:23, John Wilcock wrote: > Le 08/01/2009 11:34, Julian Field a ?crit : >>> Usage: IO::Seekable::setpos(handle, pos) at >>> /usr/lib/MailScanner/MailScanner/SA.pm line 457. >> Idiot :-( (me, that is) >> >> Do a search and replace in that file and change "setpos" to "seek". > > That's more like it! Brilliant. Please can you download and try out 4.74.15-2 which should just incorporate that fix, and let me know that everything works now? > > Thanks Jules - and may the New Year bring what you're waiting for... Many thanks for that! I may have some news for you next week... Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.filchak at senecac.on.ca Thu Jan 8 14:27:35 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 14:27:45 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49660685.80304@USherbrooke.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> Message-ID: <49660D57.2040107@senecac.on.ca> Denis, Denis Beauchemin wrote: > submit@zuka.net a ?crit : >> Right off the top I need to ask you all to bear with me. I have not >> had to administer my email server in a number of years as I had >> another person doing it. Now, he has left and so here I am trying to >> make this work and at this point, no mail is flowing but the mail >> queue is growing. >> >> I updated MailScanner and Clam/Spamassassin using Julian's install >> routines. All seemed to go OK but the mail queue seems to be stuck >> and I have a few errors when I lint the install. I know some other >> have had some issues with the mail queue after this upgrade but I am >> not sure it is the same issues here. I have been up all night trying >> to get this to work so I really could use some help with this. >> >> Here is the output of MailScanner --lint >> >> [root@rosewood ~]# MailScanner --lint >> Trying to setlogsock(unix) >> Read 848 hostnames from the phishing whitelist >> Read 4096 hostnames from the phishing blacklist >> Config: calling custom init function SQLBlacklist >> Starting up SQL Blacklist >> Read 3 blacklist entries >> Config: calling custom init function MailWatchLogging >> Started SQL Logging child >> Config: calling custom init function SQLWhitelist >> Starting up SQL Whitelist >> Read 60 whitelist entries >> Checking version numbers... >> Version number in MailScanner.conf (4.74.13) is correct. >> >> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >> MailScanner setting GID to (80) >> MailScanner setting UID to (80) >> >> Checking for SpamAssassin errors (if you use it)... >> Using SpamAssassin results cache >> Connected to SpamAssassin cache database >> config: path "//.spamassassin/user_prefs" is inaccessible: Permission >> denied >> >> ... obviously this one is an issue but not sure why it cannot access >> it. >> >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >> requires version 3.002003 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >> requires version 3.002003 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >> requires version 3.002003 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >> requires version 3.002003 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file >> config: configuration file >> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" >> requires version 3.002003 of SpamAssassin, but this is code version >> 3.002005. Maybe you need to use the -C switch, or remove the old >> config files? Skipping this file at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >> 372. >> > > Dave, > > On my RHEL 4.6 server my SA files are located in > /var/lib/spamassassin, so I would delete the ones in > /etc/mail/spamassassin/updates* > > For your permission problem, you must be usins Postfix so try to > access the file under the postfix user. > > Denis > In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are many of the rule files. There is also another bunch at /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from the previous version. Can I just delete this older directory? When I move the rules in /etc/mail/spamassassin/ into a temp directory, I no longer get that specific error but I am not sure if the rules and spamassassin are functioning or not. As far as the permissions problem goes, I am using Postfix and MailScanner is running as user Postfix but isn't it trying to access the usr_prefs in the root home directory? I never did that before I don't thing as I believe we were using local.cf for site wide prefs? Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From maillists at conactive.com Thu Jan 8 14:32:21 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 14:32:33 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> Message-ID: Submit@zuka.net wrote on Thu, 08 Jan 2009 07:13:34 -0500: > This is CentOS release 4.3 (Final) Please update to latest version. Putting such a non-updated server on the internet is a threat to everyone. > /etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf you want to remove the directory "updates_spamassassin_org" completely and make sure there is no automatic update putting it there again. You also want to set "bayes_auto_expire" to 0 in spamassassin.prefs.conf in case your growing mail queue is a side effect of that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jan 8 14:38:24 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 14:38:37 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49660D57.2040107@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 09:27:35 -0500: > In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are > many of the rule files. Good. There is also another bunch at > /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from > the previous version. Can I just delete this older directory? Yes. When I > move the rules in /etc/mail/spamassassin/ into a temp directory, I no > longer get that specific error but I am not sure if the rules and > spamassassin are functioning or not. which rules? Are you the same person as "submit@zuka.net"? > > As far as the permissions problem goes, I am using Postfix and > MailScanner is running as user Postfix but isn't it trying to access the > usr_prefs in the root home directory? Not if the error comes from starting the service. I never did that before I don't > thing as I believe we were using local.cf for site wide prefs? All files in /etc/mail/spammassassin are used for SA configuration. And there should be a symlink to /etc/MailScanner/spamassassin.prefs.conf. Compare the two for duplicates. Also, there a very good tutorial for postfix+MailScanner on the MS documentation site. Read it and follow it. If there are still permission errors in yourt config you should find them this way! You did run the update_mailscanner_conf script after upgrading, did you? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From john at tradoc.fr Thu Jan 8 14:38:51 2009 From: john at tradoc.fr (John Wilcock) Date: Thu Jan 8 14:39:09 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <496609D3.2000501@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> <4965B8C3.6080001@tradoc.fr> <4965C793.7010105@ecs.soton.ac.uk> <4965D030.6030807@tradoc.fr> <4965D6AF.8010608@ecs.soton.ac.uk> <4965F04C.4050706@tradoc.fr> <496609D3.2000501@ecs.soton.ac.uk> Message-ID: <49660FFB.5000209@tradoc.fr> Le 08/01/2009 15:12, Julian Field a ?crit : > Brilliant. Please can you download and try out 4.74.15-2 which should > just incorporate that fix, and let me know that everything works now? Indeed it does, thanks. >> Thanks Jules - and may the New Year bring what you're waiting for... > Many thanks for that! I may have some news for you next week... Keeping my fingers crossed for you... John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From dave.filchak at senecac.on.ca Thu Jan 8 14:44:24 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 14:44:38 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> Message-ID: <49661148.6070305@senecac.on.ca> Kai, Kai Schaetzl wrote: > Submit@zuka.net wrote on Thu, 08 Jan 2009 07:13:34 -0500: > > >> This is CentOS release 4.3 (Final) >> > > Please update to latest version. Putting such a non-updated server on the > internet is a threat to everyone. > > >> /etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf >> > > you want to remove the directory "updates_spamassassin_org" completely and > make sure there is no automatic update putting it there again. > > You also want to set "bayes_auto_expire" to 0 in spamassassin.prefs.conf > in case your growing mail queue is a side effect of that. > > Kai > > As I said earlier, I have not been taking care of this server for the last couple of years or longer. So, I am trying to get it up to date. However, it will take me some time and I really need to get the mail stuff updated first. bayes_auto_expire is set to 0. Any idea about the permission error? Thanks Dave From dave.filchak at senecac.on.ca Thu Jan 8 14:57:35 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 14:58:01 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> Message-ID: <4966145F.4010305@senecac.on.ca> Kai, Kai Schaetzl wrote: > Dave Filchak wrote on Thu, 08 Jan 2009 09:27:35 -0500: > > >> In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are >> many of the rule files. >> > > Good. > > There is also another bunch at > >> /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from >> the previous version. Can I just delete this older directory? >> > > Yes. > > When I > >> move the rules in /etc/mail/spamassassin/ into a temp directory, I no >> longer get that specific error but I am not sure if the rules and >> spamassassin are functioning or not. >> > > which rules? Are you the same person as "submit@zuka.net"? > There were a bunch of rules just sitting inside of the directory. I am assuming these are not needed and so I put them into a temp directory that I will delete late once all is well. Yes I am the same person as submit@zuka.net but when I sent the first email from that address, I realized that I might not be able to receive a reply because I was not receiving email. So, I had to use a different account. Sorry for the extra BW. > >> As far as the permissions problem goes, I am using Postfix and >> MailScanner is running as user Postfix but isn't it trying to access the >> usr_prefs in the root home directory? >> > > Not if the error comes from starting the service. > It does not happen when starting but does show up when running debug: MailScanner --debug In Debugging mode, not forking... Trying to setlogsock(unix) Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1088. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1090. Building a message batch to scan... Have a batch of 1 message. max message size is '30000' config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied max message size is '100000' Stopping now as you are debugging me. This debug session took about 5 minutes to run so something is really bogged down but it might very well be the permissions problems. > I never did that before I don't > >> thing as I believe we were using local.cf for site wide prefs? >> > > All files in /etc/mail/spammassassin are used for SA configuration. And > there should be a symlink to /etc/MailScanner/spamassassin.prefs.conf. > Compare the two for duplicates. > > Also, there a very good tutorial for postfix+MailScanner on the MS > documentation site. Read it and follow it. If there are still permission > errors in yourt config you should find them this way! > I will have a look if I can stay awake ;-) > You did run the update_mailscanner_conf script after upgrading, did you? > Yes of course. > Kai > > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From Denis.Beauchemin at USherbrooke.ca Thu Jan 8 15:07:28 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 8 15:07:54 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49660D57.2040107@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> Message-ID: <496616B0.1060100@USherbrooke.ca> Dave Filchak a ?crit : > Denis, > > Denis Beauchemin wrote: >> submit@zuka.net a ?crit : >>> Right off the top I need to ask you all to bear with me. I have not >>> had to administer my email server in a number of years as I had >>> another person doing it. Now, he has left and so here I am trying to >>> make this work and at this point, no mail is flowing but the mail >>> queue is growing. >>> >>> I updated MailScanner and Clam/Spamassassin using Julian's install >>> routines. All seemed to go OK but the mail queue seems to be stuck >>> and I have a few errors when I lint the install. I know some other >>> have had some issues with the mail queue after this upgrade but I am >>> not sure it is the same issues here. I have been up all night trying >>> to get this to work so I really could use some help with this. >>> >>> Here is the output of MailScanner --lint >>> >>> [root@rosewood ~]# MailScanner --lint >>> Trying to setlogsock(unix) >>> Read 848 hostnames from the phishing whitelist >>> Read 4096 hostnames from the phishing blacklist >>> Config: calling custom init function SQLBlacklist >>> Starting up SQL Blacklist >>> Read 3 blacklist entries >>> Config: calling custom init function MailWatchLogging >>> Started SQL Logging child >>> Config: calling custom init function SQLWhitelist >>> Starting up SQL Whitelist >>> Read 60 whitelist entries >>> Checking version numbers... >>> Version number in MailScanner.conf (4.74.13) is correct. >>> >>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>> MailScanner setting GID to (80) >>> MailScanner setting UID to (80) >>> >>> Checking for SpamAssassin errors (if you use it)... >>> Using SpamAssassin results cache >>> Connected to SpamAssassin cache database >>> config: path "//.spamassassin/user_prefs" is inaccessible: >>> Permission denied >>> >>> ... obviously this one is an issue but not sure why it cannot >>> access it. >>> >>> config: configuration file >>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>> requires version 3.002003 of SpamAssassin, but this is code version >>> 3.002005. Maybe you need to use the -C switch, or remove the old >>> config files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> config: configuration file >>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>> requires version 3.002003 of SpamAssassin, but this is code version >>> 3.002005. Maybe you need to use the -C switch, or remove the old >>> config files? Skipping this file >>> config: configuration file >>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>> requires version 3.002003 of SpamAssassin, but this is code version >>> 3.002005. Maybe you need to use the -C switch, or remove the old >>> config files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> config: configuration file >>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>> requires version 3.002003 of SpamAssassin, but this is code version >>> 3.002005. Maybe you need to use the -C switch, or remove the old >>> config files? Skipping this file >>> config: configuration file >>> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" >>> requires version 3.002003 of SpamAssassin, but this is code version >>> 3.002005. Maybe you need to use the -C switch, or remove the old >>> config files? Skipping this file at >>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>> 372. >>> >> >> Dave, >> >> On my RHEL 4.6 server my SA files are located in >> /var/lib/spamassassin, so I would delete the ones in >> /etc/mail/spamassassin/updates* >> >> For your permission problem, you must be usins Postfix so try to >> access the file under the postfix user. >> >> Denis >> > In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are > many of the rule files. There is also another bunch at > /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from > the previous version. Can I just delete this older directory? When I > move the rules in /etc/mail/spamassassin/ into a temp directory, I no > longer get that specific error but I am not sure if the rules and > spamassassin are functioning or not. > > As far as the permissions problem goes, I am using Postfix and > MailScanner is running as user Postfix but isn't it trying to access > the usr_prefs in the root home directory? I never did that before I > don't thing as I believe we were using local.cf for site wide prefs? > > Dave > Dave, Remove that directory from /etc/mail/spamassassin and test SA with "spamassassin --lint -D". You should see lines such as: [13334] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf I am not really sure how to debug for Postfix, but I would do "su - postfix" and then try "/usr/sbin/MailScanner --lint". Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3306 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/575cf12c/smime.bin From dgottsc at emory.edu Thu Jan 8 15:17:14 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Jan 8 15:17:11 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4965292E.1070209@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> Message-ID: Well, I messed around with it some more this AM, but still no luck. SpamAssassin is seeing the new rule, and filtering properly (I can see it score the message in the logs when I send a test message to one of the filter addressed); however, for some reason it's not following my rule in MailScanner.conf. Here is what I have: SpamAssassin Rule Actions = JKF_ANTI_PHISH=>not-deliver,store,forward dgottsc@emory.edu, header "X-Anti-Phish: Was to _TO_" Any ideas? David Gottschalk Emory University UTS Messaging Team -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Wednesday, January 07, 2009 5:14 PM To: MailScanner discussion Subject: Re: Anti-spear-phishing, round 2 On 7/1/09 21:00, Gottschalk, David wrote: > Julian, > Thanks for posting this! This is going to make my life a lot easier. I plan on installing it on all of my machines with mailscanner. I'll let you know how well it works. I've got it installed on one machine right now, I'm just trying to figure out how to get the spam assassin rule actions to work properly right now. For some reason it's not following the rule actions even though it matches it. > Check your maillog, that will show if anything is wrong. Don't put a comma in the text of the header for starters, it breaks my parser :-( If you get really stuck, feel free to ask for help :) Jules. > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Tuesday, January 06, 2009 5:20 PM > To: MailScanner discussion > Subject: Anti-spear-phishing, round 2 > > I have done a load of work on my script that uses the anti-spear-phishing addresses database. > > The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. > > I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! > > I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. > > It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... > > You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. > > It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. > > It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. > > The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. > > My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. > > Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) > > Cheers, > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. > > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From maillists at conactive.com Thu Jan 8 15:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 15:31:35 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49661148.6070305@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49661148.6070305@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 09:44:24 -0500: > As I said earlier, I have not been taking care of this server for the > last couple of years or longer. So, I am trying to get it up to date. "yum upgrade" won't take longer than an hour and should have been done first, just to be sure there is nothing overwriting the MailScanner stuff. You should definitely do it now. > However, it will take me some time and I really need to get the mail > stuff updated first. bayes_auto_expire is set to 0. and is not commented out? > > Any idea about the permission error? see my hint about the tutorial in the other mail. Apart from that I have no real idea as I haven't ever seen it. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.filchak at senecac.on.ca Thu Jan 8 15:36:41 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 15:37:07 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49661148.6070305@senecac.on.ca> Message-ID: <49661D89.6050208@senecac.on.ca> Kai, Kai Schaetzl wrote: > Dave Filchak wrote on Thu, 08 Jan 2009 09:44:24 -0500: > > >> As I said earlier, I have not been taking care of this server for the >> last couple of years or longer. So, I am trying to get it up to date. >> > > "yum upgrade" won't take longer than an hour and should have been done > first, just to be sure there is nothing overwriting the MailScanner stuff. > You should definitely do it now. > > >> However, it will take me some time and I really need to get the mail >> stuff updated first. bayes_auto_expire is set to 0. >> > > and is not commented out? > Nope > >> Any idea about the permission error? >> > > see my hint about the tutorial in the other mail. Apart from that I have > no real idea as I haven't ever seen it. > > Kai > > From gmcgreevy at pwr-sys.com Thu Jan 8 15:37:59 2009 From: gmcgreevy at pwr-sys.com (Greg J. McGreevy) Date: Thu Jan 8 15:43:58 2009 Subject: MailScanner --lint error References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com><495FBCAE.60204@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com><496083A2.2090909@ecs.soton.ac.uk><567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com><72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com><567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> Message-ID: <567221C09601934AA5CE9762FDA09A5001C3EC@EXCHTEMP.biz.pwr-sys.com> I replied to your message Kai look in your other account ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kai Schaetzl Sent: Tue 1/6/2009 5:58 AM To: mailscanner@lists.mailscanner.info Subject: Re: MailScanner --lint error Greg J. McGreevy wrote on Mon, 5 Jan 2009 22:44:22 -0500: > Syntax error(s) in configuration file: at /usr/lib/MailScanner/MailScanner/Config.pm line 1937 > Unrecognised keyword "spamassassinprefsfile" at line 2789 at /usr/lib/MailScanner/MailScanner/Config.pm > line 1940 > Warning: syntax errors in /etc/MailScanner/MailScanner.conf. at /usr/lib/MailScanner/MailScanner/Config.pm > line 1945 There is no such option. The only one I can find is "MCP SpamAssassin Prefs File". Is that the one you edited? I find that you are making the same mistake over and over: you post some error and that's it. The *least* you would do with the above is go to line 2789 and show us that line and the surroundings and tell us what you did. (My MailScanner.conf stops at 2788, though.) > > I added the list to the sa-update per your instructions per "whose" instructions? but I have > no idea to tell if it is in fact working you look in /var/lib/spamassassin if it gets filled. It's explained all there where I pointed you earlier: http://wiki.apache.org/spamassassin/RuleUpdates any insight on this would > be helpful also Rules do jour does not appear to be present in my > install so I skipped those steps is that correct? rules du jour is deprecated, one should use channels. Which tutorial did you follow? Again, you make the mistake of not giving any insight of what you really did. I don't see that Martin gave you instructions in this regard and I can't find a section "Getting the most out of Spamassassin" on the MS wiki (although I think I remember there was one). So, what exactly are you referring to? > > Also If I create a new User called spam and have all of my users forward > their spam there to train bayes will that mess up the tests becuse > they will be seen as all forwards? Again from the SA wiki, this may be helpful: http://wiki.apache.org/spamassassin/ResendingMailWithHeaders > I am kind off at my wits end with this and about to throw in the towel. I think you are just not following instructions (whichever you used) careful enough. Or you used the wrong instructions (those corebsd instructions are not how I would do an install on CentOS) or are mixing them (there's often more than one way to do it right, but you usually can't mix them). Also, you don't seem to keep "old working good configuration", so you can easily check where the mistake was made. Anyway, if you are interested, you can contact me under the address I use here and we can arrange something. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 6417 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/297ff371/attachment.bin From dave.filchak at senecac.on.ca Thu Jan 8 15:44:58 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 15:45:08 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <496616B0.1060100@USherbrooke.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> Message-ID: <49661F7A.2090607@senecac.on.ca> Denis, Denis Beauchemin wrote: > Dave Filchak a ?crit : >> Denis, >> >> Denis Beauchemin wrote: >>> submit@zuka.net a ?crit : >>>> Right off the top I need to ask you all to bear with me. I have not >>>> had to administer my email server in a number of years as I had >>>> another person doing it. Now, he has left and so here I am trying >>>> to make this work and at this point, no mail is flowing but the >>>> mail queue is growing. >>>> >>>> I updated MailScanner and Clam/Spamassassin using Julian's install >>>> routines. All seemed to go OK but the mail queue seems to be stuck >>>> and I have a few errors when I lint the install. I know some other >>>> have had some issues with the mail queue after this upgrade but I >>>> am not sure it is the same issues here. I have been up all night >>>> trying to get this to work so I really could use some help with this. >>>> >>>> Here is the output of MailScanner --lint >>>> >>>> [root@rosewood ~]# MailScanner --lint >>>> Trying to setlogsock(unix) >>>> Read 848 hostnames from the phishing whitelist >>>> Read 4096 hostnames from the phishing blacklist >>>> Config: calling custom init function SQLBlacklist >>>> Starting up SQL Blacklist >>>> Read 3 blacklist entries >>>> Config: calling custom init function MailWatchLogging >>>> Started SQL Logging child >>>> Config: calling custom init function SQLWhitelist >>>> Starting up SQL Whitelist >>>> Read 60 whitelist entries >>>> Checking version numbers... >>>> Version number in MailScanner.conf (4.74.13) is correct. >>>> >>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>> MailScanner setting GID to (80) >>>> MailScanner setting UID to (80) >>>> >>>> Checking for SpamAssassin errors (if you use it)... >>>> Using SpamAssassin results cache >>>> Connected to SpamAssassin cache database >>>> config: path "//.spamassassin/user_prefs" is inaccessible: >>>> Permission denied >>>> >>>> ... obviously this one is an issue but not sure why it cannot >>>> access it. >>>> >>>> config: configuration file >>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>>> requires version 3.002003 of SpamAssassin, but this is code version >>>> 3.002005. Maybe you need to use the -C switch, or remove the old >>>> config files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>> line 372. >>>> config: configuration file >>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>>> requires version 3.002003 of SpamAssassin, but this is code version >>>> 3.002005. Maybe you need to use the -C switch, or remove the old >>>> config files? Skipping this file >>>> config: configuration file >>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>>> requires version 3.002003 of SpamAssassin, but this is code version >>>> 3.002005. Maybe you need to use the -C switch, or remove the old >>>> config files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>> line 372. >>>> config: configuration file >>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>>> requires version 3.002003 of SpamAssassin, but this is code version >>>> 3.002005. Maybe you need to use the -C switch, or remove the old >>>> config files? Skipping this file >>>> config: configuration file >>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" >>>> requires version 3.002003 of SpamAssassin, but this is code version >>>> 3.002005. Maybe you need to use the -C switch, or remove the old >>>> config files? Skipping this file at >>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>> line 372. >>>> >>> >>> Dave, >>> >>> On my RHEL 4.6 server my SA files are located in >>> /var/lib/spamassassin, so I would delete the ones in >>> /etc/mail/spamassassin/updates* >>> >>> For your permission problem, you must be usins Postfix so try to >>> access the file under the postfix user. >>> >>> Denis >>> >> In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are >> many of the rule files. There is also another bunch at >> /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is >> from the previous version. Can I just delete this older directory? >> When I move the rules in /etc/mail/spamassassin/ into a temp >> directory, I no longer get that specific error but I am not sure if >> the rules and spamassassin are functioning or not. >> >> As far as the permissions problem goes, I am using Postfix and >> MailScanner is running as user Postfix but isn't it trying to access >> the usr_prefs in the root home directory? I never did that before I >> don't thing as I believe we were using local.cf for site wide prefs? >> >> Dave >> > > Dave, > > Remove that directory from /etc/mail/spamassassin and test SA with > "spamassassin --lint -D". You should see lines such as: > [13334] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf > > > I am not really sure how to debug for Postfix, but I would do "su - > postfix" and then try "/usr/sbin/MailScanner --lint". Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) I believe it is running without errors now but is still trying to use /root/,spamassassin/usr_prefs as the preference file. Now that could be simply when you run --lint or --debug. There is a way to specify which conf file to use when debugging .. isn't there? Dave > > Denis > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From glenn.steen at gmail.com Thu Jan 8 16:09:29 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 8 16:09:44 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49661F7A.2090607@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> Message-ID: <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> 2009/1/8 Dave Filchak : > Denis, > > Denis Beauchemin wrote: >> >> Dave Filchak a ?crit : >>> >>> Denis, >>> >>> Denis Beauchemin wrote: >>>> >>>> submit@zuka.net a ?crit : >>>>> >>>>> Right off the top I need to ask you all to bear with me. I have not had >>>>> to administer my email server in a number of years as I had another person >>>>> doing it. Now, he has left and so here I am trying to make this work and at >>>>> this point, no mail is flowing but the mail queue is growing. >>>>> >>>>> I updated MailScanner and Clam/Spamassassin using Julian's install >>>>> routines. All seemed to go OK but the mail queue seems to be stuck and I >>>>> have a few errors when I lint the install. I know some other have had some >>>>> issues with the mail queue after this upgrade but I am not sure it is the >>>>> same issues here. I have been up all night trying to get this to work so I >>>>> really could use some help with this. >>>>> >>>>> Here is the output of MailScanner --lint >>>>> >>>>> [root@rosewood ~]# MailScanner --lint >>>>> Trying to setlogsock(unix) >>>>> Read 848 hostnames from the phishing whitelist >>>>> Read 4096 hostnames from the phishing blacklist >>>>> Config: calling custom init function SQLBlacklist >>>>> Starting up SQL Blacklist >>>>> Read 3 blacklist entries >>>>> Config: calling custom init function MailWatchLogging >>>>> Started SQL Logging child >>>>> Config: calling custom init function SQLWhitelist >>>>> Starting up SQL Whitelist >>>>> Read 60 whitelist entries >>>>> Checking version numbers... >>>>> Version number in MailScanner.conf (4.74.13) is correct. >>>>> >>>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>>> MailScanner setting GID to (80) >>>>> MailScanner setting UID to (80) >>>>> >>>>> Checking for SpamAssassin errors (if you use it)... >>>>> Using SpamAssassin results cache >>>>> Connected to SpamAssassin cache database >>>>> config: path "//.spamassassin/user_prefs" is inaccessible: Permission >>>>> denied >>>>> >>>>> ... obviously this one is an issue but not sure why it cannot access >>>>> it. >>>>> >>>>> config: configuration file >>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires >>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>> 372. >>>>> config: configuration file >>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires >>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>> file >>>>> config: configuration file >>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires >>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>> 372. >>>>> config: configuration file >>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires >>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>> file >>>>> config: configuration file >>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires >>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>> 372. >>>>> >>>> >>>> Dave, >>>> >>>> On my RHEL 4.6 server my SA files are located in /var/lib/spamassassin, >>>> so I would delete the ones in /etc/mail/spamassassin/updates* >>>> >>>> For your permission problem, you must be usins Postfix so try to access >>>> the file under the postfix user. >>>> >>>> Denis >>>> >>> In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are many >>> of the rule files. There is also another bunch at >>> /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from the >>> previous version. Can I just delete this older directory? When I move the >>> rules in /etc/mail/spamassassin/ into a temp directory, I no longer get that >>> specific error but I am not sure if the rules and spamassassin are >>> functioning or not. >>> >>> As far as the permissions problem goes, I am using Postfix and >>> MailScanner is running as user Postfix but isn't it trying to access the >>> usr_prefs in the root home directory? I never did that before I don't thing >>> as I believe we were using local.cf for site wide prefs? >>> >>> Dave >>> >> >> Dave, >> >> Remove that directory from /etc/mail/spamassassin and test SA with >> "spamassassin --lint -D". You should see lines such as: >> [13334] dbg: config: read file >> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf >> >> I am not really sure how to debug for Postfix, but I would do "su - >> postfix" and then try "/usr/sbin/MailScanner --lint". > > Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix > Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) > You should do "su - postfix -s /bin/bash" to overcome that. Do it as root, and there will be no password questions. And please do all spamassassin tests as the postfix user... it will matter. > I believe it is running without errors now but is still trying to use > /root/,spamassassin/usr_prefs as the preference file. Now that could be > simply when you run --lint or --debug. There is a way to specify which conf > file to use when debugging .. isn't there? It should not try do this, unless you are running the test as root. So don't;-). Your MailScanner should have things so that either it places sa-specific things in ~postfix ("/" in your case, which is a bit ... different... Usually set to /var/spool/postfix, or similar), or explicitly put things in /var/spool/MailScanner/spamassassin (appropriately chmoded to allow the postfix user to write there... Including stuff like Razor etc. > > Dave >> >> Denis >> Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.filchak at senecac.on.ca Thu Jan 8 16:32:47 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 16:33:02 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> Message-ID: <49662AAF.9070601@senecac.on.ca> Glenn, Glenn Steen wrote: > 2009/1/8 Dave Filchak : > >> Denis, >> >> Denis Beauchemin wrote: >> >>> Dave Filchak a ?crit : >>> >>>> Denis, >>>> >>>> Denis Beauchemin wrote: >>>> >>>>> submit@zuka.net a ?crit : >>>>> >>>>>> Right off the top I need to ask you all to bear with me. I have not had >>>>>> to administer my email server in a number of years as I had another person >>>>>> doing it. Now, he has left and so here I am trying to make this work and at >>>>>> this point, no mail is flowing but the mail queue is growing. >>>>>> >>>>>> I updated MailScanner and Clam/Spamassassin using Julian's install >>>>>> routines. All seemed to go OK but the mail queue seems to be stuck and I >>>>>> have a few errors when I lint the install. I know some other have had some >>>>>> issues with the mail queue after this upgrade but I am not sure it is the >>>>>> same issues here. I have been up all night trying to get this to work so I >>>>>> really could use some help with this. >>>>>> >>>>>> Here is the output of MailScanner --lint >>>>>> >>>>>> [root@rosewood ~]# MailScanner --lint >>>>>> Trying to setlogsock(unix) >>>>>> Read 848 hostnames from the phishing whitelist >>>>>> Read 4096 hostnames from the phishing blacklist >>>>>> Config: calling custom init function SQLBlacklist >>>>>> Starting up SQL Blacklist >>>>>> Read 3 blacklist entries >>>>>> Config: calling custom init function MailWatchLogging >>>>>> Started SQL Logging child >>>>>> Config: calling custom init function SQLWhitelist >>>>>> Starting up SQL Whitelist >>>>>> Read 60 whitelist entries >>>>>> Checking version numbers... >>>>>> Version number in MailScanner.conf (4.74.13) is correct. >>>>>> >>>>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>>>> MailScanner setting GID to (80) >>>>>> MailScanner setting UID to (80) >>>>>> >>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>> Using SpamAssassin results cache >>>>>> Connected to SpamAssassin cache database >>>>>> config: path "//.spamassassin/user_prefs" is inaccessible: Permission >>>>>> denied >>>>>> >>>>>> ... obviously this one is an issue but not sure why it cannot access >>>>>> it. >>>>>> >>>>>> config: configuration file >>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires >>>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>>> 372. >>>>>> config: configuration file >>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" requires >>>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>>> file >>>>>> config: configuration file >>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires >>>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>>> 372. >>>>>> config: configuration file >>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" requires >>>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>>> file >>>>>> config: configuration file >>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" requires >>>>>> version 3.002003 of SpamAssassin, but this is code version 3.002005. Maybe >>>>>> you need to use the -C switch, or remove the old config files? Skipping this >>>>>> file at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line >>>>>> 372. >>>>>> >>>>>> >>>>> Dave, >>>>> >>>>> On my RHEL 4.6 server my SA files are located in /var/lib/spamassassin, >>>>> so I would delete the ones in /etc/mail/spamassassin/updates* >>>>> >>>>> For your permission problem, you must be usins Postfix so try to access >>>>> the file under the postfix user. >>>>> >>>>> Denis >>>>> >>>>> >>>> In /var/lib/spamassassin/3.002005/updates_spamassassin_org there are many >>>> of the rule files. There is also another bunch at >>>> /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is from the >>>> previous version. Can I just delete this older directory? When I move the >>>> rules in /etc/mail/spamassassin/ into a temp directory, I no longer get that >>>> specific error but I am not sure if the rules and spamassassin are >>>> functioning or not. >>>> >>>> As far as the permissions problem goes, I am using Postfix and >>>> MailScanner is running as user Postfix but isn't it trying to access the >>>> usr_prefs in the root home directory? I never did that before I don't thing >>>> as I believe we were using local.cf for site wide prefs? >>>> >>>> Dave >>>> >>>> >>> Dave, >>> >>> Remove that directory from /etc/mail/spamassassin and test SA with >>> "spamassassin --lint -D". You should see lines such as: >>> [13334] dbg: config: read file >>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf >>> >>> I am not really sure how to debug for Postfix, but I would do "su - >>> postfix" and then try "/usr/sbin/MailScanner --lint". >>> >> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix >> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >> >> > You should do "su - postfix -s /bin/bash" to overcome that. Do it as > root, and there will be no password questions. > And please do all spamassassin tests as the postfix user... it will matter. > OK .. here is what I get: su - postfix -s /bin/bash -bash-3.00$ spamassassin --lint [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied -bash-3.00$ So, this being that I am logging in now as user postfix and we are still getting this error says the following: when running this as root, obviously MailScanner, running as postfix, could not write the roots home directory. Now, logged in a postfix and, because postfix does not have a login shell, there is no home directory for postfix .. so we still have the same problem. Am I off base here? I cannot be sure but I do not believe we had this error before the upgrade. I even went back through all the config file to make sure there was not some erroneous entry there. So unless I missed it (entirely possible in my state), I am stumped. > >> I believe it is running without errors now but is still trying to use >> /root/,spamassassin/usr_prefs as the preference file. Now that could be >> simply when you run --lint or --debug. There is a way to specify which conf >> file to use when debugging .. isn't there? >> > It should not try do this, unless you are running the test as root. > So don't;-). > Well I was yes ... but see my previous entry. > Your MailScanner should have things so that either it places > sa-specific things in ~postfix ("/" in your case, which is a bit ... > different... Usually set to /var/spool/postfix, or similar), or > explicitly put things in /var/spool/MailScanner/spamassassin > (appropriately chmoded to allow the postfix user to write there... > Including stuff like Razor etc. > Well again, I do not know why it is trying to write to ~/postfix, which does not exist but the directories /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine all belong to user postfix > Dave From maillists at conactive.com Thu Jan 8 17:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 17:31:28 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966145F.4010305@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 09:57:35 -0500: > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1088. > Use of uninitialized value in concatenation (.) or string at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1090. Run spamassassin --lint and see if you still get that (or any others like the one below). It's not a critical error. > Building a message batch to scan... > Have a batch of 1 message. > max message size is '30000' > config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied > max message size is '100000' > Stopping now as you are debugging me. > > This debug session took about 5 minutes to run so something is really > bogged down but it might very well be the permissions problems. Well, it sat there for quite a while and then went on with "Have a batch of 1 message", right? It was just waiting for a message to scan, so this isn't a problem. If mail is still not flowing look at your mailscanner.log. As which user are you running the --debug test? It seems you are having a problem only with spamassassin and MS itself is okay. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jan 8 17:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 17:31:28 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49661D89.6050208@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49661148.6070305@senecac.on.ca> <49661D89.6050208@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 10:36:41 -0500: > > and is not commented out? > > > Nope Good. I asked because it seems to be commented out by default in the MS provided spamassassin.prefs.conf and that is easily overlooked. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Thu Jan 8 17:32:11 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jan 8 17:32:22 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> Message-ID: <20090108173211.GA3348@msapiro> On Wed, Jan 07, 2009 at 06:49:16PM -0600, Rob Freeman wrote: > Sorry I missed this, and I did try to go back in the mailing list and try to > download it, but it just came back as a .bin file here in firefox to > download. Can someone provide a link? The post is at . It contains a link to which you should be able to download and gunzip. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dave.filchak at senecac.on.ca Thu Jan 8 17:36:09 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 17:36:19 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49662AAF.9070601@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> Message-ID: <49663989.8000406@senecac.on.ca> Just an update: not making progress: Dave Filchak wrote: > Glenn, > > Glenn Steen wrote: >> 2009/1/8 Dave Filchak : >> >>> Denis, >>> >>> Denis Beauchemin wrote: >>> >>>> Dave Filchak a ?crit : >>>> >>>>> Denis, >>>>> >>>>> Denis Beauchemin wrote: >>>>> >>>>>> submit@zuka.net a ?crit : >>>>>> >>>>>>> Right off the top I need to ask you all to bear with me. I have >>>>>>> not had >>>>>>> to administer my email server in a number of years as I had >>>>>>> another person >>>>>>> doing it. Now, he has left and so here I am trying to make this >>>>>>> work and at >>>>>>> this point, no mail is flowing but the mail queue is growing. >>>>>>> >>>>>>> I updated MailScanner and Clam/Spamassassin using Julian's install >>>>>>> routines. All seemed to go OK but the mail queue seems to be >>>>>>> stuck and I >>>>>>> have a few errors when I lint the install. I know some other >>>>>>> have had some >>>>>>> issues with the mail queue after this upgrade but I am not sure >>>>>>> it is the >>>>>>> same issues here. I have been up all night trying to get this to >>>>>>> work so I >>>>>>> really could use some help with this. >>>>>>> >>>>>>> Here is the output of MailScanner --lint >>>>>>> >>>>>>> [root@rosewood ~]# MailScanner --lint >>>>>>> Trying to setlogsock(unix) >>>>>>> Read 848 hostnames from the phishing whitelist >>>>>>> Read 4096 hostnames from the phishing blacklist >>>>>>> Config: calling custom init function SQLBlacklist >>>>>>> Starting up SQL Blacklist >>>>>>> Read 3 blacklist entries >>>>>>> Config: calling custom init function MailWatchLogging >>>>>>> Started SQL Logging child >>>>>>> Config: calling custom init function SQLWhitelist >>>>>>> Starting up SQL Whitelist >>>>>>> Read 60 whitelist entries >>>>>>> Checking version numbers... >>>>>>> Version number in MailScanner.conf (4.74.13) is correct. >>>>>>> >>>>>>> Your envelope_sender_header in spam.assassin.prefs.conf is correct. >>>>>>> MailScanner setting GID to (80) >>>>>>> MailScanner setting UID to (80) >>>>>>> >>>>>>> Checking for SpamAssassin errors (if you use it)... >>>>>>> Using SpamAssassin results cache >>>>>>> Connected to SpamAssassin cache database >>>>>>> config: path "//.spamassassin/user_prefs" is inaccessible: >>>>>>> Permission >>>>>>> denied >>>>>>> >>>>>>> ... obviously this one is an issue but not sure why it cannot >>>>>>> access >>>>>>> it. >>>>>>> >>>>>>> config: configuration file >>>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>>>>>> requires >>>>>>> version 3.002003 of SpamAssassin, but this is code version >>>>>>> 3.002005. Maybe >>>>>>> you need to use the -C switch, or remove the old config files? >>>>>>> Skipping this >>>>>>> file at >>>>>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>>>>> line >>>>>>> 372. >>>>>>> config: configuration file >>>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_advance_fee.cf" >>>>>>> requires >>>>>>> version 3.002003 of SpamAssassin, but this is code version >>>>>>> 3.002005. Maybe >>>>>>> you need to use the -C switch, or remove the old config files? >>>>>>> Skipping this >>>>>>> file >>>>>>> config: configuration file >>>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>>>>>> requires >>>>>>> version 3.002003 of SpamAssassin, but this is code version >>>>>>> 3.002005. Maybe >>>>>>> you need to use the -C switch, or remove the old config files? >>>>>>> Skipping this >>>>>>> file at >>>>>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>>>>> line >>>>>>> 372. >>>>>>> config: configuration file >>>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_body_tests.cf" >>>>>>> requires >>>>>>> version 3.002003 of SpamAssassin, but this is code version >>>>>>> 3.002005. Maybe >>>>>>> you need to use the -C switch, or remove the old config files? >>>>>>> Skipping this >>>>>>> file >>>>>>> config: configuration file >>>>>>> "/etc/mail/spamassassin/updates_spamassassin_org/20_compensate.cf" >>>>>>> requires >>>>>>> version 3.002003 of SpamAssassin, but this is code version >>>>>>> 3.002005. Maybe >>>>>>> you need to use the -C switch, or remove the old config files? >>>>>>> Skipping this >>>>>>> file at >>>>>>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm >>>>>>> line >>>>>>> 372. >>>>>>> >>>>>>> >>>>>> Dave, >>>>>> >>>>>> On my RHEL 4.6 server my SA files are located in >>>>>> /var/lib/spamassassin, >>>>>> so I would delete the ones in /etc/mail/spamassassin/updates* >>>>>> >>>>>> For your permission problem, you must be usins Postfix so try to >>>>>> access >>>>>> the file under the postfix user. >>>>>> >>>>>> Denis >>>>>> >>>>>> >>>>> In /var/lib/spamassassin/3.002005/updates_spamassassin_org there >>>>> are many >>>>> of the rule files. There is also another bunch at >>>>> /var/lib/spamassassin/3.001001/updates_spamassassin_org, which is >>>>> from the >>>>> previous version. Can I just delete this older directory? When I >>>>> move the >>>>> rules in /etc/mail/spamassassin/ into a temp directory, I no >>>>> longer get that >>>>> specific error but I am not sure if the rules and spamassassin are >>>>> functioning or not. >>>>> >>>>> As far as the permissions problem goes, I am using Postfix and >>>>> MailScanner is running as user Postfix but isn't it trying to >>>>> access the >>>>> usr_prefs in the root home directory? I never did that before I >>>>> don't thing >>>>> as I believe we were using local.cf for site wide prefs? >>>>> >>>>> Dave >>>>> >>>>> >>>> Dave, >>>> >>>> Remove that directory from /etc/mail/spamassassin and test SA with >>>> "spamassassin --lint -D". You should see lines such as: >>>> [13334] dbg: config: read file >>>> /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf >>>> >>>> >>>> I am not really sure how to debug for Postfix, but I would do "su - >>>> postfix" and then try "/usr/sbin/MailScanner --lint". >>>> >>> Unfortunately, the user Postfix is set to nologin ( >>> postfix:x:80:80:Postfix >>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >>> >>> >> You should do "su - postfix -s /bin/bash" to overcome that. Do it as >> root, and there will be no password questions. >> And please do all spamassassin tests as the postfix user... it will >> matter. >> > OK .. here is what I get: > > su - postfix -s /bin/bash > -bash-3.00$ spamassassin --lint > [19715] warn: config: path "//.spamassassin/user_prefs" is > inaccessible: Permission denied > -bash-3.00$ > > So, this being that I am logging in now as user postfix and we are > still getting this error says the following: when running this as > root, obviously MailScanner, running as postfix, could not write the > roots home directory. Now, logged in a postfix and, because postfix > does not have a login shell, there is no home directory for postfix .. > so we still have the same problem. Am I off base here? I cannot be > sure but I do not believe we had this error before the upgrade. I even > went back through all the config file to make sure there was not some > erroneous entry there. So unless I missed it (entirely possible in my > state), I am stumped. >> >>> I believe it is running without errors now but is still trying to use >>> /root/,spamassassin/usr_prefs as the preference file. Now that could be >>> simply when you run --lint or --debug. There is a way to specify >>> which conf >>> file to use when debugging .. isn't there? >>> >> It should not try do this, unless you are running the test as root. >> So don't;-). >> > > Well I was yes ... but see my previous entry. >> Your MailScanner should have things so that either it places >> sa-specific things in ~postfix ("/" in your case, which is a bit ... >> different... Usually set to /var/spool/postfix, or similar), or >> explicitly put things in /var/spool/MailScanner/spamassassin >> (appropriately chmoded to allow the postfix user to write there... >> Including stuff like Razor etc. >> > Well again, I do not know why it is trying to write to ~/postfix, > which does not exist but the directories > /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine > all belong to user postfix >> So, running as user postfix, I seem to be in worse shape. I am going to list the output here in the hopes that someone might have a clue. I have tried everything I can think of but as I said, I am very much out of practice here. Also, I have been up for about 35 hours now so I have to get a few hours of shuteye with the hopes that none of my clients freak out. Here is the output from --debug as user postfix. /usr/sbin/MailScanner --debug Can't call method "close" on an undefined value at /usr/sbin/mailscanner_create_locks line 47. Error: Attempt to create locks in /var/spool/MailScanner/incoming/Locks failed! Can't call method "close" on an undefined value at /usr/sbin/mailscanner_create_locks line 47. Error: Attempt to create locks in /var/spool/MailScanner/incoming/Locks failed! In Debugging mode, not forking... Trying to setlogsock(unix) Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1088. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1090. Building a message batch to scan... Day too small - -94956 > -24856 Sec too small - -94956 < 74752 Have a batch of 3 messages. max message size is '30000' config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied max message size is '30000' config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied max message size is '30000' config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied max message size is '100000' max message size is '100000' max message size is '100000' Stopping now as you are debugging me. -bash-3.00$ commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1194. From dave.filchak at senecac.on.ca Thu Jan 8 17:44:13 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 17:44:24 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> Message-ID: <49663B6D.1030800@senecac.on.ca> Kai Schaetzl wrote: > Dave Filchak wrote on Thu, 08 Jan 2009 09:57:35 -0500: > > >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1088. >> Use of uninitialized value in concatenation (.) or string at >> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1090. >> > > Run spamassassin --lint and see if you still get that (or any others like the > one below). It's not a critical error. > > > >> Building a message batch to scan... >> Have a batch of 1 message. >> max message size is '30000' >> config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied >> max message size is '100000' >> Stopping now as you are debugging me. >> >> This debug session took about 5 minutes to run so something is really >> bogged down but it might very well be the permissions problems. >> > > Well, it sat there for quite a while and then went on with "Have a batch of 1 > message", right? It was just waiting for a message to scan, so this isn't a > problem. If mail is still not flowing look at your mailscanner.log. > As which user are you running the --debug test? > It seems you are having a problem only with spamassassin and MS itself is > okay. > > I am running the test as user postfix, as this is the RunAs user. Also, I do not seem to have mailscanner.log. Where is it supposed to be? Dave From maillists at conactive.com Thu Jan 8 17:54:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 17:54:26 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49662AAF.9070601@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: > >> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix > >> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) look at the homedir! > su - postfix -s /bin/bash > -bash-3.00$ spamassassin --lint > [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: > Permission denied > -bash-3.00$ you get this strange path because your postfix user has the wrong homedir. It should be /var/spool/postfix (That also shows that you don't have to su to postfix, it's running as postfix, anyway.) If your mail is still not flowing that might also be the reason for it. > I am > stumped. This error is absolutely non-critical and can be ignored: [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577 [14255] dbg: config: Permission denied I'm just wondering why you get this error shown at all. It shouldn't show up with a simple "spamassassin --lint" (you wrote you ran that, without -D), only with "spamassassin --lint -D". I wonder if you have a mix of an older and newer SA on your system. The output level of --lint has been changed several times during the last year or so, so that it stops outputting uncritical errors. I would really advise to remove the SA package, upgrade your CentOS and then reapply it. I have to say that I'm not using the "easy install" package provided by Jules. I always role my own which is *very* easy to do as they provide a working spec file in their source. You just build it with the command given on the download page and it works. You may want to try it this way. Maybe Jules has an idea, what's wrong with your SA installation (if there is anything wrong). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Thu Jan 8 17:54:21 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jan 8 17:54:37 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4963D91A.9060304@ecs.soton.ac.uk> Message-ID: Julian Field wrote: > >It also looks for numbers at the end of the username bit of the address, >and assumes that these are numbers which the scammers may change; so if >it finds them, it replaces them with a pattern that will match any >number instead. I don't know how significant this is, but in some cases this generates duplicate regexps. For example, there are two addresses (spaces inserted here so I don't trigger the rule) zenithbkloan03 @ comcast.net and zenithbkloan05 @ comcast.net in the google list. This generates the regexp (zenithbkloan\d+\@comcast\.net) twice in the generated rules. Also, I've been running this for a few days, and other than testing, I've gotten no hits on this rule. Just lucky I guess. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Thu Jan 8 18:30:09 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 8 18:30:33 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> Message-ID: <49664631.2020207@ecs.soton.ac.uk> Do you have "Log Spam = yes" in your MailScanner.conf? If so, you should see logging of the actions that are produced by this setting. I assume you're running a recent version of MailScanner. Also, remove the space before the word "header", just in case that matters. That line is very hard to parse. On 8/1/09 15:17, Gottschalk, David wrote: > Well, I messed around with it some more this AM, but still no luck. > > SpamAssassin is seeing the new rule, and filtering properly (I can see it score the message in the logs when I send a test message to one of the filter addressed); however, for some reason it's not following my rule in MailScanner.conf. Here is what I have: > > SpamAssassin Rule Actions = JKF_ANTI_PHISH=>not-deliver,store,forward dgottsc@emory.edu, header "X-Anti-Phish: Was to _TO_" > > Any ideas? > > David Gottschalk > Emory University > UTS Messaging Team > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Wednesday, January 07, 2009 5:14 PM > To: MailScanner discussion > Subject: Re: Anti-spear-phishing, round 2 > > > > On 7/1/09 21:00, Gottschalk, David wrote: > >> Julian, >> Thanks for posting this! This is going to make my life a lot easier. I plan on installing it on all of my machines with mailscanner. I'll let you know how well it works. I've got it installed on one machine right now, I'm just trying to figure out how to get the spam assassin rule actions to work properly right now. For some reason it's not following the rule actions even though it matches it. >> >> > Check your maillog, that will show if anything is wrong. Don't put a > comma in the text of the header for starters, it breaks my parser :-( > > If you get really stuck, feel free to ask for help :) > > Jules. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Tuesday, January 06, 2009 5:20 PM >> To: MailScanner discussion >> Subject: Anti-spear-phishing, round 2 >> >> I have done a load of work on my script that uses the anti-spear-phishing addresses database. >> >> The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. >> >> I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! >> >> I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. >> >> It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... >> >> You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. >> >> It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. >> >> It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. >> >> The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. >> >> My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. >> >> Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) >> >> Cheers, >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. >> >> >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Thu Jan 8 18:32:32 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 8 18:32:51 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: Message-ID: <496646C0.3040506@ecs.soton.ac.uk> On 8/1/09 17:54, Mark Sapiro wrote: > Julian Field wrote: > >> It also looks for numbers at the end of the username bit of the address, >> and assumes that these are numbers which the scammers may change; so if >> it finds them, it replaces them with a pattern that will match any >> number instead. >> > > > I don't know how significant this is, but in some cases this generates > duplicate regexps. For example, there are two addresses (spaces > inserted here so I don't trigger the rule) zenithbkloan03 @ > comcast.net and > zenithbkloan05 @ comcast.net in the google list. This generates the > regexp (zenithbkloan\d+\@comcast\.net) twice in the generated rules. > Yes, fair enough, the resulting rules aren't 100% optimal. But it's pretty close, so I wouldn't worry about it. As they are sorted into alphabetical order, the duplicate rules will be in the same rule, so in the same regexp, with the result that Perl will optimise out the duplicate one anyway. So I really wouldn't worry about that. It's not worth fixing. But I will anyway :-) > Also, I've been running this for a few days, and other than testing, > I've gotten no hits on this rule. Just lucky I guess. > Some site get hit by spear-phishing more than others. Particularly educational institutions. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Denis.Beauchemin at USherbrooke.ca Thu Jan 8 18:41:36 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 8 18:42:10 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49663B6D.1030800@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> Message-ID: <496648E0.9020903@USherbrooke.ca> Dave Filchak a ?crit : > > > Kai Schaetzl wrote: >> Dave Filchak wrote on Thu, 08 Jan 2009 09:57:35 -0500: >> >> >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1088. >>> Use of uninitialized value in concatenation (.) or string at >>> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin.pm line 1090. >>> >> >> Run spamassassin --lint and see if you still get that (or any others >> like the one below). It's not a critical error. >> >> >> >>> Building a message batch to scan... >>> Have a batch of 1 message. >>> max message size is '30000' >>> config: path "//.spamassassin/user_prefs" is inaccessible: >>> Permission denied >>> max message size is '100000' >>> Stopping now as you are debugging me. >>> >>> This debug session took about 5 minutes to run so something is >>> really bogged down but it might very well be the permissions problems. >>> >> >> Well, it sat there for quite a while and then went on with "Have a >> batch of 1 message", right? It was just waiting for a message to >> scan, so this isn't a problem. If mail is still not flowing look at >> your mailscanner.log. >> As which user are you running the --debug test? >> It seems you are having a problem only with spamassassin and MS >> itself is okay. >> >> > I am running the test as user postfix, as this is the RunAs user. > Also, I do not seem to have mailscanner.log. Where is it supposed to be? > Dave Dave, On your system MS should be logging into /var/log/maillog. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From maillists at conactive.com Thu Jan 8 19:31:23 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 19:31:35 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49663B6D.1030800@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> Message-ID: Dave Filchak wrote on Thu, 08 Jan 2009 12:44:13 -0500: > Also, > I do not seem to have mailscanner.log. Where is it supposed to be? you may get everything in your maillog. I changed the syslog facility, so I get all stuff in mailscanner.log Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Thu Jan 8 19:36:59 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 8 19:37:10 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> Message-ID: <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> 2009/1/8 Kai Schaetzl : > Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: > >> >> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix >> >> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) > > look at the homedir! Indeed;) >> su - postfix -s /bin/bash >> -bash-3.00$ spamassassin --lint >> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: >> Permission denied >> -bash-3.00$ > > you get this strange path because your postfix user has the wrong homedir. It > should be /var/spool/postfix (That also shows that you don't have to su to > postfix, it's running as postfix, anyway.) > If your mail is still not flowing that might also be the reason for it. > I'm leaning toward one of the classics here: Since the directory SA (as the postfix user) tries to write things to (user prefs, razor-agent thing, pyzor discover thing etc), some of that cr*p end up being written somewhere the postfix user _can_ write ... the hold queue... So Dave should perhaps look at that directory for non-queue files ... and remove them. How to make sure they never reappear? First: Set a more reasonable home directory for postfix, like /var/spool/postfix. Edit /etc/passwd with something safe like vipw ALTERNATIVE 1 Temporarily make that directory writable by the postfix user su - postfix -s /bin/bash spamassassin --lint spamassassin -t -D < /path/to/a/message exit Make the directory non-writable by postfix. You should now have all the needed directories, like .razor .pyzor and .spamassassin ALTERNATIVE 2 Create the directories by hand (in ~postfix) and make them owned by postfix and writable by postfix. ALTERNATIVE 3 Use the settings suggested in spam.assassin.prefs.conf (a.k.a. /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory to use for this. Look in the wiki for similar details for razor and pyzor (unless they're already in mailscanner.cf ... I fail to remember). Any of the alternatives would likely do. Then, as said, go check/clean your /var/spool/postfix/hold directory for/from files that aren't Postfix queue files. >> I am >> stumped. > > This error is absolutely non-critical and can be ignored: > > [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir > /var/spool/postfix/.spamassassin: Permission denied at > /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577 > [14255] dbg: config: Permission denied > I wouldn't exactly call it non-critical, since it might indicate the error-situation mentioned above:) > I'm just wondering why you get this error shown at all. It shouldn't show up > with a simple "spamassassin --lint" (you wrote you ran that, without -D), only > with "spamassassin --lint -D". I wonder if you have a mix of an older and newer > SA on your system. The output level of --lint has been changed several times > during the last year or so, so that it stops outputting uncritical errors. I > would really advise to remove the SA package, upgrade your CentOS and then > reapply it. I have to say that I'm not using the "easy install" package provided > by Jules. I always role my own which is *very* easy to do as they provide a > working spec file in their source. You just build it with the command given on > the download page and it works. You may want to try it this way. Maybe Jules has > an idea, what's wrong with your SA installation (if there is anything wrong). > Might be worth doing:-) Oh, and before you jump on it, somewhere halfway through ... this stopped being an answer to your mail solely;-) But you saw that...:-P > > Kai > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From rob at kettle.org.uk Thu Jan 8 19:41:56 2009 From: rob at kettle.org.uk (Rob Kettle) Date: Thu Jan 8 19:42:15 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <496648E0.9020903@USherbrooke.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> Message-ID: <49665704.4080804@kettle.org.uk> Hi, been running a Centos 5 system with 4.72.1-1 for some time and last night I upgraded to 4.74.15-1. The upgrade appeared to go OK. However when I run MailScanner no mail is processed and if I look at processes the MailScanner jobs show as [defunct] and are using high CPU. After some playing around I've sound that the cause is the setting Rebuild Bayes Every = 14400 MailScanner will only work if I set this to Rebuild Bayes Every = 0 Not sure why this is ? regards Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From glenn.steen at gmail.com Thu Jan 8 19:49:24 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 8 19:49:34 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <49665704.4080804@kettle.org.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> Message-ID: <223f97700901081149p4e9fcce8wa44d90d18dae1b06@mail.gmail.com> 2009/1/8 Rob Kettle : > Hi, > > been running a Centos 5 system with 4.72.1-1 for some time and last night I > upgraded to 4.74.15-1. The upgrade appeared to go OK. > > However when I run MailScanner no mail is processed and if I look at > processes the MailScanner jobs show as [defunct] and are using high CPU. > > After some playing around I've sound that the cause is the setting > > Rebuild Bayes Every = 14400 > > MailScanner will only work if I set this to Rebuild Bayes Every = 0 > > Not sure why this is ? > > regards > Rob > There's a few threads RE this floating around on the list, try looking at them... Or go directly to the fixes:-). There should be a newer package available for you, and possibly a smallish manual fix needed. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dgottsc at emory.edu Thu Jan 8 19:57:43 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Thu Jan 8 19:58:02 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <49664631.2020207@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> Message-ID: Yes, I have "Log Spam = yes" in my MailScanner.conf. I'm running MailScanner version 4.60.8. Am I running too old of a version? David Gottschalk Emory University UTS Messaging Team 404.727.9744 -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Thursday, January 08, 2009 1:30 PM To: MailScanner discussion Subject: Re: Anti-spear-phishing, round 2 Do you have "Log Spam = yes" in your MailScanner.conf? If so, you should see logging of the actions that are produced by this setting. I assume you're running a recent version of MailScanner. Also, remove the space before the word "header", just in case that matters. That line is very hard to parse. On 8/1/09 15:17, Gottschalk, David wrote: > Well, I messed around with it some more this AM, but still no luck. > > SpamAssassin is seeing the new rule, and filtering properly (I can see it score the message in the logs when I send a test message to one of the filter addressed); however, for some reason it's not following my rule in MailScanner.conf. Here is what I have: > > SpamAssassin Rule Actions = JKF_ANTI_PHISH=>not-deliver,store,forward dgottsc@emory.edu, header "X-Anti-Phish: Was to _TO_" > > Any ideas? > > David Gottschalk > Emory University > UTS Messaging Team > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: Wednesday, January 07, 2009 5:14 PM > To: MailScanner discussion > Subject: Re: Anti-spear-phishing, round 2 > > > > On 7/1/09 21:00, Gottschalk, David wrote: > >> Julian, >> Thanks for posting this! This is going to make my life a lot easier. I plan on installing it on all of my machines with mailscanner. I'll let you know how well it works. I've got it installed on one machine right now, I'm just trying to figure out how to get the spam assassin rule actions to work properly right now. For some reason it's not following the rule actions even though it matches it. >> >> > Check your maillog, that will show if anything is wrong. Don't put a > comma in the text of the header for starters, it breaks my parser :-( > > If you get really stuck, feel free to ask for help :) > > Jules. > >> -----Original Message----- >> From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field >> Sent: Tuesday, January 06, 2009 5:20 PM >> To: MailScanner discussion >> Subject: Anti-spear-phishing, round 2 >> >> I have done a load of work on my script that uses the anti-spear-phishing addresses database. >> >> The main thing is now that it is pretty much a finished script, and is directly usable by you guys without you having to do much to it except read the settings at the top and tweak the filenames if you want to change where it puts things. >> >> I have taken a lot of care to ensure that this won't match any false alarms, I don't just dumbly look for the strings in any surrounding text, which certain commercial AV vendors have been caught doing in the past! >> >> I make a suggestion in the comments at the top of the script about how I use the rule within MailScanner, you probably want to do something similar, and not just delete anything that matches, just in case you do get any false alarms. >> >> It also looks for numbers at the end of the username bit of the address, and assumes that these are numbers which the scammers may change; so if it finds them, it replaces them with a pattern that will match any number instead. There's starting to be a lot of this about, as it's the easiest way for the scammers to try to defeat simple address lists targeted against them, while still being able to remember what addresses they have to check for replies from your dumb users. :-) I thought I would make it a tiny bit harder for them... >> >> You can also add addresses of your own (which can include "*" as a wildcard character to mean "any series of valid characters" in the email address), one address per line, in an optional extra file. Again, read the top of the script and you'll see it mentioned there. That file is optional, it doesn't matter if it doesn't exist. As a starter, you might want to put m i c h a e l l o u c a s * @ g m a i l . c o m (without the extra spaces) in that file, as it will nicely catch a lot of "Job opportunity" spams. >> >> It looks for any of these addresses appearing **anywhere** in the message, not just in the headers. So if you start talking to people about these addresses, don't be surprised when the messages get caught by the trap. >> >> It does a "wget", so make sure you have that binary installed, or else change the script to fetch the file by some other means. >> >> The very end of the script does a "service MailScanner restart", so if you need some other command to restart MailScanner, then edit it for your system. It needs to be a "restart" and not a "reload" as I have to force it to re-build the database of SpamAssassin rules. >> >> My aim was that, on a RedHat system running MailScanner, you could just copy the script into /etc/cron.hourly and make it executable, and it will just get on with the job for you. I do advise you read the bit in the script about "SpamAssassin Rule Actions" though. >> >> Please do let me know how you would like me to improve it, and tell me what you think of it in general (be polite, now! :-) >> >> Cheers, >> >> Jules >> >> -- >> Julian Field MEng CITP CEng >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> >> MailScanner customisation, or any advanced system administration help? >> Contact me at Jules@Jules.FM >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc >> >> >> -- >> This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. >> >> >> This e-mail message (including any attachments) is for the sole use of >> the intended recipient(s) and may contain confidential and privileged >> information. If the reader of this message is not the intended >> recipient, you are hereby notified that any dissemination, distribution >> or copying of this message (including any attachments) is strictly >> prohibited. >> >> If you have received this message in error, please contact >> the sender by reply e-mail message and destroy all copies of the >> original message (including attachments). >> >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From Denis.Beauchemin at USherbrooke.ca Thu Jan 8 20:02:28 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 8 20:02:54 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <49665704.4080804@kettle.org.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> Message-ID: <49665BD4.9080307@USherbrooke.ca> Rob Kettle a ?crit : > Hi, > > been running a Centos 5 system with 4.72.1-1 for some time and last > night I upgraded to 4.74.15-1. The upgrade appeared to go OK. > > However when I run MailScanner no mail is processed and if I look at > processes the MailScanner jobs show as [defunct] and are using high CPU. > > After some playing around I've sound that the cause is the setting > > Rebuild Bayes Every = 14400 > > MailScanner will only work if I set this to Rebuild Bayes Every = 0 > > Not sure why this is ? > > regards > Rob > Rob, I also run with Rebuild Bayes Every = 0 and I have the following entry in root's crontab: 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn --force-expire; sleep 60; /sbin/service MailScanner start) I get an email like this one every night: > Shutting down MailScanner daemons: > MailScanner: [ OK ] > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > bayes: synced databases from journal in 0 seconds: 1163 unique entries (1857 total entries) > expired old bayes database entries in 53 seconds > 491688 entries kept, 115369 deleted > token frequency: 1-occurrence tokens: 0.00% > token frequency: less than 8 occurrences: 76.79% > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: [ OK ] I know my server isn't accepting emails during that time but I can live with it. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From kc5goi at gmail.com Thu Jan 8 21:01:30 2009 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Thu Jan 8 21:01:40 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> Message-ID: Jule, I apologize for being blind today. I downloaded the script, made it executable, put in my desired address in the file. I ran the script verified the presence but what I am being blind to is where to tell SpamAssassin to look for the file so it can filter out that crap. I do not have a SpamAssassin Rule Actions entry in my MailScanner.conf. I am on 4.58.9 so David's question is one I have as well. Thanks for the good work. Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/ce4ee7aa/attachment.html From Denis.Beauchemin at USherbrooke.ca Thu Jan 8 21:28:51 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Thu Jan 8 21:29:10 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> Message-ID: <49667013.3060600@USherbrooke.ca> Guy Story KC5GOI a ?crit : > Jule, I apologize for being blind today. I downloaded the script, > made it executable, put in my desired address in the file. I ran the > script verified the presence but what I am being blind to is where to > tell SpamAssassin to look for the file so it can filter out that crap. > I do not have a SpamAssassin Rule Actions entry in my > MailScanner.conf. I am on 4.58.9 so David's question is one I have as > well. > > Thanks for the good work. > > Guy Story KC5GOI > kc5goi@gmail.com Guy, If you run the script as-is, you don't have to do anything for it to kick into action (as it creates a cf file in /etc/mail/spamassassin). It will default to an SA score of 4 and you should see hits for JKF_ANTI_PHISH in your maillog. That's what I did and I made sure SA is using it with the following command: spamassassin --lint -D 2>&1 | grep jkf [26088] dbg: config: read file /etc/mail/spamassassin/jkf.anti-spear-phishing.cf So far, though, I haven't had any hits in about 4 hours. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From maillists at conactive.com Thu Jan 8 21:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 21:31:33 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> Message-ID: Glenn Steen wrote on Thu, 8 Jan 2009 20:36:59 +0100: > Use the settings suggested in spam.assassin.prefs.conf (a.k.a. > /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory > to use for this. I think this won't help. SA will try to check in the user homedir for userprefs, anyway. Of course, it will help for sitewide stuff like Bayes and AWL. As I wrote it happens also for me: [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir /var/spool/postfix/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577 [14255] dbg: config: Permission denied but it's non-critical. It doesn't even show in a normal --lint, only with -D. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Thu Jan 8 21:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Thu Jan 8 21:31:33 2009 Subject: MailScanner --lint error In-Reply-To: <567221C09601934AA5CE9762FDA09A5001C3EC@EXCHTEMP.biz.pwr-sys.com> References: <567221C09601934AA5CE9762FDA09A5001C3D7@EXCHTEMP.biz.pwr-sys.com> <495FBCAE.60204@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3D9@EXCHTEMP.biz.pwr-sys.com> <496083A2.2090909@ecs.soton.ac.uk> <567221C09601934AA5CE9762FDA09A5001C3DA@EXCHTEMP.biz.pwr-sys.com> <72cf361e0901041213g512c4b70x84c3ad8ebeec55fc@mail.gmail.com> <567221C09601934AA5CE9762FDA09A5001C3DE@EXCHTEMP.biz.pwr-sys.com> <567221C09601934AA5CE9762FDA09A5001C3EC@EXCHTEMP.biz.pwr-sys.co Message-ID: m> Reply-To: mailscanner@lists.mailscanner.info Just FYI: as it turns out his obscure error messages were created by a broken MailScanner.conf. Broken by his colleague trying to use that years -old Webmin module for administering MS. ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From kc5goi at gmail.com Thu Jan 8 21:49:30 2009 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Thu Jan 8 21:49:41 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <49667013.3060600@USherbrooke.ca> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <49667013.3060600@USherbrooke.ca> Message-ID: Thanks Denis. That is the way I read Jules script but it was not sinking in. I have not had any matches in the whole hour that has passed since I put it in place. That may be normal. I will be watching my inbox since I have the notifications pointing to me. On Thu, Jan 8, 2009 at 3:28 PM, Denis Beauchemin < Denis.Beauchemin@usherbrooke.ca> wrote: > Guy Story KC5GOI a ?crit : > >> Jule, I apologize for being blind today. I downloaded the script, made it >> executable, put in my desired address in the file. I ran the script >> verified the presence but what I am being blind to is where to tell >> SpamAssassin to look for the file so it can filter out that crap. I do not >> have a SpamAssassin Rule Actions entry in my MailScanner.conf. I am on >> 4.58.9 so David's question is one I have as well. >> >> Thanks for the good work. >> >> Guy Story KC5GOI >> kc5goi@gmail.com >> > > Guy, > > If you run the script as-is, you don't have to do anything for it to kick > into action (as it creates a cf file in /etc/mail/spamassassin). It will > default to an SA score of 4 and you should see hits for JKF_ANTI_PHISH in > your maillog. That's what I did and I made sure SA is using it with the > following command: > spamassassin --lint -D 2>&1 | grep jkf > [26088] dbg: config: read file /etc/mail/spamassassin/ > jkf.anti-spear-phishing.cf > > So far, though, I haven't had any hits in about 4 hours. > > Denis > > -- > _ > ?v? Denis Beauchemin, analyste > /(_)\ Universit? de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x62252 F: 819.821.8045 > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/e0b9151a/attachment.html From mark at msapiro.net Thu Jan 8 22:38:37 2009 From: mark at msapiro.net (Mark Sapiro) Date: Thu Jan 8 22:38:47 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> Message-ID: <20090108223837.GA4032@msapiro> On Thu, Jan 08, 2009 at 02:57:43PM -0500, Gottschalk, David wrote: > > I'm running MailScanner version 4.60.8. > > Am I running too old of a version? It's too old for the _TO_ replacement in the header action. That requires 4.74.9 minimum. Also, the unknown _TO_ replacement will cause the wntire action to be ignored. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From garvey at pushormitchell.com Thu Jan 8 23:03:29 2009 From: garvey at pushormitchell.com (Joe Garvey) Date: Thu Jan 8 23:03:36 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET Message-ID: I have been using MailScanner for about 4 years now but recently I have been having some major problems with MailScanner/SA detecting spam. It almost seems as though it stops checking after the system does a lookup on bl.spamcop.net. If there is a positive score for RCVD_IN_BL_SPAMCOP_NET then it seems as though the system stops any other checks. The score is usually 2.188 as defined in /usr/share/spamassassin/50_scores.cf. I have also tried to increase this score by placing the following rule in /etc/mail/spamassassin/custom.cf but it does not increase the value score RCVD_IN_BL_SPAMCOP_NET 5.5 I upgraded to MailScanner 4.74.13 and SA 3.2.5 and it did not make a difference. My gut feeling is that I am missing something somewhere and have been staring at it to long. Any suggestions as to where to look next? Thanks Joe Garvey Information Technology Manager Email: garvey@pushormitchell.com Pushor Mitchell LLP From dave.filchak at senecac.on.ca Thu Jan 8 23:42:07 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Thu Jan 8 23:42:31 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> Message-ID: <49668F4F.4000700@senecac.on.ca> Hello all again, Glenn Steen wrote: > 2009/1/8 Kai Schaetzl : > >> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: >> >> >>>>> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix >>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >>>>> >> look at the homedir! >> > Indeed;) > > >>> su - postfix -s /bin/bash >>> -bash-3.00$ spamassassin --lint >>> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: >>> Permission denied >>> -bash-3.00$ >>> >> you get this strange path because your postfix user has the wrong homedir. It >> should be /var/spool/postfix (That also shows that you don't have to su to >> postfix, it's running as postfix, anyway.) >> If your mail is still not flowing that might also be the reason for it. >> >> > I'm leaning toward one of the classics here: > Since the directory SA (as the postfix user) tries to write things to > (user prefs, razor-agent thing, pyzor discover thing etc), some of > that cr*p end up being written somewhere the postfix user _can_ write > ... the hold queue... So Dave should perhaps look at that directory > for non-queue files ... and remove them. > > How to make sure they never reappear? > First: Set a more reasonable home directory for postfix, like > /var/spool/postfix. Edit /etc/passwd with something safe like vipw > > ALTERNATIVE 1 > Temporarily make that directory writable by the postfix user > su - postfix -s /bin/bash > spamassassin --lint > spamassassin -t -D < /path/to/a/message > exit > Make the directory non-writable by postfix. > You should now have all the needed directories, like .razor .pyzor and > .spamassassin > > ALTERNATIVE 2 > > Create the directories by hand (in ~postfix) and make them owned by > postfix and writable by postfix. > > ALTERNATIVE 3 > > Use the settings suggested in spam.assassin.prefs.conf (a.k.a. > /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory > to use for this. Look in the wiki for similar details for razor and > pyzor (unless they're already in mailscanner.cf ... I fail to > remember). > > Any of the alternatives would likely do. > > Then, as said, go check/clean your /var/spool/postfix/hold directory > for/from files that aren't Postfix queue files. > Sorry I have not responded in the past few hours. I had to get a couple of hours of sleep as I was not able to think anymore. > >>> I am >>> stumped. >>> >> This error is absolutely non-critical and can be ignored: >> >> [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir >> /var/spool/postfix/.spamassassin: Permission denied at >> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577 >> [14255] dbg: config: Permission denied >> >> > I wouldn't exactly call it non-critical, since it might indicate the > error-situation mentioned above:) > > >> I'm just wondering why you get this error shown at all. It shouldn't show up >> with a simple "spamassassin --lint" (you wrote you ran that, without -D), only >> with "spamassassin --lint -D". I wonder if you have a mix of an older and newer >> SA on your system. The output level of --lint has been changed several times >> during the last year or so, so that it stops outputting uncritical errors. I >> would really advise to remove the SA package, upgrade your CentOS and then >> reapply it. I have to say that I'm not using the "easy install" package provided >> by Jules. I always role my own which is *very* easy to do as they provide a >> working spec file in their source. You just build it with the command given on >> the download page and it works. You may want to try it this way. Maybe Jules has >> an idea, what's wrong with your SA installation (if there is anything wrong). >> I really cannot do this as it is a live server and I simply would not have time. I am going to build a new one and replace this in the first half of this year but need to get this up and running for the time being. What I cannot understand is: all of this was just fine (other than being out of date) before I upgraded. >> > Might be worth doing:-) > Oh, and before you jump on it, somewhere halfway through ... this > stopped being an answer to your mail solely;-) But you saw that...:-P > > So, I have a few more clues to pass on while I try and make sense of all your messages. We also run MailWatch and when looking at the quarantine, MS seems holding everything as spam, even if the SA score is 0. When I released a message from the quarantine, it gives me the following error: SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: locker: safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied Learned tokens from 0 message(s) (1 message(s) examined) Obviously some permission issues. It also shows every message as being listed in one of the RBLs I am using ... which I doubt. I noticed some others talking about some new lock file script? I am going to study this message and see what makes sense for me to do. Dave From ssilva at sgvwater.com Fri Jan 9 00:05:15 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 9 00:05:41 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <49668F4F.4000700@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <49668F4F.4000700@senecac.on.ca> Message-ID: on 1-8-2009 3:42 PM Dave Filchak spake the following: > Hello all again, > > Glenn Steen wrote: >> 2009/1/8 Kai Schaetzl : >> >>> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: >>> >>> >>>>>> Unfortunately, the user Postfix is set to nologin ( >>>>>> postfix:x:80:80:Postfix >>>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >>>>>> >>> look at the homedir! >>> >> Indeed;) >> >> >>>> su - postfix -s /bin/bash >>>> -bash-3.00$ spamassassin --lint >>>> [19715] warn: config: path "//.spamassassin/user_prefs" is >>>> inaccessible: >>>> Permission denied >>>> -bash-3.00$ >>>> >>> you get this strange path because your postfix user has the wrong >>> homedir. It >>> should be /var/spool/postfix (That also shows that you don't have to >>> su to >>> postfix, it's running as postfix, anyway.) >>> If your mail is still not flowing that might also be the reason for it. >>> >>> >> I'm leaning toward one of the classics here: >> Since the directory SA (as the postfix user) tries to write things to >> (user prefs, razor-agent thing, pyzor discover thing etc), some of >> that cr*p end up being written somewhere the postfix user _can_ write >> ... the hold queue... So Dave should perhaps look at that directory >> for non-queue files ... and remove them. >> >> How to make sure they never reappear? >> First: Set a more reasonable home directory for postfix, like >> /var/spool/postfix. Edit /etc/passwd with something safe like vipw >> >> ALTERNATIVE 1 >> Temporarily make that directory writable by the postfix user >> su - postfix -s /bin/bash >> spamassassin --lint >> spamassassin -t -D < /path/to/a/message >> exit >> Make the directory non-writable by postfix. >> You should now have all the needed directories, like .razor .pyzor and >> .spamassassin >> >> ALTERNATIVE 2 >> >> Create the directories by hand (in ~postfix) and make them owned by >> postfix and writable by postfix. >> >> ALTERNATIVE 3 >> >> Use the settings suggested in spam.assassin.prefs.conf (a.k.a. >> /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory >> to use for this. Look in the wiki for similar details for razor and >> pyzor (unless they're already in mailscanner.cf ... I fail to >> remember). >> >> Any of the alternatives would likely do. >> >> Then, as said, go check/clean your /var/spool/postfix/hold directory >> for/from files that aren't Postfix queue files. >> > Sorry I have not responded in the past few hours. I had to get a couple > of hours of sleep as I was not able to think anymore. >> >>>> I am >>>> stumped. >>>> >>> This error is absolutely non-critical and can be ignored: >>> >>> [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: >>> mkdir >>> /var/spool/postfix/.spamassassin: Permission denied at >>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577 >>> [14255] dbg: config: Permission denied >>> >>> >> I wouldn't exactly call it non-critical, since it might indicate the >> error-situation mentioned above:) >> >> >>> I'm just wondering why you get this error shown at all. It shouldn't >>> show up >>> with a simple "spamassassin --lint" (you wrote you ran that, without >>> -D), only >>> with "spamassassin --lint -D". I wonder if you have a mix of an older >>> and newer >>> SA on your system. The output level of --lint has been changed >>> several times >>> during the last year or so, so that it stops outputting uncritical >>> errors. I >>> would really advise to remove the SA package, upgrade your CentOS and >>> then >>> reapply it. I have to say that I'm not using the "easy install" >>> package provided >>> by Jules. I always role my own which is *very* easy to do as they >>> provide a >>> working spec file in their source. You just build it with the command >>> given on >>> the download page and it works. You may want to try it this way. >>> Maybe Jules has >>> an idea, what's wrong with your SA installation (if there is anything >>> wrong). >>> > I really cannot do this as it is a live server and I simply would not > have time. I am going to build a new one and replace this in the first > half of this year but need to get this up and running for the time > being. What I cannot understand is: all of this was just fine (other > than being out of date) before I upgraded. >>> >> Might be worth doing:-) >> Oh, and before you jump on it, somewhere halfway through ... this >> stopped being an answer to your mail solely;-) But you saw that...:-P >> >> > So, I have a few more clues to pass on while I try and make sense of all > your messages. We also run MailWatch and when looking at the quarantine, > MS seems holding everything as spam, even if the SA score is 0. When I > released a message from the quarantine, it gives me the following error: > > SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes > databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission > denied bayes: expire_old_tokens: locker: safe_lock: cannot create > lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: > locker: safe_lock: cannot create lockfile > /etc/MailScanner/bayes/bayes.mutex: Permission denied Learned tokens > from 0 message(s) (1 message(s) examined) > > Obviously some permission issues. It also shows every message as being > listed in one of the RBLs I am using ... which I doubt. I noticed some > others talking about some new lock file script? > > I am going to study this message and see what makes sense for me to do. > > Dave > > Can you download and install 4.74.15-2? There were some postfix related fixes between 13-2 and 15-2. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090108/97d266e9/signature.bin From dave.filchak at senecac.on.ca Fri Jan 9 00:59:41 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 01:00:04 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <49668F4F.4000700@senecac.on.ca> Message-ID: <4966A17D.2000006@senecac.on.ca> OK ...did this. Thought I would clean up the thread a bit so we can see more of the current situation: Scott Silva wrote: > > Can you download and install 4.74.15-2? There were some postfix related fixes > between 13-2 and 15-2. > Probably nothing but I get these during install: file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Storable.pm from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/CAN_FLOCK.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/Storable.so from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_freeze.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_retrieve.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_store.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_store_fd.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/autosplit.ix from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/fd_retrieve.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/freeze.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_nstore.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_retrieve.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_store.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/logcarp.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/logcroak.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nfreeze.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nstore.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nstore_fd.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/read_magic.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/retrieve.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/show_file_magic.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/store.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/store_fd.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/thaw.al from install of perl-Storable-2.16-2 conflicts with file from package perl-5.8.5-24.RHEL4 Running: spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint [22231] dbg: logger: adding facilities: all [22231] dbg: logger: logging level is DBG [22231] dbg: generic: SpamAssassin version 3.2.5 [22231] dbg: config: score set 0 chosen. [22231] dbg: util: running in taint mode? yes [22231] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [22231] dbg: util: PATH included '/usr/kerberos/sbin', keeping [22231] dbg: util: PATH included '/usr/kerberos/bin', keeping [22231] dbg: util: PATH included '/usr/local/sbin', keeping [22231] dbg: util: PATH included '/usr/local/bin', keeping [22231] dbg: util: PATH included '/sbin', keeping [22231] dbg: util: PATH included '/bin', keeping [22231] dbg: util: PATH included '/usr/sbin', keeping [22231] dbg: util: PATH included '/usr/bin', keeping [22231] dbg: util: PATH included '/usr/X11R6/bin', keeping [22231] dbg: util: PATH included '/usr/java/jdk1.5.0_05/bin', which doesn't exist, dropping [22231] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [22231] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [22231] dbg: dns: no ipv6 [22231] dbg: dns: is Net::DNS::Resolver available? yes [22231] dbg: dns: Net::DNS version: 0.63 [22231] dbg: diag: perl platform: 5.008005 linux [22231] dbg: diag: module installed: Digest::SHA1, version 2.11 [22231] dbg: diag: module installed: HTML::Parser, version 3.56 [22231] dbg: diag: module installed: Net::DNS, version 0.63 [22231] dbg: diag: module installed: MIME::Base64, version 3.07 [22231] dbg: diag: module installed: DB_File, version 1.814 [22231] dbg: diag: module installed: Net::SMTP, version 2.31 [22231] dbg: diag: module installed: Mail::SPF, version v2.004 [22231] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 [22231] dbg: diag: module installed: IP::Country::Fast, version 604.001 [22231] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 [22231] dbg: diag: module not installed: Net::Ident ('require' failed) [22231] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [22231] dbg: diag: module installed: IO::Socket::SSL, version 1.01 [22231] dbg: diag: module installed: Compress::Zlib, version 2.005 [22231] dbg: diag: module installed: Time::HiRes, version 1.9707 [22231] dbg: diag: module not installed: Mail::DomainKeys ('require' failed) [22231] dbg: diag: module not installed: Mail::DKIM ('require' failed) ## are these ('require' failed) something I need to be concerned with? [22231] dbg: diag: module installed: DBI, version 1.58 [22231] dbg: diag: module installed: Getopt::Long, version 2.36 [22231] dbg: diag: module installed: LWP::UserAgent, version 5.810 [22231] dbg: diag: module installed: HTTP::Date, version 5.810 [22231] dbg: diag: module installed: Archive::Tar, version 1.32 [22231] dbg: diag: module installed: IO::Zlib, version 1.04 [22231] dbg: diag: module installed: Encode::Detect, version 1.00 [22231] dbg: ignore: using a test message to lint rules [22231] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [22231] dbg: config: read file /etc/mail/spamassassin/init.pre [22231] dbg: config: read file /etc/mail/spamassassin/v310.pre [22231] dbg: config: read file /etc/mail/spamassassin/v312.pre [22231] dbg: config: read file /etc/mail/spamassassin/v320.pre [22231] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files [22231] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf [22231] dbg: config: using "/etc/mail/spamassassin" for site rules dir [22231] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf [22231] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file [22231] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [22231] dbg: razor2: local tests only, skipping Razor [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC [22231] dbg: dcc: local tests only, disabling DCC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [22231] dbg: pyzor: local tests only, disabling Pyzor [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [22231] dbg: reporter: local tests only, disabling SpamCop [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayCountry, already registered [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, already registered [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDNSBL, already registered [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf [22231] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf [22231] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" for included file [22231] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf [22231] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [22231] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [22231] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [22231] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE [22231] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [22231] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [22231] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [22231] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [22231] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [22231] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [22231] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [22231] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [22231] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [22231] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [22231] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [22231] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [22231] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [22231] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B [22231] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND RCVD_IN_DSBL STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING [22231] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [22231] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [22231] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [22231] dbg: conf: finish parsing [22231] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x29d6950) implements 'finish_parsing_end', priority 0 [22231] dbg: replacetags: replacing tags [22231] dbg: replacetags: done replacing tags [22231] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [22231] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [22231] dbg: bayes: found bayes db version 3 [22231] dbg: bayes: DB journal sync: last sync: 0 [22231] dbg: bayes: not available for scanning, only 1 ham(s) in bayes DB < 200 [22231] dbg: bayes: untie-ing [22231] dbg: config: score set 0 chosen. [22231] dbg: message: main message type: text/plain [22231] dbg: message: ---- MIME PARSER START ---- [22231] dbg: message: parsing normal part [22231] dbg: message: ---- MIME PARSER END ---- [22231] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x2adb400) implements 'check_start', priority 0 [22231] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks [22231] dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen [22231] dbg: bayes: found bayes db version 3 [22231] dbg: bayes: DB journal sync: last sync: 0 [22231] dbg: bayes: not available for scanning, only 1 ham(s) in bayes DB < 200 [22231] dbg: bayes: untie-ing [22231] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x2a600f0) implements 'check_main', priority 0 [22231] dbg: conf: trusted_networks are not configured; it is recommended that you configure trusted_networks manually [22231] dbg: metadata: X-Spam-Relays-Trusted: [22231] dbg: metadata: X-Spam-Relays-Untrusted: [22231] dbg: metadata: X-Spam-Relays-Internal: [22231] dbg: metadata: X-Spam-Relays-External: [22231] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x285c3d0) implements 'extract_metadata', priority 0 [22231] dbg: metadata: X-Relay-Countries: [22231] dbg: message: no encoding detected [22231] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x27d4c70) implements 'parsed_metadata', priority 0 [22231] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x285c3d0) implements 'parsed_metadata', priority 0 [22231] dbg: dns: is DNS available? 0 [22231] dbg: rules: local tests only, ignoring RBL eval [22231] dbg: check: running tests for priority: -1000 [22231] dbg: rules: running head tests; score so far=0 [22231] dbg: rules: compiled head tests [22231] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [22231] dbg: eval: all '*To' addrs: [22231] dbg: rules: running body tests; score so far=0 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=0 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=0 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=0 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=0 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: -950 [22231] dbg: rules: running head tests; score so far=0 [22231] dbg: rules: compiled head tests [22231] dbg: rules: running body tests; score so far=0 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=0 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=0 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=0 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=0 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: -900 [22231] dbg: rules: running head tests; score so far=0 [22231] dbg: rules: compiled head tests [22231] dbg: rules: running body tests; score so far=0 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=0 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=0 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=0 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=0 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: -400 [22231] dbg: rules: running head tests; score so far=0 [22231] dbg: rules: compiled head tests [22231] dbg: rules: running body tests; score so far=0 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=0 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=0 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=0 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=0 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: 0 [22231] dbg: rules: running head tests; score so far=0 [22231] dbg: rules: compiled head tests [22231] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [22231] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [22231] dbg: rules: Message-Id: " [22231] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [22231] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [22231] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1231461934" [22231] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [22231] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1231461934@lint_rules> [22231] dbg: rules: " [22231] dbg: spf: checking to see if the message has a Received-SPF header that we can use [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: spf: cannot get Envelope-From, cannot use SPF [22231] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [22231] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) [22231] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [22231] dbg: spf: spf_whitelist_from: could not find useable envelope sender [22231] dbg: rules: running body tests; score so far=1.899 [22231] dbg: rules: compiled body tests [22231] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [22231] dbg: rules: running uri tests; score so far=1.899 [22231] dbg: rules: compiled uri tests [22231] dbg: eval: stock info total: 0 [22231] dbg: rules: running rawbody tests; score so far=1.899 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" [22231] dbg: rules: running full tests; score so far=1.899 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=1.899 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: 500 [22231] dbg: dns: harvest_dnsbl_queries [22231] dbg: rules: running head tests; score so far=1.899 [22231] dbg: rules: compiled head tests [22231] dbg: rules: running body tests; score so far=1.899 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=1.899 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=1.899 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=1.899 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=1.899 [22231] dbg: rules: compiled meta tests [22231] dbg: check: running tests for priority: 1000 [22231] dbg: rules: running head tests; score so far=4.205 [22231] dbg: rules: compiled head tests [22231] dbg: rules: running body tests; score so far=4.205 [22231] dbg: rules: compiled body tests [22231] dbg: rules: running uri tests; score so far=4.205 [22231] dbg: rules: compiled uri tests [22231] dbg: rules: running rawbody tests; score so far=4.205 [22231] dbg: rules: compiled rawbody tests [22231] dbg: rules: running full tests; score so far=4.205 [22231] dbg: rules: compiled full tests [22231] dbg: rules: running meta tests; score so far=4.205 [22231] dbg: rules: compiled meta tests [22231] dbg: check: is spam? score=4.205 required=5 [22231] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS [22231] dbg: check: subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID Other than the ('require' failed), seems to be OK? Running lint on MaiScanner gives me: MailScanner --lint Trying to setlogsock(unix) Read 848 hostnames from the phishing whitelist Read 4008 hostnames from the phishing blacklist Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 3 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 60 whitelist entries Checking version numbers... Version number in MailScanner.conf (4.74.15) is correct. Your envelope_sender_header in spam.assassin.prefs.conf is correct. MailScanner setting GID to (80) MailScanner setting UID to (80) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied ##still this issue although next it says it is reporting no issues SpamAssassin reported no errors. Using locktype = posix MailScanner.conf says "Virus Scanners = clamd" Found these virus scanners installed: clamavmodule, clamd =========================================================================== Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com Virus Scanning: Clamd found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses =========================================================================== Virus Scanner test reports: Clamd said "eicar.com was infected: Eicar-Test-Signature" If any of your virus scanners (clamavmodule,clamd) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf. Config: calling custom end function SQLBlacklist Closing down by-domain spam blacklist Config: calling custom end function MailWatchLogging Config: calling custom end function SQLWhitelist Closing down by-domain spam whitelist commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 1. ## and finallt this annoying line I do not see any errors on startup. Now I will go back and have a hard look at Glens message and see if I can figure out what he is saying to try. I just want to thank everyone for hanging in with me. This has been a long couple of days but really need to solve this soon. Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From dave.filchak at senecac.on.ca Fri Jan 9 01:40:10 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 01:40:23 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966A17D.2000006@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <49668F4F.4000700@senecac.on.ca> <4966A17D.2000006@senecac.on.ca> Message-ID: <4966AAFA.5060409@senecac.on.ca> Dave Filchak wrote: > OK ...did this. Thought I would clean up the thread a bit so we can > see more of the current situation: > > Scott Silva wrote: >> >> Can you download and install 4.74.15-2? There were some postfix >> related fixes >> between 13-2 and 15-2. >> > > Probably nothing but I get these during install: > > file /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/Storable.pm > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/CAN_FLOCK.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/Storable.so > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_freeze.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_retrieve.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_store.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/_store_fd.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/autosplit.ix > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/fd_retrieve.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/freeze.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_nstore.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_retrieve.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/lock_store.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/logcarp.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/logcroak.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nfreeze.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nstore.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/nstore_fd.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/read_magic.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/retrieve.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/show_file_magic.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/store.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/store_fd.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > file > /usr/lib64/perl5/5.8.5/x86_64-linux-thread-multi/auto/Storable/thaw.al > from install of perl-Storable-2.16-2 conflicts with file from package > perl-5.8.5-24.RHEL4 > > Running: > > spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint > [22231] dbg: logger: adding facilities: all > [22231] dbg: logger: logging level is DBG > [22231] dbg: generic: SpamAssassin version 3.2.5 > [22231] dbg: config: score set 0 chosen. > [22231] dbg: util: running in taint mode? yes > [22231] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [22231] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [22231] dbg: util: PATH included '/usr/kerberos/bin', keeping > [22231] dbg: util: PATH included '/usr/local/sbin', keeping > [22231] dbg: util: PATH included '/usr/local/bin', keeping > [22231] dbg: util: PATH included '/sbin', keeping > [22231] dbg: util: PATH included '/bin', keeping > [22231] dbg: util: PATH included '/usr/sbin', keeping > [22231] dbg: util: PATH included '/usr/bin', keeping > [22231] dbg: util: PATH included '/usr/X11R6/bin', keeping > [22231] dbg: util: PATH included '/usr/java/jdk1.5.0_05/bin', which > doesn't exist, dropping > [22231] dbg: util: PATH included '/root/bin', which doesn't exist, > dropping > [22231] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin > > [22231] dbg: dns: no ipv6 > [22231] dbg: dns: is Net::DNS::Resolver available? yes > [22231] dbg: dns: Net::DNS version: 0.63 > [22231] dbg: diag: perl platform: 5.008005 linux > [22231] dbg: diag: module installed: Digest::SHA1, version 2.11 > [22231] dbg: diag: module installed: HTML::Parser, version 3.56 > [22231] dbg: diag: module installed: Net::DNS, version 0.63 > [22231] dbg: diag: module installed: MIME::Base64, version 3.07 > [22231] dbg: diag: module installed: DB_File, version 1.814 > [22231] dbg: diag: module installed: Net::SMTP, version 2.31 > [22231] dbg: diag: module installed: Mail::SPF, version v2.004 > [22231] dbg: diag: module installed: Mail::SPF::Query, version 1.999001 > [22231] dbg: diag: module installed: IP::Country::Fast, version 604.001 > [22231] dbg: diag: module installed: Razor2::Client::Agent, version 2.84 > [22231] dbg: diag: module not installed: Net::Ident ('require' failed) > [22231] dbg: diag: module not installed: IO::Socket::INET6 ('require' > failed) > [22231] dbg: diag: module installed: IO::Socket::SSL, version 1.01 > [22231] dbg: diag: module installed: Compress::Zlib, version 2.005 > [22231] dbg: diag: module installed: Time::HiRes, version 1.9707 > [22231] dbg: diag: module not installed: Mail::DomainKeys ('require' > failed) > [22231] dbg: diag: module not installed: Mail::DKIM ('require' failed) > > ## are these ('require' failed) something I need to be concerned with? > > > [22231] dbg: diag: module installed: DBI, version 1.58 > [22231] dbg: diag: module installed: Getopt::Long, version 2.36 > [22231] dbg: diag: module installed: LWP::UserAgent, version 5.810 > [22231] dbg: diag: module installed: HTTP::Date, version 5.810 > [22231] dbg: diag: module installed: Archive::Tar, version 1.32 > [22231] dbg: diag: module installed: IO::Zlib, version 1.04 > [22231] dbg: diag: module installed: Encode::Detect, version 1.00 > [22231] dbg: ignore: using a test message to lint rules > [22231] dbg: config: using "/etc/mail/spamassassin" for site rules pre > files > [22231] dbg: config: read file /etc/mail/spamassassin/init.pre > [22231] dbg: config: read file /etc/mail/spamassassin/v310.pre > [22231] dbg: config: read file /etc/mail/spamassassin/v312.pre > [22231] dbg: config: read file /etc/mail/spamassassin/v320.pre > [22231] dbg: config: using "/var/lib/spamassassin/3.002005" for sys > rules pre files > [22231] dbg: config: using "/var/lib/spamassassin/3.002005" for > default rules dir > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf > [22231] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [22231] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf > [22231] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user prefs file > [22231] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [22231] dbg: razor2: local tests only, skipping Razor > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC > [22231] dbg: dcc: local tests only, disabling DCC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [22231] dbg: pyzor: local tests only, disabling Pyzor > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from > @INC > [22231] dbg: reporter: local tests only, disabling SpamCop > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [22231] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [22231] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags > from @INC > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, > already registered > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval > from @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from > @INC > [22231] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo > from @INC > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::RelayCountry, already registered > [22231] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SPF, > already registered > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::URIDNSBL, already registered > [22231] dbg: plugin: did not register > Mail::SpamAssassin::Plugin::Razor2, already registered > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf > > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf > > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf > [22231] dbg: config: fixed relative path: > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf > [22231] dbg: config: using > "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" > for included file > [22231] dbg: config: read file > /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf > [22231] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA > [22231] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E > [22231] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E > __MO_OL_F3B05 > [22231] dbg: rules: __JM_REACTOR_DATE merged duplicates: > __RATWARE_0_TZ_DATE > [22231] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 > __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF > __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 > [22231] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA > [22231] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: > HS_SUBJ_NEW_SOFTWARE > [22231] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI > [22231] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A > [22231] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C > __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 > __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 > [22231] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 > __MO_OL_CF0C0 > [22231] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 > KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 > [22231] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 > __MO_OL_ADFF7 > [22231] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 > [22231] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB > __MO_OL_7533E > [22231] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 > [22231] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI > [22231] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B > [22231] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: > BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF > DRUG_RA_PRICE FM_DDDD_TIMES_2 FM_SEX_HOSTDDDD HG_HORMONE HS_PHARMA_1 > HS_UPLOADED_SOFTWARE OEBOUND RCVD_IN_DSBL STOX_RCVD_N_NN_N > URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST > URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP > XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 > XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING > [22231] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E > [22231] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 > [22231] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 > [22231] dbg: conf: finish parsing > [22231] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x29d6950) implements > 'finish_parsing_end', priority 0 > [22231] dbg: replacetags: replacing tags > [22231] dbg: replacetags: done replacing tags > [22231] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_toks > [22231] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_seen > [22231] dbg: bayes: found bayes db version 3 > [22231] dbg: bayes: DB journal sync: last sync: 0 > [22231] dbg: bayes: not available for scanning, only 1 ham(s) in bayes > DB < 200 > [22231] dbg: bayes: untie-ing > [22231] dbg: config: score set 0 chosen. > [22231] dbg: message: main message type: text/plain > [22231] dbg: message: ---- MIME PARSER START ---- > [22231] dbg: message: parsing normal part > [22231] dbg: message: ---- MIME PARSER END ---- > [22231] dbg: plugin: > Mail::SpamAssassin::Plugin::DNSEval=HASH(0x2adb400) implements > 'check_start', priority 0 > [22231] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_toks > [22231] dbg: bayes: tie-ing to DB file R/O > /etc/MailScanner/bayes/bayes_seen > [22231] dbg: bayes: found bayes db version 3 > [22231] dbg: bayes: DB journal sync: last sync: 0 > [22231] dbg: bayes: not available for scanning, only 1 ham(s) in bayes > DB < 200 > [22231] dbg: bayes: untie-ing > [22231] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x2a600f0) > implements 'check_main', priority 0 > [22231] dbg: conf: trusted_networks are not configured; it is > recommended that you configure trusted_networks manually > [22231] dbg: metadata: X-Spam-Relays-Trusted: > [22231] dbg: metadata: X-Spam-Relays-Untrusted: > [22231] dbg: metadata: X-Spam-Relays-Internal: > [22231] dbg: metadata: X-Spam-Relays-External: > [22231] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x285c3d0) implements > 'extract_metadata', priority 0 > [22231] dbg: metadata: X-Relay-Countries: > [22231] dbg: message: no encoding detected > [22231] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x27d4c70) implements > 'parsed_metadata', priority 0 > [22231] dbg: plugin: > Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x285c3d0) implements > 'parsed_metadata', priority 0 > [22231] dbg: dns: is DNS available? 0 > [22231] dbg: rules: local tests only, ignoring RBL eval > [22231] dbg: check: running tests for priority: -1000 > [22231] dbg: rules: running head tests; score so far=0 > [22231] dbg: rules: compiled head tests > [22231] dbg: eval: all '*From' addrs: > ignore@compiling.spamassassin.taint.org > [22231] dbg: eval: all '*To' addrs: > [22231] dbg: rules: running body tests; score so far=0 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=0 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=0 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=0 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=0 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: -950 > [22231] dbg: rules: running head tests; score so far=0 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: running body tests; score so far=0 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=0 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=0 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=0 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=0 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: -900 > [22231] dbg: rules: running head tests; score so far=0 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: running body tests; score so far=0 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=0 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=0 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=0 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=0 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: -400 > [22231] dbg: rules: running head tests; score so far=0 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: running body tests; score so far=0 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=0 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=0 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=0 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=0 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: 0 > [22231] dbg: rules: running head tests; score so far=0 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: ran header rule __MISSING_REF ======> got hit: > "UNSET" > [22231] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got > hit: " > [22231] dbg: rules: Message-Id: " > [22231] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" > [22231] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: > "@lint_rules>" > [22231] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: > "1231461934" > [22231] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > [22231] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > "<1231461934@lint_rules> > [22231] dbg: rules: " > [22231] dbg: spf: checking to see if the message has a Received-SPF > header that we can use > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: rules: ran eval rule NO_RELAYS ======> got hit (1) > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: spf: cannot get Envelope-From, cannot use SPF > [22231] dbg: spf: def_spf_whitelist_from: could not find useable > envelope sender > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: spf: already checked for Received-SPF headers, proceeding > with DNS based checks > [22231] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit (1) > [22231] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) > [22231] dbg: spf: spf_whitelist_from: could not find useable envelope > sender > [22231] dbg: rules: running body tests; score so far=1.899 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > [22231] dbg: rules: running uri tests; score so far=1.899 > [22231] dbg: rules: compiled uri tests > [22231] dbg: eval: stock info total: 0 > [22231] dbg: rules: running rawbody tests; score so far=1.899 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: ran rawbody rule __TVD_BODY ======> got hit: "need" > [22231] dbg: rules: running full tests; score so far=1.899 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=1.899 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: 500 > [22231] dbg: dns: harvest_dnsbl_queries > [22231] dbg: rules: running head tests; score so far=1.899 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: running body tests; score so far=1.899 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=1.899 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=1.899 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=1.899 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=1.899 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: running tests for priority: 1000 > [22231] dbg: rules: running head tests; score so far=4.205 > [22231] dbg: rules: compiled head tests > [22231] dbg: rules: running body tests; score so far=4.205 > [22231] dbg: rules: compiled body tests > [22231] dbg: rules: running uri tests; score so far=4.205 > [22231] dbg: rules: compiled uri tests > [22231] dbg: rules: running rawbody tests; score so far=4.205 > [22231] dbg: rules: compiled rawbody tests > [22231] dbg: rules: running full tests; score so far=4.205 > [22231] dbg: rules: compiled full tests > [22231] dbg: rules: running meta tests; score so far=4.205 > [22231] dbg: rules: compiled meta tests > [22231] dbg: check: is spam? score=4.205 required=5 > [22231] dbg: check: > tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS > [22231] dbg: check: > subtests=__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID > > > Other than the ('require' failed), seems to be OK? > > Running lint on MaiScanner gives me: > > MailScanner --lint > Trying to setlogsock(unix) > Read 848 hostnames from the phishing whitelist > Read 4008 hostnames from the phishing blacklist > Config: calling custom init function SQLBlacklist > Starting up SQL Blacklist > Read 3 blacklist entries > Config: calling custom init function MailWatchLogging > Started SQL Logging child > Config: calling custom init function SQLWhitelist > Starting up SQL Whitelist > Read 60 whitelist entries > Checking version numbers... > Version number in MailScanner.conf (4.74.15) is correct. > > Your envelope_sender_header in spam.assassin.prefs.conf is correct. > MailScanner setting GID to (80) > MailScanner setting UID to (80) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: path "//.spamassassin/user_prefs" is inaccessible: Permission > denied > ##still this issue although next it says it is reporting no issues > > SpamAssassin reported no errors. > Using locktype = posix > MailScanner.conf says "Virus Scanners = clamd" > Found these virus scanners installed: clamavmodule, clamd > =========================================================================== > > Filename Checks: Windows/DOS Executable (1 eicar.com) > Other Checks: Found 1 problems > Virus and Content Scanning: Starting > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com > Virus Scanning: Clamd found 2 infections > Infected message 1 came from 10.1.1.1 > Virus Scanning: Found 2 viruses > =========================================================================== > > Virus Scanner test reports: > Clamd said "eicar.com was infected: Eicar-Test-Signature" > > If any of your virus scanners (clamavmodule,clamd) > are not listed there, you should check that they are installed correctly > and that MailScanner is finding them correctly via its > virus.scanners.conf. > Config: calling custom end function SQLBlacklist > Closing down by-domain spam blacklist > Config: calling custom end function MailWatchLogging > Config: calling custom end function SQLWhitelist > Closing down by-domain spam whitelist > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 1. > ## and finallt this annoying line > > I do not see any errors on startup. Now I will go back and have a hard > look at Glens message and see if I can figure out what he is saying to > try. > > I just want to thank everyone for hanging in with me. This has been a > long couple of days but really need to solve this soon. > > Dave > Just trying to track down permission errors. I get the following, running SALearn: SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: locker: safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied Learned tokens from 0 message(s) (1 message(s) examined) Here are my bayes settings (inside of the bayes folder) drwxrwxr-x 3 root webadmin 4096 Jul 18 2007 . drwxr-xr-x 9 root root 4096 Jan 8 20:15 .. --w--w-r-- 1 postfix postfix 18 Jan 8 02:23 bayes.mutex -rw-rw---- 1 postfix postfix 327680 Jan 8 02:23 bayes_seen -rw-rw---- 1 postfix postfix 5210112 Jan 8 02:23 bayes_toks drwxr-xr-x 2 root root 4096 Jul 18 2007 poisoned However, the bayes folder itself is:drwxrwxr-x 3 root webadmin 4096 Jul 18 2007 bayes I should also note the following ownership settings in MailScanner.conf: Run As User = postfix Run As Group = postfix Incoming Work Group = clamav Incoming Work Permissions = 0640 Quarantine Group = webadmin Quarantine Permissions = 0660 I believe that webadmin is there because of MailWatch as webadmin is what apache runs as Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From cwatts at elsberry.k12.mo.us Fri Jan 9 03:22:59 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Fri Jan 9 03:24:38 2009 Subject: identical messages -- some get bayes score, some don't Message-ID: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> I've just set up a new mail server, running MailScanner with sendmail, and am seeing a large percentage of mails that don't get a bayes score. I understand (I think) that unlike earlier versions, it's normal for some messages not to get a bayse score. However, this is approaching 50 percent, and, with identical messages, one will get a bayes score while the other doesn't. I don't see any indication of timeouts in the logs, and I have 'Wait During Bayes Rebuild = yes' in MailScanner.conf as was suggested in a similar discussion I found. At one point today we received 28 messages that were identical other than recipient. The first 5 didn't receive a bayes score. The 6th was scored BAYES_50. Copies 7 and 8 didn't recieve a bayes score, and the 9th copy scored BAYES_60. The final 19 copies did not receive a bayes score. All of the other SpamAssassin scores are identical for all 28 messages. Any help understanding what is going on here would be greatly appreciated. Thanks, Cannon Watts System spec's: MailScanner 4.73.4 SpamAssassin 3.2.5 Perl 5.10.0 Sendmail 8.14.2 Fedora 9, kernel 2.6.25 x86_64 Quad-Core Opteron 2350 4 GB RAM ADDITIONAL INFO I decided to try something else before hitting 'send' -- saved all 28 messages to a new mailbox, and deleted the SpamAssassin headers. I then ran 'spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.comf --mbox spams' Looking through the output, this time it scored 8 of the messages BAYES_50, 6 of the messages BAYES_60, and the other 14 did not get a bayes score. More importantly, I'm seeing a bunch of timeouts in the debug information. Way too much to include here, but I'm seeing hundreds of lines like these: [2456] dbg: async: starting: URI-DNSBL, DNSBL:dob.sibl.support-intelligence.net:agentbenefitsteam.com (timeout 10.0s, min 2.0s) [2456] dbg: async: starting: URI-NS, NS:agentbenefitsteam.com (timeout 10.0s, min 2.0s) [2456] dbg: async: starting: DNSBL-A, dns:A:154.248.19.72.plus.bondedsender.org. (timeout 10.0s, min 2.0s) [2456] dbg: async: starting: DNSBL-TXT, dns:TXT:154.248.19.72.bl.spamcop.net. (timeout 10.0s, min 2.0s) And perhaps most importantly: [2456] dbg: locker: safe_lock: trying to get lock on /etc/MailScanner/bayes/bayes with 10 timeout What can I do to cure all these timeouts (and will fixing the timeouts solve my bayes problems)? Thanks again, Cannon From dave.filchak at senecac.on.ca Fri Jan 9 03:25:52 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 03:26:18 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> Message-ID: <4966C3C0.7090103@senecac.on.ca> Glenn, Glenn Steen wrote: > 2009/1/8 Kai Schaetzl : > >> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: >> >> >>>>> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix >>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >>>>> >> look at the homedir! >> > Indeed;) > > >>> su - postfix -s /bin/bash >>> -bash-3.00$ spamassassin --lint >>> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: >>> Permission denied >>> -bash-3.00$ >>> >> you get this strange path because your postfix user has the wrong homedir. It >> should be /var/spool/postfix (That also shows that you don't have to su to >> postfix, it's running as postfix, anyway.) >> If your mail is still not flowing that might also be the reason for it. >> >> > I'm leaning toward one of the classics here: > Since the directory SA (as the postfix user) tries to write things to > (user prefs, razor-agent thing, pyzor discover thing etc), some of > that cr*p end up being written somewhere the postfix user _can_ write > ... the hold queue... So Dave should perhaps look at that directory > for non-queue files ... and remove them. > Actually ... the only thing in the hold directory is the razor-agent.log. Nothing else. There is also nothing in the incoming directory either. The server is not delivering any mail now. Though I do not see ANY errors in the logs. I can send myself an email and I see it being delivered to my maildir. But it will not deliver it. > How to make sure they never reappear? > First: Set a more reasonable home directory for postfix, like > /var/spool/postfix. Edit /etc/passwd with something safe like vipw > > ALTERNATIVE 1 > Temporarily make that directory writable by the postfix user > su - postfix -s /bin/bash > spamassassin --lint > spamassassin -t -D < /path/to/a/message > exit > Make the directory non-writable by postfix. > You should now have all the needed directories, like .razor .pyzor and > .spamassassin > > ALTERNATIVE 2 > > Create the directories by hand (in ~postfix) and make them owned by > postfix and writable by postfix. > Currently, the /var/spool/postfix directory itself is owned by root:root Inside this directory, most everything is owned by postfix and group root but is only rwx for user only. So, if I create the needed folders in here and set them up as the same permissions ... should that work? > ALTERNATIVE 3 > > Use the settings suggested in spam.assassin.prefs.conf (a.k.a. > /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory > to use for this. Look in the wiki for similar details for razor and > pyzor (unless they're already in mailscanner.cf ... I fail to > remember). > > Any of the alternatives would likely do. > > Then, as said, go check/clean your /var/spool/postfix/hold directory > for/from files that aren't Postfix queue files. > See above. Dave -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From dave.filchak at senecac.on.ca Fri Jan 9 05:14:24 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 05:14:41 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966C3C0.7090103@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> Message-ID: <4966DD30.30909@senecac.on.ca> Ok well .. I thought I would clean up the email a bit. I am now at the point that I no longer have any errors permission or otherwise with the exception of this: config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied I still have no clue where this is being generated from as in the MailScanner.conf, the spamassassin local state directory is set to /var/spool/MailScanner and the permissions are set postfix:postfix The worst part is though, that I am not getting mail ... even though if I send myself an email, I see it coming in and then being delivered to my maildir. I can go there and look at it on the server and it is all fine but it just will not be delivered. Anyone? Dave From goetz.reinicke at filmakademie.de Fri Jan 9 09:09:37 2009 From: goetz.reinicke at filmakademie.de (=?ISO-8859-15?Q?G=F6tz_Reinicke?=) Date: Fri Jan 9 09:09:59 2009 Subject: How to force queue clean up after network/DNS "hickup" Message-ID: <49671451.70305@filmakademie.de> Hi, I had some sort of network/DNS hickups and a lot of mails got queued in the meantime. How may I force Mailscanner/sendmail to deliver the mails now after the problems with the dns are solved? Thanks for any hint and for mailscanner anyway! Happy 2009 and best regards G?tz -- G?tz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-W?rttemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia H?bner Staatsr?tin f?r Demographischen Wandel und f?r Senioren im Staatsministerium Gesch?ftsf?hrer: Prof. Thomas Schadt From glenn.steen at gmail.com Fri Jan 9 09:28:59 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 09:29:09 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966AAFA.5060409@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <49668F4F.4000700@senecac.on.ca> <4966A17D.2000006@senecac.on.ca> <4966AAFA.5060409@senecac.on.ca> Message-ID: <223f97700901090128t5ba70617o348ebcba1e484067@mail.gmail.com> 2009/1/9 Dave Filchak : > > > Dave Filchak wrote: >> (snip) > Just trying to track down permission errors. I get the following, running > SALearn: > > SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes > databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied > bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile > /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: locker: > safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: > Permission denied Learned tokens from 0 message(s) (1 message(s) examined) > Your apache user (presumably "webadmin" does not have write access to your bayes files. Hence the error. > Here are my bayes settings (inside of the bayes folder) > drwxrwxr-x 3 root webadmin 4096 Jul 18 2007 . > drwxr-xr-x 9 root root 4096 Jan 8 20:15 .. > --w--w-r-- 1 postfix postfix 18 Jan 8 02:23 bayes.mutex > -rw-rw---- 1 postfix postfix 327680 Jan 8 02:23 bayes_seen > -rw-rw---- 1 postfix postfix 5210112 Jan 8 02:23 bayes_toks > drwxr-xr-x 2 root root 4096 Jul 18 2007 poisoned > All the above files should be owned by postfix.webadmin ... so first do chown postfix.webadmin /path/to/bayes/* ... where /path/to/bayes is likely /etc/MailScanner/bayes > However, the bayes folder itself is:drwxrwxr-x 3 root webadmin 4096 Jul > 18 2007 bayes The above is wrong too... You need set at least the GUID bit, so that created files are owned by webadmin... Do chmod g+s /path/to/bayes and you should be fine with that. > > I should also note the following ownership settings in MailScanner.conf: > > Run As User = postfix > Run As Group = postfix > Incoming Work Group = clamav > Incoming Work Permissions = 0640 > Quarantine Group = webadmin > Quarantine Permissions = 0660 Looks fine. > > I believe that webadmin is there because of MailWatch as webadmin is what > apache runs as Yep:) > > Dave > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 9 09:38:16 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 09:38:26 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966C3C0.7090103@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> Message-ID: <223f97700901090138m7135398dodfec2b6ebe1ee425@mail.gmail.com> 2009/1/9 Dave Filchak : > Glenn, > > Glenn Steen wrote: >> >> 2009/1/8 Kai Schaetzl : >> >>> >>> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500: >>> >>> >>>>>> >>>>>> Unfortunately, the user Postfix is set to nologin ( >>>>>> postfix:x:80:80:Postfix >>>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it ) >>>>>> >>> >>> look at the homedir! >>> >> >> Indeed;) >> >> >>>> >>>> su - postfix -s /bin/bash >>>> -bash-3.00$ spamassassin --lint >>>> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible: >>>> Permission denied >>>> -bash-3.00$ >>>> >>> >>> you get this strange path because your postfix user has the wrong >>> homedir. It >>> should be /var/spool/postfix (That also shows that you don't have to su >>> to >>> postfix, it's running as postfix, anyway.) >>> If your mail is still not flowing that might also be the reason for it. >>> >>> >> >> I'm leaning toward one of the classics here: >> Since the directory SA (as the postfix user) tries to write things to >> (user prefs, razor-agent thing, pyzor discover thing etc), some of >> that cr*p end up being written somewhere the postfix user _can_ write >> ... the hold queue... So Dave should perhaps look at that directory >> for non-queue files ... and remove them. >> > > Actually ... the only thing in the hold directory is the razor-agent.log. This is the one most usual culprit! Remove it, and configure razor so that it cannot ever happen again. > Nothing else. There is also nothing in the incoming directory either. The > server is not delivering any mail now. Though I do not see ANY errors in the > logs. I can send myself an email and I see it being delivered to my maildir. > But it will not deliver it. What does MailWatch say about the incoming messages? Are they all clased as spam? If so ... do you by any chance have ORDB, or some other dead BL, in Spam Lists (in MailScanner.conf)...? That might explain that, so to speak. Simplest fix: mkdir /var/spool/postfix/.razor mkdir /var/spool/postfix/.spamassassin mkdir /var/spool/postfix/.pyzor chown postfix.postfix /var/spool/postfix/.razor /var/spool/postfix/.pyzor /var/spool/postfix/.spamassassin ... and make sure to change postfix:x:80:80:Postfix Mail Server:/:/sbin/nologin to postfix:x:80:80:Postfix Mail Server:/var/spool/postfix:/sbin/nologin The above is "Alternative 2" spelled out;-). >> >> How to make sure they never reappear? >> First: Set a more reasonable home directory for postfix, like >> /var/spool/postfix. Edit /etc/passwd with something safe like vipw >> >> ALTERNATIVE 1 >> Temporarily make that directory writable by the postfix user >> su - postfix -s /bin/bash >> spamassassin --lint >> spamassassin -t -D < /path/to/a/message >> exit >> Make the directory non-writable by postfix. >> You should now have all the needed directories, like .razor .pyzor and >> .spamassassin >> >> ALTERNATIVE 2 >> >> Create the directories by hand (in ~postfix) and make them owned by >> postfix and writable by postfix. >> > > Currently, the /var/spool/postfix directory itself is owned by root:root > Inside this directory, most everything is owned by postfix and group root > but is only rwx for user only. Which is fine. > > So, if I create the needed folders in here and set them up as the same > permissions ... should that work? Yes. >> >> ALTERNATIVE 3 >> >> Use the settings suggested in spam.assassin.prefs.conf (a.k.a. >> /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory >> to use for this. Look in the wiki for similar details for razor and >> pyzor (unless they're already in mailscanner.cf ... I fail to >> remember). >> >> Any of the alternatives would likely do. >> >> Then, as said, go check/clean your /var/spool/postfix/hold directory >> for/from files that aren't Postfix queue files. >> > > See above. > > Dave > > > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 9 09:43:08 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 09:43:19 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966DD30.30909@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> Message-ID: <223f97700901090143h19668270w1c223c5ab81cb617@mail.gmail.com> 2009/1/9 Dave Filchak : > Ok well .. > > I thought I would clean up the email a bit. > > I am now at the point that I no longer have any errors permission or > otherwise with the exception of this: > > config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied > See my last mail in the previous thread. The one with "Alternative 2" exemplified. It'll take care of these errors. > I still have no clue where this is being generated from as in the > MailScanner.conf, the spamassassin local state directory is set to > /var/spool/MailScanner and the permissions are set postfix:postfix > > The worst part is though, that I am not getting mail ... even though if I > send myself an email, I see it coming in and then being delivered to my > maildir. I can go there and look at it on the server and it is all fine but > it just will not be delivered. Hm, is the MailScanner box your mailstore? Do you access that via some form of IMAP server? Sounds like this is now outside of MailScanners realm;-). > > Anyone? > > Dave Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From jkf at ecs.soton.ac.uk Fri Jan 9 10:48:01 2009 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 9 10:48:20 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <49665704.4080804@kettle.org.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> Message-ID: <49672B61.3000302@ecs.soton.ac.uk> Please do a "MailScanner --debug" with "Rebuild Bayes Every = 14400" and let me know the output. On 8/1/09 19:41, Rob Kettle wrote: > Hi, > > been running a Centos 5 system with 4.72.1-1 for some time and last > night I upgraded to 4.74.15-1. The upgrade appeared to go OK. > > However when I run MailScanner no mail is processed and if I look at > processes the MailScanner jobs show as [defunct] and are using high CPU. > > After some playing around I've sound that the cause is the setting > > Rebuild Bayes Every = 14400 > > MailScanner will only work if I set this to Rebuild Bayes Every = 0 > > Not sure why this is ? > > regards > Rob > Jules -- Julian Field MEng MBCS CITP CEng jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics& Computer Science University of Southampton SO17 1BJ, UK PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 9 10:49:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 9 10:50:10 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> Message-ID: <49672BCE.1030603@ecs.soton.ac.uk> If you want to use SpamAssassin Rule Actions, then you'll have to upgrade to a version that actually has that option :-) 4.58.9 is about 18 months out of date. Ancient, in this world. Sorry. On 8/1/09 21:01, Guy Story KC5GOI wrote: > Jule, I apologize for being blind today. I downloaded the script, > made it executable, put in my desired address in the file. I ran the > script verified the presence but what I am being blind to is where to > tell SpamAssassin to look for the file so it can filter out that crap. > I do not have a SpamAssassin Rule Actions entry in my > MailScanner.conf. I am on 4.58.9 so David's question is one I have as > well. > > Thanks for the good work. > > Guy Story KC5GOI > kc5goi@gmail.com Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Fri Jan 9 10:50:58 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Fri Jan 9 10:51:14 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <20090108223837.GA4032@msapiro> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> Message-ID: <49672C12.9040001@ecs.soton.ac.uk> On 8/1/09 22:38, Mark Sapiro wrote: > On Thu, Jan 08, 2009 at 02:57:43PM -0500, Gottschalk, David wrote: > >> I'm running MailScanner version 4.60.8. >> >> Am I running too old of a version? >> > > > It's too old for the _TO_ replacement in the header action. > That requires 4.74.9 minimum. > > Also, the unknown _TO_ replacement will cause the wntire action to be > ignored. > No it won't. It just won't be replaced with the list of recipients. What's breaking it is your version may well be too old to have SpamAssassin Rule Actions at all! :) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Fri Jan 9 11:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 11:31:32 2009 Subject: How to force queue clean up after network/DNS "hickup" In-Reply-To: <49671451.70305@filmakademie.de> References: <49671451.70305@filmakademie.de> Message-ID: G?tz Reinicke wrote on Fri, 09 Jan 2009 10:09:37 +0100: > How may I force Mailscanner/sendmail to deliver the mails now after the > problems with the dns are solved? sendmail -v -q you may need to purgestats before that as this stuff gets cached for a while. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 11:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 11:31:35 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> Message-ID: Cannon Watts wrote on Thu, 8 Jan 2009 21:22:59 -0600 (CST): > [2456] dbg: async: starting: URI-DNSBL, > DNSBL:dob.sibl.support-intelligence.net:agentbenefitsteam.com > (timeout 10.0s, min 2.0s) > > [2456] dbg: async: starting: URI-NS, > NS:agentbenefitsteam.com > (timeout 10.0s, min 2.0s) > > [2456] dbg: async: starting: DNSBL-A, > dns:A:154.248.19.72.plus.bondedsender.org. > (timeout 10.0s, min 2.0s) > > [2456] dbg: async: starting: DNSBL-TXT, > dns:TXT:154.248.19.72.bl.spamcop.net. > (timeout 10.0s, min 2.0s) there's a problem with your DNS or caching ns. Until you haven't solved that better disable network tests. Even after you are ok again you may want to disable some of these tests as they are not worth it. > > > And perhaps most importantly: > [2456] dbg: locker: safe_lock: trying to get lock on > /etc/MailScanner/bayes/bayes with 10 timeout check the permissions, look for existing lock files and remove them. Apparently, this didn't happen for all messages. So, check messages one by one and see if it then still happens. Maybe there's a performance problem? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 11:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 11:31:36 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: Joe Garvey wrote on Thu, 8 Jan 2009 15:03:29 -0800: > Any suggestions as to where to look next? spamassassin --lint -D will show you all configuration files that get used and any errors and warnings. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 11:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 11:31:36 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966DD30.30909@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> Message-ID: Dave Filchak wrote on Fri, 09 Jan 2009 00:14:24 -0500: > config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied > > I still have no clue where this is being generated from as in the > MailScanner.conf, the spamassassin local state directory is set to > /var/spool/MailScanner and the permissions are set postfix:postfix As I said already: your postfix homedir points to the wrong directory. And this error is non-critical and doesn't need to be fixed. > The worst part is though, that I am not getting mail Go thru the usual debugging steps - which means you start at the beginning and remove the changes you made for MailScanner in postfix. First thing you want to check if postfix still delivers fine without MailScanner. If that is the case, then follow the tutorial I pointed you already several times to. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dgottsc at emory.edu Fri Jan 9 12:46:17 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Fri Jan 9 12:46:28 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <49672C12.9040001@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> Message-ID: I was afraid that would be the answer I guess this gives me more motivation to upgrade my MailScanner version! David Gottschalk Emory University UTS Messaging Team -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Julian Field Sent: Friday, January 09, 2009 5:51 AM To: MailScanner discussion Subject: Re: Anti-spear-phishing, round 2 On 8/1/09 22:38, Mark Sapiro wrote: > On Thu, Jan 08, 2009 at 02:57:43PM -0500, Gottschalk, David wrote: > >> I'm running MailScanner version 4.60.8. >> >> Am I running too old of a version? >> > > > It's too old for the _TO_ replacement in the header action. > That requires 4.74.9 minimum. > > Also, the unknown _TO_ replacement will cause the wntire action to be > ignored. > No it won't. It just won't be replaced with the list of recipients. What's breaking it is your version may well be too old to have SpamAssassin Rule Actions at all! :) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From maillists at conactive.com Fri Jan 9 13:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 13:31:29 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> Message-ID: David Gottschalk wrote on Fri, 9 Jan 2009 07:46:17 -0500: > I guess this gives me more motivation to upgrade my MailScanner version! you want to wait until Jules provides a version with the fixed SA locks/filehandle->seek code. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dgottsc at emory.edu Fri Jan 9 13:35:15 2009 From: dgottsc at emory.edu (Gottschalk, David) Date: Fri Jan 9 13:37:14 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> Message-ID: Oh, OK. Thanks for the tip. David Gottschalk Emory University UTS Messaging Team -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Friday, January 09, 2009 8:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: Anti-spear-phishing, round 2 David Gottschalk wrote on Fri, 9 Jan 2009 07:46:17 -0500: > I guess this gives me more motivation to upgrade my MailScanner version! you want to wait until Jules provides a version with the fixed SA locks/filehandle->seek code. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). From john at tradoc.fr Fri Jan 9 13:41:48 2009 From: john at tradoc.fr (John Wilcock) Date: Fri Jan 9 13:42:02 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> Message-ID: <4967541C.3090706@tradoc.fr> Le 09/01/2009 14:31, Kai Schaetzl a ?crit : > David Gottschalk wrote on Fri, 9 Jan 2009 07:46:17 -0500: > >> I guess this gives me more motivation to upgrade my MailScanner version! > > you want to wait until Jules provides a version with the fixed SA > locks/filehandle->seek code. That's what 4.74.15-2 contains, and I see Jules has now marked it as being the stable version. John. -- -- Over 3000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages - www.tradoc.fr From maillists at conactive.com Fri Jan 9 13:54:50 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 13:55:02 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4967541C.3090706@tradoc.fr> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> <4967541C.3090706@t Message-ID: radoc.fr> Reply-To: mailscanner@lists.mailscanner.info John Wilcock wrote on Fri, 09 Jan 2009 14:41:48 +0100: > That's what 4.74.15-2 contains, Ahm, right, I just checked the "* New Features and Improvements *" section not the "* Fixes *". and I see Jules has now marked it as > being the stable version. Well, 13 was marked as stable as well ;-) (and it was "stable" unless you allowed automatic Bayes rebuilds) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From mark at msapiro.net Fri Jan 9 16:18:40 2009 From: mark at msapiro.net (Mark Sapiro) Date: Fri Jan 9 16:18:49 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <49672C12.9040001@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <20090108223837.GA4032@msapiro> <49672C12.9040001@ecs.soton.ac.uk> Message-ID: <20090109161840.GA716@msapiro> On Fri, Jan 09, 2009 at 10:50:58AM +0000, Julian Field wrote: > > > On 8/1/09 22:38, Mark Sapiro wrote: > >On Thu, Jan 08, 2009 at 02:57:43PM -0500, Gottschalk, David wrote: > > > >>I'm running MailScanner version 4.60.8. > >> > >>Am I running too old of a version? > >> > > > > > >It's too old for the _TO_ replacement in the header action. > >That requires 4.74.9 minimum. > > > >Also, the unknown _TO_ replacement will cause the wntire action to be > >ignored. > > > No it won't. It just won't be replaced with the list of recipients. > What's breaking it is your version may well be too old to have > SpamAssassin Rule Actions at all! :) I have the following in MailScanner.conf SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules Log SpamAssassin Rule Actions = yes and in spamassassin_rule_actions.rules I have as the default X_GPC_PHISHING_ADDRESS=>store,not-deliver,forward msapiro+phish@sbh16.songbird.com,header "X-GPC-Phishing-Address: to was _TO_" With 4.74.7, I got the following in maillog Jan 2 14:14:52 sbh16 MailScanner[12869]: Message CC97F6900C2.88120 produced illegal Non-Spam Actions ""X-GPC-Phishing-Address: to was _TO_"", so message is being delivered although the message was stored and forwarded, these actions weren't logged, and the message was delivered to the original recipient in spite of the not-deliver action. With 4.74.11, I got Jan 2 14:39:43 sbh16 MailScanner[19427]: SpamAssassin Rule Actions: rule x_gpc_phishing_address caused action store in message C9B356900C2.1CAB1 Jan 2 14:39:43 sbh16 MailScanner[19427]: SpamAssassin Rule Actions: rule x_gpc_phishing_address caused action not-deliver in message C9B356900C2.1CAB1 Jan 2 14:39:43 sbh16 MailScanner[19427]: SpamAssassin Rule Actions: rule x_gpc_phishing_address caused action forward msapiro+phish@sbh16.songbird.com in message C9B356900C2.1CAB1 Jan 2 14:39:43 sbh16 MailScanner[19427]: SpamAssassin Rule Actions: rule x_gpc_phishing_address caused action header "X-GPC-Phishing-Address: was to _TO_" in message C9B356900C2.1CAB1 So, it appears that while _TO_ didn't break the actions completely in 4.74.7, it did break more than just the non replacement of _TO_. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From rob at kettle.org.uk Fri Jan 9 16:50:42 2009 From: rob at kettle.org.uk (Rob Kettle) Date: Fri Jan 9 16:50:58 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <49665BD4.9080307@USherbrooke.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> <49665BD4.9080307@USherbrooke.ca> Message-ID: <49678062.3020209@kettle.org.uk> Denis Beauchemin wrote: > Rob Kettle a ?crit : >> Hi, >> >> been running a Centos 5 system with 4.72.1-1 for some time and last >> night I upgraded to 4.74.15-1. The upgrade appeared to go OK. >> >> However when I run MailScanner no mail is processed and if I look at >> processes the MailScanner jobs show as [defunct] and are using high CPU. >> >> After some playing around I've sound that the cause is the setting >> >> Rebuild Bayes Every = 14400 >> >> MailScanner will only work if I set this to Rebuild Bayes Every = 0 >> >> Not sure why this is ? >> >> regards >> Rob >> > > Rob, > > I also run with Rebuild Bayes Every = 0 and I have the following entry > in root's crontab: > 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn > --force-expire; sleep 60; /sbin/service MailScanner start) > > I get an email like this one every night: >> Shutting down MailScanner daemons: >> MailScanner: [ OK ] >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> bayes: synced databases from journal in 0 seconds: 1163 unique >> entries (1857 total entries) >> expired old bayes database entries in 53 seconds >> 491688 entries kept, 115369 deleted >> token frequency: 1-occurrence tokens: 0.00% >> token frequency: less than 8 occurrences: 76.79% >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: [ OK ] > I know my server isn't accepting emails during that time but I can > live with it. > > Denis > Denis, thanks for that response. That's pretty much what I'd decided to do. regards Rob -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.filchak at senecac.on.ca Fri Jan 9 17:04:58 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 17:05:08 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> Message-ID: <496783BA.6060702@senecac.on.ca> Kai, Kai Schaetzl wrote: > Dave Filchak wrote on Fri, 09 Jan 2009 00:14:24 -0500: > > >> config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied >> >> I still have no clue where this is being generated from as in the >> MailScanner.conf, the spamassassin local state directory is set to >> /var/spool/MailScanner and the permissions are set postfix:postfix >> > > As I said already: your postfix homedir points to the wrong directory. And > this error is non-critical and doesn't need to be fixed. > > Well I did fix this eventually. I did pix the postfix home directory >> The worst part is though, that I am not getting mail >> > > Go thru the usual debugging steps - which means you start at the beginning and > remove the changes you made for MailScanner in postfix. First thing you want > to check if postfix still delivers fine without MailScanner. If that is the > case, then follow the tutorial I pointed you already several times to. > I have gone through this tutorial. Several times in fact. And as far as making changes to postfix, remember that we have been using postfix/Mailscanner for several years now so no special changes were made at this point, to postfix. This was simply an upgrade of MailScanner, ClamAV and Spamasssassin. At this point I think most of my problem is that most non spam is being scored as spam (i.e. just above the 5 threshold) so it is being held in quarantine. Can you direct me to a good tutorial on fine tuning the filter rules? > Kai > > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From garvey at pushormitchell.com Fri Jan 9 17:06:53 2009 From: garvey at pushormitchell.com (Joe Garvey) Date: Fri Jan 9 17:07:00 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET References: <200901091200.n09C0OxO009559@safir.blacknight.ie> Message-ID: Yes, I have run that many times to test SA. I have no errors or issues reported. All the config files I expect to have loaded are loading. > Any suggestions as to where to look next? spamassassin --lint -D will show you all configuration files that get used and any errors and warnings. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.filchak at senecac.on.ca Fri Jan 9 17:10:06 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 17:10:17 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901090143h19668270w1c223c5ab81cb617@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> <223f97700901090143h19668270w1c223c5ab81cb617@mail.gmail.com> Message-ID: <496784EE.5030904@senecac.on.ca> Hi Glenn, First, thanks for all your help. Glenn Steen wrote: > 2009/1/9 Dave Filchak : > >> Ok well .. >> >> I thought I would clean up the email a bit. >> >> I am now at the point that I no longer have any errors permission or >> otherwise with the exception of this: >> >> config: path "//.spamassassin/user_prefs" is inaccessible: Permission denied >> >> > See my last mail in the previous thread. The one with "Alternative 2" > exemplified. It'll take care of these errors. > > >> I still have no clue where this is being generated from as in the >> MailScanner.conf, the spamassassin local state directory is set to >> /var/spool/MailScanner and the permissions are set postfix:postfix >> >> The worst part is though, that I am not getting mail ... even though if I >> send myself an email, I see it coming in and then being delivered to my >> maildir. I can go there and look at it on the server and it is all fine but >> it just will not be delivered. >> > > Hm, is the MailScanner box your mailstore? Do you access that via some > form of IMAP server? Sounds like this is now outside of MailScanners > realm;-). > At this point, I believe that most issues are now because MailScanner is configured to strphtml store spam. When I look in MailWatch, I am now seeing many emails that are being scored as spam when they are not actually spam. They are being scored just over the 5 range. The new updated rules must be much more aggressive. So, I need to either change the spam actions for not high spam to striphtml deliver, although this will mean that more spam will actually get delivered to our clients. I guess an alternative would be to raise the threshold from 5 to say 7 for a bit until I get a handle on how to fine tune the spam rules for our mail flow. Any tips here or can you direct me to a good tutorial on this? Dave From spamlists at coders.co.uk Fri Jan 9 17:12:10 2009 From: spamlists at coders.co.uk (Matt) Date: Fri Jan 9 17:12:47 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <49678062.3020209@kettle.org.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> <49665BD4.9080307@USherbrooke.ca> <49678062.3020209@kettle.org.uk> Message-ID: <4967856A.1040500@coders.co.uk> >> >> I also run with Rebuild Bayes Every = 0 and I have the following >> entry in root's crontab: >> 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn >> --force-expire; sleep 60; /sbin/service MailScanner start) >> > how about ( /sbin/service MailScanner stopms; /usr/bin/sa-learn --force-expire; sleep 60; /usr/sbin/check_MailScanner ) then this allows mail to be received whilst the Bayes is being rebuilt matt From ssilva at sgvwater.com Fri Jan 9 18:01:03 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 9 18:01:30 2009 Subject: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <223f97700901090128t5ba70617o348ebcba1e484067@mail.gmail.com> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <49668F4F.4000700@senecac.on.ca> <4966A17D.2000006@senecac.on.ca> <4966AAFA.5060409@senecac.on.ca> <223f97700901090128t5ba70617o348ebcba1e484067@mail.gmail.com> Message-ID: on 1-9-2009 1:28 AM Glenn Steen spake the following: > 2009/1/9 Dave Filchak : >> >> Dave Filchak wrote: > (snip) >> Just trying to track down permission errors. I get the following, running >> SALearn: >> >> SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes >> databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission denied >> bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile >> /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: locker: >> safe_lock: cannot create lockfile /etc/MailScanner/bayes/bayes.mutex: >> Permission denied Learned tokens from 0 message(s) (1 message(s) examined) >> > Your apache user (presumably "webadmin" does not have write access to > your bayes files. Hence the error. > > >> Here are my bayes settings (inside of the bayes folder) >> drwxrwxr-x 3 root webadmin 4096 Jul 18 2007 . >> drwxr-xr-x 9 root root 4096 Jan 8 20:15 .. >> --w--w-r-- 1 postfix postfix 18 Jan 8 02:23 bayes.mutex >> -rw-rw---- 1 postfix postfix 327680 Jan 8 02:23 bayes_seen >> -rw-rw---- 1 postfix postfix 5210112 Jan 8 02:23 bayes_toks >> drwxr-xr-x 2 root root 4096 Jul 18 2007 poisoned >> > All the above files should be owned by postfix.webadmin ... so first do > chown postfix.webadmin /path/to/bayes/* > ... where /path/to/bayes is likely /etc/MailScanner/bayes > And make sure MailScanner is not running when you make the changes above. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/92788e8a/signature.bin From ssilva at sgvwater.com Fri Jan 9 18:04:31 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 9 18:05:15 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <4966DD30.30909@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> Message-ID: on 1-8-2009 9:14 PM Dave Filchak spake the following: > Ok well .. > > I thought I would clean up the email a bit. > > I am now at the point that I no longer have any errors permission or > otherwise with the exception of this: > > config: path "//.spamassassin/user_prefs" is inaccessible: Permission > denied > > I still have no clue where this is being generated from as in the > MailScanner.conf, the spamassassin local state directory is set to > /var/spool/MailScanner and the permissions are set postfix:postfix > > The worst part is though, that I am not getting mail ... even though if > I send myself an email, I see it coming in and then being delivered to > my maildir. I can go there and look at it on the server and it is all > fine but it just will not be delivered. > Maybe I am wrong here, but if it is getting into your maildir it IS delivered. If you can't read it from your mail client, that is a different problem. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/f90b3e11/signature.bin From ssilva at sgvwater.com Fri Jan 9 18:09:34 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 9 18:10:11 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <496783BA.6060702@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> <496783BA.6060702@senecac.on.ca> Message-ID: on 1-9-2009 9:04 AM Dave Filchak spake the following: > Kai, > > Kai Schaetzl wrote: >> Dave Filchak wrote on Fri, 09 Jan 2009 00:14:24 -0500: >> >> >>> config: path "//.spamassassin/user_prefs" is inaccessible: Permission >>> denied >>> >>> I still have no clue where this is being generated from as in the >>> MailScanner.conf, the spamassassin local state directory is set to >>> /var/spool/MailScanner and the permissions are set postfix:postfix >>> >> >> As I said already: your postfix homedir points to the wrong directory. >> And this error is non-critical and doesn't need to be fixed. >> >> > Well I did fix this eventually. I did pix the postfix home directory >>> The worst part is though, that I am not getting mail >>> >> >> Go thru the usual debugging steps - which means you start at the >> beginning and remove the changes you made for MailScanner in postfix. >> First thing you want to check if postfix still delivers fine without >> MailScanner. If that is the case, then follow the tutorial I pointed >> you already several times to. >> > I have gone through this tutorial. Several times in fact. And as far as > making changes to postfix, remember that we have been using > postfix/Mailscanner for several years now so no special changes were > made at this point, to postfix. This was simply an upgrade of > MailScanner, ClamAV and Spamasssassin. At this point I think most of my > problem is that most non spam is being scored as spam (i.e. just above > the 5 threshold) so it is being held in quarantine. Can you direct me to > a good tutorial on fine tuning the filter rules? > >> Kai >> >> > I run at 5 for my low score, and I deliver low spam as an attachment and subject tagged so my users can deal with it as they see fit. It still is only a small subset of my total spam. Do you have any score adjustments in your spam.assassin.prefs file? Are you hitting a lot of bayes scoring that is wrong? If the bayes is wrong, it is time to build a new bayes DB, or retrain it if you have a good corpus of spam. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/9f66676c/signature.bin From Denis.Beauchemin at USherbrooke.ca Fri Jan 9 18:25:20 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 9 18:26:08 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <4967856A.1040500@coders.co.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> <49665BD4.9080307@USherbrooke.ca> <49678062.3020209@kettle.org.uk> <4967856A.1040500@coders.co.uk> Message-ID: <49679690.8010800@USherbrooke.ca> Matt a ?crit : > >>> >>> I also run with Rebuild Bayes Every = 0 and I have the following >>> entry in root's crontab: >>> 15 3 * * * (/sbin/service MailScanner stop; /usr/bin/sa-learn >>> --force-expire; sleep 60; /sbin/service MailScanner start) >>> >> > how about > > ( /sbin/service MailScanner stopms; /usr/bin/sa-learn --force-expire; > sleep 60; /usr/sbin/check_MailScanner ) > > then this allows mail to be received whilst the Bayes is being rebuilt > > > matt > Thanks Matt, That's much better than what I suggested! I will be modifying my crontabs in a few secs! Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From maillists at conactive.com Fri Jan 9 18:31:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 18:31:33 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <496783BA.6060702@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> <496783BA.60 Message-ID: 60702@senecac.on.ca> Reply-To: mailscanner@lists.mailscanner.info Dave Filchak wrote on Fri, 09 Jan 2009 12:04:58 -0500: > > As I said already: your postfix homedir points to the wrong directory. And > > this error is non-critical and doesn't need to be fixed. > > > > > Well I did fix this eventually. I did pix the postfix home directory Good. I realize now that my statement may have been confusing. What is non-critical is that SA error message, not the fact that the wrong homedir was set for postfix. > >> The worst part is though, that I am not getting mail > >> > > > > Go thru the usual debugging steps - which means you start at the beginning and > > remove the changes you made for MailScanner in postfix. First thing you want > > to check if postfix still delivers fine without MailScanner. If that is the > > case, then follow the tutorial I pointed you already several times to. > > > I have gone through this tutorial. Several times in fact. And as far as > making changes to postfix, remember that we have been using > postfix/Mailscanner for several years now so no special changes were > made at this point, to postfix. But you set this up quite some time (years ?) ago. There have been other methods for conencting MailScanner and postfix in the past and MS wasn't set to perform that well with it as it does now. This was simply an upgrade of > MailScanner, ClamAV and Spamasssassin. At this point I think most of my > problem is that most non spam is being scored as spam (i.e. just above > the 5 threshold) so it is being held in quarantine. Can you direct me to > a good tutorial on fine tuning the filter rules? Sure? Earlier you were indicating that no mail gets delivered, thus one had to assume it's stuck in the postfix/MS queue. If it gets delivered, but quarantined this is a *completely* different situation. And normally you have the problem that spam isn't detected, not that ham is misdetected as spam. If that happens you must have misconfigured something *seriously*. So, I'd rather double-check if your assumption (it seems to be just an assumption) is correct. And as a fast mitigation stop qurantining spam, deliver it! As you upgraded from quite old versions in all cases one might assume that you lowered the spam detection scores so much in the past because spam wouldn't get detected anymore. Now, with an up-to-date SA these scores are much too low. Well, that's just one possible explanation if it is really spam detection that is your problem. > Can you direct me to > > a good tutorial on fine tuning the filter rules? wiki.spamassassin.org As I said above, you may actually not want to fine-tune it, but reset it to default values (in MS and SA). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 18:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 18:31:34 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: <496784EE.5030904@senecac.on.ca> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660D57.2040107@senecac.on.ca> <496616B0.1060100@USherbrooke.ca> <49661F7A.2090607@senecac.on.ca> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> <223f97700901090143h19668270w1c223c5ab81cb617@mail.gmail.com> <496784EE.5030904@seneca Message-ID: c.on.ca> Reply-To: mailscanner@lists.mailscanner.info Dave Filchak wrote on Fri, 09 Jan 2009 12:10:06 -0500: > So, I need to either change > the spam actions for not high spam to striphtml deliver, Of course, it's really not a good idea to quarantine low scoring spam. What you do is fine-tune your setup and then lower *carefully* the high- scoring spam from 10 downwards (I have it set to 6). And the lowering coincides with finetuning your detection in SA and your Bayes. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 18:31:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 18:31:34 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: <200901091200.n09C0OxO009559@safir.blacknight.ie> Message-ID: Joe Garvey wrote on Fri, 9 Jan 2009 09:06:53 -0800: > Yes, I have run that many times to test SA. I have no errors or issues > reported. All the config files I expect to have loaded are loading. You may need to tell it that you use the MailScanner provided prefs.conf. Also, please use decent quoting in your mail reader. Otherwise it's not possible to distinguish what you wrote and what not. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 18:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 18:31:35 2009 Subject: Problem after Upgrade 4.72.1-1 to 4.74.15-1 In-Reply-To: <4967856A.1040500@coders.co.uk> References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <49660685.80304@USherbrooke.ca> <49660D57.2040107@senecac.on.ca> <4966145F.4010305@senecac.on.ca> <49663B6D.1030800@senecac.on.ca> <496648E0.9020903@USherbrooke.ca> <49665704.4080804@kettle.org.uk> <49665BD4.9080307@USherbrooke.ca> <49678062.3020209@kettle.org.uk> <4967856A.1040500@coders.co.uk> Message-ID: Matt wrote on Fri, 09 Jan 2009 17:12:10 +0000: > ( /sbin/service MailScanner stopms; /usr/bin/sa-learn --force-expire; > sleep 60; /usr/sbin/check_MailScanner ) > > then this allows mail to be received whilst the Bayes is being rebuilt Actually, there's no problem rebuilding without stopping MS. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.filchak at senecac.on.ca Fri Jan 9 18:45:10 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 18:45:20 2009 Subject: General Thankyou (was: Re: Upgrade from 4.61.7 to 4.74.13-2) In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> Message-ID: <49679B36.9010202@senecac.on.ca> Just wanted to pass on my thanks to Kai, Glenn and Scott and any I missed, for helping me with my MS Upgrade issues. As I said, it had been a while since I had dealt with this stuff so it was a bit of a learning curve. It all seems to be working pretty well now so I will be watching it closely over the next few days. Just need to do a bit of tweaking with the rules I think. As the version I was using was pretty old, is there anywhere I can find an explanation of the new config directives since 4.6.x ? Again, thank you everyone for your help. Dave From MailScanner at rowley-cs.co.uk Fri Jan 9 18:51:17 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Fri Jan 9 18:51:38 2009 Subject: Outbound mal stuck Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> Hi Everyone. How do I delete a stuck outbound mail? Plz advice. Thx, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/15a0b503/attachment.html From ssilva at sgvwater.com Fri Jan 9 18:55:57 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Fri Jan 9 18:56:13 2009 Subject: General Thankyou In-Reply-To: <49679B36.9010202@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> Message-ID: on 1-9-2009 10:45 AM Dave Filchak spake the following: > Just wanted to pass on my thanks to Kai, Glenn and Scott and any I > missed, for helping me with my MS Upgrade issues. As I said, it had been > a while since I had dealt with this stuff so it was a bit of a learning > curve. It all seems to be working pretty well now so I will be watching > it closely over the next few days. Just need to do a bit of tweaking > with the rules I think. > > As the version I was using was pretty old, is there anywhere I can find > an explanation of the new config directives since 4.6.x ? > > Again, thank you everyone for your help. > > Dave Buying the book is the best option, but here is a listing of all the config options. http://www.mailscanner.info/MailScanner.conf.index.html -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/6391db0d/signature.bin From kc5goi at gmail.com Fri Jan 9 18:57:38 2009 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Fri Jan 9 18:57:49 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <49672BCE.1030603@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <49672BCE.1030603@ecs.soton.ac.uk> Message-ID: Jules, I will have to look at the upgrade then. It is the curse of using Ubuntu. I have a question that you indirectly inspired. I want everyone to understand that this is a short term solution. I took the list from Google and massaged it to it fit the format for use as the spam.blacklist.rule file, is that any less efficient as far as MS is concerned? As far as processing the list, it is not even remotely close to the ease of use that your script does with an entry in cron.hourly. Guy On Fri, Jan 9, 2009 at 4:49 AM, Julian Field wrote: > If you want to use SpamAssassin Rule Actions, then you'll have to upgrade > to a version that actually has that option :-) > 4.58.9 is about 18 months out of date. Ancient, in this world. Sorry. > > > On 8/1/09 21:01, Guy Story KC5GOI wrote: > >> Jule, I apologize for being blind today. I downloaded the script, made it >> executable, put in my desired address in the file. I ran the script >> verified the presence but what I am being blind to is where to tell >> SpamAssassin to look for the file so it can filter out that crap. I do not >> have a SpamAssassin Rule Actions entry in my MailScanner.conf. I am on >> 4.58.9 so David's question is one I have as well. >> >> Thanks for the good work. >> >> Guy Story KC5GOI >> kc5goi@gmail.com >> > > Jules > > -- > Julian Field MEng CITP CEng > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > > MailScanner customisation, or any advanced system administration help? > Contact me at Jules@Jules.FM > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > PGP public key: http://www.jules.fm/julesfm.asc > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -- 73 Guy Story KC5GOI kc5goi@gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/36b848f4/attachment.html From traced at xpear.de Fri Jan 9 18:58:18 2009 From: traced at xpear.de (traced) Date: Fri Jan 9 18:58:32 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> Message-ID: <49679E4A.6020501@xpear.de> MailScanner schrieb: > Hi Everyone. > > How do I delete a stuck outbound mail? > > Plz advice. > > Thx, Which MTA do you use? Bastian From MailScanner at rowley-cs.co.uk Fri Jan 9 18:59:29 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Fri Jan 9 18:59:52 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B21@hercules.rowley-cs.co.uk> Found it. Under /var/spool/mqueue Thx folks From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of MailScanner Sent: 09 January 2009 18:51 To: mailscanner@lists.mailscanner.info Subject: Outbound mal stuck Hi Everyone. How do I delete a stuck outbound mail? Plz advice. Thx, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/d3ac373d/attachment.html From dave.filchak at senecac.on.ca Fri Jan 9 19:06:02 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 19:06:13 2009 Subject: General Thankyou In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> Message-ID: <4967A01A.1020805@senecac.on.ca> Scott, Scott Silva wrote: > on 1-9-2009 10:45 AM Dave Filchak spake the following: > >> Just wanted to pass on my thanks to Kai, Glenn and Scott and any I >> missed, for helping me with my MS Upgrade issues. As I said, it had been >> a while since I had dealt with this stuff so it was a bit of a learning >> curve. It all seems to be working pretty well now so I will be watching >> it closely over the next few days. Just need to do a bit of tweaking >> with the rules I think. >> >> As the version I was using was pretty old, is there anywhere I can find >> an explanation of the new config directives since 4.6.x ? >> >> Again, thank you everyone for your help. >> >> Dave >> > > Buying the book is the best option, but here is a listing of all the config > options. > > http://www.mailscanner.info/MailScanner.conf.index.html > I do own the first edition of the book. Just need to update the newer config options. One last error I found so maybe you can comment. I am seeing the following error in maillog: Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, Permission denied So I checked the permissions there and the Locks directory is owned by postfix.root and the locks inside are all owned by root.root. MailScanner runs as postfix and clamd runs as clamav. Should the clamavBusy.lock be owned by postfix.clamav? Also, I was sure I had changed these permissions earlier in this and it appears as though they have been reset, So I need to set a sticky bit? Dave > > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From MailScanner at rowley-cs.co.uk Fri Jan 9 19:14:30 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Fri Jan 9 19:14:48 2009 Subject: Outbound mal stuck In-Reply-To: <49679E4A.6020501@xpear.de> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> Hi Again, My mistake. It is still on the queue. I delete the file in /var/spool/mqueue but when run tail -20f /var/log/maillog and it is still trying to deleiver. I use sendmail. Any Idea? Thx. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced Sent: 09 January 2009 18:58 To: MailScanner discussion Subject: Re: Outbound mal stuck MailScanner schrieb: > Hi Everyone. > > How do I delete a stuck outbound mail? > > Plz advice. > > Thx, Which MTA do you use? Bastian -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From traced at xpear.de Fri Jan 9 19:24:20 2009 From: traced at xpear.de (traced) Date: Fri Jan 9 19:24:31 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> Message-ID: <4967A464.2040202@xpear.de> MailScanner schrieb: > Hi Again, > > My mistake. It is still on the queue. > I delete the file in /var/spool/mqueue but when run tail -20f /var/log/maillog and it is still trying to deleiver. > I use sendmail. > > Any Idea? > > Thx. > This should solve your problem: http://www.freebsddiary.org/mailqueue.php Regards, Bastian From Denis.Beauchemin at USherbrooke.ca Fri Jan 9 19:25:35 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 9 19:26:15 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> Message-ID: <4967A4AF.4080705@USherbrooke.ca> MailScanner a ?crit : > Hi Again, > > My mistake. It is still on the queue. > I delete the file in /var/spool/mqueue but when run tail -20f /var/log/maillog and it is still trying to deleiver. > I use sendmail. > > Any Idea? > > Thx. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced > Sent: 09 January 2009 18:58 > To: MailScanner discussion > Subject: Re: Outbound mal stuck > > MailScanner schrieb: > >> Hi Everyone. >> >> How do I delete a stuck outbound mail? >> >> Plz advice. >> >> Thx, >> > > Which MTA do you use? > > Bastian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > If you're using sendmail (you didn't answer Bastian's question about this), /var/spool/mqueue is the outqueue where MS puts emails after it is done with them. So you shouldn't be seeing anything about them anymore, except for attempted delivery from sendmail. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From garvey at pushormitchell.com Fri Jan 9 19:32:49 2009 From: garvey at pushormitchell.com (Joe Garvey) Date: Fri Jan 9 19:32:58 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET References: Message-ID: My /etc/mail/spamassassin/spam.assassin.prefs.conf is a link to /etc/MailScanner/spam.assassin.prefs.conf I find it very confusing and lacking confidence in the system when the system provides a score for bl.spamcop.net and don't see any other results from any other rules. I just want to make sure everything is working properly but my gut feeling is that it is not. I also converted my bayes database to MySQL. After reviewing the conversion I noticed that I have no ham messages in the database. I am loading up some from various users to see if this will also make a difference as I find the Bayesian score usually shows a negative even for the most obvious spam. Thanks Joe -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Friday, January 09, 2009 10:31 AM To: mailscanner@lists.mailscanner.info Subject: Re: Stops after RCVD_IN_BL_SPAMCOP_NET Joe Garvey wrote on Fri, 9 Jan 2009 09:06:53 -0800: > Yes, I have run that many times to test SA. I have no errors or issues > reported. All the config files I expect to have loaded are loading. You may need to tell it that you use the MailScanner provided prefs.conf. Also, please use decent quoting in your mail reader. Otherwise it's not possible to distinguish what you wrote and what not. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From MailScanner at rowley-cs.co.uk Fri Jan 9 19:36:13 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Fri Jan 9 19:36:33 2009 Subject: Outbound mal stuck In-Reply-To: <4967A4AF.4080705@USherbrooke.ca> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> Thx for replying. That is exactly what I am seeing. How do I kill the attempted delivery? Plz advice. Thx -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: 09 January 2009 19:26 To: MailScanner discussion Subject: Re: Outbound mal stuck MailScanner a ?crit : > Hi Again, > > My mistake. It is still on the queue. > I delete the file in /var/spool/mqueue but when run tail -20f /var/log/maillog and it is still trying to deleiver. > I use sendmail. > > Any Idea? > > Thx. > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced > Sent: 09 January 2009 18:58 > To: MailScanner discussion > Subject: Re: Outbound mal stuck > > MailScanner schrieb: > >> Hi Everyone. >> >> How do I delete a stuck outbound mail? >> >> Plz advice. >> >> Thx, >> > > Which MTA do you use? > > Bastian > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > If you're using sendmail (you didn't answer Bastian's question about this), /var/spool/mqueue is the outqueue where MS puts emails after it is done with them. So you shouldn't be seeing anything about them anymore, except for attempted delivery from sendmail. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From traced at xpear.de Fri Jan 9 19:42:25 2009 From: traced at xpear.de (traced) Date: Fri Jan 9 19:42:36 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> Message-ID: <4967A8A1.4080704@xpear.de> MailScanner schrieb: > Thx for replying. > That is exactly what I am seeing. > How do I kill the attempted delivery? > Plz advice. > > Thx > Have you simply tried to restart sendmail? From MailScanner at rowley-cs.co.uk Fri Jan 9 19:57:31 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Fri Jan 9 19:57:52 2009 Subject: Outbound mal stuck In-Reply-To: <4967A8A1.4080704@xpear.de> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> <4967A8A1.4080704@xpear.de> Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> I have restarted the MS and nothing changed. Service MailScanner restart. Everything started Ok but I still see the attempted delivery. Any idea why? Thx -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced Sent: 09 January 2009 19:42 To: MailScanner discussion Subject: Re: Outbound mal stuckservice MailScanner schrieb: > Thx for replying. > That is exactly what I am seeing. > How do I kill the attempted delivery? > Plz advice. > > Thx > Have you simply tried to restart sendmail? -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From Andrew.Chester at ukuvuma.co.za Fri Jan 9 20:03:58 2009 From: Andrew.Chester at ukuvuma.co.za (Andrew Chester) Date: Fri Jan 9 20:04:13 2009 Subject: Andrew Chester is out of the office. Message-ID: I will be out of the office starting 2008/12/31 and will not return until 2009/01/19. I will respond to your message when I return. In case of emergency, please contact Ryan Bell on 0733182598, or Dawid Van Heerden on 0827707919. CONFIDENTIALITY CLAUSE This message is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by telephone. From traced at xpear.de Fri Jan 9 20:05:46 2009 From: traced at xpear.de (traced) Date: Fri Jan 9 20:05:58 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> <4967A8A1.4080704@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> Message-ID: <4967AE1A.7050101@xpear.de> MailScanner schrieb: > I have restarted the MS and nothing changed. > Service MailScanner restart. > Everything started Ok but I still see the attempted delivery. > Any idea why? > > Thx Hmm... thought on restarting the mailserver itself. From Denis.Beauchemin at USherbrooke.ca Fri Jan 9 20:08:49 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Fri Jan 9 20:09:22 2009 Subject: Outbound mal stuck In-Reply-To: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> <4967A8A1.4080704@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> Message-ID: <4967AED1.6060101@USherbrooke.ca> MailScanner a ?crit : > I have restarted the MS and nothing changed. > Service MailScanner restart. > Everything started Ok but I still see the attempted delivery. > Any idea why? > > Thx > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced > Sent: 09 January 2009 19:42 > To: MailScanner discussion > Subject: Re: Outbound mal stuckservice > > MailScanner schrieb: > >> Thx for replying. >> That is exactly what I am seeing. >> How do I kill the attempted delivery? >> Plz advice. >> >> Thx >> >> > > Have you simply tried to restart sendmail? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Restarting MS doesn't kill existing sendmail processes. If you removed the df and qf files from /var/spool/mqueue and you made sure no sendmail process is still trying to deliver that email (look at the output of ps) then delivery attempts could no longer occur. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From psaweikis at techpro.com Fri Jan 9 20:20:51 2009 From: psaweikis at techpro.com (Patrick Saweikis) Date: Fri Jan 9 20:21:01 2009 Subject: Content scanning / MCP? Message-ID: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> Hello, We have a user on our mail system who wants to always ALLOW messages with specific content in the message subject and body through. Does anyone know if this is possible? If so, how would we accomplish it? I have been looking into using MCP, but from what I have read that is for denying specific message content only. Any advice would be greatly appreciated. Thanks! Patrick Saweikis TechPro, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090109/18a00e58/attachment.html From steve at fsl.com Fri Jan 9 20:37:54 2009 From: steve at fsl.com (Stephen Swaney) Date: Fri Jan 9 20:38:06 2009 Subject: Content scanning / MCP? In-Reply-To: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> References: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> Message-ID: <4967B5A2.40700@fsl.com> Patrick Saweikis wrote: > > Hello, > > > > We have a user on our mail system who wants to always > ALLOW messages with specific content in the message subject and body > through. Does anyone know if this is possible? If so, how would we > accomplish it? I have been looking into using MCP, but from what I > have read that is for denying specific message content only. Any > advice would be greatly appreciated. Thanks! > > > > Patrick Saweikis > > TechPro, Inc. > > > > > Not trivial since many checks are used to sidetrack email these days, some of which are difficult to bypass. For example if you are blocking using spamhaus at the MTA level you'll never even see the subject. What About viruses. Does the user want a virus or a message with a blocked attachment if the subject has the magic word. You get the idea. On a simple level you could write a series of SpamAssassin rules that would add +100 to the score if the magic words appear in the subject but this only covers part of the possible traps. Best regards, Steve Steve Swaney steve@fsl.com www.fsl.com From glenn.steen at gmail.com Fri Jan 9 20:45:41 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 20:45:50 2009 Subject: Was: Upgrade fron 4.61.7 to 4.74.13-2 In-Reply-To: References: <20090108071334.6t3eri15gc0ggkk4@manage.zuka.net> <223f97700901080809i456904ferb64df26e7b44ae05@mail.gmail.com> <49662AAF.9070601@senecac.on.ca> <223f97700901081136s24b46fc3u80f6bc14346a6f6b@mail.gmail.com> <4966C3C0.7090103@senecac.on.ca> <4966DD30.30909@senecac.on.ca> <223f97700901090143h19668270w1c223c5ab81cb617@mail.gmail.com> <496784EE.5030904@senecac.on.ca> Message-ID: <223f97700901091245r35814208ocb74082e34b4d90e@mail.gmail.com> 2009/1/9 Kai Schaetzl : > c.on.ca> > Reply-To: mailscanner@lists.mailscanner.info > > Dave Filchak wrote on Fri, 09 Jan 2009 12:10:06 -0500: > >> So, I need to either change >> the spam actions for not high spam to striphtml deliver, > > Of course, it's really not a good idea to quarantine low scoring spam. > What you do is fine-tune your setup and then lower *carefully* the high- > scoring spam from 10 downwards (I have it set to 6). And the lowering > coincides with finetuning your detection in SA and your Bayes. > This is good advice from Kai to you Dave. Also... I guess you've already looked at the sections in the MAQ/Wiki about getting the most out of SA? Else... that's a good startingpoint. And as friend Scott says... it might be time to try retrain your bayes... At least have a look at what scores you get. Since you use MailWatch, you have a superb tool in the reports page, for determining exactly what makes the lowscoring spam (just above 5) end up there. Apply filters for "Is spam = 1" and "SA score < 6", then look at the SA rule hits report... and perhaps browse throgh the details for a few of them, just to get a feel for what's wrong. > Kai > Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 9 20:55:47 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 20:55:56 2009 Subject: General Thankyou (was: Re: Upgrade from 4.61.7 to 4.74.13-2) In-Reply-To: <49679B36.9010202@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> Message-ID: <223f97700901091255j35071be3v4a2681f0620c2534@mail.gmail.com> 2009/1/9 Dave Filchak : > Just wanted to pass on my thanks to Kai, Glenn and Scott and any I missed, > for helping me with my MS Upgrade issues. As I said, it had been a while > since I had dealt with this stuff so it was a bit of a learning curve. It > all seems to be working pretty well now so I will be watching it closely > over the next few days. Just need to do a bit of tweaking with the rules I > think. > > As the version I was using was pretty old, is there anywhere I can find an > explanation of the new config directives since 4.6.x ? > Well there are a few obvious places to look:-). The change log: http://www.mailscanner.info/ChangeLog In your MailScanner.conf ... Jules is very good at commenting that... And there is a webbified version of that as well at http://www.mailscanner.info/MailScanner.conf.index.html that might be easier to use, for reference. > Again, thank you everyone for your help. > > Dave Glad to be of help. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 9 21:01:34 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 21:01:44 2009 Subject: General Thankyou In-Reply-To: <4967A01A.1020805@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> Message-ID: <223f97700901091301x5dbcbfa1w1abde38aa5897b7c@mail.gmail.com> 2009/1/9 Dave Filchak : > Scott, > > Scott Silva wrote: >> >> on 1-9-2009 10:45 AM Dave Filchak spake the following: >> >>> >>> Just wanted to pass on my thanks to Kai, Glenn and Scott and any I >>> missed, for helping me with my MS Upgrade issues. As I said, it had been >>> a while since I had dealt with this stuff so it was a bit of a learning >>> curve. It all seems to be working pretty well now so I will be watching >>> it closely over the next few days. Just need to do a bit of tweaking >>> with the rules I think. >>> >>> As the version I was using was pretty old, is there anywhere I can find >>> an explanation of the new config directives since 4.6.x ? >>> >>> Again, thank you everyone for your help. >>> >>> Dave >>> >> >> Buying the book is the best option, but here is a listing of all the >> config >> options. >> >> http://www.mailscanner.info/MailScanner.conf.index.html >> > > I do own the first edition of the book. Just need to update the newer config > options. > > One last error I found so maybe you can comment. I am seeing the following > error in maillog: > > Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, > Permission denied > > So I checked the permissions there and the Locks directory is owned by > postfix.root and the locks inside are all owned by root.root. MailScanner > runs as postfix and clamd runs as clamav. Should the clamavBusy.lock be > owned by postfix.clamav? Also, I was sure I had changed these permissions > earlier in this and it appears as though they have been reset, So I need to > set a sticky bit? > > Dave I think this comes from a little problem with the last stable... which prompted Jules to release a .15-2 or something like that. So... What does "MailScanner -V" show as version? If not the absolutely latest... you need a quick upgrade to that. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From glenn.steen at gmail.com Fri Jan 9 21:07:15 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 21:07:25 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: <223f97700901091307o6f220bb1ob9b433143f920eaf@mail.gmail.com> 2009/1/9 Joe Garvey : > My /etc/mail/spamassassin/spam.assassin.prefs.conf is a link to /etc/MailScanner/spam.assassin.prefs.conf > Um... that should be /etc/mail/spamassassin/mailscanner.cf, not spam.assassin.prefs.conf, right? (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.filchak at senecac.on.ca Fri Jan 9 21:20:03 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 21:20:28 2009 Subject: General Thankyou In-Reply-To: <223f97700901091301x5dbcbfa1w1abde38aa5897b7c@mail.gmail.com> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <223f97700901091301x5dbcbfa1w1abde38aa5897b7c@mail.gmail.com> Message-ID: <4967BF83.7040303@senecac.on.ca> Glenn, Glenn Steen wrote: > 2009/1/9 Dave Filchak : > >> Scott, >> >> Scott Silva wrote: >> >>> on 1-9-2009 10:45 AM Dave Filchak spake the following: >>> >>> >>>> Just wanted to pass on my thanks to Kai, Glenn and Scott and any I >>>> missed, for helping me with my MS Upgrade issues. As I said, it had been >>>> a while since I had dealt with this stuff so it was a bit of a learning >>>> curve. It all seems to be working pretty well now so I will be watching >>>> it closely over the next few days. Just need to do a bit of tweaking >>>> with the rules I think. >>>> >>>> As the version I was using was pretty old, is there anywhere I can find >>>> an explanation of the new config directives since 4.6.x ? >>>> >>>> Again, thank you everyone for your help. >>>> >>>> Dave >>>> >>>> >>> Buying the book is the best option, but here is a listing of all the >>> config >>> options. >>> >>> http://www.mailscanner.info/MailScanner.conf.index.html >>> >>> >> I do own the first edition of the book. Just need to update the newer config >> options. >> >> One last error I found so maybe you can comment. I am seeing the following >> error in maillog: >> >> Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, >> Permission denied >> >> So I checked the permissions there and the Locks directory is owned by >> postfix.root and the locks inside are all owned by root.root. MailScanner >> runs as postfix and clamd runs as clamav. Should the clamavBusy.lock be >> owned by postfix.clamav? Also, I was sure I had changed these permissions >> earlier in this and it appears as though they have been reset, So I need to >> set a sticky bit? >> >> Dave >> > I think this comes from a little problem with the last stable... which > prompted Jules to release a .15-2 or something like that. So... What > does "MailScanner -V" show as version? If not the absolutely latest... > you need a quick upgrade to that. > I did update to the latest already. This is MailScanner version 4.74.15 Module versions are: 1.00 AnyDBM_File 1.20 Archive::Zip 0.22 bignum 1.03 Carp 1.41 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.20 File::Temp 0.78 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.87 Math::BigInt 0.20 Math::BigRat 3.05 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.03 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.05 Pod::Simple 1.08 POSIX 1.19 Scalar::Util 1.77 Socket 2.13 Storable 1.4 Sys::Hostname::Long 0.18 Sys::Syslog 1.26 Test::Pod 0.7 Test::Simple 1.9707 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.32 Archive::Tar 0.22 bignum 1.82 Business::ISBN 1.10 Business::ISBN::Data 1.08 Data::Dump 1.814 DB_File 1.13 DBD::SQLite 1.58 DBI 1.15 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.00 Encode::Detect 0.17008 Error 0.19 ExtUtils::CBuilder 2.18 ExtUtils::ParseXS 2.36 Getopt::Long 0.44 Inline 1.08 IO::String 1.04 IO::Zlib 2.21 IP::Country 0.22 Mail::ClamAV 3.002005 Mail::SpamAssassin v2.004 Mail::SPF 1.999001 Mail::SPF::Query 0.2808 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS 0.002.2 Net::DNS::Resolver::Programmable 0.31 Net::LDAP 4.004 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 2.64 Test::Harness 0.95 Test::Manifest 1.95 Text::Balanced 1.35 URI 0.7203 version 0.65 YAML > Cheers > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From cwatts at elsberry.k12.mo.us Fri Jan 9 21:37:06 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Fri Jan 9 21:38:43 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> Message-ID: <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> On Fri, January 9, 2009 5:31 am, Kai Schaetzl wrote: > Cannon Watts wrote on Thu, 8 Jan 2009 21:22:59 -0600 (CST): > >> [2456] dbg: async: starting: URI-DNSBL, >> DNSBL:dob.sibl.support-intelligence.net:agentbenefitsteam.com >> (timeout 10.0s, min 2.0s) >> >> [2456] dbg: async: starting: URI-NS, >> NS:agentbenefitsteam.com >> (timeout 10.0s, min 2.0s) >> >> [2456] dbg: async: starting: DNSBL-A, >> dns:A:154.248.19.72.plus.bondedsender.org. >> (timeout 10.0s, min 2.0s) >> >> [2456] dbg: async: starting: DNSBL-TXT, >> dns:TXT:154.248.19.72.bl.spamcop.net. >> (timeout 10.0s, min 2.0s) > > there's a problem with your DNS or caching ns. Until you haven't solved > that better disable network tests. Even after you are ok again you may > want to disable some of these tests as they are not worth it. Probably getting beyond the scope of this list, but any tips on debugging this? This particular box is running its own caching DNS that, prior to seeing that debugging info, I would have said works perfectly. Dozens of clients on our local network use that DNS server without a problem, not to mention the fact that sendmail on this same machine has no DNS problems. How would I go about disabling 'some of these tests'? set skip_rbl_checks in /etc/mamil/spamassassin/mailscanner.cf? >> And perhaps most importantly: >> [2456] dbg: locker: safe_lock: trying to get lock on >> /etc/MailScanner/bayes/bayes with 10 timeout > > check the permissions, look for existing lock files and remove them. > Apparently, this didn't happen for all messages. So, check messages one by > one and see if it then still happens. Maybe there's a performance problem? I don't understand how permissions could be an issue given the circumstances. SpamAssassin is running as root, and all of these messages are in the same mailbox -- it's not as if they're owned by different users. I did run each message separately through spamassassin -D. This time they all received Bayes scores, with 15 scoring BAYES_50 and 13 scoring BAYES_60. All of them generated the dns timeouts, but only 19 of the 28 generated the bayes timeout. I don't see any suspicious lock files, but then I'm not sure what I'm looking for. I suppose there could be a performance problem, but considering I just moved this server from a 933 Mhz Pentium with less than a gig of ram (where it was working reasonably well) to a 2 GHz quad-core w/ 4 GB of RAM and 15k rpm disks (where I've never seen the system load go over 0.5), I tend to look elsewhere first. Thanks for your help thus far, any additional assistance would be greatly appreciated. Cannon Watts From maillists at conactive.com Fri Jan 9 22:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 22:31:37 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: Joe Garvey wrote on Fri, 9 Jan 2009 11:32:49 -0800: > My /etc/mail/spamassassin/spam.assassin.prefs.conf is a link to /etc/MailScanner/spam.assassin.prefs.conf right, yes, that's fine then. I sometimes think we are two years ago ;-) > I find it very confusing and lacking confidence in the system when > the system provides a score for bl.spamcop.net and don't see any other > results from any other rules. Use Mailwatch to checks the Rule Hits. Go to Reports/Spamassassin Rule Hits. I can't see a reason that the spamcop RBL rule stop all processing. Unless you use short-circuiting and use this rule as short-circuit rule. > I also converted my bayes database to MySQL. After reviewing the conversion > I noticed that I have no ham messages in the database. I am loading > up some from various users to see if this will also make a difference > as I find the Bayesian score usually shows a negative even for the > most obvious spam. Well, I suppose you didn't do "sa-learn --dump magic" before this. It would have shown you that you have no ham. That symptom would be normal for a freshly started Bayes DB that gets trained only with autolearning, but you seem to have it running much longer? This would then indicate that your autolearning for ham is non-existent because your ham isn't scoring low enough - which should not happen. What's the dump magic output now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 22:31:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 22:31:38 2009 Subject: Content scanning / MCP? In-Reply-To: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> References: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> Message-ID: Patrick Saweikis wrote on Fri, 9 Jan 2009 14:20:51 -0600: > We have a user on our mail system who wants to always ALLOW > messages with specific content in the message subject and body through. > Does anyone know if this is possible? If so, how would we accomplish it? > I have been looking into using MCP, but from what I have read that is > for denying specific message content only MCP is basically a second spamassassin run. You can just do the same during the normal SA run. Stephen pointed at some caveats. There is an SA plugin for simple whitelisting by subject, it just needs to be enabled in the *.pre file in /etc/mail/spamassassin. But this will whitelist for all users. I think the better approach is to whitelist the assumed senders or give that user a special alias that doesn't get filtered and that he can hand out to those where he thinks there might be delivery problems. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Fri Jan 9 22:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Fri Jan 9 22:31:38 2009 Subject: General Thankyou In-Reply-To: <4967A01A.1020805@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> Message-ID: Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: > So I checked the permissions there and the Locks directory is owned by > postfix.root and the locks inside are all owned by root.root. That is *all* wrong. Reread the tutorials for MS+postfix and for MS+clamd (you are using clamd, right). /var/spool/MailScanner/incoming/Locks l total 16 drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Fri Jan 9 22:32:33 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Fri Jan 9 22:32:43 2009 Subject: General Thankyou In-Reply-To: <4967BF83.7040303@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <223f97700901091301x5dbcbfa1w1abde38aa5897b7c@mail.gmail.com> <4967BF83.7040303@senecac.on.ca> Message-ID: <223f97700901091432g19ceff69p6992e72ada45bf78@mail.gmail.com> 2009/1/9 Dave Filchak : > Glenn, > (snip) > I did update to the latest already. > > This is MailScanner version 4.74.15 Hm. And it is the very latest....? "rpm -qi mailscanner" might show that. There were some specific PF problems with the new locking. Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From dave.filchak at senecac.on.ca Fri Jan 9 23:00:02 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Fri Jan 9 23:00:14 2009 Subject: General Thankyou In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> Message-ID: <4967D6F2.8090907@senecac.on.ca> Kai, Kai Schaetzl wrote: > Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: > > >> So I checked the permissions there and the Locks directory is owned by >> postfix.root and the locks inside are all owned by root.root. >> > > That is *all* wrong. Reread the tutorials for MS+postfix and for MS+clamd > (you are using clamd, right). > > /var/spool/MailScanner/incoming/Locks l > total 16 > drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . > drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. > -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock > -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock > -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock > -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock > -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock > > Kai > > Well I will definitely reread these. I never specifically set these permissions anywhere. One would thing that these would be created by the settings in MailScanner.conf .. wouldn't you? There is no specific alternate user settings in spamassassin so .... something is setting these permissions this way. -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From garvey at pushormitchell.com Fri Jan 9 23:03:33 2009 From: garvey at pushormitchell.com (Joe Garvey) Date: Fri Jan 9 23:03:42 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET References: Message-ID: Here are the top 15 results from the spamassassin hits. RCVD_IN_BL_SPAMCOP_NET is sitting at 74,756. There are a few other rules that hit over 45,000 but it drops dramatically after that with most rules only being hit with an average of 5,000. With RCVD_IN_BL_SPAMCOP_NET having such as high hit count compared to everything else it really makes me wonder why no other rules are getting hit as much as it is. required 112,503 8,110 7.2 104,393 92.8 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 86,708 1,066 1.2 85,642 98.8 autolearn=spam 84,906 0 0 84,906 100 RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net 74,756 256 0.3 74,500 99.7 BAYES_99 Bayesian spam probability is 99 to 100% 73,555 87 0.1 73,468 99.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 66,847 40 0.1 66,807 99.9 URIBL_SBL Contains an URL listed in the SBL blocklist 64,011 15 0 63,996 100 URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist 59,950 13 0 59,937 100 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist 57,969 72 0.1 57,897 99.9 HTML_MESSAGE HTML included in message 57,796 5,932 10.3 51,864 89.7 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 54,305 28 0.1 54,277 99.9 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist 46,946 18 0 46,928 100 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 46,385 227 0.5 46,158 99.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 45,793 188 0.4 45,605 99.6 RCVD_IN_XBL Received via a relay in Spamhaus XBL 44,779 2 0 44,777 100 DIGEST_MULTIPLE Message hits more than one network digest check 40,121 50 0.1 40,071 99.9 Here is the values from sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 6493 0 non-token data: nspam 0.000 0 847 0 non-token data: nham 0.000 0 207718 0 non-token data: ntokens 0.000 0 1231449300 0 non-token data: oldest atime 0.000 0 1231541795 0 non-token data: newest atime 0.000 0 1231541368 0 non-token data: last journal sync atime 0.000 0 1231519200 0 non-token data: last expiry atime 0.000 0 86400 0 non-token data: last expire atime delta 0.000 0 1792 0 non-token data: last expire reduction count Thanks Joe -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Kai Schaetzl Sent: Friday, January 09, 2009 2:31 PM To: mailscanner@lists.mailscanner.info Subject: Re: Stops after RCVD_IN_BL_SPAMCOP_NET Joe Garvey wrote on Fri, 9 Jan 2009 11:32:49 -0800: > My /etc/mail/spamassassin/spam.assassin.prefs.conf is a link to /etc/MailScanner/spam.assassin.prefs.conf right, yes, that's fine then. I sometimes think we are two years ago ;-) > I find it very confusing and lacking confidence in the system when > the system provides a score for bl.spamcop.net and don't see any other > results from any other rules. Use Mailwatch to checks the Rule Hits. Go to Reports/Spamassassin Rule Hits. I can't see a reason that the spamcop RBL rule stop all processing. Unless you use short-circuiting and use this rule as short-circuit rule. > I also converted my bayes database to MySQL. After reviewing the conversion > I noticed that I have no ham messages in the database. I am loading > up some from various users to see if this will also make a difference > as I find the Bayesian score usually shows a negative even for the > most obvious spam. Well, I suppose you didn't do "sa-learn --dump magic" before this. It would have shown you that you have no ham. That symptom would be normal for a freshly started Bayes DB that gets trained only with autolearning, but you seem to have it running much longer? This would then indicate that your autolearning for ham is non-existent because your ham isn't scoring low enough - which should not happen. What's the dump magic output now? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From lists at sequestered.net Fri Jan 9 23:18:38 2009 From: lists at sequestered.net (Corey Chandler) Date: Fri Jan 9 23:18:49 2009 Subject: Refresh FreeBSD Port? Message-ID: <4967DB4E.8040003@sequestered.net> Any idea what the scoop is on porting the newer versions of MailScanner to FreeBSD? Tossed the port maintainer an email last night and haven't heard back-- 4.67 is OLD! -- Corey Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: The new frame relay network hasn't bedded down the software loop transmitter yet From btj at havleik.no Fri Jan 9 23:19:50 2009 From: btj at havleik.no (=?ISO-8859-1?Q?Bj=F8rn?= T Johansen) Date: Fri Jan 9 23:20:40 2009 Subject: Could not open Bayes rebuild lock file /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No such file or directory In-Reply-To: <4964C5D8.3080308@ecs.soton.ac.uk> References: <20090106113530.41bc2d32@btj-laptop.asp-as.no> <49633EDC.4020709@ecs.soton.ac.uk> <20090106124443.3882cea3@btj-laptop.asp-as.no> <496346EB.1070200@ecs.soton.ac.uk> <20090106131634.776f66e4@btj-laptop.asp-as.no> <49637AFA.6040905@ecs.soton.ac.uk> <49648C9A.3060706@ecs.soton.ac.uk> <20090107124639.4fc576a4@btj-laptop.asp-as.no> <4964A243.30003@ecs.soton.ac.uk> <20090107135302.6cf5ca15@btj-laptop.asp-as.no> <4964C5D8.3080308@ecs.soton.ac.uk> Message-ID: <20090110001950.08e10728@pennywise.havleik.no> Just to let you know that 4.74.15-2 is working fine... :) BTJ On Wed, 07 Jan 2009 15:10:16 +0000 Julian Field wrote: > You might want to try 4.74.15-1 as I have just released that and it > contains a better version of the fix I have given you. > > If you do try it, please let me know if it works okay. > > On 7/1/09 12:53, Bj?rn T Johansen wrote: > > Yes, that seems to be working... Thx... :) > > > > BTJ > > > > On Wed, 07 Jan 2009 12:38:27 +0000 > > Julian Field wrote: > > > > > >> Can you try the attached SA.pm and let me know if it's any better. > >> Sorry, file locking problems (as usual!). > >> > >> > >> On 7/1/09 11:46, Bj?rn T Johansen wrote: > >> > >>> One problem... Mail is never delivered with the new lock files.... (never = waited 5 minutes but the queue only > >>> grew larger...) > >>> > >>> BTJ > >>> > >>> On Wed, 07 Jan 2009 11:06:02 +0000 > >>> Julian Field wrote: > >>> > >>> > >>> > >>>> Attached are two scripts. Both are gzipped to save bandwidth. > >>>> "mailscanner_create_locks" should be put in /opt/MailScanner/bin if you > >>>> use the "Other Unix" distribution of MailScanner. > >>>> "mailscanner_create_locks.redhat" should be put in /usr/sbin and renamed > >>>> to "mailscanner_create_locks" if you use either of the RPM distributions > >>>> of MailScanner. > >>>> > >>>> Don't forget to make it executable! > >>>> cd /usr/sbin > >>>> chmod a+rx mailscanner_create_locks > >>>> > >>>> Please let me know if this fixes the problem. > >>>> > >>>> On 6/1/09 15:38, Julian Field wrote: > >>>> > >>>> > >>>>> I'll try to remember to check on this one later and get back to you. > >>>>> > >>>>> On 6/1/09 12:16, Bj?rn T Johansen wrote: > >>>>> > >>>>> > >>>>>> I think MailScanner can run the script, at least I have the > >>>>>> following...: > >>>>>> (and running the script gives no error messages...) > >>>>>> > >>>>>> ls /var/spool/MailScanner/incoming/Locks/ -l > >>>>>> total 1 > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 antivirBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 avastBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 avgBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 bitdefenderBusy.lock > >>>>>> -rw------- 1 root root 50 2009-01-06 13:04 clamavBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 cssBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 esetsBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 etrustBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-prot-6Busy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-protBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 f-secureBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 genericBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 inoculanBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 kasperskyBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 mcafeeBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 nod32Busy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 normanBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 pandaBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 ravBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 sophosBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 symscanengineBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 trendBusy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 vba32Busy.lock > >>>>>> -rw------- 1 root root 0 2009-01-06 10:55 vexiraBusy.lock > >>>>>> > >>>>>> > >>>>>> But MS.bayes.rebuild.lock is missing? > >>>>>> > >>>>>> > >>>>>> > >>>>>> BTJ > >>>>>> > >>>>>> On Tue, 06 Jan 2009 11:56:27 +0000 > >>>>>> Julian Field wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> On 6/1/09 11:44, Bj?rn T Johansen wrote: > >>>>>>> > >>>>>>> > >>>>>>>> I just ran the install.sh script like I always do... > >>>>>>>> I am running on Linux, Ubuntu Server and use the tar.gz > >>>>>>>> distribution of MailScanner.. (Version 4.74.13-2 for Solaris / BSD > >>>>>>>> / Other Linux / Other > >>>>>>>> Unix ) > >>>>>>>> > >>>>>>>> > >>>>>>>> Do I need to do more? I had version 4.70 before I upgraded.... > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> There's a new script in the bin directory called > >>>>>>> mailscanner_create_locks, you need to make sure MailScanner can run > >>>>>>> that > >>>>>>> from /opt/MailScanner/bin. > >>>>>>> > >>>>>>> > >>>>>>>> BTJ > >>>>>>>> > >>>>>>>> On Tue, 06 Jan 2009 11:22:04 +0000 > >>>>>>>> Julian Field wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> What OS? What distribution of MailScanner? Did you install all the > >>>>>>>>> parts > >>>>>>>>> of MailScanner, including any new scripts I might have added to the > >>>>>>>>> "bin" directory? > >>>>>>>>> If you only install half of it, funnily enough it won't work :-) > >>>>>>>>> > >>>>>>>>> Jules. > >>>>>>>>> > >>>>>>>>> On 6/1/09 10:35, Bj?rn T Johansen wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> I upgraded to version 4.74 and I now get a lot of these in the > >>>>>>>>>> log..: > >>>>>>>>>> > >>>>>>>>>> Jan 6 11:17:50 pat MailScanner[11207]: New Batch: Scanning 1 > >>>>>>>>>> messages, 7216 bytes > >>>>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: Could not open Bayes > >>>>>>>>>> rebuild lock file > >>>>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, No > >>>>>>>>>> such file or directory > >>>>>>>>>> Jan 6 11:17:51 pat MailScanner[11207]: At start of SA checks > >>>>>>>>>> could not open > >>>>>>>>>> /var/spool/MailScanner/incoming/Locks/MS.bayes.rebuild.lock, > >>>>>>>>>> Jan 6 11:17:58 pat MailScanner[11207]: Virus and Content > >>>>>>>>>> Scanning: Starting > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Why? And what can I do to fix this? > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Regards, > >>>>>>>>>> > >>>>>>>>>> BTJ > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> Jules > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>> Jules > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> = > >>>>>> > >>>>>> > >>>>> Jules > >>>>> > >>>>> > >>>>> > >>>> Jules > >>>> > >>>> > >>>> > >>> > >>> > >> Jules > >> > >> > > Jules From steve.freegard at fsl.com Fri Jan 9 23:28:43 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Fri Jan 9 23:28:54 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: <4967DDAB.6030205@fsl.com> Joe Garvey wrote: > Here are the top 15 results from the spamassassin hits. > > RCVD_IN_BL_SPAMCOP_NET is sitting at 74,756. There are a few other rules that hit over 45,000 but it drops dramatically after that with most rules only being hit with an average of 5,000. With RCVD_IN_BL_SPAMCOP_NET having such as high hit count compared to everything else it really makes me wonder why no other rules are getting hit as much as it is. Maybe it's just the style of the traffic your system gets and there's nothing wrong with your configuration? Why not analyse where the hits are coming from and see if you're just getting a lot of connections from the same hosts; as you're running MailWatch - you could try running the following SQL: SELECT clientip, COUNT(*) as count FROM maillog WHERE date >= CURRENT_DATE() - INTERVAL 7 DAY AND spamreport LIKE '%RCVD_IN_BL_SPAMCOP_NET%' ORDER BY count DESC; All I know is that if I got that many hits on Spamcop - I'd be blocking it all in my MTA instead.... > DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 86,708 1,066 1.2 85,642 98.8 > RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net 74,756 256 0.3 74,500 99.7 > BAYES_99 Bayesian spam probability is 99 to 100% 73,555 87 0.1 73,468 99.9 > URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 66,847 40 0.1 66,807 99.9 > URIBL_SBL Contains an URL listed in the SBL blocklist 64,011 15 0 63,996 100 > URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist 59,950 13 0 59,937 100 > URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist 57,969 72 0.1 57,897 99.9 > HTML_MESSAGE HTML included in message 57,796 5,932 10.3 51,864 89.7 > URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 54,305 28 0.1 54,277 99.9 > URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist 46,946 18 0 46,928 100 > RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 46,385 227 0.5 46,158 99.5 > RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 45,793 188 0.4 45,605 99.6 > RCVD_IN_XBL Received via a relay in Spamhaus XBL 44,779 2 0 44,777 100 > DIGEST_MULTIPLE Message hits more than one network digest check 40,121 50 0.1 40,071 99.9 Based in the above - this doesn't look to bad to me.... Cheers, Steve. From chokimbo at gmail.com Sat Jan 10 08:33:43 2009 From: chokimbo at gmail.com (ichwan nur hakim) Date: Sat Jan 10 08:33:53 2009 Subject: block spoofing mail Message-ID: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> hi guys, how block spoofing mail with mailscanner..?? coz my office mail very much recipient spoofing mail. Thank's -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090110/d1181d4b/attachment.html From maillists at conactive.com Sat Jan 10 09:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 10 09:31:32 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: Joe Garvey wrote on Fri, 9 Jan 2009 15:03:33 -0800: > There are a few other > rules that hit over 45,000 but it drops dramatically after that with > most rules only being hit with an average of 5,000. this is absolutely normal. If all hits where hitting each spam we could reduce the number of SA rules to 20. If you are using extra rulesets you may assess them this way and decide if they are (still) worth it. With RCVD_IN_BL_SPAMCOP_NET > having such as high hit count compared to everything else it really > makes me wonder why no other rules are getting hit as much as it is. because rules like spamcop and spamhaus are best used at MTA level to spare your MS/SA a lot of processing. > > required 112,503 8,110 7.2 104,393 92.8 > DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc) 86,708 1,066 1.2 85,642 98.8 > autolearn=spam 84,906 0 0 84,906 100 > RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net 74,756 256 0.3 74,500 99.7 > BAYES_99 Bayesian spam probability is 99 to 100% 73,555 87 0.1 73,468 99.9 > URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 66,847 40 0.1 66,807 99.9 > URIBL_SBL Contains an URL listed in the SBL blocklist 64,011 15 0 63,996 100 > URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist 59,950 13 0 59,937 100 > URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist 57,969 72 0.1 57,897 99.9 > HTML_MESSAGE HTML included in message 57,796 5,932 10.3 51,864 89.7 > URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 54,305 28 0.1 54,277 99.9 > URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist 46,946 18 0 46,928 100 > RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net) 46,385 227 0.5 46,158 99.5 > RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% 45,793 188 0.4 45,605 99.6 > RCVD_IN_XBL Received via a relay in Spamhaus XBL 44,779 2 0 44,777 100 > DIGEST_MULTIPLE Message hits more than one network digest check 40,121 50 0.1 40,071 99.9 This is all very well. > Here is the values from sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 6493 0 non-token data: nspam > 0.000 0 847 0 non-token data: nham > 0.000 0 207718 0 non-token data: ntokens > 0.000 0 1231449300 0 non-token data: oldest atime > 0.000 0 1231541795 0 non-token data: newest atime > 0.000 0 1231541368 0 non-token data: last journal sync atime > 0.000 0 1231519200 0 non-token data: last expiry atime > 0.000 0 86400 0 non-token data: last expire atime delta > 0.000 0 1792 0 non-token data: last expire reduction count this is all very well, except that you are slashing your bayes db each day, your latest token is from one day ago. I wouldn't that. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Jan 10 10:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 10 10:31:31 2009 Subject: block spoofing mail In-Reply-To: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> Message-ID: Ichwan nur hakim wrote on Sat, 10 Jan 2009 15:33:43 +0700: > how block spoofing mail with mailscanner..?? You do realize that your question is ambiguos and that you don't provide much information. It's of the same "quality" as your question a few days ago. I consider this *inpolite*. If you continue this way you won't grow happy on mailing lists. So, assuming the most probable meaning: you don't need to if you didn't whitelist yourself. Most of these should score like other spam does. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Jan 10 10:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 10 10:31:32 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> Message-ID: Cannon Watts wrote on Fri, 9 Jan 2009 15:37:06 -0600 (CST): > Probably getting beyond the scope of this list, but any tips on debugging > this? This particular box is running its own caching DNS that, prior to > seeing that debugging info, I would have said works perfectly. look which tests timeout, if it are always the same and then do some manual tests against these RBLs. > How would I go about disabling 'some of these tests'? set skip_rbl_checks > in /etc/mamil/spamassassin/mailscanner.cf? yes (this doesn't shut off URIBL tests). > I don't understand how permissions could be an issue given the > circumstances. SpamAssassin is running as root, and all of these messages > are in the same mailbox -- it's not as if they're owned by different users. I didn't know as what user you were running this. You are right it should not be an issue then, but still could be when running via MS. > > I did run each message separately through spamassassin -D. This time they > all received Bayes scores, with 15 scoring BAYES_50 and 13 scoring BAYES_60. > All of them generated the dns timeouts, but only 19 of the 28 generated the > bayes timeout. But all got a BAYES score. So, there where timeouts but the second or third or so try worked. I haven't ever seen this. My first thought would be that too many Bayes lookups occur. I don't know how this locking works and I now have mostly SQL setups. You may want to move to SQL, this should avoid this, anyway. If you can't overcome this problem I'd go to the SA list for further help. > > I don't see any suspicious lock files, but then I'm not sure what I'm > looking for. A file ending in .lock or lock.hostname in the bayes directory? > > I suppose there could be a performance problem, but considering I just > moved this server from a 933 Mhz Pentium with less than a gig of ram > (where it > was working reasonably well) to a 2 GHz quad-core w/ 4 GB of RAM and 15k > rpm disks (where I've never seen the system load go over 0.5), I tend to > look elsewhere first. I agree it doesn't look like it should be udnerpowered. But it depends on the number of messages you process each day. How many? How long does a spamassassin --lint run take? (use time). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Sat Jan 10 10:31:16 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 10 10:31:34 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: References: <4963D91A.9060304@ecs.soton.ac.uk> <4965292E.1070209@ecs.soton.ac.uk> <49664631.2020207@ecs.soton.ac.uk> <49672BCE.1030603@ecs.soton.ac.uk> Message-ID: Guy Story KC5GOI wrote on Fri, 9 Jan 2009 12:57:38 -0600: > I took the list from Google > and massaged it to it fit the format for use as the spam.blacklist.rule > file, is that any less efficient as far as MS is concerned? Much less. Just read what Jules script does. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From glenn.steen at gmail.com Sat Jan 10 11:21:45 2009 From: glenn.steen at gmail.com (Glenn Steen) Date: Sat Jan 10 11:21:55 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> Message-ID: <223f97700901100321m3ed6cdf1oaf1fa61371961c1@mail.gmail.com> 2009/1/9 Cannon Watts : > On Fri, January 9, 2009 5:31 am, Kai Schaetzl wrote: >> Cannon Watts wrote on Thu, 8 Jan 2009 21:22:59 -0600 (CST): >> >>> [2456] dbg: async: starting: URI-DNSBL, >>> DNSBL:dob.sibl.support-intelligence.net:agentbenefitsteam.com >>> (timeout 10.0s, min 2.0s) >>> >>> [2456] dbg: async: starting: URI-NS, >>> NS:agentbenefitsteam.com >>> (timeout 10.0s, min 2.0s) >>> >>> [2456] dbg: async: starting: DNSBL-A, >>> dns:A:154.248.19.72.plus.bondedsender.org. >>> (timeout 10.0s, min 2.0s) >>> >>> [2456] dbg: async: starting: DNSBL-TXT, >>> dns:TXT:154.248.19.72.bl.spamcop.net. >>> (timeout 10.0s, min 2.0s) >> >> there's a problem with your DNS or caching ns. Until you haven't solved >> that better disable network tests. Even after you are ok again you may >> want to disable some of these tests as they are not worth it. > > Probably getting beyond the scope of this list, but any tips on debugging > this? This particular box is running its own caching DNS that, prior to > seeing that debugging info, I would have said works perfectly. Dozens of > clients on our local network use that DNS server without a problem, not > to mention the fact that sendmail on this same machine has no DNS problems. > > How would I go about disabling 'some of these tests'? set skip_rbl_checks > in /etc/mamil/spamassassin/mailscanner.cf? > > >>> And perhaps most importantly: >>> [2456] dbg: locker: safe_lock: trying to get lock on >>> /etc/MailScanner/bayes/bayes with 10 timeout >> >> check the permissions, look for existing lock files and remove them. >> Apparently, this didn't happen for all messages. So, check messages one by >> one and see if it then still happens. Maybe there's a performance problem? > > I don't understand how permissions could be an issue given the > circumstances. SpamAssassin is running as root, and all of these messages > are in the same mailbox -- it's not as if they're owned by different users. > > I did run each message separately through spamassassin -D. This time they > all received Bayes scores, with 15 scoring BAYES_50 and 13 scoring BAYES_60. > All of them generated the dns timeouts, but only 19 of the 28 generated the > bayes timeout. > > I don't see any suspicious lock files, but then I'm not sure what I'm > looking for. > Do you have a very large bayes_seen file? If so... remove it. Then redo the tests and see if things aren't better. Or do you have any expire files, from failed expiry runs? > I suppose there could be a performance problem, but considering I just > moved this server from a 933 Mhz Pentium with less than a gig of ram > (where it > was working reasonably well) to a 2 GHz quad-core w/ 4 GB of RAM and 15k > rpm disks (where I've never seen the system load go over 0.5), I tend to > look elsewhere first. > Ok, so this situation popped up right after the move? Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From MailScanner at rowley-cs.co.uk Sat Jan 10 11:33:02 2009 From: MailScanner at rowley-cs.co.uk (MailScanner) Date: Sat Jan 10 11:33:43 2009 Subject: Outbound mal stuck In-Reply-To: <4967AED1.6060101@USherbrooke.ca> References: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B20@hercules.rowley-cs.co.uk> <49679E4A.6020501@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B23@hercules.rowley-cs.co.uk> <4967A4AF.4080705@USherbrooke.ca> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B24@hercules.rowley-cs.co.uk> <4967A8A1.4080704@xpear.de> <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B25@hercules.rowley-cs.co.uk> <4967AED1.6060101@USherbrooke.ca> Message-ID: <45B4F94BF79F16438AB6EBA4BB5F3FBC4ECE4A0B26@hercules.rowley-cs.co.uk> Thx Denis, That certainly does work. Thx again. Bill -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Denis Beauchemin Sent: 09 January 2009 20:09 To: MailScanner discussion Subject: Re: Outbound mal stuck MailScanner a ?crit : > I have restarted the MS and nothing changed. > Service MailScanner restart. > Everything started Ok but I still see the attempted delivery. > Any idea why? > > Thx > > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of traced > Sent: 09 January 2009 19:42 > To: MailScanner discussion > Subject: Re: Outbound mal stuckservice > > MailScanner schrieb: > >> Thx for replying. >> That is exactly what I am seeing. >> How do I kill the attempted delivery? >> Plz advice. >> >> Thx >> >> > > Have you simply tried to restart sendmail? > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > Restarting MS doesn't kill existing sendmail processes. If you removed the df and qf files from /var/spool/mqueue and you made sure no sendmail process is still trying to deliver that email (look at the output of ps) then delivery attempts could no longer occur. Denis -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Sat Jan 10 12:03:08 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sat Jan 10 12:03:26 2009 Subject: General Thankyou In-Reply-To: <49679B36.9010202@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> Message-ID: <49688E7C.6060106@ecs.soton.ac.uk> On 9/1/09 18:45, Dave Filchak wrote: > Just wanted to pass on my thanks to Kai, Glenn and Scott and any I > missed, for helping me with my MS Upgrade issues. As I said, it had > been a while since I had dealt with this stuff so it was a bit of a > learning curve. It all seems to be working pretty well now so I will > be watching it closely over the next few days. Just need to do a bit > of tweaking with the rules I think. > > As the version I was using was pretty old, is there anywhere I can > find an explanation of the new config directives since 4.6.x ? They are all mentioned in the ChangeLog, if you want to find specifically what options are new since your previous version. > > Again, thank you everyone for your help. > > Dave Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From gesbbb at yahoo.com Sat Jan 10 13:12:49 2009 From: gesbbb at yahoo.com (Jerry) Date: Sat Jan 10 13:13:11 2009 Subject: Refresh FreeBSD Port? In-Reply-To: <4967DB4E.8040003@sequestered.net> References: <4967DB4E.8040003@sequestered.net> Message-ID: <20090110081249.3e1fd5bc@scorpio> On Fri, 09 Jan 2009 15:18:38 -0800 Corey Chandler wrote: >Any idea what the scoop is on porting the newer versions of >MailScanner to FreeBSD? > >Tossed the port maintainer an email last night and haven't heard >back-- 4.67 is OLD! Maybe he has a day job! In any event, FBSD has just come out of a 'ports slush' condition. Over a thousand updated ports have been released in the past 72 hours. I am personally waiting on an updated one I submitted to be released. In any event, have you offered your services to the port maintainer: j.koopmann@seceidos.de He might appreciate it. -- Jerry gesbbb@yahoo.com If you hands are clean and your cause is just and your demands are reasonable, at least it's a start. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090110/cfbe30e3/signature.bin From root at doctor.nl2k.ab.ca Sat Jan 10 14:12:12 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Sat Jan 10 14:13:39 2009 Subject: Refresh FreeBSD Port? In-Reply-To: <20090110081249.3e1fd5bc@scorpio> References: <4967DB4E.8040003@sequestered.net> <20090110081249.3e1fd5bc@scorpio> Message-ID: <20090110141212.GA27718@doctor.nl2k.ab.ca> On Sat, Jan 10, 2009 at 08:12:49AM -0500, Jerry wrote: > On Fri, 09 Jan 2009 15:18:38 -0800 > Corey Chandler wrote: > > >Any idea what the scoop is on porting the newer versions of > >MailScanner to FreeBSD? > > > >Tossed the port maintainer an email last night and haven't heard > >back-- 4.67 is OLD! > > Maybe he has a day job! In any event, FBSD has just come out of a > 'ports slush' condition. Over a thousand updated ports have been > released in the past 72 hours. I am personally waiting on an updated > one I submitted to be released. > > In any event, have you offered your services to the port maintainer: > > j.koopmann@seceidos.de > > He might appreciate it. > Who knows why they are not keeping up? I just compiled raw and it works on the FreeBSD Boxes here. > -- > Jerry > gesbbb@yahoo.com > > If you hands are clean and your cause is just > and your demands are reasonable, at least it's a start. > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From chokimbo at gmail.com Sat Jan 10 15:08:07 2009 From: chokimbo at gmail.com (ichwan nur hakim) Date: Sat Jan 10 15:08:18 2009 Subject: block spoofing mail In-Reply-To: References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> Message-ID: <928434630901100708j3b404629le14a10eb77e30f60@mail.gmail.com> Kai, I'm sory for the inconvenience, not my intention to not complacent, cause my english is not good. But I'm need help from this forum for my case. Once again i'm sory. Thank's On Sat, Jan 10, 2009 at 5:31 PM, Kai Schaetzl wrote: > Ichwan nur hakim wrote on Sat, 10 Jan 2009 15:33:43 +0700: > > > how block spoofing mail with mailscanner..?? > > You do realize that your question is ambiguos and that you don't provide > much information. It's of the same "quality" as your question a few days > ago. I consider this *inpolite*. If you continue this way you won't grow > happy on mailing lists. > So, assuming the most probable meaning: you don't need to if you didn't > whitelist yourself. Most of these should score like other spam does. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090110/61d6c65e/attachment.html From gesbbb at yahoo.com Sat Jan 10 15:09:23 2009 From: gesbbb at yahoo.com (Jerry) Date: Sat Jan 10 15:09:36 2009 Subject: Refresh FreeBSD Port? In-Reply-To: <20090110141212.GA27718@doctor.nl2k.ab.ca> References: <4967DB4E.8040003@sequestered.net> <20090110081249.3e1fd5bc@scorpio> <20090110141212.GA27718@doctor.nl2k.ab.ca> Message-ID: <20090110100923.54375d98@scorpio> On Sat, 10 Jan 2009 07:12:12 -0700 "Dave Shariff Yadallee" wrote: [snip] >Who knows why they are not keeping up? > >I just compiled raw and it works on the FreeBSD Boxes here. I just checked the FreeBSD 'Makefile' for Mailscanner. There are several 'patches' that are applied as well as PATH modifications, etc. to the basic Mailscanner installation. If it works for you, then fine. If it suddenly starts failing, you will need to completely remove your custom installation and then use the FreeBSD ports system. In fact, you would probably be better off removing the Mailscanner port prior to installing from source anyway. Since they install in different locations, unless you manually modified it, it would help to avoid any unnecessary problems. -- Jerry gesbbb@yahoo.com The difference between dogs and cats is that dogs come when they're called. Cats take a message and get back to you. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090110/fdfd046a/signature.bin From lauasanf at wilderness.homeip.net Sat Jan 10 15:44:19 2009 From: lauasanf at wilderness.homeip.net (Drew Sanford) Date: Sat Jan 10 15:44:48 2009 Subject: bayes_auto_learn_threshold settings? Message-ID: <4968C253.8020705@wilderness.homeip.net> Hello, I have been looking for the bayes auto learn settings in my Mailscanner configs but cannot locate them. I suspect they should be in the spam.assassin.prefs.conf file, but don't actually see them listed. I have attempted to manually set bayes to auto learn spam at 10.0 with the following line: bayes_auto_learn_threshold_spam 10.0 However, I still have messages scoring as high as 13 that are not auto learned. Have I approached this the wrong way, or does anyone have any additional pointers? Thanks. Drew From shuttlebox at gmail.com Sat Jan 10 16:04:11 2009 From: shuttlebox at gmail.com (shuttlebox) Date: Sat Jan 10 16:04:21 2009 Subject: bayes_auto_learn_threshold settings? In-Reply-To: <4968C253.8020705@wilderness.homeip.net> References: <4968C253.8020705@wilderness.homeip.net> Message-ID: <625385e30901100804p6aa3fe1dkbe47300b40335425@mail.gmail.com> On Sat, Jan 10, 2009 at 4:44 PM, Drew Sanford wrote: > Hello, > I have been looking for the bayes auto learn settings in my > Mailscanner configs but cannot locate them. I suspect they should be in the > spam.assassin.prefs.conf file, but don't actually see them listed. I have > attempted to manually set bayes to auto learn spam at 10.0 with the > following line: > > bayes_auto_learn_threshold_spam 10.0 > > However, I still have messages scoring as high as 13 that are not auto > learned. Have I approached this the wrong way, or does anyone have any > additional pointers? Thanks. It needs to score enough in both header and body checks so just because your example score was somewhat higher than the threshold doesn't necessarily mean it will be used since it was probably weak scoring in some aspect. Quite common when the score is slightly above the threshold. -- /peter From maillists at conactive.com Sat Jan 10 16:31:17 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sat Jan 10 16:31:34 2009 Subject: block spoofing mail In-Reply-To: <928434630901100708j3b404629le14a10eb77e30f60@mail.gmail.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> <928434630901100708j3b404629le14a10eb77e30f60@mail.gmail.com> Message-ID: Still nobody does know where you need help with. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From rich at mail.wvnet.edu Sat Jan 10 16:34:09 2009 From: rich at mail.wvnet.edu (Richard Lynch) Date: Sat Jan 10 16:34:23 2009 Subject: block spoofing mail In-Reply-To: <928434630901100708j3b404629le14a10eb77e30f60@mail.gmail.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> <928434630901100708j3b404629le14a10eb77e30f60@mail.gmail.com> Message-ID: <4968CE01.2040000@mail.wvnet.edu> ichwan nur hakim wrote: > Kai, > > I'm sory for the inconvenience, not my intention to not complacent, > cause my english is not good. > But I'm need help from this forum for my case. > Once again i'm sory. In order to help you the people in this forum need specifics about your mail configuration and the details of the problem you're trying to solve. Without that all I can offer is... Read up on using SPF DNS records for your domain and about SPF validation from your MTA. See,,, http://www.openspf.org ...and... http://www.snertsoft.com/sendmail/milter-spiff/ Also, consider the commercial product BarricadeMX which has SPF testing built-in. Richard Lynch WVNET > > > Thank's > > On Sat, Jan 10, 2009 at 5:31 PM, Kai Schaetzl > wrote: > > Ichwan nur hakim wrote on Sat, 10 Jan 2009 15:33:43 +0700: > > > how block spoofing mail with mailscanner..?? > > You do realize that your question is ambiguos and that you don't > provide > much information. It's of the same "quality" as your question a > few days > ago. I consider this *inpolite*. If you continue this way you > won't grow > happy on mailing lists. > So, assuming the most probable meaning: you don't need to if you > didn't > whitelist yourself. Most of these should score like other spam does. > > Kai > > -- > Kai Sch?tzl, Berlin, Germany > Get your web at Conactive Internet Services: http://www.conactive.com > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- / / -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090110/e5b361af/attachment.html From cwatts at elsberry.k12.mo.us Sat Jan 10 17:28:13 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Sat Jan 10 17:29:51 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> Message-ID: <41554.204.184.75.172.1231608493.squirrel@webmail.elsberry.k12.mo.us> On Sat, January 10, 2009 4:31 am, Kai Schaetzl wrote: > Cannon Watts wrote on Fri, 9 Jan 2009 15:37:06 -0600 (CST): > >> Probably getting beyond the scope of this list, but any tips on >> debugging >> this? This particular box is running its own caching DNS that, prior to >> seeing that debugging info, I would have said works perfectly. > > look which tests timeout, if it are always the same and then do some > manual > tests against these RBLs. > >> How would I go about disabling 'some of these tests'? set >> skip_rbl_checks >> in /etc/mamil/spamassassin/mailscanner.cf? > > yes (this doesn't shut off URIBL tests). Thanks, that certainly cuts down on the timeouts, The URIBL tests are still generating 281 timeouts on those 28 messages, but that's a minor concern now that the bayes issues seem to be sorted out (see below). > >> >> I suppose there could be a performance problem, but considering I just >> moved this server from a 933 Mhz Pentium with less than a gig of ram >> (where it >> was working reasonably well) to a 2 GHz quad-core w/ 4 GB of RAM and 15k >> rpm disks (where I've never seen the system load go over 0.5), I tend to >> look elsewhere first. > > I agree it doesn't look like it should be udnerpowered. But it depends on > the > number of messages you process each day. How many? How long does a > spamassassin --lint run take? (use time). It probably averages around 6000 per day. 'time spamassassin --lint' returns real 0m2.450s user 0m2.309s sys 0m0.141s I ran spamassassin --lint -D, and did find something peculiar in the output. dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen ..... dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 /etc/MailScanner/bayes is the correct location for those files, and sa-learn has been updating them without any errors, but something is obviously not right. I moved the old bayes_toks and bayes_seen files, then fed bayes around 500 spams and hams via sa-learn to create a new database. Now, running spamassassin on those 28 messages generates a BAYES_99 score for each one with no bayes timeouts. I guess my database was either corrupt, or just too big. Will have to spend some time re-training bayes, but I'm hopeful that part of the problem is solved. Thanks again for your help. Cannon From cwatts at elsberry.k12.mo.us Sat Jan 10 17:28:19 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Sat Jan 10 17:29:56 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <223f97700901100321m3ed6cdf1oaf1fa61371961c1@mail.gmail.com> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> <223f97700901100321m3ed6cdf1oaf1fa61371961c1@mail.gmail.com> Message-ID: <59732.204.184.75.172.1231608499.squirrel@webmail.elsberry.k12.mo.us> On Sat, January 10, 2009 5:21 am, Glenn Steen wrote: > Do you have a very large bayes_seen file? If so... remove it. Then > redo the tests and see if things aren't better. > Or do you have any expire files, from failed expiry runs? I think that was the problem. After removing bayes_seen and bayes_toks, then rebuilding them by feeding 500 or so hams and spams to sa-learn, the bayes timeouts seem to be fixed. > Ok, so this situation popped up right after the move? Not really. I made the move because I was having the same situation on the old box. I didn't do a lot of debugging there because that machine was so overtaxed, I just assumed that was the root of the problem. Thanks, Cannon From kc5goi at gmail.com Sat Jan 10 17:55:24 2009 From: kc5goi at gmail.com (Guy Story KC5GOI) Date: Sat Jan 10 17:55:39 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <2360480.141231610032484.JavaMail.gstory@gstory-laptop> Message-ID: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> Kai, I need to clarify my question then. I did read over the script and if I understand it, please bear in mind I do not pretend to program, that it downloads the data from Google and turns it into a rule for SA. The rule itself provides inbound, outbound and content filtering using the email addresses that are provided by the Google list. Between Jules postings and the comments in the script, if I am understanding it correctly, then that is a huge testimony on Jules commenting in the file. That is a huge help for non-programmers and I thank him. I understand that since I do not have the current release of MS that I can not take full advantage of what Jule has done. I am currently using 7.10 of Ubuntu so I need to make sure that I can satisfy the dependencies to preform the upgrade. This is a time issue since I am a one man department. As a temporary solution I downloaded the list and used it to create a list that I added to my spam blacklist rule with FromOrTo so I can filter on two of three points. The downside to my current approach is lack of content scanning and a manual updating process instead of using Jules script in cron.hourly. Not ideal but a start. It takes me 5 minutes to do this where Jules script probably does in in less than 30 seconds (download, convert, copy and restart MS) and is more current. I might do this once a week. I understand that the address list could update literally on an hourly basis. The rate of updates is up to Google and I have not read through the project fully yet. My original and poorly worded question was more along the lines of how much work MS has to do using the list of addresses in the spam blacklist verses a SA rule. It it more work processing the blacklist than the SA rule? Guy ----- Original Message ----- From: "Kai Schaetzl" To: mailscanner@lists.mailscanner.info Sent: Saturday, January 10, 2009 4:31:16 AM GMT -06:00 US/Canada Central Subject: Re: Anti-spear-phishing, round 2 Guy Story KC5GOI wrote on Fri, 9 Jan 2009 12:57:38 -0600: > I took the list from Google > and massaged it to it fit the format for use as the spam.blacklist.rule > file, is that any less efficient as far as MS is concerned? Much less. Just read what Jules script does. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From paul at welshfamily.com Sun Jan 11 00:49:12 2009 From: paul at welshfamily.com (Paul Welsh) Date: Sun Jan 11 00:49:30 2009 Subject: Redirecting spam In-Reply-To: <200812141201.mBEC0ekF011758@safir.blacknight.ie> Message-ID: <200901110049.n0B0nLJp016057@safir.blacknight.ie> This has probably been asked a million times (but can't find it searching the list). I note that Spam Actions = forward forwards a *copy* of the message to another address. What I wish to do is to redirect the message to another address where it can be evaluated manually and forwarded on if not spam. Can I use delete forward or is store forward my only option? From cwatts at elsberry.k12.mo.us Sun Jan 11 03:08:43 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Sun Jan 11 03:10:13 2009 Subject: Redirecting spam In-Reply-To: <200901110049.n0B0nLJp016057@safir.blacknight.ie> References: <200812141201.mBEC0ekF011758@safir.blacknight.ie> <200901110049.n0B0nLJp016057@safir.blacknight.ie> Message-ID: <20090111030843.GB27431@elsberry.k12.mo.us> On Sun, Jan 11, 2009 at 12:49:12AM -0000, Paul Welsh wrote: > This has probably been asked a million times (but can't find it searching > the list). > > I note that > > Spam Actions = forward > > forwards a *copy* of the message to another address. What I wish to do is > to redirect the message to another address where it can be evaluated > manually and forwarded on if not spam. > > Can I use > > delete forward > > or is > > store forward > > my only option? Unless I'm misunderstanding your question (which is entirely possible) forward does exactly what you want. It doesn't forward the message in the same sense as you would forward an email using your mail client. If you specify 'Spam Actions = forward spamfolder@yourdomain.com' in the config file, those messages flagged as spam will be delivered to spamfolder@yourdomain.com instead of the intended recipient. At my site, I use the following: High Scoring Spam Actions = store Spam Actions = forward spam@mydomain.com High scoring spam gets stored in the quarantine, and low-scoring spam gets delivered to the spam mailbox. I look through that mailbox at the end of the day, and if I find anything that shouldn't have been flagged, I save a copy to the intended recipient's mailbox, save a copy to a ham mailbox, and, if appropriate, whitelist the sender's address. I've then got a cron job that feeds both the spam and ham mailboxes to sa-learn to improve my bayes scores. Cannon From Denis.Beauchemin at USherbrooke.ca Sun Jan 11 13:13:07 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Sun Jan 11 13:13:20 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> References: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> Message-ID: <4969F063.3090704@USherbrooke.ca> Guy Story KC5GOI a ?crit : > Kai, I need to clarify my question then. I did read over the script and if I understand it, please bear in mind I do not pretend to program, that it downloads the data from Google and turns it into a rule for SA. The rule itself provides inbound, outbound and content filtering using the email addresses that are provided by the Google list. Between Jules postings and the comments in the script, if I am understanding it correctly, then that is a huge testimony on Jules commenting in the file. That is a huge help for non-programmers and I thank him. > > I understand that since I do not have the current release of MS that I can not take full advantage of what Jule has done. I am currently using 7.10 of Ubuntu so I need to make sure that I can satisfy the dependencies to preform the upgrade. This is a time issue since I am a one man department. > > As a temporary solution I downloaded the list and used it to create a list that I added to my spam blacklist rule with FromOrTo so I can filter on two of three points. > > The downside to my current approach is lack of content scanning and a manual updating process instead of using Jules script in cron.hourly. Not ideal but a start. It takes me 5 minutes to do this where Jules script probably does in in less than 30 seconds (download, convert, copy and restart MS) and is more current. I might do this once a week. I understand that the address list could update literally on an hourly basis. The rate of updates is up to Google and I have not read through the project fully yet. > > My original and poorly worded question was more along the lines of how much work MS has to do using the list of addresses in the spam blacklist verses a SA rule. It it more work processing the blacklist than the SA rule? > > Guy > Guy, I'm pretty sure you can use Julian's script in an older version of MS but you will have to use it to add to the SA score and then rely on your Required SpamAssassin Score or High SpamAssassin Score to quarantine/delete the emails. I you were to assing a score of, let's say, 15 to $SA_score in Julian's Spear.Phishing.Rules script, you could bump those emails into high scoring spam and then do whatever you want to them without having to use SpamAssassin Rule Actions at all. Denis From maillists at conactive.com Sun Jan 11 17:31:18 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 11 17:31:28 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> References: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> Message-ID: Guy Story KC5GOI wrote on Sat, 10 Jan 2009 11:55:24 -0600 (GMT-06:00): > My original and poorly worded question was more along the lines of > how much work MS has to do using the list of addresses in the spam > blacklist verses a SA rule. It it more work processing the blacklist > than the SA rule? No, probably less. You asked about efficiency and I took that as meaning the result. I didn't check out Jules script, but according to his description it's taking also all body appearances into account and it "normalizes" or wildcards the names with numbers. That makes it match much better against mutations. If you use wildcards in your blacklist then this will make it gain efficiency, but still loose out on the body checks. If you just use the basic name list without even wildcarding then I wouldn't use it at all, it's not worth it. I think Denis made a good suggestion how to use that script with an older MS version. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MailScanner at ecs.soton.ac.uk Sun Jan 11 18:09:27 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 11 18:09:52 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4969F063.3090704@USherbrooke.ca> References: <14149359.161231610122759.JavaMail.gstory@gstory-laptop> <4969F063.3090704@USherbrooke.ca> Message-ID: <496A35D7.4070905@ecs.soton.ac.uk> On 11/1/09 13:13, Denis Beauchemin wrote: > Guy Story KC5GOI a ?crit : >> Kai, I need to clarify my question then. I did read over the script >> and if I understand it, please bear in mind I do not pretend to >> program, that it downloads the data from Google and turns it into a >> rule for SA. The rule itself provides inbound, outbound and content >> filtering using the email addresses that are provided by the Google >> list. Between Jules postings and the comments in the script, if I am >> understanding it correctly, then that is a huge testimony on Jules >> commenting in the file. That is a huge help for non-programmers and >> I thank him. Thanks! I tried to make it pretty clear to non-programmers. I don't add comments as an after-thought, I document as I go. >> >> I understand that since I do not have the current release of MS that >> I can not take full advantage of what Jule has done. I am currently >> using 7.10 of Ubuntu so I need to make sure that I can satisfy the >> dependencies to preform the upgrade. This is a time issue since I am >> a one man department. >> >> As a temporary solution I downloaded the list and used it to create a >> list that I added to my spam blacklist rule with FromOrTo so I can >> filter on two of three points. >> The downside to my current approach is lack of content scanning and a >> manual updating process instead of using Jules script in >> cron.hourly. Not ideal but a start. It takes me 5 minutes to do >> this where Jules script probably does in in less than 30 seconds >> (download, convert, copy and restart MS) and is more current. I >> might do this once a week. I understand that the address list could >> update literally on an hourly basis. The rate of updates is up to >> Google and I have not read through the project fully yet. It's not up to Google. As far as I am aware, they don't have any connection with the project other than merely providing a place to host it, rather like Sourceforge does for many other people. >> >> My original and poorly worded question was more along the lines of >> how much work MS has to do using the list of addresses in the spam >> blacklist verses a SA rule. It it more work processing the blacklist >> than the SA rule? Due to the way I wrote the script, the cost of running that file in SA is actually pretty minimal. One large pattern containing many alternatives is hugely more efficient in SA (and in Perl) than having a separate SA rule for each address, which would be the naive implementation. The way SA works is that every rule gets turned into the Perl source code for a function, and then SA calls each function (i.e. rule) with the text of each message. So if you cram 20 alternatives into 1 rule, it's only 1 function call per message instead of 20, so 20 times less overhead. Additionally, the addresses are listed alphabetically sorted, so that when Perl is trying to match the huge expression, if all the alternative addresses in the expression (rule) start with an "a" then it will only check the first character. If that isn't an "a" then none of the alternatives can match and it can bail out instantly. It's not actually as simple as that, but the theory basically still holds true. So it turns into (on my systems) about 100 SA rules, each of which can be processed very quickly compared with many other SA rules you may use. Most systems have many thousands of rules, so an extra 100 is a tiny cost for the benefit you get from them. I did put quite a bit of thought into my code, it is very far from a naive implementation, and contains a lot of measures to try to ensure that a rogue entry in the Google-hosted file cannot cause all your mail to get binned. If someone put "s@gmail.com" in the file, it would *not* hit every message from "thomas@gmail.com" for example! > Guy, > > I'm pretty sure you can use Julian's script in an older version of MS > but you will have to use it to add to the SA score and then rely on > your Required SpamAssassin Score or High SpamAssassin Score to > quarantine/delete the emails. Correct. Just use the SA score (which you can set at the top of the script) and make it count towards your normal Spam Actions or High-Scoring Spam Actions, just the same as you would for any other SpamAssassin rule. I chose to use the "SpamAssassin Rule Actions", and a very low score, as I want to handle this mail in a very different way to normal spam, partly because it makes it easier for me to develop the code and to see how well it is working and if there are ways I could improve it. > > I you were to assing a score of, let's say, 15 to $SA_score in > Julian's Spear.Phishing.Rules script, you could bump those emails into > high scoring spam and then do whatever you want to them without having > to use SpamAssassin Rule Actions at all. Yes, that would work just fine. Just not the way *I* choose to use it. But you are more than welcome to :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Sun Jan 11 18:31:35 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Sun Jan 11 18:31:47 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <41554.204.184.75.172.1231608493.squirrel@webmail.elsberry.k12.mo.us> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> <41554.204.184.75.172.1231608493.squirrel@webmail.elsberry.k12.mo.us> Message-ID: Cannon Watts wrote on Sat, 10 Jan 2009 11:28:13 -0600 (CST): > Thanks, that certainly cuts down on the timeouts, The URIBL tests are > still generating 281 timeouts on those 28 messages, but that's a minor > concern now that the bayes issues seem to be sorted out (see below). As said earlier, there is surely something wrong either with your dns setup or with your software (e.g. DNS::Net too old or so). Have you set dns_available yes or do you let SA check that? If set to yes set it to no and let SA show you the outcome. > It probably averages around 6000 per day. That's not much and should be ok even for the old server, given enough RAM. 'time spamassassin --lint' > returns > real 0m2.450s > user 0m2.309s > sys 0m0.141s Hm, I'm not sure if timeouts would be counted in these figures at all. Figure looks ok. > I ran spamassassin --lint -D, and did find something peculiar in the output. > > dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks > dbg: bayes: tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen > ..... > dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB < 200 > > /etc/MailScanner/bayes is the correct location for those files, and sa-learn > has been updating them without any errors, but something is obviously not > right. You may have learned the wrong files (belonging to a different user). You have to set a site-wide Bayes with MS. I moved the old bayes_toks and bayes_seen files, then fed bayes > around 500 spams and hams via sa-learn to create a new database. > > Now, running spamassassin on those 28 messages generates a BAYES_99 score > for each one with no bayes timeouts. Good. > > I guess my database was either corrupt, or just too big. For being "too big" it should have had at least 5 million tokens (I haven't ever seen a database over that size, but I can say that databases in this range are still fine performance-wise). Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From dave.filchak at senecac.on.ca Sun Jan 11 19:03:00 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Sun Jan 11 19:03:18 2009 Subject: General Thankyou In-Reply-To: <4967D6F2.8090907@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> Message-ID: <496A4264.6080303@senecac.on.ca> Kai, Dave Filchak wrote: > Kai, > > Kai Schaetzl wrote: >> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >> >> >>> So I checked the permissions there and the Locks directory is owned >>> by postfix.root and the locks inside are all owned by root.root. >>> >> >> That is *all* wrong. Reread the tutorials for MS+postfix and for >> MS+clamd (you are using clamd, right). >> >> /var/spool/MailScanner/incoming/Locks l >> total 16 >> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >> -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock >> -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >> >> Kai >> >> > Well I will definitely reread these. I never specifically set these > permissions anywhere. One would thing that these would be created by > the settings in MailScanner.conf .. wouldn't you? There is no specific > alternate user settings in spamassassin so .... something is setting > these permissions this way. > I have gone through the tutorials a few times and I seem to have everything set up correctly yet .... something keeps reseting the permissions in the Locks directory back to the following: -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock /var/spool/MailScanner/incoming [root@rosewood incoming]# ls -l total 604 drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks -rw------- 1 postfix postfix 590848 Jan 11 13:41 SpamAssassin.cache.db drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp Yesterday this was all set as you have it above. Dave From MailScanner at ecs.soton.ac.uk Sun Jan 11 19:22:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 11 19:23:11 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A4264.6080303@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> Message-ID: <496A470A.7070507@ecs.soton.ac.uk> On 11/1/09 19:03, Dave Filchak wrote: > Kai, > > > > Dave Filchak wrote: >> Kai, >> >> Kai Schaetzl wrote: >>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>> >>> >>>> So I checked the permissions there and the Locks directory is owned >>>> by postfix.root and the locks inside are all owned by root.root. >>> >>> That is *all* wrong. Reread the tutorials for MS+postfix and for >>> MS+clamd (you are using clamd, right). >>> >>> /var/spool/MailScanner/incoming/Locks l >>> total 16 >>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock >>> -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>> >>> Kai >>> >> Well I will definitely reread these. I never specifically set these >> permissions anywhere. One would thing that these would be created by >> the settings in MailScanner.conf .. wouldn't you? There is no >> specific alternate user settings in spamassassin so .... something >> is setting these permissions this way. >> > I have gone through the tutorials a few times and I seem to have > everything set up correctly yet .... something keeps reseting the > permissions in the Locks directory back to the following: It will be being clobbered by the update_virus_scanners cron job which is run once per hour. Please can you mail me an exact copy (preferably gzipped) of your MailScanner.conf file. Have you moved that file from its default location or anything like that? It should pull out the "Run As User" and "Run As Group" from MailScanner.conf and use those values to set the ownership of the lock files. Clearly something is going wrong there. Copy and paste the following commands into a shell running as root. Beware of extra line-breaks that my mail program or your mail program may add into the following, hopefully they'll be okay. LOCKDIR=`perl -n -e 'print "$_" if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` RUNASU=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` RUNASG=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` echo $LOCKDIR echo $RUNASU echo $RUNASG /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" Then show me what you get from ls -al $LOCKDIR assuming that the "echo $LOCKDIR" command printed out the directory where your lock files are stored (i.e. normally /var/spool/MailScanner/incoming/Locks). > > -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock > -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock > -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock > -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock > -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock > -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock > -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock > -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock > -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock > > /var/spool/MailScanner/incoming > [root@rosewood incoming]# ls -l > total 604 > drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 > drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 > drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 > drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks > -rw------- 1 postfix postfix 590848 Jan 11 13:41 SpamAssassin.cache.db > drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp > > Yesterday this was all set as you have it above. > > Dave Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From paul at welshfamily.com Sun Jan 11 19:35:56 2009 From: paul at welshfamily.com (Paul Welsh) Date: Sun Jan 11 19:36:16 2009 Subject: MailScanner Digest, Vol 37, Issue 20 In-Reply-To: <200901111201.n0BC0VPP030819@safir.blacknight.ie> Message-ID: <200901111936.n0BJa81G018893@safir.blacknight.ie> > Date: Sat, 10 Jan 2009 21:08:43 -0600 > From: Cannon Watts > Subject: Re: Redirecting spam > > > I note that > > > > Spam Actions = forward > > > > forwards a *copy* of the message to another address. What > I wish to do is > > to redirect the message to another address where it can be evaluated > > manually and forwarded on if not spam. > > > > Unless I'm misunderstanding your question (which is entirely possible) > forward does exactly what you want. It doesn't forward the > message in the > same sense as you would forward an email using your mail > client. If you > specify 'Spam Actions = forward spamfolder@yourdomain.com' in > the config file, > those messages flagged as spam will be delivered to > spamfolder@yourdomain.com > instead of the intended recipient. Thanks for the clarification, Cannon. That's what I thought the forward config command did. I just got a bit confused when the explanation says it forwards a *copy*. From maxsec at gmail.com Sun Jan 11 19:53:59 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Sun Jan 11 19:54:09 2009 Subject: block spoofing mail In-Reply-To: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> Message-ID: <72cf361e0901111153n686b1e45l7f0dd56c87f63a36@mail.gmail.com> 2009/1/10 ichwan nur hakim : > hi guys, > > how block spoofing mail with mailscanner..?? coz my office mail very much > recipient spoofing mail. > Thank's > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > HI perhaps you can give an example of what you mean by 'spoofing email'? -- Martin Hepworth Oxford, UK From dave.filchak at senecac.on.ca Sun Jan 11 20:16:12 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Sun Jan 11 20:16:36 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A470A.7070507@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> Message-ID: <496A538C.60903@senecac.on.ca> Jules Julian Field wrote: > > > On 11/1/09 19:03, Dave Filchak wrote: >> Kai, >> >> >> >> Dave Filchak wrote: >>> Kai, >>> >>> Kai Schaetzl wrote: >>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>> >>>> >>>>> So I checked the permissions there and the Locks directory is >>>>> owned by postfix.root and the locks inside are all owned by >>>>> root.root. >>>> >>>> That is *all* wrong. Reread the tutorials for MS+postfix and for >>>> MS+clamd (you are using clamd, right). >>>> >>>> /var/spool/MailScanner/incoming/Locks l >>>> total 16 >>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock >>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>> >>>> Kai >>>> >>> Well I will definitely reread these. I never specifically set these >>> permissions anywhere. One would thing that these would be created by >>> the settings in MailScanner.conf .. wouldn't you? There is no >>> specific alternate user settings in spamassassin so .... something >>> is setting these permissions this way. >>> >> I have gone through the tutorials a few times and I seem to have >> everything set up correctly yet .... something keeps reseting the >> permissions in the Locks directory back to the following: > It will be being clobbered by the update_virus_scanners cron job which > is run once per hour. Please can you mail me an exact copy (preferably > gzipped) of your MailScanner.conf file. Have you moved that file from > its default location or anything like that? It should pull out the > "Run As User" and "Run As Group" from MailScanner.conf and use those > values to set the ownership of the lock files. Clearly something is > going wrong there. > > Copy and paste the following commands into a shell running as root. > Beware of extra line-breaks that my mail program or your mail program > may add into the following, hopefully they'll be okay. > > LOCKDIR=`perl -n -e 'print "$_" if chomp && > s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > RUNASU=`perl -n -e 'print "$_" if chomp && > s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > RUNASG=`perl -n -e 'print "$_" if chomp && > s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > echo $LOCKDIR > echo $RUNASU > echo $RUNASG > /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" > > Then show me what you get from > ls -al $LOCKDIR > assuming that the "echo $LOCKDIR" command printed out the directory > where your lock files are stored (i.e. normally > /var/spool/MailScanner/incoming/Locks). I have emailed you my conf file. Here is the output from your scripts: [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' /etc/MailScanner/MailScanner.conf` [root@rosewood MailScanner]# echo $LOCKDIR /var/spool/MailScanner/incoming/Locks [root@rosewood MailScanner]# echo $RUNASU postfix [root@rosewood MailScanner]# echo $RUNASG postfix [root@rosewood MailScanner]# /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" [root@rosewood MailScanner]# ls -al $LOCKDIR total 12 drwxr-x--- 2 postfix root 4096 Jan 11 14:18 . drwxrwx--- 7 postfix clamav 4096 Jan 11 15:12 .. -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock -rw------- 1 root root 48 Jan 11 14:18 clamavBusy.lock -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock -rw------- 1 root root 0 Jan 11 14:18 MS.bayes.starting.lock -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock Dave > >> >> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >> >> /var/spool/MailScanner/incoming >> [root@rosewood incoming]# ls -l >> total 604 >> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >> -rw------- 1 postfix postfix 590848 Jan 11 13:41 SpamAssassin.cache.db >> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >> >> Yesterday this was all set as you have it above. >> >> Dave > > Jules > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From MailScanner at ecs.soton.ac.uk Sun Jan 11 20:51:20 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 11 20:51:42 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A538C.60903@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> Message-ID: <496A5BC8.4000908@ecs.soton.ac.uk> On 11/1/09 20:16, Dave Filchak wrote: > Jules > > Julian Field wrote: >> >> >> On 11/1/09 19:03, Dave Filchak wrote: >>> Kai, >>> >>> >>> >>> Dave Filchak wrote: >>>> Kai, >>>> >>>> Kai Schaetzl wrote: >>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>> >>>>> >>>>>> So I checked the permissions there and the Locks directory is >>>>>> owned by postfix.root and the locks inside are all owned by >>>>>> root.root. >>>>> >>>>> That is *all* wrong. Reread the tutorials for MS+postfix and for >>>>> MS+clamd (you are using clamd, right). >>>>> >>>>> /var/spool/MailScanner/incoming/Locks l >>>>> total 16 >>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock >>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 MS.bayes.starting.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 symscanengineBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>> >>>>> Kai >>>>> >>>> Well I will definitely reread these. I never specifically set these >>>> permissions anywhere. One would thing that these would be created >>>> by the settings in MailScanner.conf .. wouldn't you? There is no >>>> specific alternate user settings in spamassassin so .... something >>>> is setting these permissions this way. >>>> >>> I have gone through the tutorials a few times and I seem to have >>> everything set up correctly yet .... something keeps reseting the >>> permissions in the Locks directory back to the following: >> It will be being clobbered by the update_virus_scanners cron job >> which is run once per hour. Please can you mail me an exact copy >> (preferably gzipped) of your MailScanner.conf file. Have you moved >> that file from its default location or anything like that? It should >> pull out the "Run As User" and "Run As Group" from MailScanner.conf >> and use those values to set the ownership of the lock files. Clearly >> something is going wrong there. >> >> Copy and paste the following commands into a shell running as root. >> Beware of extra line-breaks that my mail program or your mail program >> may add into the following, hopefully they'll be okay. >> >> LOCKDIR=`perl -n -e 'print "$_" if chomp && >> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> RUNASU=`perl -n -e 'print "$_" if chomp && >> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> RUNASG=`perl -n -e 'print "$_" if chomp && >> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> echo $LOCKDIR >> echo $RUNASU >> echo $RUNASG >> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >> >> Then show me what you get from >> ls -al $LOCKDIR >> assuming that the "echo $LOCKDIR" command printed out the directory >> where your lock files are stored (i.e. normally >> /var/spool/MailScanner/incoming/Locks). > > I have emailed you my conf file. Here is the output from your scripts: > > [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if chomp > && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if chomp > && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if chomp > && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' > /etc/MailScanner/MailScanner.conf` > [root@rosewood MailScanner]# echo $LOCKDIR > /var/spool/MailScanner/incoming/Locks > [root@rosewood MailScanner]# echo $RUNASU > postfix > [root@rosewood MailScanner]# echo $RUNASG > postfix That all looks good. As root, rm -rf /var/spool/MailScanner/incoming/Locks and then /usr/sbin/update_virus_scanners and then show me an ls -al /var/spool/MailScanner/incoming/Locks The files in there should be owned by postfix. Let's see if that's true. > > Dave >> >>> >>> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >>> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >>> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >>> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >>> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >>> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >>> >>> /var/spool/MailScanner/incoming >>> [root@rosewood incoming]# ls -l >>> total 604 >>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >>> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >>> -rw------- 1 postfix postfix 590848 Jan 11 13:41 SpamAssassin.cache.db >>> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >>> >>> Yesterday this was all set as you have it above. >>> >>> Dave >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From dave.filchak at senecac.on.ca Sun Jan 11 21:17:56 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Sun Jan 11 21:18:08 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A5BC8.4000908@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> Message-ID: <496A6204.9070105@senecac.on.ca> Jules, Julian Field wrote: > > > On 11/1/09 20:16, Dave Filchak wrote: >> Jules >> >> Julian Field wrote: >>> >>> >>> On 11/1/09 19:03, Dave Filchak wrote: >>>> Kai, >>>> >>>> >>>> >>>> Dave Filchak wrote: >>>>> Kai, >>>>> >>>>> Kai Schaetzl wrote: >>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>> >>>>>> >>>>>>> So I checked the permissions there and the Locks directory is >>>>>>> owned by postfix.root and the locks inside are all owned by >>>>>>> root.root. >>>>>> >>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and for >>>>>> MS+clamd (you are using clamd, right). >>>>>> >>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>> total 16 >>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 MS.bayes.rebuild.lock >>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>> MS.bayes.starting.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>> symscanengineBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>> >>>>>> Kai >>>>>> >>>>> Well I will definitely reread these. I never specifically set >>>>> these permissions anywhere. One would thing that these would be >>>>> created by the settings in MailScanner.conf .. wouldn't you? There >>>>> is no specific alternate user settings in spamassassin so .... >>>>> something is setting these permissions this way. >>>>> >>>> I have gone through the tutorials a few times and I seem to have >>>> everything set up correctly yet .... something keeps reseting the >>>> permissions in the Locks directory back to the following: >>> It will be being clobbered by the update_virus_scanners cron job >>> which is run once per hour. Please can you mail me an exact copy >>> (preferably gzipped) of your MailScanner.conf file. Have you moved >>> that file from its default location or anything like that? It should >>> pull out the "Run As User" and "Run As Group" from MailScanner.conf >>> and use those values to set the ownership of the lock files. Clearly >>> something is going wrong there. >>> >>> Copy and paste the following commands into a shell running as root. >>> Beware of extra line-breaks that my mail program or your mail >>> program may add into the following, hopefully they'll be okay. >>> >>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> RUNASU=`perl -n -e 'print "$_" if chomp && >>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> RUNASG=`perl -n -e 'print "$_" if chomp && >>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> echo $LOCKDIR >>> echo $RUNASU >>> echo $RUNASG >>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>> >>> Then show me what you get from >>> ls -al $LOCKDIR >>> assuming that the "echo $LOCKDIR" command printed out the directory >>> where your lock files are stored (i.e. normally >>> /var/spool/MailScanner/incoming/Locks). >> >> I have emailed you my conf file. Here is the output from your scripts: >> >> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if chomp >> && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if chomp >> && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if chomp >> && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >> /etc/MailScanner/MailScanner.conf` >> [root@rosewood MailScanner]# echo $LOCKDIR >> /var/spool/MailScanner/incoming/Locks >> [root@rosewood MailScanner]# echo $RUNASU >> postfix >> [root@rosewood MailScanner]# echo $RUNASG >> postfix > That all looks good. As root, > rm -rf /var/spool/MailScanner/incoming/Locks > and then > /usr/sbin/update_virus_scanners > and then show me an > ls -al /var/spool/MailScanner/incoming/Locks > > The files in there should be owned by postfix. Let's see if that's true. > OK .. deleted the Locks directory, ran update_virus_scanners and got: ls -al /var/spool/MailScanner/incoming/Locks/ total 8 drwxr-x--- 2 root root 4096 Jan 11 16:13 . drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock Still root. Dave >> >> Dave >>> >>>> >>>> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >>>> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >>>> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >>>> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >>>> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >>>> >>>> /var/spool/MailScanner/incoming >>>> [root@rosewood incoming]# ls -l >>>> total 604 >>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >>>> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >>>> -rw------- 1 postfix postfix 590848 Jan 11 13:41 >>>> SpamAssassin.cache.db >>>> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >>>> >>>> Yesterday this was all set as you have it above. >>>> >>>> Dave >>> >>> Jules >>> >> > > Jules > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From spamlists at coders.co.uk Sun Jan 11 21:41:13 2009 From: spamlists at coders.co.uk (Matt) Date: Sun Jan 11 21:42:23 2009 Subject: Anti-spear-phishing sa-update channel Message-ID: <496A6779.9040309@coders.co.uk> All If anyone is interested I have published an sa-update channel which generates the same rules as Jules' script. The channel is spear.bastionmail.com it is signed by key id 06EF70A3 which you can get from http://www.bastionmail.co.uk/spear.txt The rules are named in the same way and is updated within 15 minutes of an SVN update. ****** NOTE - it is fully automatic in the same way as Jules script works ******** matt From MailScanner at ecs.soton.ac.uk Sun Jan 11 23:50:52 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Sun Jan 11 23:51:15 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A6204.9070105@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> Message-ID: <496A85DC.3060404@ecs.soton.ac.uk> On 11/1/09 21:17, Dave Filchak wrote: > Jules, > > Julian Field wrote: >> >> >> On 11/1/09 20:16, Dave Filchak wrote: >>> Jules >>> >>> Julian Field wrote: >>>> >>>> >>>> On 11/1/09 19:03, Dave Filchak wrote: >>>>> Kai, >>>>> >>>>> >>>>> >>>>> Dave Filchak wrote: >>>>>> Kai, >>>>>> >>>>>> Kai Schaetzl wrote: >>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>>> >>>>>>> >>>>>>>> So I checked the permissions there and the Locks directory is >>>>>>>> owned by postfix.root and the locks inside are all owned by >>>>>>>> root.root. >>>>>>> >>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and for >>>>>>> MS+clamd (you are using clamd, right). >>>>>>> >>>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>>> total 16 >>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 bitdefenderBusy.lock >>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 >>>>>>> MS.bayes.rebuild.lock >>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>>> MS.bayes.starting.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>> symscanengineBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>>> >>>>>>> Kai >>>>>>> >>>>>> Well I will definitely reread these. I never specifically set >>>>>> these permissions anywhere. One would thing that these would be >>>>>> created by the settings in MailScanner.conf .. wouldn't you? >>>>>> There is no specific alternate user settings in spamassassin so >>>>>> .... something is setting these permissions this way. >>>>>> >>>>> I have gone through the tutorials a few times and I seem to have >>>>> everything set up correctly yet .... something keeps reseting the >>>>> permissions in the Locks directory back to the following: >>>> It will be being clobbered by the update_virus_scanners cron job >>>> which is run once per hour. Please can you mail me an exact copy >>>> (preferably gzipped) of your MailScanner.conf file. Have you moved >>>> that file from its default location or anything like that? It >>>> should pull out the "Run As User" and "Run As Group" from >>>> MailScanner.conf and use those values to set the ownership of the >>>> lock files. Clearly something is going wrong there. >>>> >>>> Copy and paste the following commands into a shell running as root. >>>> Beware of extra line-breaks that my mail program or your mail >>>> program may add into the following, hopefully they'll be okay. >>>> >>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> echo $LOCKDIR >>>> echo $RUNASU >>>> echo $RUNASG >>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>> >>>> Then show me what you get from >>>> ls -al $LOCKDIR >>>> assuming that the "echo $LOCKDIR" command printed out the directory >>>> where your lock files are stored (i.e. normally >>>> /var/spool/MailScanner/incoming/Locks). >>> >>> I have emailed you my conf file. That looks fine. >>> Here is the output from your scripts: >>> >>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if chomp >>> && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if chomp >>> && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>> /etc/MailScanner/MailScanner.conf` >>> [root@rosewood MailScanner]# echo $LOCKDIR >>> /var/spool/MailScanner/incoming/Locks >>> [root@rosewood MailScanner]# echo $RUNASU >>> postfix >>> [root@rosewood MailScanner]# echo $RUNASG >>> postfix >> That all looks good. As root, >> rm -rf /var/spool/MailScanner/incoming/Locks >> and then >> /usr/sbin/update_virus_scanners >> and then show me an >> ls -al /var/spool/MailScanner/incoming/Locks >> >> The files in there should be owned by postfix. Let's see if that's true. >> > OK .. deleted the Locks directory, ran update_virus_scanners and got: > > ls -al /var/spool/MailScanner/incoming/Locks/ > total 8 > drwxr-x--- 2 root root 4096 Jan 11 16:13 . > drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. > -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock > -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock > -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock > -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock > -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock > -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock > -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock > > > Still root. Hmmm... 1 I want to be sure there are no weird options for the mount that supplies this directory. Do this: cd /var/spool/MailScanner/incoming df -h . mount ls -ld Locks (all as root). Also, paste the contents of your /etc/fstab file into your reply to this mail. 2 Also, please can you make a little edit to your /usr/sbin/mailscanner_create_locks script. Near the top you will see a line that says this: my $ldgid = getgrnam($ldgname); That's about line 17. Immediately after that line, add this line: print STDERR "lduid = $lduid, ldgid = $ldgid\n"; and let's just check that it is getting the UID and GID correctly, as failure to do that would cause your symptoms. Run /usr/sbin/mailscanner_create_locks /var/spool/MailScanner/incoming/Locks postfix postfix (all of that on 1 line) and include the output in your reply, and do another ls -al /var/spool/MailScanner/incoming/Locks to see if anything has improved. 3 If that still isn't working, right at the end of the script there are a couple of "chown" lines. Change the first one to read chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; and the second one to read chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; and then run the mailscanner_create_locks command I gave above. Let me know if it prints anything, and what it says if it does. 4 That lot should give me a better idea of what's going on. > > Dave >>> >>> Dave >>>> >>>>> >>>>> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >>>>> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >>>>> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >>>>> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >>>>> >>>>> /var/spool/MailScanner/incoming >>>>> [root@rosewood incoming]# ls -l >>>>> total 604 >>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >>>>> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >>>>> -rw------- 1 postfix postfix 590848 Jan 11 13:41 >>>>> SpamAssassin.cache.db >>>>> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >>>>> >>>>> Yesterday this was all set as you have it above. >>>>> >>>>> Dave >>>> >>>> Jules >>>> >>> >> >> Jules >> > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From listacc at ocosa.com Sun Jan 11 23:51:54 2009 From: listacc at ocosa.com (ListAcc) Date: Sun Jan 11 23:52:13 2009 Subject: block spoofing mail In-Reply-To: <72cf361e0901111153n686b1e45l7f0dd56c87f63a36@mail.gmail.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> <72cf361e0901111153n686b1e45l7f0dd56c87f63a36@mail.gmail.com> Message-ID: <496A861A.9060401@ocosa.com> Martin, There is a previous post about this. Have you considered using SPF? One thing to cut down on spoofed mail is setup an ACL on the outside interface of your mail server that blocks all IP address not yet assigned or known for spam. If you are using postfix as your MTA you can setup this up with smtpd restrictions. The below will help mitigate but I would suggest also putting up an ACL if you can to block your domain name from entering your outside interface if it's within your mail routing policy and setup. Also scan all user computers for bots and etc that may be around. Make sure users must authenticate before sending.... For example: in /etc/postfix/main.cf smtpd_recipient_restrictions = * check_sender_mx_access cidr:/etc/postfix/bogus_mx *(see postfix for complete command usage and available restrictions)** permit make sure you create the bogus_mx and place all the bad networks such as in /etc/postfix/bogus_mx 0.0.0.0/8 550 Bad Network 10.0.0.0/8 550 Bad Network 127.0.0.0/8 550 Bad Network For a complete up to date list of bogons networks see http://www.team-cymru.org Regards, Otis Martin Hepworth wrote: > 2009/1/10 ichwan nur hakim : > >> hi guys, >> >> how block spoofing mail with mailscanner..?? coz my office mail very much >> recipient spoofing mail. >> Thank's >> >> -- >> MailScanner mailing list >> mailscanner@lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> Before posting, read http://wiki.mailscanner.info/posting >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > HI > > perhaps you can give an example of what you mean by 'spoofing email'? > > From dave.filchak at senecac.on.ca Mon Jan 12 03:22:58 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Mon Jan 12 03:23:14 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496A85DC.3060404@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> Message-ID: <496AB792.9090605@senecac.on.ca> Julian, Julian Field wrote: > > > On 11/1/09 21:17, Dave Filchak wrote: >> Jules, >> >> Julian Field wrote: >>> >>> >>> On 11/1/09 20:16, Dave Filchak wrote: >>>> Jules >>>> >>>> Julian Field wrote: >>>>> >>>>> >>>>> On 11/1/09 19:03, Dave Filchak wrote: >>>>>> Kai, >>>>>> >>>>>> >>>>>> >>>>>> Dave Filchak wrote: >>>>>>> Kai, >>>>>>> >>>>>>> Kai Schaetzl wrote: >>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>>>> >>>>>>>> >>>>>>>>> So I checked the permissions there and the Locks directory is >>>>>>>>> owned by postfix.root and the locks inside are all owned by >>>>>>>>> root.root. >>>>>>>> >>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and >>>>>>>> for MS+clamd (you are using clamd, right). >>>>>>>> >>>>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>>>> total 16 >>>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>> bitdefenderBusy.lock >>>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 >>>>>>>> MS.bayes.rebuild.lock >>>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>>>> MS.bayes.starting.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>> symscanengineBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>>>> >>>>>>>> Kai >>>>>>>> >>>>>>> Well I will definitely reread these. I never specifically set >>>>>>> these permissions anywhere. One would thing that these would be >>>>>>> created by the settings in MailScanner.conf .. wouldn't you? >>>>>>> There is no specific alternate user settings in spamassassin so >>>>>>> .... something is setting these permissions this way. >>>>>>> >>>>>> I have gone through the tutorials a few times and I seem to have >>>>>> everything set up correctly yet .... something keeps reseting the >>>>>> permissions in the Locks directory back to the following: >>>>> It will be being clobbered by the update_virus_scanners cron job >>>>> which is run once per hour. Please can you mail me an exact copy >>>>> (preferably gzipped) of your MailScanner.conf file. Have you moved >>>>> that file from its default location or anything like that? It >>>>> should pull out the "Run As User" and "Run As Group" from >>>>> MailScanner.conf and use those values to set the ownership of the >>>>> lock files. Clearly something is going wrong there. >>>>> >>>>> Copy and paste the following commands into a shell running as >>>>> root. Beware of extra line-breaks that my mail program or your >>>>> mail program may add into the following, hopefully they'll be okay. >>>>> >>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> echo $LOCKDIR >>>>> echo $RUNASU >>>>> echo $RUNASG >>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>>> >>>>> Then show me what you get from >>>>> ls -al $LOCKDIR >>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>> directory where your lock files are stored (i.e. normally >>>>> /var/spool/MailScanner/incoming/Locks). >>>> >>>> I have emailed you my conf file. > That looks fine. >>>> Here is the output from your scripts: >>>> >>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>> /etc/MailScanner/MailScanner.conf` >>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>> /var/spool/MailScanner/incoming/Locks >>>> [root@rosewood MailScanner]# echo $RUNASU >>>> postfix >>>> [root@rosewood MailScanner]# echo $RUNASG >>>> postfix >>> That all looks good. As root, >>> rm -rf /var/spool/MailScanner/incoming/Locks >>> and then >>> /usr/sbin/update_virus_scanners >>> and then show me an >>> ls -al /var/spool/MailScanner/incoming/Locks >>> >>> The files in there should be owned by postfix. Let's see if that's >>> true. >>> >> OK .. deleted the Locks directory, ran update_virus_scanners and got: >> >> ls -al /var/spool/MailScanner/incoming/Locks/ >> total 8 >> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock >> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock >> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >> >> >> Still root. > Hmmm... > > 1 > I want to be sure there are no weird options for the mount that > supplies this directory. Do this: > cd /var/spool/MailScanner/incoming > df -h . > mount > ls -ld Locks > (all as root). > Also, paste the contents of your /etc/fstab file into your reply to > this mail. > > 2 > Also, please can you make a little edit to your > /usr/sbin/mailscanner_create_locks script. > Near the top you will see a line that says this: > my $ldgid = getgrnam($ldgname); > That's about line 17. Immediately after that line, add this line: > print STDERR "lduid = $lduid, ldgid = $ldgid\n"; > and let's just check that it is getting the UID and GID correctly, as > failure to do that would cause your symptoms. > Run > /usr/sbin/mailscanner_create_locks > /var/spool/MailScanner/incoming/Locks postfix postfix > (all of that on 1 line) and include the output in your reply, > and do another > ls -al /var/spool/MailScanner/incoming/Locks > to see if anything has improved. > > 3 > If that still isn't working, right at the end of the script there are > a couple of "chown" lines. Change the first one to read > chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; > and the second one to read > chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; > and then run the mailscanner_create_locks command I gave above. Let me > know if it prints anything, and what it says if it does. > > 4 > That lot should give me a better idea of what's going on. cd /var/spool/MailScanner/incoming/ [root@rosewood incoming]# df -h . Filesystem Size Used Avail Use% Mounted on /dev/hdb1 111G 15G 91G 14% /var [root@rosewood incoming]# mount /dev/sda5 on / type ext3 (rw) none on /proc type proc (rw) none on /sys type sysfs (rw) none on /dev/pts type devpts (rw,gid=5,mode=620) usbfs on /proc/bus/usb type usbfs (rw) /dev/sda1 on /boot type ext3 (rw) none on /dev/shm type tmpfs (rw) /dev/sda2 on /home type ext3 (rw) /dev/sdb1 on /usr type ext3 (rw) /dev/hdb1 on /var type ext3 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) [root@rosewood incoming]# ls -ld Locks drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks FSTAB: LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 LABEL=/home /home ext3 defaults 1 2 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 LABEL=/usr /usr ext3 defaults 1 2 LABEL=/var /var ext3 defaults 1 2 LABEL=SWAP-sda3 swap swap defaults 0 0 /dev/hda /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 /usr/sbin/mailscanner_create_locks /var/spool/MailScanner/incoming/Locks postfix postfix lduid = 80, ldgid = 80 [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks total 8 drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock I did not do your last request as this shows the proper ownership. The questions is: will it hold? Let me know if you still want me to do that last bit. Sorry it took a while to get back to you. I had to run out for a bit. Dave >>>>>> >>>>>> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >>>>>> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >>>>>> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >>>>>> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >>>>>> >>>>>> /var/spool/MailScanner/incoming >>>>>> [root@rosewood incoming]# ls -l >>>>>> total 604 >>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >>>>>> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >>>>>> -rw------- 1 postfix postfix 590848 Jan 11 13:41 >>>>>> SpamAssassin.cache.db >>>>>> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >>>>>> >>>>>> Yesterday this was all set as you have it above. >>>>>> > > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From dave.filchak at senecac.on.ca Mon Jan 12 04:17:03 2009 From: dave.filchak at senecac.on.ca (Dave Filchak) Date: Mon Jan 12 04:17:18 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496AB792.9090605@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> Message-ID: <496AC43F.9030701@senecac.on.ca> Julian Dave Filchak wrote: > Julian, > > Julian Field wrote: >> >> >> On 11/1/09 21:17, Dave Filchak wrote: >>> Jules, >>> >>> Julian Field wrote: >>>> >>>> >>>> On 11/1/09 20:16, Dave Filchak wrote: >>>>> Jules >>>>> >>>>> Julian Field wrote: >>>>>> >>>>>> >>>>>> On 11/1/09 19:03, Dave Filchak wrote: >>>>>>> Kai, >>>>>>> >>>>>>> >>>>>>> >>>>>>> Dave Filchak wrote: >>>>>>>> Kai, >>>>>>>> >>>>>>>> Kai Schaetzl wrote: >>>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>>>>> >>>>>>>>> >>>>>>>>>> So I checked the permissions there and the Locks directory is >>>>>>>>>> owned by postfix.root and the locks inside are all owned by >>>>>>>>>> root.root. >>>>>>>>> >>>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and >>>>>>>>> for MS+clamd (you are using clamd, right). >>>>>>>>> >>>>>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>>>>> total 16 >>>>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>> bitdefenderBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 kasperskyBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 >>>>>>>>> MS.bayes.rebuild.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>>>>> MS.bayes.starting.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>> symscanengineBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>>>>> >>>>>>>>> Kai >>>>>>>>> >>>>>>>> Well I will definitely reread these. I never specifically set >>>>>>>> these permissions anywhere. One would thing that these would be >>>>>>>> created by the settings in MailScanner.conf .. wouldn't you? >>>>>>>> There is no specific alternate user settings in spamassassin >>>>>>>> so .... something is setting these permissions this way. >>>>>>>> >>>>>>> I have gone through the tutorials a few times and I seem to have >>>>>>> everything set up correctly yet .... something keeps reseting >>>>>>> the permissions in the Locks directory back to the following: >>>>>> It will be being clobbered by the update_virus_scanners cron job >>>>>> which is run once per hour. Please can you mail me an exact copy >>>>>> (preferably gzipped) of your MailScanner.conf file. Have you >>>>>> moved that file from its default location or anything like that? >>>>>> It should pull out the "Run As User" and "Run As Group" from >>>>>> MailScanner.conf and use those values to set the ownership of the >>>>>> lock files. Clearly something is going wrong there. >>>>>> >>>>>> Copy and paste the following commands into a shell running as >>>>>> root. Beware of extra line-breaks that my mail program or your >>>>>> mail program may add into the following, hopefully they'll be okay. >>>>>> >>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> echo $LOCKDIR >>>>>> echo $RUNASU >>>>>> echo $RUNASG >>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>>>> >>>>>> Then show me what you get from >>>>>> ls -al $LOCKDIR >>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>> directory where your lock files are stored (i.e. normally >>>>>> /var/spool/MailScanner/incoming/Locks). >>>>> >>>>> I have emailed you my conf file. >> That looks fine. >>>>> Here is the output from your scripts: >>>>> >>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>> /etc/MailScanner/MailScanner.conf` >>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>> /var/spool/MailScanner/incoming/Locks >>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>> postfix >>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>> postfix >>>> That all looks good. As root, >>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>> and then >>>> /usr/sbin/update_virus_scanners >>>> and then show me an >>>> ls -al /var/spool/MailScanner/incoming/Locks >>>> >>>> The files in there should be owned by postfix. Let's see if that's >>>> true. >>>> >>> OK .. deleted the Locks directory, ran update_virus_scanners and got: >>> >>> ls -al /var/spool/MailScanner/incoming/Locks/ >>> total 8 >>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock >>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock >>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>> >>> >>> Still root. >> Hmmm... >> >> 1 >> I want to be sure there are no weird options for the mount that >> supplies this directory. Do this: >> cd /var/spool/MailScanner/incoming >> df -h . >> mount >> ls -ld Locks >> (all as root). >> Also, paste the contents of your /etc/fstab file into your reply to >> this mail. >> >> 2 >> Also, please can you make a little edit to your >> /usr/sbin/mailscanner_create_locks script. >> Near the top you will see a line that says this: >> my $ldgid = getgrnam($ldgname); >> That's about line 17. Immediately after that line, add this line: >> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >> and let's just check that it is getting the UID and GID correctly, as >> failure to do that would cause your symptoms. >> Run >> /usr/sbin/mailscanner_create_locks >> /var/spool/MailScanner/incoming/Locks postfix postfix >> (all of that on 1 line) and include the output in your reply, >> and do another >> ls -al /var/spool/MailScanner/incoming/Locks >> to see if anything has improved. >> >> 3 >> If that still isn't working, right at the end of the script there are >> a couple of "chown" lines. Change the first one to read >> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >> and the second one to read >> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >> and then run the mailscanner_create_locks command I gave above. Let >> me know if it prints anything, and what it says if it does. >> >> 4 >> That lot should give me a better idea of what's going on. > > cd /var/spool/MailScanner/incoming/ > [root@rosewood incoming]# df -h . > Filesystem Size Used Avail Use% Mounted on > /dev/hdb1 111G 15G 91G 14% /var > [root@rosewood incoming]# mount > /dev/sda5 on / type ext3 (rw) > none on /proc type proc (rw) > none on /sys type sysfs (rw) > none on /dev/pts type devpts (rw,gid=5,mode=620) > usbfs on /proc/bus/usb type usbfs (rw) > /dev/sda1 on /boot type ext3 (rw) > none on /dev/shm type tmpfs (rw) > /dev/sda2 on /home type ext3 (rw) > /dev/sdb1 on /usr type ext3 (rw) > /dev/hdb1 on /var type ext3 (rw) > none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) > sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) > [root@rosewood incoming]# ls -ld Locks > drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks > > FSTAB: > > LABEL=/ / ext3 > defaults 1 1 > LABEL=/boot /boot ext3 > defaults 1 2 > none /dev/pts devpts > gid=5,mode=620 0 0 > none /dev/shm tmpfs > defaults 0 0 > LABEL=/home /home ext3 > defaults 1 2 > none /proc proc > defaults 0 0 > none /sys sysfs > defaults 0 0 > LABEL=/usr /usr ext3 > defaults 1 2 > LABEL=/var /var ext3 > defaults 1 2 > LABEL=SWAP-sda3 swap swap > defaults 0 0 > /dev/hda /media/cdrecorder auto > pamconsole,exec,noauto,managed 0 0 > > /usr/sbin/mailscanner_create_locks > /var/spool/MailScanner/incoming/Locks postfix postfix > lduid = 80, ldgid = 80 > [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks > total 8 > drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . > drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. > -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock > -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock > > I did not do your last request as this shows the proper ownership. The > questions is: will it hold? > > Let me know if you still want me to do that last bit. > > Sorry it took a while to get back to you. I had to run out for a bit. > > Dave > Just so you know ... it all went back to being owned by root when update_virus_scanner ran from cron again. This is the email I received: /etc/cron.hourly/update_virus_scanners: lduid = , ldgid = > > >>>>>>> >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 antivirBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 avastBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 avgBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 bitdefenderBusy.lock >>>>>>> -rw------- 1 root root 49 Jan 9 19:15 clamavBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 cssBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 esetsBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 etrustBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-prot-6Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-protBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 f-secureBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 genericBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 inoculanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 kasperskyBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 mcafeeBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 19:38 MS.bayes.rebuild.lock >>>>>>> -rw------- 1 root root 0 Jan 11 04:15 MS.bayes.starting.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 nod32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 normanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 pandaBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 ravBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 sophosBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 symscanengineBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 trendBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 vba32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 8 05:09 vexiraBusy.lock >>>>>>> >>>>>>> /var/spool/MailScanner/incoming >>>>>>> [root@rosewood incoming]# ls -l >>>>>>> total 604 >>>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:43 19962 >>>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:38 19969 >>>>>>> drwxr-x--- 2 postfix clamav 4096 Jan 11 13:41 19976 >>>>>>> drwxr-x--- 2 postfix root 4096 Jan 11 04:15 Locks >>>>>>> -rw------- 1 postfix postfix 590848 Jan 11 13:41 >>>>>>> SpamAssassin.cache.db >>>>>>> drwx------ 2 postfix postfix 4096 Jan 11 13:43 SpamAssassin-Temp >>>>>>> >>>>>>> Yesterday this was all set as you have it above. >>>>>>> >> >> > -- Dave Filchak Instructor, School of Communications Arts Seneca College @ York Office: Room 1068 From submit at zuka.net Mon Jan 12 04:27:48 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 04:28:03 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496AC43F.9030701@senecac.on.ca> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> Message-ID: <496AC6C4.10700@zuka.net> Dave Filchak wrote: > Julian > > Dave Filchak wrote: >> Julian, >> >> Julian Field wrote: >>> >>> >>> On 11/1/09 21:17, Dave Filchak wrote: >>>> Jules, >>>> >>>> Julian Field wrote: >>>>> >>>>> >>>>> On 11/1/09 20:16, Dave Filchak wrote: >>>>>> Jules >>>>>> >>>>>> Julian Field wrote: >>>>>>> >>>>>>> >>>>>>> On 11/1/09 19:03, Dave Filchak wrote: >>>>>>>> Kai, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Dave Filchak wrote: >>>>>>>>> Kai, >>>>>>>>> >>>>>>>>> Kai Schaetzl wrote: >>>>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> So I checked the permissions there and the Locks directory >>>>>>>>>>> is owned by postfix.root and the locks inside are all owned >>>>>>>>>>> by root.root. >>>>>>>>>> >>>>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and >>>>>>>>>> for MS+clamd (you are using clamd, right). >>>>>>>>>> >>>>>>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>>>>>> total 16 >>>>>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>> bitdefenderBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>> kasperskyBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 >>>>>>>>>> MS.bayes.rebuild.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>>>>>> MS.bayes.starting.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>> symscanengineBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>>>>>> >>>>>>>>>> Kai >>>>>>>>>> >>>>>>>>> Well I will definitely reread these. I never specifically set >>>>>>>>> these permissions anywhere. One would thing that these would >>>>>>>>> be created by the settings in MailScanner.conf .. wouldn't >>>>>>>>> you? There is no specific alternate user settings in >>>>>>>>> spamassassin so .... something is setting these permissions >>>>>>>>> this way. >>>>>>>>> >>>>>>>> I have gone through the tutorials a few times and I seem to >>>>>>>> have everything set up correctly yet .... something keeps >>>>>>>> reseting the permissions in the Locks directory back to the >>>>>>>> following: >>>>>>> It will be being clobbered by the update_virus_scanners cron job >>>>>>> which is run once per hour. Please can you mail me an exact copy >>>>>>> (preferably gzipped) of your MailScanner.conf file. Have you >>>>>>> moved that file from its default location or anything like that? >>>>>>> It should pull out the "Run As User" and "Run As Group" from >>>>>>> MailScanner.conf and use those values to set the ownership of >>>>>>> the lock files. Clearly something is going wrong there. >>>>>>> >>>>>>> Copy and paste the following commands into a shell running as >>>>>>> root. Beware of extra line-breaks that my mail program or your >>>>>>> mail program may add into the following, hopefully they'll be okay. >>>>>>> >>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> echo $LOCKDIR >>>>>>> echo $RUNASU >>>>>>> echo $RUNASG >>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>>>>> >>>>>>> Then show me what you get from >>>>>>> ls -al $LOCKDIR >>>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>>> directory where your lock files are stored (i.e. normally >>>>>>> /var/spool/MailScanner/incoming/Locks). >>>>>> >>>>>> I have emailed you my conf file. >>> That looks fine. >>>>>> Here is the output from your scripts: >>>>>> >>>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>> /etc/MailScanner/MailScanner.conf` >>>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>>> /var/spool/MailScanner/incoming/Locks >>>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>>> postfix >>>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>>> postfix >>>>> That all looks good. As root, >>>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>>> and then >>>>> /usr/sbin/update_virus_scanners >>>>> and then show me an >>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>> >>>>> The files in there should be owned by postfix. Let's see if that's >>>>> true. >>>>> >>>> OK .. deleted the Locks directory, ran update_virus_scanners and got: >>>> >>>> ls -al /var/spool/MailScanner/incoming/Locks/ >>>> total 8 >>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>>> >>>> >>>> Still root. >>> Hmmm... >>> >>> 1 >>> I want to be sure there are no weird options for the mount that >>> supplies this directory. Do this: >>> cd /var/spool/MailScanner/incoming >>> df -h . >>> mount >>> ls -ld Locks >>> (all as root). >>> Also, paste the contents of your /etc/fstab file into your reply to >>> this mail. >>> >>> 2 >>> Also, please can you make a little edit to your >>> /usr/sbin/mailscanner_create_locks script. >>> Near the top you will see a line that says this: >>> my $ldgid = getgrnam($ldgname); >>> That's about line 17. Immediately after that line, add this line: >>> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >>> and let's just check that it is getting the UID and GID correctly, >>> as failure to do that would cause your symptoms. >>> Run >>> /usr/sbin/mailscanner_create_locks >>> /var/spool/MailScanner/incoming/Locks postfix postfix >>> (all of that on 1 line) and include the output in your reply, >>> and do another >>> ls -al /var/spool/MailScanner/incoming/Locks >>> to see if anything has improved. >>> >>> 3 >>> If that still isn't working, right at the end of the script there >>> are a couple of "chown" lines. Change the first one to read >>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >>> and the second one to read >>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >>> and then run the mailscanner_create_locks command I gave above. Let >>> me know if it prints anything, and what it says if it does. >>> >>> 4 >>> That lot should give me a better idea of what's going on. >> >> cd /var/spool/MailScanner/incoming/ >> [root@rosewood incoming]# df -h . >> Filesystem Size Used Avail Use% Mounted on >> /dev/hdb1 111G 15G 91G 14% /var >> [root@rosewood incoming]# mount >> /dev/sda5 on / type ext3 (rw) >> none on /proc type proc (rw) >> none on /sys type sysfs (rw) >> none on /dev/pts type devpts (rw,gid=5,mode=620) >> usbfs on /proc/bus/usb type usbfs (rw) >> /dev/sda1 on /boot type ext3 (rw) >> none on /dev/shm type tmpfs (rw) >> /dev/sda2 on /home type ext3 (rw) >> /dev/sdb1 on /usr type ext3 (rw) >> /dev/hdb1 on /var type ext3 (rw) >> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) >> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) >> [root@rosewood incoming]# ls -ld Locks >> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks >> >> FSTAB: >> >> LABEL=/ / ext3 >> defaults 1 1 >> LABEL=/boot /boot ext3 >> defaults 1 2 >> none /dev/pts devpts >> gid=5,mode=620 0 0 >> none /dev/shm tmpfs >> defaults 0 0 >> LABEL=/home /home ext3 >> defaults 1 2 >> none /proc proc >> defaults 0 0 >> none /sys sysfs >> defaults 0 0 >> LABEL=/usr /usr ext3 >> defaults 1 2 >> LABEL=/var /var ext3 >> defaults 1 2 >> LABEL=SWAP-sda3 swap swap >> defaults 0 0 >> /dev/hda /media/cdrecorder auto >> pamconsole,exec,noauto,managed 0 0 >> >> /usr/sbin/mailscanner_create_locks >> /var/spool/MailScanner/incoming/Locks postfix postfix >> lduid = 80, ldgid = 80 >> [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks >> total 8 >> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . >> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. >> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock >> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock >> >> I did not do your last request as this shows the proper ownership. >> The questions is: will it hold? >> >> Let me know if you still want me to do that last bit. >> >> Sorry it took a while to get back to you. I had to run out for a bit. >> >> Dave >> > Just so you know ... it all went back to being owned by root when > update_virus_scanner ran from cron again. This is the email I received: > > /etc/cron.hourly/update_virus_scanners: > > lduid = , ldgid = Given the above, I made the last little change you suggested and ran it again, like so: /usr/sbin/mailscanner_create_locks /var/spool/MailScanner/incoming/Locks postfix postfix lduid = 80, ldgid = 80 The second line is what it output. After that, all the permissions in the Locks directory went back to postfix. Again, will it hold? Dave > > From MailScanner at ecs.soton.ac.uk Mon Jan 12 10:39:06 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 10:39:35 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496AC6C4.10700@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> Message-ID: <496B1DCA.2050406@ecs.soton.ac.uk> On 12/1/09 04:27, Dave Filchak wrote: > Dave Filchak wrote: >> Julian >> >> Dave Filchak wrote: >>> Julian, >>> >>> Julian Field wrote: >>>> >>>> >>>> On 11/1/09 21:17, Dave Filchak wrote: >>>>> Jules, >>>>> >>>>> Julian Field wrote: >>>>>> >>>>>> >>>>>> On 11/1/09 20:16, Dave Filchak wrote: >>>>>>> Jules >>>>>>> >>>>>>> Julian Field wrote: >>>>>>>> >>>>>>>> >>>>>>>> On 11/1/09 19:03, Dave Filchak wrote: >>>>>>>>> Kai, >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Dave Filchak wrote: >>>>>>>>>> Kai, >>>>>>>>>> >>>>>>>>>> Kai Schaetzl wrote: >>>>>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> So I checked the permissions there and the Locks directory >>>>>>>>>>>> is owned by postfix.root and the locks inside are all owned >>>>>>>>>>>> by root.root. >>>>>>>>>>> >>>>>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and >>>>>>>>>>> for MS+clamd (you are using clamd, right). >>>>>>>>>>> >>>>>>>>>>> /var/spool/MailScanner/incoming/Locks l >>>>>>>>>>> total 16 >>>>>>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 . >>>>>>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 .. >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> bitdefenderBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> f-prot-6Busy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> f-secureBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> inoculanBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> kasperskyBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51 >>>>>>>>>>> MS.bayes.rebuild.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03 >>>>>>>>>>> MS.bayes.starting.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 >>>>>>>>>>> symscanengineBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock >>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock >>>>>>>>>>> >>>>>>>>>>> Kai >>>>>>>>>>> >>>>>>>>>> Well I will definitely reread these. I never specifically set >>>>>>>>>> these permissions anywhere. One would thing that these would >>>>>>>>>> be created by the settings in MailScanner.conf .. wouldn't >>>>>>>>>> you? There is no specific alternate user settings in >>>>>>>>>> spamassassin so .... something is setting these permissions >>>>>>>>>> this way. >>>>>>>>>> >>>>>>>>> I have gone through the tutorials a few times and I seem to >>>>>>>>> have everything set up correctly yet .... something keeps >>>>>>>>> reseting the permissions in the Locks directory back to the >>>>>>>>> following: >>>>>>>> It will be being clobbered by the update_virus_scanners cron >>>>>>>> job which is run once per hour. Please can you mail me an exact >>>>>>>> copy (preferably gzipped) of your MailScanner.conf file. Have >>>>>>>> you moved that file from its default location or anything like >>>>>>>> that? It should pull out the "Run As User" and "Run As Group" >>>>>>>> from MailScanner.conf and use those values to set the ownership >>>>>>>> of the lock files. Clearly something is going wrong there. >>>>>>>> >>>>>>>> Copy and paste the following commands into a shell running as >>>>>>>> root. Beware of extra line-breaks that my mail program or your >>>>>>>> mail program may add into the following, hopefully they'll be >>>>>>>> okay. >>>>>>>> >>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> echo $LOCKDIR >>>>>>>> echo $RUNASU >>>>>>>> echo $RUNASG >>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>>>>>> >>>>>>>> Then show me what you get from >>>>>>>> ls -al $LOCKDIR >>>>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>>>> directory where your lock files are stored (i.e. normally >>>>>>>> /var/spool/MailScanner/incoming/Locks). >>>>>>> >>>>>>> I have emailed you my conf file. >>>> That looks fine. >>>>>>> Here is the output from your scripts: >>>>>>> >>>>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>>>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>>>> /var/spool/MailScanner/incoming/Locks >>>>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>>>> postfix >>>>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>>>> postfix >>>>>> That all looks good. As root, >>>>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>>>> and then >>>>>> /usr/sbin/update_virus_scanners >>>>>> and then show me an >>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>> >>>>>> The files in there should be owned by postfix. Let's see if >>>>>> that's true. >>>>>> >>>>> OK .. deleted the Locks directory, ran update_virus_scanners and got: >>>>> >>>>> ls -al /var/spool/MailScanner/incoming/Locks/ >>>>> total 8 >>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>>>> >>>>> >>>>> Still root. >>>> Hmmm... >>>> >>>> 1 >>>> I want to be sure there are no weird options for the mount that >>>> supplies this directory. Do this: >>>> cd /var/spool/MailScanner/incoming >>>> df -h . >>>> mount >>>> ls -ld Locks >>>> (all as root). >>>> Also, paste the contents of your /etc/fstab file into your reply to >>>> this mail. >>>> >>>> 2 >>>> Also, please can you make a little edit to your >>>> /usr/sbin/mailscanner_create_locks script. >>>> Near the top you will see a line that says this: >>>> my $ldgid = getgrnam($ldgname); >>>> That's about line 17. Immediately after that line, add this line: >>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >>>> and let's just check that it is getting the UID and GID correctly, >>>> as failure to do that would cause your symptoms. >>>> Run >>>> /usr/sbin/mailscanner_create_locks >>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>> (all of that on 1 line) and include the output in your reply, >>>> and do another >>>> ls -al /var/spool/MailScanner/incoming/Locks >>>> to see if anything has improved. >>>> >>>> 3 >>>> If that still isn't working, right at the end of the script there >>>> are a couple of "chown" lines. Change the first one to read >>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >>>> and the second one to read >>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >>>> and then run the mailscanner_create_locks command I gave above. Let >>>> me know if it prints anything, and what it says if it does. >>>> >>>> 4 >>>> That lot should give me a better idea of what's going on. >>> >>> cd /var/spool/MailScanner/incoming/ >>> [root@rosewood incoming]# df -h . >>> Filesystem Size Used Avail Use% Mounted on >>> /dev/hdb1 111G 15G 91G 14% /var >>> [root@rosewood incoming]# mount >>> /dev/sda5 on / type ext3 (rw) >>> none on /proc type proc (rw) >>> none on /sys type sysfs (rw) >>> none on /dev/pts type devpts (rw,gid=5,mode=620) >>> usbfs on /proc/bus/usb type usbfs (rw) >>> /dev/sda1 on /boot type ext3 (rw) >>> none on /dev/shm type tmpfs (rw) >>> /dev/sda2 on /home type ext3 (rw) >>> /dev/sdb1 on /usr type ext3 (rw) >>> /dev/hdb1 on /var type ext3 (rw) >>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) >>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) >>> [root@rosewood incoming]# ls -ld Locks >>> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks >>> >>> FSTAB: >>> >>> LABEL=/ / ext3 >>> defaults 1 1 >>> LABEL=/boot /boot ext3 >>> defaults 1 2 >>> none /dev/pts devpts >>> gid=5,mode=620 0 0 >>> none /dev/shm tmpfs >>> defaults 0 0 >>> LABEL=/home /home ext3 >>> defaults 1 2 >>> none /proc proc >>> defaults 0 0 >>> none /sys sysfs >>> defaults 0 0 >>> LABEL=/usr /usr ext3 >>> defaults 1 2 >>> LABEL=/var /var ext3 >>> defaults 1 2 >>> LABEL=SWAP-sda3 swap swap >>> defaults 0 0 >>> /dev/hda /media/cdrecorder auto >>> pamconsole,exec,noauto,managed 0 0 >>> >>> /usr/sbin/mailscanner_create_locks >>> /var/spool/MailScanner/incoming/Locks postfix postfix >>> lduid = 80, ldgid = 80 >>> [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks >>> total 8 >>> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . >>> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock >>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock >>> >>> I did not do your last request as this shows the proper ownership. >>> The questions is: will it hold? >>> >>> Let me know if you still want me to do that last bit. >>> >>> Sorry it took a while to get back to you. I had to run out for a bit. >>> >>> Dave >>> >> Just so you know ... it all went back to being owned by root when >> update_virus_scanner ran from cron again. This is the email I received: >> >> /etc/cron.hourly/update_virus_scanners: >> >> lduid = , ldgid = > Given the above, I made the last little change you suggested and ran > it again, like so: > > /usr/sbin/mailscanner_create_locks > /var/spool/MailScanner/incoming/Locks postfix postfix > lduid = 80, ldgid = 80 > > The second line is what it output. After that, all the permissions in > the Locks directory went back to postfix. Again, will it hold? The cron job will probably put it back. Okay, next let's find if it is the script run by cron that is causing the problem, or the environment in which it is run. /usr/sbin/update_virus_scanners ls -al /var/spool/MailScanner/incoming/Locks and show me the output of those two. I want to see if the update_virus_scanners script successfully finds the uid and gid or not. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Jan 12 10:40:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 10:40:29 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496AC6C4.10700@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 Message-ID: @zuka.net> Reply-To: mailscanner@lists.mailscanner.info Dave, your replies are *a horror* to read with that "quoting style" (if one can call that "quoting"). Change that in the future, please. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jan 12 10:40:12 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 10:40:29 2009 Subject: block spoofing mail In-Reply-To: <496A861A.9060401@ocosa.com> References: <928434630901100033l3381ec9ifec81d6844b03e0@mail.gmail.com> <72cf361e0901111153n686b1e45l7f0dd56c87f63a36@mail.gmail.com> <496A861A.9060401@ocosa.com> Message-ID: ListAcc wrote on Sun, 11 Jan 2009 17:51:54 -0600: > Martin, Martin didn't ask about this. Please always reply to the original message. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From drew.marshall at technologytiger.net Mon Jan 12 12:14:14 2009 From: drew.marshall at technologytiger.net (Drew Marshall) Date: Mon Jan 12 12:14:38 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4963D91A.9060304@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> Message-ID: <5FC3E08C-6D5F-4AF5-AACE-17623586AD6B@technologytiger.net> On 6 Jan 2009, at 22:20, Julian Field wrote: > I have done a load of work on my script that uses the anti-spear- > phishing addresses database. > > The main thing is now that it is pretty much a finished script, and > is directly usable by you guys without you having to do much to it > except read the settings at the top and tweak the filenames if you > want to change where it puts things. Jules I have now got as far as implementing this excellent feature but I have bumped in to an interesting error. Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3 Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: rule anti_phish caused action store in message 7FAB84BE3B4.94CF3 Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: rule anti_phish caused action header in message 7FAB84BE3B4.94CF3 Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: rule anti_phish caused action "X-Anti-Phish: in message 7FAB84BE3B4.94CF3 Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3 Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3 produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message is being delivered The SpamAssassin Rule Action that generated this log is ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I slightly changed the header in case there was a problem with the _TO_ special command, which has made no difference). So what have I done wrong (The actual creation of the SA rule etc is fine as MailScanner is seeing the rule hit as can be seen in the log)? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by Technology Tiger's Mail Launder system Our email policy can be found at www.technologytiger.net/policy Technology Tiger Limited is registered in Scotland with registration number: 310997 Registered Office 55-57 West High Street Inverurie AB51 3QQ From maillists at conactive.com Mon Jan 12 13:19:47 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 13:19:58 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496A6779.9040309@coders.co.uk> References: <496A6779.9040309@coders.co.uk> Message-ID: Matt wrote on Sun, 11 Jan 2009 21:41:13 +0000: > spear.bastionmail.com you may need to reload your dns or so. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From MensHealth at rodale.delivery.net Mon Jan 12 13:52:03 2009 From: MensHealth at rodale.delivery.net (Men's Health) Date: Mon Jan 12 13:52:15 2009 Subject: Viking\'s secret of perfect enlargement Message-ID: <92938284482.1231221783258@delivery.net> An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/88fb1260/attachment.html From spamlists at coders.co.uk Mon Jan 12 14:06:14 2009 From: spamlists at coders.co.uk (Matt) Date: Mon Jan 12 14:07:08 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: References: <496A6779.9040309@coders.co.uk> Message-ID: <496B4E56.9000508@coders.co.uk> Kai Schaetzl wrote: > you may need to reload your dns or so. Kai - was that directed at me? I have 8 servers already using it so if there are problems please let me know! matt From Denis.Beauchemin at USherbrooke.ca Mon Jan 12 14:12:23 2009 From: Denis.Beauchemin at USherbrooke.ca (Denis Beauchemin) Date: Mon Jan 12 14:12:39 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <4963D91A.9060304@ecs.soton.ac.uk> References: <4963D91A.9060304@ecs.soton.ac.uk> Message-ID: <496B4FC7.2060701@USherbrooke.ca> Julian Field a ?crit : > I have done a load of work on my script that uses the > anti-spear-phishing addresses database. > > The main thing is now that it is pretty much a finished script, and is > directly usable by you guys without you having to do much to it except > read the settings at the top and tweak the filenames if you want to > change where it puts things. > > I have taken a lot of care to ensure that this won't match any false > alarms, I don't just dumbly look for the strings in any surrounding > text, which certain commercial AV vendors have been caught doing in > the past! > > I make a suggestion in the comments at the top of the script about how > I use the rule within MailScanner, you probably want to do something > similar, and not just delete anything that matches, just in case you > do get any false alarms. > > It also looks for numbers at the end of the username bit of the > address, and assumes that these are numbers which the scammers may > change; so if it finds them, it replaces them with a pattern that will > match any number instead. There's starting to be a lot of this about, > as it's the easiest way for the scammers to try to defeat simple > address lists targeted against them, while still being able to > remember what addresses they have to check for replies from your dumb > users. :-) I thought I would make it a tiny bit harder for them... > > You can also add addresses of your own (which can include "*" as a > wildcard character to mean "any series of valid characters" in the > email address), one address per line, in an optional extra file. > Again, read the top of the script and you'll see it mentioned there. > That file is optional, it doesn't matter if it doesn't exist. As a > starter, you might want to put > m i c h a e l l o u c a s * @ g m a i l . c o m > (without the extra spaces) in that file, as it will nicely catch a lot > of "Job opportunity" spams. > > It looks for any of these addresses appearing **anywhere** in the > message, not just in the headers. So if you start talking to people > about these addresses, don't be surprised when the messages get caught > by the trap. > > It does a "wget", so make sure you have that binary installed, or else > change the script to fetch the file by some other means. > > The very end of the script does a "service MailScanner restart", so if > you need some other command to restart MailScanner, then edit it for > your system. It needs to be a "restart" and not a "reload" as I have > to force it to re-build the database of SpamAssassin rules. > > My aim was that, on a RedHat system running MailScanner, you could > just copy the script into /etc/cron.hourly and make it executable, and > it will just get on with the job for you. I do advise you read the bit > in the script about "SpamAssassin Rule Actions" though. > > Please do let me know how you would like me to improve it, and tell me > what you think of it in general (be polite, now! :-) > > Cheers, > > Jules > Julian, I got what really looks like a FP with one of the email addresses from your script... what would be the best way to correct this ? Write an SA rule with a negative score for that address ? Or is there some whitelisting mechanism built in ? Thanks! Denis PS: the address is jmcelhaney @ uchc . edu (without the spaces). PPS: so far the script seems to have catched about a dozen malicious emails. -- _ ?v? Denis Beauchemin, analyste /(_)\ Universit? de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x62252 F: 819.821.8045 From prandal at herefordshire.gov.uk Mon Jan 12 14:13:29 2009 From: prandal at herefordshire.gov.uk (Randal, Phil) Date: Mon Jan 12 14:17:32 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496B4E56.9000508@coders.co.uk> References: <496A6779.9040309@coders.co.uk> <496B4E56.9000508@coders.co.uk> Message-ID: <7EF0EE5CB3B263488C8C18823239BEBA05A584C4@HC-MBX02.herefordshire.gov.uk> Don't panic, it all works fine. Thanks, Phil -- Phil Randal | Networks Engineer Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: prandal@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Sent: 12 January 2009 14:06 To: MailScanner discussion Subject: Re: Anti-spear-phishing sa-update channel Kai Schaetzl wrote: > you may need to reload your dns or so. Kai - was that directed at me? I have 8 servers already using it so if there are problems please let me know! matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From ugob at lubik.ca Mon Jan 12 16:36:02 2009 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Jan 12 16:36:19 2009 Subject: totally OT: Mailing lists / reader program? In-Reply-To: References: Message-ID: Scott Silva a ?crit : > on 1-5-2009 10:37 AM traced@xpear.de spake the following: >> Hi, just one little question; >> Are you reading lists with standard email progs like thunderbird, >> or are there other good programs, with better handling on the topics? >> >> Regards, >> Bastian > I am reading the lists with thunderbird, but through the newsfeeds at gmane.org. > > That way I never have to worry about bounces or spam detection on my end > dropping something. I'm also doing that and I simply love it. From submit at zuka.net Mon Jan 12 16:39:18 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 16:39:30 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 Message-ID: <496B7236.3060604@zuka.net> Kai Schaetzl wrote: > @zuka.net> > Reply-To: mailscanner@lists.mailscanner.info > > Dave, your replies are *a horror* to read with that "quoting style" (if > one can call that "quoting"). Change that in the future, please. > > Kai > > Kai, My apologies. I was **always** told to include the thread so support and people working on a particular problem can quickly go back and review. I used to snip all of the thread as I went and someone like you also gave me grief for doing that. So, what is the **correct** protocol for this? I am most happy to snip out old parts as necessary. Dave From submit at zuka.net Mon Jan 12 16:41:12 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 16:41:26 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496B1DCA.2050406@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> Message-ID: <496B72A8.5070306@zuka.net> Julian Field wrote: > >>>>>>>>> It will be being clobbered by the update_virus_scanners cron >>>>>>>>> job which is run once per hour. Please can you mail me an >>>>>>>>> exact copy (preferably gzipped) of your MailScanner.conf file. >>>>>>>>> Have you moved that file from its default location or anything >>>>>>>>> like that? It should pull out the "Run As User" and "Run As >>>>>>>>> Group" from MailScanner.conf and use those values to set the >>>>>>>>> ownership of the lock files. Clearly something is going wrong >>>>>>>>> there. >>>>>>>>> >>>>>>>>> Copy and paste the following commands into a shell running as >>>>>>>>> root. Beware of extra line-breaks that my mail program or your >>>>>>>>> mail program may add into the following, hopefully they'll be >>>>>>>>> okay. >>>>>>>>> >>>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> echo $LOCKDIR >>>>>>>>> echo $RUNASU >>>>>>>>> echo $RUNASG >>>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG" >>>>>>>>> >>>>>>>>> Then show me what you get from >>>>>>>>> ls -al $LOCKDIR >>>>>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>>>>> directory where your lock files are stored (i.e. normally >>>>>>>>> /var/spool/MailScanner/incoming/Locks). >>>>>>>> >>>>>>>> I have emailed you my conf file. >>>>> That looks fine. >>>>>>>> Here is the output from your scripts: >>>>>>>> >>>>>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if >>>>>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>>>>> /var/spool/MailScanner/incoming/Locks >>>>>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>>>>> postfix >>>>>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>>>>> postfix >>>>>>> That all looks good. As root, >>>>>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>>>>> and then >>>>>>> /usr/sbin/update_virus_scanners >>>>>>> and then show me an >>>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>>> >>>>>>> The files in there should be owned by postfix. Let's see if >>>>>>> that's true. >>>>>>> >>>>>> OK .. deleted the Locks directory, ran update_virus_scanners and >>>>>> got: >>>>>> >>>>>> ls -al /var/spool/MailScanner/incoming/Locks/ >>>>>> total 8 >>>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>>>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>> MS.bayes.starting.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>> symscanengineBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>>>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>>>>> >>>>>> >>>>>> Still root. >>>>> Hmmm... >>>>> >>>>> 1 >>>>> I want to be sure there are no weird options for the mount that >>>>> supplies this directory. Do this: >>>>> cd /var/spool/MailScanner/incoming >>>>> df -h . >>>>> mount >>>>> ls -ld Locks >>>>> (all as root). >>>>> Also, paste the contents of your /etc/fstab file into your reply >>>>> to this mail. >>>>> >>>>> 2 >>>>> Also, please can you make a little edit to your >>>>> /usr/sbin/mailscanner_create_locks script. >>>>> Near the top you will see a line that says this: >>>>> my $ldgid = getgrnam($ldgname); >>>>> That's about line 17. Immediately after that line, add this line: >>>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >>>>> and let's just check that it is getting the UID and GID correctly, >>>>> as failure to do that would cause your symptoms. >>>>> Run >>>>> /usr/sbin/mailscanner_create_locks >>>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>>> (all of that on 1 line) and include the output in your reply, >>>>> and do another >>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>> to see if anything has improved. >>>>> >>>>> 3 >>>>> If that still isn't working, right at the end of the script there >>>>> are a couple of "chown" lines. Change the first one to read >>>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >>>>> and the second one to read >>>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >>>>> and then run the mailscanner_create_locks command I gave above. >>>>> Let me know if it prints anything, and what it says if it does. >>>>> >>>>> 4 >>>>> That lot should give me a better idea of what's going on. >>>> >>>> cd /var/spool/MailScanner/incoming/ >>>> [root@rosewood incoming]# df -h . >>>> Filesystem Size Used Avail Use% Mounted on >>>> /dev/hdb1 111G 15G 91G 14% /var >>>> [root@rosewood incoming]# mount >>>> /dev/sda5 on / type ext3 (rw) >>>> none on /proc type proc (rw) >>>> none on /sys type sysfs (rw) >>>> none on /dev/pts type devpts (rw,gid=5,mode=620) >>>> usbfs on /proc/bus/usb type usbfs (rw) >>>> /dev/sda1 on /boot type ext3 (rw) >>>> none on /dev/shm type tmpfs (rw) >>>> /dev/sda2 on /home type ext3 (rw) >>>> /dev/sdb1 on /usr type ext3 (rw) >>>> /dev/hdb1 on /var type ext3 (rw) >>>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) >>>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) >>>> [root@rosewood incoming]# ls -ld Locks >>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks >>>> >>>> FSTAB: >>>> >>>> LABEL=/ / ext3 >>>> defaults 1 1 >>>> LABEL=/boot /boot ext3 >>>> defaults 1 2 >>>> none /dev/pts devpts >>>> gid=5,mode=620 0 0 >>>> none /dev/shm tmpfs >>>> defaults 0 0 >>>> LABEL=/home /home ext3 >>>> defaults 1 2 >>>> none /proc proc >>>> defaults 0 0 >>>> none /sys sysfs >>>> defaults 0 0 >>>> LABEL=/usr /usr ext3 >>>> defaults 1 2 >>>> LABEL=/var /var ext3 >>>> defaults 1 2 >>>> LABEL=SWAP-sda3 swap swap >>>> defaults 0 0 >>>> /dev/hda /media/cdrecorder auto >>>> pamconsole,exec,noauto,managed 0 0 >>>> >>>> /usr/sbin/mailscanner_create_locks >>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>> lduid = 80, ldgid = 80 >>>> [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks >>>> total 8 >>>> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . >>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock >>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock >>>> >>>> I did not do your last request as this shows the proper ownership. >>>> The questions is: will it hold? >>>> >>>> Let me know if you still want me to do that last bit. >>>> >>>> Sorry it took a while to get back to you. I had to run out for a bit. >>>> >>>> Dave >>>> >>> Just so you know ... it all went back to being owned by root when >>> update_virus_scanner ran from cron again. This is the email I received: >>> >>> /etc/cron.hourly/update_virus_scanners: >>> >>> lduid = , ldgid = >> Given the above, I made the last little change you suggested and ran >> it again, like so: >> >> /usr/sbin/mailscanner_create_locks >> /var/spool/MailScanner/incoming/Locks postfix postfix >> lduid = 80, ldgid = 80 >> >> The second line is what it output. After that, all the permissions in >> the Locks directory went back to postfix. Again, will it hold? > The cron job will probably put it back. Okay, next let's find if it is > the script run by cron that is causing the problem, or the environment > in which it is run. > > /usr/sbin/update_virus_scanners > ls -al /var/spool/MailScanner/incoming/Locks > > and show me the output of those two. I want to see if the > update_virus_scanners script successfully finds the uid and gid or not. /usr/sbin/update_virus_scanners lduid = , ldgid = Does not appear to. ls -al /var/spool/MailScanner/incoming/Locks total 12 drwxr-x--- 2 root root 4096 Jan 11 16:13 . drwxrwx--- 7 postfix clamav 4096 Jan 12 11:34 .. -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock -rw------- 1 root root 48 Jan 12 00:15 clamavBusy.lock -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock Dave From ssilva at sgvwater.com Mon Jan 12 17:13:35 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 12 17:13:57 2009 Subject: totally OT: Mailing lists / reader program? In-Reply-To: References: Message-ID: on 1-12-2009 8:36 AM Ugo Bellavance spake the following: > Scott Silva a ?crit : >> on 1-5-2009 10:37 AM traced@xpear.de spake the following: >>> Hi, just one little question; >>> Are you reading lists with standard email progs like thunderbird, >>> or are there other good programs, with better handling on the topics? >>> >>> Regards, >>> Bastian >> I am reading the lists with thunderbird, but through the newsfeeds at >> gmane.org. >> >> That way I never have to worry about bounces or spam detection on my end >> dropping something. > > I'm also doing that and I simply love it. > The only thing that bugs me are the encrypted privacy e-mail addresses. I know it can be turned off, but a list admin needs to ask AFAIR. Sometimes I want to reply off list, but the mails have to still go through the Gmane servers to be forwarded. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/d4657ada/signature.bin From NWL002 at shsu.edu Mon Jan 12 17:27:15 2009 From: NWL002 at shsu.edu (Laskie, Norman) Date: Mon Jan 12 17:27:25 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496A6779.9040309@coders.co.uk> References: <496A6779.9040309@coders.co.uk> Message-ID: <8FAC1E47484E43469AA28DBF35C955E40FACBA0815@EXMBX.SHSU.EDU> I'm running into an issue running the sa-update command against your channel. I'm willing to bet it's something stupid I'm doing / not doing. Thanks in advance, Norman sa-update --channel spear.bastionmail.com --gpgkey 06EF70A3 error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 06EF70A3 Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY sa-update --import GPG.KEY channel: GPG validation failed, channel failed -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Sent: Sunday, January 11, 2009 3:41 PM To: MailScanner discussion Subject: Anti-spear-phishing sa-update channel All If anyone is interested I have published an sa-update channel which generates the same rules as Jules' script. The channel is spear.bastionmail.com it is signed by key id 06EF70A3 which you can get from http://www.bastionmail.co.uk/spear.txt The rules are named in the same way and is updated within 15 minutes of an SVN update. ****** NOTE - it is fully automatic in the same way as Jules script works ******** matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From cwatts at elsberry.k12.mo.us Mon Jan 12 17:33:52 2009 From: cwatts at elsberry.k12.mo.us (Cannon Watts) Date: Mon Jan 12 17:35:31 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> <41554.204.184.75.172.1231608493.squirrel@webmail.elsberry.k12.mo.us> Message-ID: <43459.204.184.75.172.1231781632.squirrel@webmail.elsberry.k12.mo.us> On Sun, January 11, 2009 12:31 pm, Kai Schaetzl wrote: > Cannon Watts wrote on Sat, 10 Jan 2009 11:28:13 -0600 (CST): > >> Thanks, that certainly cuts down on the timeouts, The URIBL tests are >> still generating 281 timeouts on those 28 messages, but that's a minor >> concern now that the bayes issues seem to be sorted out (see below). > > As said earlier, there is surely something wrong either with your dns > setup or > with your software (e.g. DNS::Net too old or so). Have you set > dns_available > yes or do you let SA check that? If set to yes set it to no and let SA > show > you the outcome. I'll look into the DNS::Net module. I have not tried setting dns_available to 'no', but I did set it to 'test' and the debugging messages showed it successfully contacting both DNS servers in my /etc/resolv.conf (the first of those being the localhost) >> I guess my database was either corrupt, or just too big. > > For being "too big" it should have had at least 5 million tokens (I > haven't > ever seen a database over that size, but I can say that databases in this > range are still fine performance-wise). I'm not sure it's worth the time and effort to figure out _why_ the old database was performing so poorly. After removing it, and starting fresh, every incoming mail appears to get a BAYES score, and where some users were getting as many as 20 spams per day slipping through the filter, those same users have not had one since rebuilding the database. I am seeing a few false positives, but I think a little bayes re-training will sort that out in short order. Thanks again for your help. From MailScanner at ecs.soton.ac.uk Mon Jan 12 19:18:22 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 19:18:44 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496B72A8.5070306@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> Message-ID: <496B977E.5020607@ecs.soton.ac.uk> On 12/1/09 16:41, Dave Filchak wrote: > Julian Field wrote: >> >>>>>>>>>> It will be being clobbered by the update_virus_scanners cron >>>>>>>>>> job which is run once per hour. Please can you mail me an >>>>>>>>>> exact copy (preferably gzipped) of your MailScanner.conf >>>>>>>>>> file. Have you moved that file from its default location or >>>>>>>>>> anything like that? It should pull out the "Run As User" and >>>>>>>>>> "Run As Group" from MailScanner.conf and use those values to >>>>>>>>>> set the ownership of the lock files. Clearly something is >>>>>>>>>> going wrong there. >>>>>>>>>> >>>>>>>>>> Copy and paste the following commands into a shell running as >>>>>>>>>> root. Beware of extra line-breaks that my mail program or >>>>>>>>>> your mail program may add into the following, hopefully >>>>>>>>>> they'll be okay. >>>>>>>>>> >>>>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> echo $LOCKDIR >>>>>>>>>> echo $RUNASU >>>>>>>>>> echo $RUNASG >>>>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" >>>>>>>>>> "$RUNASG" >>>>>>>>>> >>>>>>>>>> Then show me what you get from >>>>>>>>>> ls -al $LOCKDIR >>>>>>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>>>>>> directory where your lock files are stored (i.e. normally >>>>>>>>>> /var/spool/MailScanner/incoming/Locks). >>>>>>>>> >>>>>>>>> I have emailed you my conf file. >>>>>> That looks fine. >>>>>>>>> Here is the output from your scripts: >>>>>>>>> >>>>>>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" >>>>>>>>> if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>>>>>> /var/spool/MailScanner/incoming/Locks >>>>>>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>>>>>> postfix >>>>>>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>>>>>> postfix >>>>>>>> That all looks good. As root, >>>>>>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>>>>>> and then >>>>>>>> /usr/sbin/update_virus_scanners >>>>>>>> and then show me an >>>>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>>>> >>>>>>>> The files in there should be owned by postfix. Let's see if >>>>>>>> that's true. >>>>>>>> >>>>>>> OK .. deleted the Locks directory, ran update_virus_scanners and >>>>>>> got: >>>>>>> >>>>>>> ls -al /var/spool/MailScanner/incoming/Locks/ >>>>>>> total 8 >>>>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>>>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> MS.bayes.rebuild.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> MS.bayes.starting.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> symscanengineBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>>>>>> >>>>>>> >>>>>>> Still root. >>>>>> Hmmm... >>>>>> >>>>>> 1 >>>>>> I want to be sure there are no weird options for the mount that >>>>>> supplies this directory. Do this: >>>>>> cd /var/spool/MailScanner/incoming >>>>>> df -h . >>>>>> mount >>>>>> ls -ld Locks >>>>>> (all as root). >>>>>> Also, paste the contents of your /etc/fstab file into your reply >>>>>> to this mail. >>>>>> >>>>>> 2 >>>>>> Also, please can you make a little edit to your >>>>>> /usr/sbin/mailscanner_create_locks script. >>>>>> Near the top you will see a line that says this: >>>>>> my $ldgid = getgrnam($ldgname); >>>>>> That's about line 17. Immediately after that line, add this line: >>>>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >>>>>> and let's just check that it is getting the UID and GID >>>>>> correctly, as failure to do that would cause your symptoms. >>>>>> Run >>>>>> /usr/sbin/mailscanner_create_locks >>>>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>>>> (all of that on 1 line) and include the output in your reply, >>>>>> and do another >>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>> to see if anything has improved. >>>>>> >>>>>> 3 >>>>>> If that still isn't working, right at the end of the script there >>>>>> are a couple of "chown" lines. Change the first one to read >>>>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >>>>>> and the second one to read >>>>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >>>>>> and then run the mailscanner_create_locks command I gave above. >>>>>> Let me know if it prints anything, and what it says if it does. >>>>>> >>>>>> 4 >>>>>> That lot should give me a better idea of what's going on. >>>>> >>>>> cd /var/spool/MailScanner/incoming/ >>>>> [root@rosewood incoming]# df -h . >>>>> Filesystem Size Used Avail Use% Mounted on >>>>> /dev/hdb1 111G 15G 91G 14% /var >>>>> [root@rosewood incoming]# mount >>>>> /dev/sda5 on / type ext3 (rw) >>>>> none on /proc type proc (rw) >>>>> none on /sys type sysfs (rw) >>>>> none on /dev/pts type devpts (rw,gid=5,mode=620) >>>>> usbfs on /proc/bus/usb type usbfs (rw) >>>>> /dev/sda1 on /boot type ext3 (rw) >>>>> none on /dev/shm type tmpfs (rw) >>>>> /dev/sda2 on /home type ext3 (rw) >>>>> /dev/sdb1 on /usr type ext3 (rw) >>>>> /dev/hdb1 on /var type ext3 (rw) >>>>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) >>>>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) >>>>> [root@rosewood incoming]# ls -ld Locks >>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks >>>>> >>>>> FSTAB: >>>>> >>>>> LABEL=/ / ext3 >>>>> defaults 1 1 >>>>> LABEL=/boot /boot ext3 >>>>> defaults 1 2 >>>>> none /dev/pts devpts >>>>> gid=5,mode=620 0 0 >>>>> none /dev/shm tmpfs >>>>> defaults 0 0 >>>>> LABEL=/home /home ext3 >>>>> defaults 1 2 >>>>> none /proc proc >>>>> defaults 0 0 >>>>> none /sys sysfs >>>>> defaults 0 0 >>>>> LABEL=/usr /usr ext3 >>>>> defaults 1 2 >>>>> LABEL=/var /var ext3 >>>>> defaults 1 2 >>>>> LABEL=SWAP-sda3 swap swap >>>>> defaults 0 0 >>>>> /dev/hda /media/cdrecorder auto >>>>> pamconsole,exec,noauto,managed 0 0 >>>>> >>>>> /usr/sbin/mailscanner_create_locks >>>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>>> lduid = 80, ldgid = 80 >>>>> [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks >>>>> total 8 >>>>> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . >>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 >>>>> MS.bayes.starting.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 >>>>> symscanengineBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock >>>>> >>>>> I did not do your last request as this shows the proper ownership. >>>>> The questions is: will it hold? >>>>> >>>>> Let me know if you still want me to do that last bit. >>>>> >>>>> Sorry it took a while to get back to you. I had to run out for a bit. >>>>> >>>>> Dave >>>>> >>>> Just so you know ... it all went back to being owned by root when >>>> update_virus_scanner ran from cron again. This is the email I >>>> received: >>>> >>>> /etc/cron.hourly/update_virus_scanners: >>>> >>>> lduid = , ldgid = >>> Given the above, I made the last little change you suggested and ran >>> it again, like so: >>> >>> /usr/sbin/mailscanner_create_locks >>> /var/spool/MailScanner/incoming/Locks postfix postfix >>> lduid = 80, ldgid = 80 >>> >>> The second line is what it output. After that, all the permissions >>> in the Locks directory went back to postfix. Again, will it hold? >> The cron job will probably put it back. Okay, next let's find if it >> is the script run by cron that is causing the problem, or the >> environment in which it is run. >> >> /usr/sbin/update_virus_scanners >> ls -al /var/spool/MailScanner/incoming/Locks >> >> and show me the output of those two. I want to see if the >> update_virus_scanners script successfully finds the uid and gid or not. > /usr/sbin/update_virus_scanners > lduid = , ldgid = > > Does not appear to. Aha, we're getting somewhere. Now edit /usr/sbin/update_virus_scanners. At the very top there are 3 lines which set LOCKDIR, RUNASU and RUNASG. Immediately after them add these 3 lines echo LOCKDIR = \'$LOCKDIR\' echo RUNASU = \'$RUNASU\' echo RUNASG = \'$RUNASG\' Then run /usr/sbin/update_virus_scanners as root. I am hoping it will print something like this: LOCKDIR = '/var/spool/MailScanner/incoming/Locks' RUNASU = 'postfix' RUNASG = 'postfix' lduid = 89, ldgid = 89 Let us see what your version prints. We should be able to sort this pretty soon, we're getting very close to the source of the problem. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From root at doctor.nl2k.ab.ca Mon Jan 12 19:23:40 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Mon Jan 12 19:24:54 2009 Subject: MAilScanner 4.75 Message-ID: <20090112192340.GA26213@doctor.nl2k.ab.ca> Jules, when will MS 4.75 be released? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From MailScanner at ecs.soton.ac.uk Mon Jan 12 19:30:56 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 19:31:17 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496B72A8.5070306@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> Message-ID: <496B9A70.1020605@ecs.soton.ac.uk> On 12/1/09 16:41, Dave Filchak wrote: > Julian Field wrote: >> >>>>>>>>>> It will be being clobbered by the update_virus_scanners cron >>>>>>>>>> job which is run once per hour. Please can you mail me an >>>>>>>>>> exact copy (preferably gzipped) of your MailScanner.conf >>>>>>>>>> file. Have you moved that file from its default location or >>>>>>>>>> anything like that? It should pull out the "Run As User" and >>>>>>>>>> "Run As Group" from MailScanner.conf and use those values to >>>>>>>>>> set the ownership of the lock files. Clearly something is >>>>>>>>>> going wrong there. >>>>>>>>>> >>>>>>>>>> Copy and paste the following commands into a shell running as >>>>>>>>>> root. Beware of extra line-breaks that my mail program or >>>>>>>>>> your mail program may add into the following, hopefully >>>>>>>>>> they'll be okay. >>>>>>>>>> >>>>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && >>>>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>>> echo $LOCKDIR >>>>>>>>>> echo $RUNASU >>>>>>>>>> echo $RUNASG >>>>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" >>>>>>>>>> "$RUNASG" >>>>>>>>>> >>>>>>>>>> Then show me what you get from >>>>>>>>>> ls -al $LOCKDIR >>>>>>>>>> assuming that the "echo $LOCKDIR" command printed out the >>>>>>>>>> directory where your lock files are stored (i.e. normally >>>>>>>>>> /var/spool/MailScanner/incoming/Locks). >>>>>>>>> >>>>>>>>> I have emailed you my conf file. >>>>>> That looks fine. >>>>>>>>> Here is the output from your scripts: >>>>>>>>> >>>>>>>>> [root@rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" >>>>>>>>> if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if >>>>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if >>>>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' >>>>>>>>> /etc/MailScanner/MailScanner.conf` >>>>>>>>> [root@rosewood MailScanner]# echo $LOCKDIR >>>>>>>>> /var/spool/MailScanner/incoming/Locks >>>>>>>>> [root@rosewood MailScanner]# echo $RUNASU >>>>>>>>> postfix >>>>>>>>> [root@rosewood MailScanner]# echo $RUNASG >>>>>>>>> postfix >>>>>>>> That all looks good. As root, >>>>>>>> rm -rf /var/spool/MailScanner/incoming/Locks >>>>>>>> and then >>>>>>>> /usr/sbin/update_virus_scanners >>>>>>>> and then show me an >>>>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>>>> >>>>>>>> The files in there should be owned by postfix. Let's see if >>>>>>>> that's true. >>>>>>>> >>>>>>> OK .. deleted the Locks directory, ran update_virus_scanners and >>>>>>> got: >>>>>>> >>>>>>> ls -al /var/spool/MailScanner/incoming/Locks/ >>>>>>> total 8 >>>>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 . >>>>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 .. >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> MS.bayes.rebuild.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> MS.bayes.starting.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 >>>>>>> symscanengineBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock >>>>>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock >>>>>>> >>>>>>> >>>>>>> Still root. >>>>>> Hmmm... >>>>>> >>>>>> 1 >>>>>> I want to be sure there are no weird options for the mount that >>>>>> supplies this directory. Do this: >>>>>> cd /var/spool/MailScanner/incoming >>>>>> df -h . >>>>>> mount >>>>>> ls -ld Locks >>>>>> (all as root). >>>>>> Also, paste the contents of your /etc/fstab file into your reply >>>>>> to this mail. >>>>>> >>>>>> 2 >>>>>> Also, please can you make a little edit to your >>>>>> /usr/sbin/mailscanner_create_locks script. >>>>>> Near the top you will see a line that says this: >>>>>> my $ldgid = getgrnam($ldgname); >>>>>> That's about line 17. Immediately after that line, add this line: >>>>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n"; >>>>>> and let's just check that it is getting the UID and GID >>>>>> correctly, as failure to do that would cause your symptoms. >>>>>> Run >>>>>> /usr/sbin/mailscanner_create_locks >>>>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>>>> (all of that on 1 line) and include the output in your reply, >>>>>> and do another >>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>> to see if anything has improved. >>>>>> >>>>>> 3 >>>>>> If that still isn't working, right at the end of the script there >>>>>> are a couple of "chown" lines. Change the first one to read >>>>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!"; >>>>>> and the second one to read >>>>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!"; >>>>>> and then run the mailscanner_create_locks command I gave above. >>>>>> Let me know if it prints anything, and what it says if it does. >>>>>> >>>>>> 4 >>>>>> That lot should give me a better idea of what's going on. >>>>> >>>>> cd /var/spool/MailScanner/incoming/ >>>>> [root@rosewood incoming]# df -h . >>>>> Filesystem Size Used Avail Use% Mounted on >>>>> /dev/hdb1 111G 15G 91G 14% /var >>>>> [root@rosewood incoming]# mount >>>>> /dev/sda5 on / type ext3 (rw) >>>>> none on /proc type proc (rw) >>>>> none on /sys type sysfs (rw) >>>>> none on /dev/pts type devpts (rw,gid=5,mode=620) >>>>> usbfs on /proc/bus/usb type usbfs (rw) >>>>> /dev/sda1 on /boot type ext3 (rw) >>>>> none on /dev/shm type tmpfs (rw) >>>>> /dev/sda2 on /home type ext3 (rw) >>>>> /dev/sdb1 on /usr type ext3 (rw) >>>>> /dev/hdb1 on /var type ext3 (rw) >>>>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) >>>>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) >>>>> [root@rosewood incoming]# ls -ld Locks >>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks >>>>> >>>>> FSTAB: >>>>> >>>>> LABEL=/ / ext3 >>>>> defaults 1 1 >>>>> LABEL=/boot /boot ext3 >>>>> defaults 1 2 >>>>> none /dev/pts devpts >>>>> gid=5,mode=620 0 0 >>>>> none /dev/shm tmpfs >>>>> defaults 0 0 >>>>> LABEL=/home /home ext3 >>>>> defaults 1 2 >>>>> none /proc proc >>>>> defaults 0 0 >>>>> none /sys sysfs >>>>> defaults 0 0 >>>>> LABEL=/usr /usr ext3 >>>>> defaults 1 2 >>>>> LABEL=/var /var ext3 >>>>> defaults 1 2 >>>>> LABEL=SWAP-sda3 swap swap >>>>> defaults 0 0 >>>>> /dev/hda /media/cdrecorder auto >>>>> pamconsole,exec,noauto,managed 0 0 >>>>> >>>>> /usr/sbin/mailscanner_create_locks >>>>> /var/spool/MailScanner/incoming/Locks postfix postfix >>>>> lduid = 80, ldgid = 80 >>>>> [root@rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks >>>>> total 8 >>>>> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 . >>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 .. >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 >>>>> MS.bayes.starting.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 >>>>> symscanengineBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock >>>>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock >>>>> >>>>> I did not do your last request as this shows the proper ownership. >>>>> The questions is: will it hold? >>>>> >>>>> Let me know if you still want me to do that last bit. >>>>> >>>>> Sorry it took a while to get back to you. I had to run out for a bit. >>>>> >>>>> Dave >>>>> >>>> Just so you know ... it all went back to being owned by root when >>>> update_virus_scanner ran from cron again. This is the email I >>>> received: >>>> >>>> /etc/cron.hourly/update_virus_scanners: >>>> >>>> lduid = , ldgid = >>> Given the above, I made the last little change you suggested and ran >>> it again, like so: >>> >>> /usr/sbin/mailscanner_create_locks >>> /var/spool/MailScanner/incoming/Locks postfix postfix >>> lduid = 80, ldgid = 80 >>> >>> The second line is what it output. After that, all the permissions >>> in the Locks directory went back to postfix. Again, will it hold? >> The cron job will probably put it back. Okay, next let's find if it >> is the script run by cron that is causing the problem, or the >> environment in which it is run. >> >> /usr/sbin/update_virus_scanners >> ls -al /var/spool/MailScanner/incoming/Locks >> >> and show me the output of those two. I want to see if the >> update_virus_scanners script successfully finds the uid and gid or not. > /usr/sbin/update_virus_scanners > lduid = , ldgid = > > Does not appear to. And also, if you don't get the output from the last change that I showed you (which is what I expected you to get), try changing the 3 lines that set the LOCKDIR, RUNASU and RUNASG to this instead: LOCKDIR=`perl -n -e 'print "$_" if chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+).*$/$1/i' /etc/MailScanner/MailScanner.conf` RUNASU=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+).*$/$1/i' /etc/MailScanner/MailScanner.conf` RUNASG=`perl -n -e 'print "$_" if chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+).*$/$1/i' /etc/MailScanner/MailScanner.conf` That should be on 3 lines, ignore any extra line breaks that either my or your email application added for good measure :-) The subtle difference is the addition is ".*$" on the end of each of the 3 regular expressions we are matching, which should have been there from the start (my mistake). See if that helps fix the problem at all. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Mon Jan 12 19:31:23 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 19:31:37 2009 Subject: identical messages -- some get bayes score, some don't In-Reply-To: <43459.204.184.75.172.1231781632.squirrel@webmail.elsberry.k12.mo.us> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <55910.204.184.75.172.1231537026.squirrel@webmail.elsberry.k12.mo.us> <41554.204.184.75.172.1231608493.squirrel@webmail.elsberry.k12.mo.us> <43459.204.184.75.172.1231781632.squirrel@webmail.elsberry.k12.mo.us> Message-ID: Cannon Watts wrote on Mon, 12 Jan 2009 11:33:52 -0600 (CST): > I'll look into the DNS::Net module. Sorry, I think it's Net::DNS. But I guess you may have figured that. I have not tried setting dns_available > to 'no', but I did set it to 'test' and the debugging messages showed it > successfully contacting both DNS servers in my /etc/resolv.conf (the first > of those being the localhost) "no" would have been incorrect, test was just fine. I was too fast with typing ... Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jan 12 19:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 19:31:37 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496B7236.3060604@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 <496B7236.3060604@zuka.net> Message-ID: Dave Filchak wrote on Mon, 12 Jan 2009 11:39:18 -0500: > I am most happy to snip out old parts as necessary. This would be most appreciated. Quote just what is needed to understand the next lines (which should be your reply). It doesn't matter too much with a few mails, but with a long thread it's a horror to search up and down for your reply. I stopped reading the thread three or four messages ago because it became unbearable and just "flew" over them. Anyway, it looks like your quest is nearing an end ;-) I'm not sure but I think you didn't ever mention your OS and version (and nobody asked). Maybe that could explain the problem why it doesn't pick up the correct owner etc. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From maillists at conactive.com Mon Jan 12 19:31:22 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Mon Jan 12 19:31:38 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496B4E56.9000508@coders.co.uk> References: <496A6779.9040309@coders.co.uk> <496B4E56.9000508@coders.co.uk> Message-ID: Matt wrote on Mon, 12 Jan 2009 14:06:14 +0000: > Kai - was that directed at me? Yes. d01:~ host spear.bastionmail.com d01:~ host www.bastionmail.com www.bastionmail.com has address 12.158.191.97 same result from various locations, I bet at least one of your secondaries isn't updated. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From spamlists at coders.co.uk Mon Jan 12 19:34:00 2009 From: spamlists at coders.co.uk (Matt) Date: Mon Jan 12 19:34:50 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <8FAC1E47484E43469AA28DBF35C955E40FACBA0815@EXMBX.SHSU.EDU> References: <496A6779.9040309@coders.co.uk> <8FAC1E47484E43469AA28DBF35C955E40FACBA0815@EXMBX.SHSU.EDU> Message-ID: <496B9B28.5040900@coders.co.uk> Laskie, Norman wrote: > I'm running into an issue running the sa-update command against your channel. I'm willing to bet it's something stupid I'm doing / not doing. > No probs! wget http://www.bastionmail.co.uk/spear.txt sa-update --import spear.txt just do the above commands and it will work. matt From NWL002 at shsu.edu Mon Jan 12 19:53:02 2009 From: NWL002 at shsu.edu (Laskie, Norman) Date: Mon Jan 12 19:53:12 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496B9B28.5040900@coders.co.uk> References: <496A6779.9040309@coders.co.uk> <8FAC1E47484E43469AA28DBF35C955E40FACBA0815@EXMBX.SHSU.EDU> <496B9B28.5040900@coders.co.uk> Message-ID: <8FAC1E47484E43469AA28DBF35C955E40FACBA0816@EXMBX.SHSU.EDU> Cool thanks! -----Original Message----- From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] On Behalf Of Matt Sent: Monday, January 12, 2009 1:34 PM To: MailScanner discussion Subject: Re: Anti-spear-phishing sa-update channel Laskie, Norman wrote: > I'm running into an issue running the sa-update command against your channel. I'm willing to bet it's something stupid I'm doing / not doing. > No probs! wget http://www.bastionmail.co.uk/spear.txt sa-update --import spear.txt just do the above commands and it will work. matt -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! From submit at zuka.net Mon Jan 12 19:59:42 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 19:59:56 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496B977E.5020607@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> Message-ID: <496BA12E.8010404@zuka.net> Julian Field wrote: > > > On 12/1/09 16:41, Dave Filchak wrote: >> >>> The cron job will probably put it back. Okay, next let's find if it >>> is the script run by cron that is causing the problem, or the >>> environment in which it is run. >>> >>> /usr/sbin/update_virus_scanners >>> ls -al /var/spool/MailScanner/incoming/Locks >>> >>> and show me the output of those two. I want to see if the >>> update_virus_scanners script successfully finds the uid and gid or not. >> /usr/sbin/update_virus_scanners >> lduid = , ldgid = >> >> Does not appear to. > Aha, we're getting somewhere. > Now edit /usr/sbin/update_virus_scanners. > At the very top there are 3 lines which set LOCKDIR, RUNASU and RUNASG. > Immediately after them add these 3 lines > echo LOCKDIR = \'$LOCKDIR\' > echo RUNASU = \'$RUNASU\' > echo RUNASG = \'$RUNASG\' > > Then run /usr/sbin/update_virus_scanners as root. > > I am hoping it will print something like this: > LOCKDIR = '/var/spool/MailScanner/incoming/Locks' > RUNASU = 'postfix' > RUNASG = 'postfix' > lduid = 89, ldgid = 89 > Let us see what your version prints. > > We should be able to sort this pretty soon, we're getting very close > to the source of the problem. > > Jules > OK ... this is what I got from the first addition: /usr/sbin/update_virus_scanners LOCKDIR = '/var/spool/MailScanner/incoming/Locks' RUNASU = 'postfix ' RUNASG = 'postfix ' lduid = , ldgid = Then with the addition of the second part, I get: /usr/sbin/update_virus_scanners LOCKDIR = '/var/spool/MailScanner/incoming/Locks' RUNASU = 'postfix' RUNASG = 'postfix' lduid = 80, ldgid = 80 which looks much better ... yes? Dave From psaweikis at techpro.com Mon Jan 12 20:14:12 2009 From: psaweikis at techpro.com (Patrick Saweikis) Date: Mon Jan 12 20:14:23 2009 Subject: Content scanning / MCP? References: <48BB86B1412E3D429DECB241A39A62E8014E3C2C@W2K3-EXCHANGE02.mmsasp.local> Message-ID: <48BB86B1412E3D429DECB241A39A62E8071B46@W2K3-EXCHANGE02.mmsasp.local> I apologize, I should have given more detail in my question... I have about 10,000 users, covering around 1000 domains. We have written custom code to allow individual spam actions and individual spam scores per user, per domain. We pull this from a MYSql table. We now have a client who needs to have certain messages allowed through 100% of the time, we were assuming that setting a high value of 99 to the phrase would work, but we need to be able to limit this per user / per domain as we do spam scores and actions from the MYSql tables. We are only worried about detection after the MTA processes the message. We were thinking of implementing something similar to the balcklist/whitelist custom functions. Any help would be appreciated. Patrick. ________________________________ From: mailscanner-bounces@lists.mailscanner.info on behalf of Kai Schaetzl Sent: Fri 1/9/2009 4:31 PM To: mailscanner@lists.mailscanner.info Subject: Re: Content scanning / MCP? Patrick Saweikis wrote on Fri, 9 Jan 2009 14:20:51 -0600: > We have a user on our mail system who wants to always ALLOW > messages with specific content in the message subject and body through. > Does anyone know if this is possible? If so, how would we accomplish it? > I have been looking into using MCP, but from what I have read that is > for denying specific message content only MCP is basically a second spamassassin run. You can just do the same during the normal SA run. Stephen pointed at some caveats. There is an SA plugin for simple whitelisting by subject, it just needs to be enabled in the *.pre file in /etc/mail/spamassassin. But this will whitelist for all users. I think the better approach is to whitelist the assumed senders or give that user a special alias that doesn't get filtered and that he can hand out to those where he thinks there might be delivery problems. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com -- MailScanner mailing list mailscanner@lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner Before posting, read http://wiki.mailscanner.info/posting Support MailScanner development - buy the book off the website! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/9023705a/attachment.html From lists at sequestered.net Mon Jan 12 20:22:51 2009 From: lists at sequestered.net (Corey Chandler) Date: Mon Jan 12 20:23:00 2009 Subject: Refresh FreeBSD Port? In-Reply-To: <20090110081249.3e1fd5bc@scorpio> References: <4967DB4E.8040003@sequestered.net> <20090110081249.3e1fd5bc@scorpio> Message-ID: <496BA69B.4030207@sequestered.net> Jerry wrote: > > In any event, have you offered your services to the port maintainer: > > j.koopmann@seceidos.de > > He might appreciate it. > > Yeah, I did before posting to the list, and haven't heard back-- hence my post here. :-) -- Corey Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: The rubber band broke From MailScanner at ecs.soton.ac.uk Mon Jan 12 20:32:46 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 20:33:07 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BA12E.8010404@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> <496BA12E.8010404@zuka.net> Message-ID: <496BA8EE.9030506@ecs.soton.ac.uk> On 12/1/09 19:59, Dave Filchak wrote: > Julian Field wrote: >> >> >> On 12/1/09 16:41, Dave Filchak wrote: >>> >>>> The cron job will probably put it back. Okay, next let's find if it >>>> is the script run by cron that is causing the problem, or the >>>> environment in which it is run. >>>> >>>> /usr/sbin/update_virus_scanners >>>> ls -al /var/spool/MailScanner/incoming/Locks >>>> >>>> and show me the output of those two. I want to see if the >>>> update_virus_scanners script successfully finds the uid and gid or >>>> not. >>> /usr/sbin/update_virus_scanners >>> lduid = , ldgid = >>> >>> Does not appear to. >> Aha, we're getting somewhere. >> Now edit /usr/sbin/update_virus_scanners. >> At the very top there are 3 lines which set LOCKDIR, RUNASU and RUNASG. >> Immediately after them add these 3 lines >> echo LOCKDIR = \'$LOCKDIR\' >> echo RUNASU = \'$RUNASU\' >> echo RUNASG = \'$RUNASG\' >> >> Then run /usr/sbin/update_virus_scanners as root. >> >> I am hoping it will print something like this: >> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >> RUNASU = 'postfix' >> RUNASG = 'postfix' >> lduid = 89, ldgid = 89 >> Let us see what your version prints. >> >> We should be able to sort this pretty soon, we're getting very close >> to the source of the problem. >> >> Jules >> > OK ... this is what I got from the first addition: > > /usr/sbin/update_virus_scanners > LOCKDIR = '/var/spool/MailScanner/incoming/Locks' > RUNASU = 'postfix ' > RUNASG = 'postfix ' > lduid = , ldgid = > > Then with the addition of the second part, I get: > > /usr/sbin/update_virus_scanners > LOCKDIR = '/var/spool/MailScanner/incoming/Locks' > RUNASU = 'postfix' > RUNASG = 'postfix' > lduid = 80, ldgid = 80 > > which looks much better ... yes? Perfect! At last :-) Attached are new versions of mailscanner_create_locks and update_virus_scanners for you, which are slight improvements on the versions you now have. Please let me know if these work okay for you and correctly set the ownership of the files in /var/spool/MailScanner/incoming/Locks. I have gzipped the files to (a) save bandwidth and more importantly (b) stop my email client from attempting to add any signature to them or otherwise play with them :-) You will need to gunzip them before installing them, but I expect that's obvious ;) Also, don't forget to ensure you have set them executable first. chmod +x /usr/sbin/{mailscanner_create_locks,update_virus_scanners} (Yes, that really is a valid shell command). Once you have tested them and confirmed they set the ownerships correctly, I'll re-release the latest stable MailScanner with this important fix in it. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- A non-text attachment was scrubbed... Name: mailscanner_create_locks.gz Type: application/x-gzip Size: 979 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/f8058c5b/mailscanner_create_locks.gz -------------- next part -------------- A non-text attachment was scrubbed... Name: update_virus_scanners.gz Type: application/x-gzip Size: 983 bytes Desc: not available Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/f8058c5b/update_virus_scanners.gz From MailScanner at ecs.soton.ac.uk Mon Jan 12 20:35:50 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 20:36:10 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 <496B7236.3060604@zuka.net> Message-ID: <496BA9A6.8080108@ecs.soton.ac.uk> On 12/1/09 19:31, Kai Schaetzl wrote: > Dave Filchak wrote on Mon, 12 Jan 2009 11:39:18 -0500: > > >> I am most happy to snip out old parts as necessary. >> > > This would be most appreciated. Quote just what is needed to understand > the next lines (which should be your reply). It doesn't matter too much > with a few mails, but with a long thread it's a horror to search up and > down for your reply. I stopped reading the thread three or four messages > ago because it became unbearable and just "flew" over them. > Hint: use Thunderbird and the "QuoteCollapse" add-on extension. Totally solves this problem for you. Using "Quote Colors" is a good idea too, unless you're using Shredder as it's built into Shredder (the pre-release versions of the next version of Thunderbird). So the usual answer: use a better email client :-) > Anyway, it looks like your quest is nearing an end ;-) > I'm not sure but I think you didn't ever mention your OS and version (and > nobody asked). Maybe that could explain the problem why it doesn't pick up > the correct owner etc. > No, nothing to do with the OS or version, it's a bug of my creation. He happened to have a space after the "Run As User = postfix" and/or the "Run As Group = postfix" lines. That's all it was. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ugob at lubik.ca Mon Jan 12 20:41:17 2009 From: ugob at lubik.ca (Ugo Bellavance) Date: Mon Jan 12 20:41:37 2009 Subject: Stops after RCVD_IN_BL_SPAMCOP_NET In-Reply-To: References: Message-ID: Joe Garvey a ?crit : > I have been using MailScanner for about 4 years now but recently I have > been having some major problems with MailScanner/SA detecting spam. > > It almost seems as though it stops checking after the system does a > lookup on bl.spamcop.net. If there is a positive score for > RCVD_IN_BL_SPAMCOP_NET then it seems as though the system stops any > other checks. The score is usually 2.188 as defined in > /usr/share/spamassassin/50_scores.cf. > > I have also tried to increase this score by placing the following rule > in /etc/mail/spamassassin/custom.cf but it does not increase the value > score RCVD_IN_BL_SPAMCOP_NET 5.5 > > I upgraded to MailScanner 4.74.13 and SA 3.2.5 and it did not make a > difference. > > My gut feeling is that I am missing something somewhere and have been > staring at it to long. > > Any suggestions as to where to look next? Shortcircuit feature of SpamAssassin? From MailScanner at ecs.soton.ac.uk Mon Jan 12 20:46:17 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 20:46:41 2009 Subject: MAilScanner 4.75 In-Reply-To: <20090112192340.GA26213@doctor.nl2k.ab.ca> References: <20090112192340.GA26213@doctor.nl2k.ab.ca> Message-ID: <496BAC19.6080004@ecs.soton.ac.uk> On 12/1/09 19:23, Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote: > Jules, > > when will MS 4.75 be released? > > When there's something to put in it. I aim to do another tiny bug-fix re-release of 4.74 first, with the Dave Filchak thread fixed in it. I haven't got any other major things outstanding at the moment, apart from the crash-protection database code, which I haven't even started seriously thinking about yet. I've got a big mail server move to do at the start of Feb and I don't want to be deep into anything else when that happens, I would rather spend my time testing the server move to death before starting on anything else. Day-job getting in the way again :-) Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From steve.swaney at fsl.com Mon Jan 12 20:46:45 2009 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jan 12 20:47:00 2009 Subject: OT: smtpf / BarricadeMX 2.2 Message-ID: <007c01c974f6$e1cb3e60$a561bb20$@swaney@fsl.com> We very happy to announce the release of smtpf version 2.2.0 / BarricadeMX 2.2.0. Version 2.2 further improves the speed and accuracy of BarricadeMX and adds these major features to an already impressive range of capabilities: . New anti-phishing features prevent your users from receiving or responding to mail that contains references to known phishing mailboxes.. . Improved outbound message "water-marking" reduces the threat of Denial of Service due to "bounce message" floods. . New options to block attachments by file extension or MIME types including on-the-fly parsing of ZIP and RAR file contents to block file extensions contained within archives. . Valid senders whose mail has been blocked can white list themselves. No support staff intervention required. . Easily generate safe and disposable time limited email addresses . Sophos AV has been added to the already supported AV engines: Avast, ClamAV, F-Prot. . New message digest DNS blacklist support - this allows for the blacklisting of identical message bodies, attachments or viruses based on their MD5 signature.. . SpamAssassin, when called from BarricadeMX, may now be configured to use individual or by domain SpamAssassin preferences A full list of the 2.2.0 new features and changes may be found at The new BarricadeMX 2.2 user manual may be found at Please visit the FSL web site (www.fsl.com) or contact me off-list for more information or to arrange a free, no-hassle demonstration of how BarricadeMX can improve your customers e-mail experience while reducing your e-mail costs. Steve Steve Swaney President Fort Systems Ltd. Office Phone: 202 595-7760 ext. 601 Cell: 202 352-3262 Steve@fsl.com www.fsl.com Jules Julian Field MEng CITP CEng CTO Fort Systems Ltd. Julian Field Julian.Field@fsl.com www.MailScanner.info From submit at zuka.net Mon Jan 12 21:15:22 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 21:15:36 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BA8EE.9030506@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> <496BA12E.8010404@zuka.net> <496BA8EE.9030506@ecs.soton.ac.uk> Message-ID: <496BB2EA.1000501@zuka.net> Julian Field wrote: > > > On 12/1/09 19:59, Dave Filchak wrote: >> Julian Field wrote: >>> >>> >>> On 12/1/09 16:41, Dave Filchak wrote: >>>> >>>>> The cron job will probably put it back. Okay, next let's find if >>>>> it is the script run by cron that is causing the problem, or the >>>>> environment in which it is run. >>>>> >>>>> /usr/sbin/update_virus_scanners >>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>> >>>>> and show me the output of those two. I want to see if the >>>>> update_virus_scanners script successfully finds the uid and gid or >>>>> not. >>>> /usr/sbin/update_virus_scanners >>>> lduid = , ldgid = >>>> >>>> Does not appear to. >>> Aha, we're getting somewhere. >>> Now edit /usr/sbin/update_virus_scanners. >>> At the very top there are 3 lines which set LOCKDIR, RUNASU and RUNASG. >>> Immediately after them add these 3 lines >>> echo LOCKDIR = \'$LOCKDIR\' >>> echo RUNASU = \'$RUNASU\' >>> echo RUNASG = \'$RUNASG\' >>> >>> Then run /usr/sbin/update_virus_scanners as root. >>> >>> I am hoping it will print something like this: >>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>> RUNASU = 'postfix' >>> RUNASG = 'postfix' >>> lduid = 89, ldgid = 89 >>> Let us see what your version prints. >>> >>> We should be able to sort this pretty soon, we're getting very close >>> to the source of the problem. >>> >>> Jules >>> >> OK ... this is what I got from the first addition: >> >> /usr/sbin/update_virus_scanners >> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >> RUNASU = 'postfix ' >> RUNASG = 'postfix ' >> lduid = , ldgid = >> >> Then with the addition of the second part, I get: >> >> /usr/sbin/update_virus_scanners >> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >> RUNASU = 'postfix' >> RUNASG = 'postfix' >> lduid = 80, ldgid = 80 >> >> which looks much better ... yes? > Perfect! At last :-) > > Attached are new versions of mailscanner_create_locks and > update_virus_scanners for you, which are slight improvements on the > versions you now have. Please let me know if these work okay for you > and correctly set the ownership of the files in > /var/spool/MailScanner/incoming/Locks. > > I have gzipped the files to (a) save bandwidth and more importantly > (b) stop my email client from attempting to add any signature to them > or otherwise play with them :-) You will need to gunzip them before > installing them, but I expect that's obvious ;) > Also, don't forget to ensure you have set them executable first. > chmod +x /usr/sbin/{mailscanner_create_locks,update_virus_scanners} > (Yes, that really is a valid shell command). > > Once you have tested them and confirmed they set the ownerships > correctly, I'll re-release the latest stable MailScanner with this > important fix in it. > > Jules > Hummm ... when I run the following ... you see what I get? /usr/sbin/update_virus_scanners LOCKDIR = '/var/spool/MailScanner/incoming/Locks' RUNASU = 'postfix' RUNASG = 'postfix' /usr/sbin/update_virus_scanners: line 38: /tmp/tmp/usr/sbin/mailscanner_create_locks: No such file or directory ??? From MailScanner at ecs.soton.ac.uk Mon Jan 12 21:23:09 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Mon Jan 12 21:23:31 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BB2EA.1000501@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> <496BA12E.8010404@zuka.net> <496BA8EE.9030506@ecs.soton.ac.uk> <496BB2EA.1000501@zuka.net> Message-ID: <496BB4BD.7050308@ecs.soton.ac.uk> On 12/1/09 21:15, Dave Filchak wrote: > Julian Field wrote: >> >> >> On 12/1/09 19:59, Dave Filchak wrote: >>> Julian Field wrote: >>>> >>>> >>>> On 12/1/09 16:41, Dave Filchak wrote: >>>>> >>>>>> The cron job will probably put it back. Okay, next let's find if >>>>>> it is the script run by cron that is causing the problem, or the >>>>>> environment in which it is run. >>>>>> >>>>>> /usr/sbin/update_virus_scanners >>>>>> ls -al /var/spool/MailScanner/incoming/Locks >>>>>> >>>>>> and show me the output of those two. I want to see if the >>>>>> update_virus_scanners script successfully finds the uid and gid >>>>>> or not. >>>>> /usr/sbin/update_virus_scanners >>>>> lduid = , ldgid = >>>>> >>>>> Does not appear to. >>>> Aha, we're getting somewhere. >>>> Now edit /usr/sbin/update_virus_scanners. >>>> At the very top there are 3 lines which set LOCKDIR, RUNASU and >>>> RUNASG. >>>> Immediately after them add these 3 lines >>>> echo LOCKDIR = \'$LOCKDIR\' >>>> echo RUNASU = \'$RUNASU\' >>>> echo RUNASG = \'$RUNASG\' >>>> >>>> Then run /usr/sbin/update_virus_scanners as root. >>>> >>>> I am hoping it will print something like this: >>>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>>> RUNASU = 'postfix' >>>> RUNASG = 'postfix' >>>> lduid = 89, ldgid = 89 >>>> Let us see what your version prints. >>>> >>>> We should be able to sort this pretty soon, we're getting very >>>> close to the source of the problem. >>>> >>>> Jules >>>> >>> OK ... this is what I got from the first addition: >>> >>> /usr/sbin/update_virus_scanners >>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>> RUNASU = 'postfix ' >>> RUNASG = 'postfix ' >>> lduid = , ldgid = >>> >>> Then with the addition of the second part, I get: >>> >>> /usr/sbin/update_virus_scanners >>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>> RUNASU = 'postfix' >>> RUNASG = 'postfix' >>> lduid = 80, ldgid = 80 >>> >>> which looks much better ... yes? >> Perfect! At last :-) >> >> Attached are new versions of mailscanner_create_locks and >> update_virus_scanners for you, which are slight improvements on the >> versions you now have. Please let me know if these work okay for you >> and correctly set the ownership of the files in >> /var/spool/MailScanner/incoming/Locks. >> >> I have gzipped the files to (a) save bandwidth and more importantly >> (b) stop my email client from attempting to add any signature to them >> or otherwise play with them :-) You will need to gunzip them before >> installing them, but I expect that's obvious ;) >> Also, don't forget to ensure you have set them executable first. >> chmod +x /usr/sbin/{mailscanner_create_locks,update_virus_scanners} >> (Yes, that really is a valid shell command). >> >> Once you have tested them and confirmed they set the ownerships >> correctly, I'll re-release the latest stable MailScanner with this >> important fix in it. >> >> Jules >> > Hummm ... when I run the following ... you see what I get? > > /usr/sbin/update_virus_scanners LOCKDIR = > '/var/spool/MailScanner/incoming/Locks' > RUNASU = 'postfix' > RUNASG = 'postfix' > /usr/sbin/update_virus_scanners: line 38: > /tmp/tmp/usr/sbin/mailscanner_create_locks: No such file or directory Damn, sorry, knew I would screw up somewhere. Look for the string "/tmp/tmp" in /usr/sbin/update_virus_scanners and remove it. Once you can confirm that fixes it, I'll release a new version properly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From spamlists at coders.co.uk Mon Jan 12 21:38:34 2009 From: spamlists at coders.co.uk (Matt) Date: Mon Jan 12 21:39:09 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: References: <496A6779.9040309@coders.co.uk> <496B4E56.9000508@coders.co.uk> Message-ID: <496BB85A.8070506@coders.co.uk> Kai Schaetzl wrote: > d01:~ host spear.bastionmail.com Ah - no it won't - I haven't configured it - as it isn't needed for sa-update. cheers matt From steve.swaney at fsl.com Mon Jan 12 21:53:31 2009 From: steve.swaney at fsl.com (Stephen Swaney) Date: Mon Jan 12 21:53:41 2009 Subject: smtpf / BarricadeMX 2.2 In-Reply-To: <007e01c974f6$e23daf40$a6b90dc0$@swaney@fsl.com> References: <007e01c974f6$e23daf40$a6b90dc0$@swaney@fsl.com> Message-ID: <00f101c97500$3568a4f0$a039eed0$@swaney@fsl.com> Opps. From my very recent post > A full list of the 2.2.0 new features and changes may be found at Might better be expressed: Release Notes - http://www.fsl.com/images/docs/bmx22releasenotes.pdf and > The new BarricadeMX 2.2 user manual may be found at can be found at: User Guide - http://www.fsl.com/images/docs/bmx22usermanual.pdf Sorry for the goof but it's been a very busy day here. Steve Steve Swaney President Fort Systems Ltd. Steve@fsl.com www.fsl.com From ssilva at sgvwater.com Mon Jan 12 21:56:41 2009 From: ssilva at sgvwater.com (Scott Silva) Date: Mon Jan 12 21:57:06 2009 Subject: MAilScanner 4.75 In-Reply-To: <496BAC19.6080004@ecs.soton.ac.uk> References: <20090112192340.GA26213@doctor.nl2k.ab.ca> <496BAC19.6080004@ecs.soton.ac.uk> Message-ID: on 1-12-2009 12:46 PM Julian Field spake the following: > > > On 12/1/09 19:23, Dave Shariff Yadallee - System Administrator a.k.a. > The Root of the Problem wrote: >> Jules, >> >> when will MS 4.75 be released? >> >> > When there's something to put in it. I aim to do another tiny bug-fix > re-release of 4.74 first, with the Dave Filchak thread fixed in it. > > I haven't got any other major things outstanding at the moment, apart > from the crash-protection database code, which I haven't even started > seriously thinking about yet. I've got a big mail server move to do at > the start of Feb and I don't want to be deep into anything else when > that happens, I would rather spend my time testing the server move to > death before starting on anything else. Day-job getting in the way again > :-) > > Jules > The job that pays the bills always has to come first! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090112/b5df8ea7/signature.bin From submit at zuka.net Mon Jan 12 22:07:30 2009 From: submit at zuka.net (Dave Filchak) Date: Mon Jan 12 22:07:44 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BB4BD.7050308@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> <496BA12E.8010404@zuka.net> <496BA8EE.9030506@ecs.soton.ac.uk> <496BB2EA.1000501@zuka.net> <496BB4BD.7050308@ecs.soton.ac.uk> Message-ID: <496BBF22.6080604@zuka.net> Julian Field wrote: > > > >>>>> >>>> OK ... this is what I got from the first addition: >>>> >>>> /usr/sbin/update_virus_scanners >>>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>>> RUNASU = 'postfix ' >>>> RUNASG = 'postfix ' >>>> lduid = , ldgid = >>>> >>>> Then with the addition of the second part, I get: >>>> >>>> /usr/sbin/update_virus_scanners >>>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>>> RUNASU = 'postfix' >>>> RUNASG = 'postfix' >>>> lduid = 80, ldgid = 80 >>>> >>>> which looks much better ... yes? >>> Perfect! At last :-) >>> >>> Attached are new versions of mailscanner_create_locks and >>> update_virus_scanners for you, which are slight improvements on the >>> versions you now have. Please let me know if these work okay for you >>> and correctly set the ownership of the files in >>> /var/spool/MailScanner/incoming/Locks. >>> >>> I have gzipped the files to (a) save bandwidth and more importantly >>> (b) stop my email client from attempting to add any signature to >>> them or otherwise play with them :-) You will need to gunzip them >>> before installing them, but I expect that's obvious ;) >>> Also, don't forget to ensure you have set them executable first. >>> chmod +x /usr/sbin/{mailscanner_create_locks,update_virus_scanners} >>> (Yes, that really is a valid shell command). >>> >>> Once you have tested them and confirmed they set the ownerships >>> correctly, I'll re-release the latest stable MailScanner with this >>> important fix in it. >>> >>> Jules >>> >> Hummm ... when I run the following ... you see what I get? >> >> /usr/sbin/update_virus_scanners LOCKDIR = >> '/var/spool/MailScanner/incoming/Locks' >> RUNASU = 'postfix' >> RUNASG = 'postfix' >> /usr/sbin/update_virus_scanners: line 38: >> /tmp/tmp/usr/sbin/mailscanner_create_locks: No such file or directory > Damn, sorry, knew I would screw up somewhere. Look for the string > "/tmp/tmp" in /usr/sbin/update_virus_scanners and remove it. > > Once you can confirm that fixes it, I'll release a new version properly. > > OK, I run /usr/sbin/update_virus_scanners LOCKDIR = '/var/spool/MailScanner/incoming/Locks' RUNASU = 'postfix' RUNASG = 'postfix' Doesn't output the uid and gid but the Locks directory permissions seem good. Can you verify that the following is correct? drwxr-x--- 2 root postfix 4096 Jan 11 16:13 Locks Dave From mrm at quantumcc.com Mon Jan 12 23:16:49 2009 From: mrm at quantumcc.com (Mike Masse) Date: Mon Jan 12 23:17:10 2009 Subject: Problem using mailfromd Message-ID: I'm using the latest version of Mailscanner w/ sendmail and I'm trying to run the mailfromd milter. When MailScanner is running, the milter does not appear to be called by the sendmail process. If I stop MailScanner and run sendmail by itself without making any other config changes then it calls the milter just fine. Reading some of the earlier messages on this list concerning milters, it sounds like MailScanner isn't supposed to have an effect on sendmail milters, but it certainly is in my case. Can anyone suggest anything I should look for? -Mike From mrm at quantumcc.com Mon Jan 12 23:40:00 2009 From: mrm at quantumcc.com (Mike Masse) Date: Mon Jan 12 23:40:21 2009 Subject: Problem using mailfromd In-Reply-To: References: Message-ID: Never mind. I found the problem. I was changing the sendmail.cf file to utilize the milter and mailscanner now uses sendmail-in.cf for the incoming sendmail queue, so by making the appropriate changes to sendmail.cf it now works. Mike Masse wrote: > I'm using the latest version of Mailscanner w/ sendmail and I'm trying > to run the mailfromd milter. When MailScanner is running, the milter > does not appear to be called by the sendmail process. If I stop > MailScanner and run sendmail by itself without making any other config > changes then it calls the milter just fine. Reading some of the > earlier messages on this list concerning milters, it sounds like > MailScanner isn't supposed to have an effect on sendmail milters, but it > certainly is in my case. Can anyone suggest anything I should look for? > > -Mike > From root at doctor.nl2k.ab.ca Tue Jan 13 02:23:21 2009 From: root at doctor.nl2k.ab.ca (Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem) Date: Tue Jan 13 02:24:58 2009 Subject: MAilScanner 4.75 In-Reply-To: <496BAC19.6080004@ecs.soton.ac.uk> References: <20090112192340.GA26213@doctor.nl2k.ab.ca> <496BAC19.6080004@ecs.soton.ac.uk> Message-ID: <20090113022321.GA6982@doctor.nl2k.ab.ca> On Mon, Jan 12, 2009 at 08:46:17PM +0000, Julian Field wrote: > > > On 12/1/09 19:23, Dave Shariff Yadallee - System Administrator a.k.a. The > Root of the Problem wrote: >> Jules, >> >> when will MS 4.75 be released? >> >> > When there's something to put in it. I aim to do another tiny bug-fix > re-release of 4.74 first, with the Dave Filchak thread fixed in it. > > I haven't got any other major things outstanding at the moment, apart from > the crash-protection database code, which I haven't even started seriously > thinking about yet. I've got a big mail server move to do at the start of > Feb and I don't want to be deep into anything else when that happens, I > would rather spend my time testing the server move to death before starting > on anything else. Day-job getting in the way again :-) > > Jules > Hopefully MailScanner maintenance is part of the work :-) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From mark at msapiro.net Tue Jan 13 04:18:25 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Jan 13 04:18:35 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <5FC3E08C-6D5F-4AF5-AACE-17623586AD6B@technologytiger.net> References: <4963D91A.9060304@ecs.soton.ac.uk> <5FC3E08C-6D5F-4AF5-AACE-17623586AD6B@technologytiger.net> Message-ID: <20090113041825.GA4420@msapiro> On Mon, Jan 12, 2009 at 12:14:14PM +0000, Drew Marshall wrote: > > I have now got as far as implementing this excellent feature but I > have bumped in to an interesting error. > > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action store in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action header in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action "X-Anti-Phish: in message > 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3 > produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message > is being delivered > > The SpamAssassin Rule Action that generated this log > is ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I > slightly changed the header in case there was a problem with the _TO_ > special command, which has made no difference). > > So what have I done wrong (The actual creation of the SA rule etc is > fine as MailScanner is seeing the rule hit as can be seen in the log)? Jules has indicated that the parsing of these is 'delicate'. It looks like the quotes are confusing it into thinking that there are two rules/ actions: ANTI_PHISH=>not-deliver,store,header and X-Anti-Phish: Yes Remove the quotes. I think that will fix it. -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Jan 13 04:33:40 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Jan 13 04:33:47 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <496B4FC7.2060701@USherbrooke.ca> References: <4963D91A.9060304@ecs.soton.ac.uk> <496B4FC7.2060701@USherbrooke.ca> Message-ID: <20090113043340.GB4420@msapiro> On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote: > > I got what really looks like a FP with one of the email addresses from > your script... what would be the best way to correct this ? Write an SA > rule with a negative score for that address ? Or is there some > whitelisting mechanism built in ? > > Thanks! > > Denis > PS: the address is jmcelhaney @ uchc . edu (without the spaces). That address is in the list at If it really is a FP, you could try to contact the project via and see if it can be removed. Alternatively, you could add a line next if /^jmcelhaney\@uchc\.edu$/; in between the lines: next unless /^.+\@.+\..+$/; # Only interested in email addresses. push @addresses, $_; # This is for the report in the script to skip that address. That's the "whitelisting" mechanism :) -- Mark Sapiro mark at msapiro net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Jan 13 04:54:25 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue Jan 13 04:54:37 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <20090113041825.GA4420@msapiro> Message-ID: Mark Sapiro wrote: >On Mon, Jan 12, 2009 at 12:14:14PM +0000, Drew Marshall wrote: >> >> I have now got as far as implementing this excellent feature but I >> have bumped in to an interesting error. >> >> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: >> rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3 >> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: >> rule anti_phish caused action store in message 7FAB84BE3B4.94CF3 >> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: >> rule anti_phish caused action header in message 7FAB84BE3B4.94CF3 >> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: >> rule anti_phish caused action "X-Anti-Phish: in message >> 7FAB84BE3B4.94CF3 >> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: >> rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3 >> Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3 >> produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message >> is being delivered >> >> The SpamAssassin Rule Action that generated this log >> is ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I >> slightly changed the header in case there was a problem with the _TO_ >> special command, which has made no difference). >> >> So what have I done wrong (The actual creation of the SA rule etc is >> fine as MailScanner is seeing the rule hit as can be seen in the log)? > > > >Jules has indicated that the parsing of these is 'delicate'. It looks >like the quotes are confusing it into thinking that there are two rules/ >actions: > >ANTI_PHISH=>not-deliver,store,header > >and > >X-Anti-Phish: Yes > >Remove the quotes. I think that will fix it. Sorry! Brain cramp... It's not the quotes since I have a similar rule with quotes that works: >.. X_GPC_PHISHING_ADDRESS=>store,not-deliver,forward msapiro+phish@sbh16.songbird.com,header "X-GPC-MailScanner-Originally-To: _TO_" Your rule looks good to me, but clearly MailScanner is parsing " Yes" and "X-Anti-Phish:" as actions for the ANTI_PHISH rule rather than as the header string. Maybe someone else has an idea. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From MailScanner at ecs.soton.ac.uk Tue Jan 13 08:17:04 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 13 08:17:26 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BBF22.6080604@zuka.net> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AB792.9090605@senecac.on.ca> <496AC43F.9030701@senecac.on.ca> <496AC6C4.10700@zuka.net> <496B1DCA.2050406@ecs.soton.ac.uk> <496B72A8.5070306@zuka.net> <496B977E.5020607@ecs.soton.ac.uk> <496BA12E.8010404@zuka.net> <496BA8EE.9030506@ecs.soton.ac.uk> <496BB2EA.1000501@zuka.net> <496BB4BD.7050308@ecs.soton.ac.uk> <496BBF22.6080604@zuka.net> Message-ID: <496C4E00.90200@ecs.soton.ac.uk> On 12/1/09 22:07, Dave Filchak wrote: > Julian Field wrote: >> >> >> >>>>>> >>>>> OK ... this is what I got from the first addition: >>>>> >>>>> /usr/sbin/update_virus_scanners >>>>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>>>> RUNASU = 'postfix ' >>>>> RUNASG = 'postfix ' >>>>> lduid = , ldgid = >>>>> >>>>> Then with the addition of the second part, I get: >>>>> >>>>> /usr/sbin/update_virus_scanners >>>>> LOCKDIR = '/var/spool/MailScanner/incoming/Locks' >>>>> RUNASU = 'postfix' >>>>> RUNASG = 'postfix' >>>>> lduid = 80, ldgid = 80 >>>>> >>>>> which looks much better ... yes? >>>> Perfect! At last :-) >>>> >>>> Attached are new versions of mailscanner_create_locks and >>>> update_virus_scanners for you, which are slight improvements on the >>>> versions you now have. Please let me know if these work okay for >>>> you and correctly set the ownership of the files in >>>> /var/spool/MailScanner/incoming/Locks. >>>> >>>> I have gzipped the files to (a) save bandwidth and more importantly >>>> (b) stop my email client from attempting to add any signature to >>>> them or otherwise play with them :-) You will need to gunzip them >>>> before installing them, but I expect that's obvious ;) >>>> Also, don't forget to ensure you have set them executable first. >>>> chmod +x /usr/sbin/{mailscanner_create_locks,update_virus_scanners} >>>> (Yes, that really is a valid shell command). >>>> >>>> Once you have tested them and confirmed they set the ownerships >>>> correctly, I'll re-release the latest stable MailScanner with this >>>> important fix in it. >>>> >>>> Jules >>>> >>> Hummm ... when I run the following ... you see what I get? >>> >>> /usr/sbin/update_virus_scanners LOCKDIR = >>> '/var/spool/MailScanner/incoming/Locks' >>> RUNASU = 'postfix' >>> RUNASG = 'postfix' >>> /usr/sbin/update_virus_scanners: line 38: >>> /tmp/tmp/usr/sbin/mailscanner_create_locks: No such file or directory >> Damn, sorry, knew I would screw up somewhere. Look for the string >> "/tmp/tmp" in /usr/sbin/update_virus_scanners and remove it. >> >> Once you can confirm that fixes it, I'll release a new version properly. >> >> > OK, I run > > /usr/sbin/update_virus_scanners > LOCKDIR = '/var/spool/MailScanner/incoming/Locks' > RUNASU = 'postfix' > RUNASG = 'postfix' > > Doesn't output the uid and gid but the Locks directory permissions > seem good. Can you verify that the following is correct? > > drwxr-x--- 2 root postfix 4096 Jan 11 16:13 Locks That's exactly right. I have released 4.74.16-1 which contains a better implementation of this fix, and also fixes the same bug that appears in one other place too. So if you've got 5 minutes it would be worth upgrading. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Tue Jan 13 08:31:20 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 13 08:31:31 2009 Subject: Anti-spear-phishing sa-update channel In-Reply-To: <496BB85A.8070506@coders.co.uk> References: <496A6779.9040309@coders.co.uk> <496B4E56.9000508@coders.co.uk> <496BB85A.8070506@coders.co.uk> Message-ID: Matt wrote on Mon, 12 Jan 2009 21:38:34 +0000: > Ah - no it won't - I haven't configured it - as it isn't needed for > sa-update. Ah, well, I see, I thought SA contacts that host. I didn't want to use it, I just wanted to have a look at the rules this way. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From 17.mehran at gmail.com Tue Jan 13 08:46:05 2009 From: 17.mehran at gmail.com (Mehra) Date: Tue Jan 13 08:46:14 2009 Subject: Thumbs down MailScanner Segmentation fault Message-ID: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> Hello, I try to install MailScanner on my new server. it worked very well before but in new installation I have some problem! My server is a core 2 quad Q9300 with 8GB ram and CentOS 5.2 x86_64 here is my related application version: MailScanner: 4.74.13 ClamAV: 0.94.2/8856 Perl: 5.8.8 PathTools: 3.29 the problem is that MailScanner continually restarting. here is the its log in /var/log/maillog: Code: Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: Using SpamAssassin results cache Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: Connected to SpamAssassin cache database Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: Using SpamAssassin results cache Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: Connected to SpamAssassin cache database Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: Using SpamAssassin results cache Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: Connected to SpamAssassin cache database Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: Using SpamAssassin results cache Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: Connected to SpamAssassin cache database Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: Using SpamAssassin results cache Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: Connected to SpamAssassin cache database Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: MailScanner E-Mail Virus Scanner version 4.74.13 starting... Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: Using SpamAssassin results cache Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: Connected to SpamAssassin cache database when I run it in debug mode I see the following error: Code: # /usr/mailscanner/bin/MailScanner --debug In Debugging mode, not forking... Segmentation fault(unix) Segmentation fault please help me if somebody had same problem before. tnx mehran -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090113/fbf2f9ea/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jan 13 08:47:39 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 13 08:48:01 2009 Subject: Anti-spear-phishing, round 2 In-Reply-To: <5FC3E08C-6D5F-4AF5-AACE-17623586AD6B@technologytiger.net> References: <4963D91A.9060304@ecs.soton.ac.uk> <5FC3E08C-6D5F-4AF5-AACE-17623586AD6B@technologytiger.net> Message-ID: <496C552B.9040307@ecs.soton.ac.uk> Upgrade to the latest version, I have fixed this problem already. Please confirm that upgrading does indeed fix the problem for you, but I have just tried your exact rule and it worked just fine for me, and I have just upgraded to the latest too. My guess would be that you have a version before 4.74.8? Cheers, Jules. On 12/1/09 12:14, Drew Marshall wrote: > On 6 Jan 2009, at 22:20, Julian Field wrote: > >> I have done a load of work on my script that uses the >> anti-spear-phishing addresses database. >> >> The main thing is now that it is pretty much a finished script, and >> is directly usable by you guys without you having to do much to it >> except read the settings at the top and tweak the filenames if you >> want to change where it puts things. > > Jules > > I have now got as far as implementing this excellent feature but I > have bumped in to an interesting error. > > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action store in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action header in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action "X-Anti-Phish: in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: > rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3 > Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3 > produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message > is being delivered > > The SpamAssassin Rule Action that generated this log is > ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I > slightly changed the header in case there was a problem with the _TO_ > special command, which has made no difference). > > So what have I done wrong (The actual creation of the SA rule etc is > fine as MailScanner is seeing the rule hit as can be seen in the log)? > > Drew > > -- > In line with our policy, this message has been scanned for viruses and > dangerouscontent by Technology Tiger's Mail Launder system > > Our email policy can be found at www.technologytiger.net/policy > > Technology Tiger Limited is registered in Scotland with registration > number: 310997 > Registered Office 55-57 West High Street Inverurie AB51 3QQ > > Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store MailScanner customisation, or any advanced system administration help? Contact me at Jules@Jules.FM PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 PGP public key: http://www.jules.fm/julesfm.asc -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maxsec at gmail.com Tue Jan 13 08:54:56 2009 From: maxsec at gmail.com (Martin Hepworth) Date: Tue Jan 13 08:55:05 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> Message-ID: <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> HI what does.. Mailscanner -v and MailScanner --lint show? -- martin 2009/1/13 Mehra <17.mehran@gmail.com>: > Hello, > I try to install MailScanner on my new server. it worked very well before > but in new installation I have some problem! > My server is a core 2 quad Q9300 with 8GB ram and CentOS 5.2 x86_64 > here is my related application version: > MailScanner: 4.74.13 > ClamAV: 0.94.2/8856 > Perl: 5.8.8 > PathTools: 3.29 > > the problem is that MailScanner continually restarting. here is the its log > in /var/log/maillog: > > Code: > > Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: Using SpamAssassin results > cache > > Jan 12 11:37:40 LSN-D1371 MailScanner[12810]: Connected to SpamAssassin > cache database > > Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: Using SpamAssassin results > cache > > Jan 12 11:37:45 LSN-D1371 MailScanner[12811]: Connected to SpamAssassin > cache database > > Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: Using SpamAssassin results > cache > > Jan 12 11:37:50 LSN-D1371 MailScanner[12813]: Connected to SpamAssassin > cache database > > Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: Using SpamAssassin results > cache > > Jan 12 11:37:55 LSN-D1371 MailScanner[12815]: Connected to SpamAssassin > cache database > > Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: Using SpamAssassin results > cache > > Jan 12 11:38:00 LSN-D1371 MailScanner[12816]: Connected to SpamAssassin > cache database > > Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: MailScanner E-Mail Virus > Scanner version 4.74.13 starting... > > Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: Using SpamAssassin results > cache > > Jan 12 11:38:05 LSN-D1371 MailScanner[12817]: Connected to SpamAssassin > cache database > > when I run it in debug mode I see the following error: > > Code: > > # /usr/mailscanner/bin/MailScanner --debug > > In Debugging mode, not forking... > > Segmentation fault(unix) > > Segmentation fault > > please help me if somebody had same problem before. > > tnx > > mehran > > > > -- > MailScanner mailing list > mailscanner@lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > Before posting, read http://wiki.mailscanner.info/posting > > Support MailScanner development - buy the book off the website! > > -- Martin Hepworth Oxford, UK From ajcartmell at fonant.com Tue Jan 13 09:09:17 2009 From: ajcartmell at fonant.com (Anthony Cartmell) Date: Tue Jan 13 09:09:07 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: <496BA9A6.8080108@ecs.soton.ac.uk> References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 <496B7236.3060604@zuka.net> <496BA9A6.8080108@ecs.soton.ac.uk> Message-ID: >>> I am most happy to snip out old parts as necessary. >>> >> >> This would be most appreciated. Quote just what is needed to understand >> the next lines (which should be your reply). It has amused me for many months how this mailing list, populated by e-mail experts, manages to generate such huge quote-everything-in-the-reply-to-the-reply-to-the-reply messages. I sometimes find myself scrolling through pages and pages of quoted-five-times content before I reach the actual message! > Hint: use Thunderbird and the "QuoteCollapse" add-on extension. Totally > solves this problem for you. Using "Quote Colors" is a good idea too, > unless you're using Shredder as it's built into Shredder (the > pre-release versions of the next version of Thunderbird). So the usual > answer: use a better email client :-) Ah, but I am already using the best for me, Opera's e-mail client (database and views to find messages is much more powerful than message-in-only-one-place-at-a-time) ;) Opera does format and colour quoted sections, but doesn't have any quote collapsing features. This isn't a problem, apart from when reading the MailScanner list! ;) Cheers! Anthony -- www.fonant.com - Quality web sites From 17.mehran at gmail.com Tue Jan 13 09:13:48 2009 From: 17.mehran at gmail.com (Mehra) Date: Tue Jan 13 09:13:56 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> Message-ID: <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> # ./MailScanner -V Running on Linux 2.6.18-92.el5 #1 SMP Tue Jun 10 18:51:06 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux This is CentOS release 5.2 (Final) This is Perl version 5.008008 (5.8.8) This is MailScanner version 4.74.13 Module versions are: 1.00 AnyDBM_File 1.26 Archive::Zip 0.23 bignum 1.04 Carp 1.42 Compress::Zlib 1.119 Convert::BinHex 0.17 Convert::TNEF 2.121_08 Data::Dumper 2.27 Date::Parse 1.00 DirHandle 1.05 Fcntl 2.74 File::Basename 2.09 File::Copy 2.01 FileHandle 1.08 File::Path 0.20 File::Temp 0.92 Filesys::Df 1.35 HTML::Entities 3.56 HTML::Parser 2.37 HTML::TokeParser 1.23 IO 1.14 IO::File 1.13 IO::Pipe 2.04 Mail::Header 1.89 Math::BigInt 0.22 Math::BigRat 3.07 MIME::Base64 5.427 MIME::Decoder 5.427 MIME::Decoder::UU 5.427 MIME::Head 5.427 MIME::Parser 3.07 MIME::QuotedPrint 5.427 MIME::Tools 0.11 Net::CIDR 1.25 Net::IP 0.16 OLE::Storage_Lite 1.04 Pod::Escapes 3.07 Pod::Simple 1.09 POSIX 1.19 Scalar::Util 1.78 Socket 2.18 Storable 1.4 Sys::Hostname::Long 0.27 Sys::Syslog 1.26 Test::Pod 0.86 Test::Simple 1.9715 Time::HiRes 1.02 Time::localtime Optional module versions are: 1.40 Archive::Tar 0.23 bignum missing Business::ISBN missing Business::ISBN::Data 1.12 Data::Dump 1.817 DB_File 1.14 DBD::SQLite 1.607 DBI 1.14 Digest 1.01 Digest::HMAC 2.36 Digest::MD5 2.11 Digest::SHA1 1.01 Encode::Detect 0.17015 Error 0.24 ExtUtils::CBuilder 2.19 ExtUtils::ParseXS 2.37 Getopt::Long 0.44 Inline missing IO::String 1.09 IO::Zlib 2.25 IP::Country missing Mail::ClamAV 3.002004 Mail::SpamAssassin v2.006 Mail::SPF 1.999001 Mail::SPF::Query 0.3 Module::Build 0.20 Net::CIDR::Lite 0.63 Net::DNS v0.003 Net::DNS::Resolver::Programmable 0.39 Net::LDAP 4.015 NetAddr::IP 1.94 Parse::RecDescent missing SAVI 3.14 Test::Harness missing Test::Manifest 1.95 Text::Balanced 1.37 URI 0.76 version 0.66 YAML ******************************************************************************************************************** # ./MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.74.13) is correct. Unrar is not installed, it should be in . This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-cPanel-MailScanner-From MailScanner setting GID to (12) MailScanner setting UID to (47) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: SpamAssassin failed to parse line, "/usr/local/bin/dccproc" is not valid for "dcc_path", skipping: dcc_path /usr/local/bin/dccproc Segmentation fault -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090113/1d4efbd1/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jan 13 09:54:33 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 13 09:54:52 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> Message-ID: <496C64D9.2000108@ecs.soton.ac.uk> On 13/1/09 09:13, Mehra wrote: > # ./MailScanner -V > Running on > Linux 2.6.18-92.el5 #1 SMP Tue Jun 10 18:51:06 EDT 2008 x86_64 x86_64 > x86_64 GNU/Linux > This is CentOS release 5.2 (Final) > This is Perl version 5.008008 (5.8.8) > > This is MailScanner version 4.74.13 > Module versions are: > 1.00 AnyDBM_File > 1.26 Archive::Zip > 0.23 bignum > 1.04 Carp > 1.42 Compress::Zlib > 1.119 Convert::BinHex > 0.17 Convert::TNEF > 2.121_08 Data::Dumper > 2.27 Date::Parse > 1.00 DirHandle > 1.05 Fcntl > 2.74 File::Basename > 2.09 File::Copy > 2.01 FileHandle > 1.08 File::Path > 0.20 File::Temp > 0.92 Filesys::Df > 1.35 HTML::Entities > 3.56 HTML::Parser > 2.37 HTML::TokeParser > 1.23 IO > 1.14 IO::File > 1.13 IO::Pipe > 2.04 Mail::Header > 1.89 Math::BigInt > 0.22 Math::BigRat > 3.07 MIME::Base64 > 5.427 MIME::Decoder > 5.427 MIME::Decoder::UU > 5.427 MIME::Head > 5.427 MIME::Parser > 3.07 MIME::QuotedPrint > 5.427 MIME::Tools > 0.11 Net::CIDR > 1.25 Net::IP > 0.16 OLE::Storage_Lite > 1.04 Pod::Escapes > 3.07 Pod::Simple > 1.09 POSIX > 1.19 Scalar::Util > 1.78 Socket > 2.18 Storable > 1.4 Sys::Hostname::Long > 0.27 Sys::Syslog > 1.26 Test::Pod > 0.86 Test::Simple > 1.9715 Time::HiRes > 1.02 Time::localtime > > Optional module versions are: > 1.40 Archive::Tar > 0.23 bignum > missing Business::ISBN > missing Business::ISBN::Data > 1.12 Data::Dump > 1.817 DB_File > 1.14 DBD::SQLite > 1.607 DBI > 1.14 Digest > 1.01 Digest::HMAC > 2.36 Digest::MD5 > 2.11 Digest::SHA1 > 1.01 Encode::Detect > 0.17015 Error > 0.24 ExtUtils::CBuilder > 2.19 ExtUtils::ParseXS > 2.37 Getopt::Long > 0.44 Inline > missing IO::String > 1.09 IO::Zlib > 2.25 IP::Country > missing Mail::ClamAV > 3.002004 Mail::SpamAssassin > v2.006 Mail::SPF > 1.999001 Mail::SPF::Query > 0.3 Module::Build > 0.20 Net::CIDR::Lite > 0.63 Net::DNS > v0.003 Net::DNS::Resolver::Programmable > 0.39 Net::LDAP > 4.015 NetAddr::IP > 1.94 Parse::RecDescent > missing SAVI > 3.14 Test::Harness > missing Test::Manifest > 1.95 Text::Balanced > 1.37 URI > 0.76 version > 0.66 YAML > > ******************************************************************************************************************** > # ./MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.74.13) is correct. > > Unrar is not installed, it should be in . > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-cPanel-MailScanner-From > > MailScanner setting GID to (12) > MailScanner setting UID to (47) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > config: SpamAssassin failed to parse line, "/usr/local/bin/dccproc" is > not valid for "dcc_path", skipping: dcc_path /usr/local/bin/dccproc > Segmentation fault > As your SpamAssassin config is not set to use dcc, remove or comment out the "dcc_path" line from /etc/MailScanner/spam.assassin.prefs.conf. Then please try "MailScanner --lint" again, and we'll see if that helped. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Tue Jan 13 10:06:39 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 13 10:06:49 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> Message-ID: Mehra wrote on Tue, 13 Jan 2009 12:16:05 +0330: > Thumbs down could you please refrain from such emotional dismay in the future? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From 17.mehran at gmail.com Tue Jan 13 10:09:57 2009 From: 17.mehran at gmail.com (Mehra) Date: Tue Jan 13 10:10:06 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <496C64D9.2000108@ecs.soton.ac.uk> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> Message-ID: <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> now this is new result: # ./MailScanner --lint Trying to setlogsock(unix) Checking version numbers... Version number in MailScanner.conf (4.74.13) is correct. Unrar is not installed, it should be in . This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected. ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-cPanel-MailScanner-From MailScanner setting GID to (12) MailScanner setting UID to (47) Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database Segmentation fault ************************************************************************************************************** and this is result for spamassassin --lint # spamassassin --lint Segmentation fault do you think that it may be spamassassin problem? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090113/93f560c8/attachment.html From a.peacock at chime.ucl.ac.uk Tue Jan 13 10:24:23 2009 From: a.peacock at chime.ucl.ac.uk (Anthony Peacock) Date: Tue Jan 13 10:24:38 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> Message-ID: <496C6BD7.50800@chime.ucl.ac.uk> Hi, Mehra wrote: > now this is new result: > > # ./MailScanner --lint > Trying to setlogsock(unix) > Checking version numbers... > Version number in MailScanner.conf (4.74.13) is correct. > > Unrar is not installed, it should be in . > This is required for RAR archives to be read to check > filenames and filetypes. Virus scanning is not affected. > > > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf > ERROR: is not correct, it should match X-cPanel-MailScanner-From > > MailScanner setting GID to (12) > MailScanner setting UID to (47) > > Checking for SpamAssassin errors (if you use it)... > Using SpamAssassin results cache > Connected to SpamAssassin cache database > Segmentation fault > ************************************************************************************************************** > and this is result for spamassassin --lint > # spamassassin --lint > Segmentation fault > > do you think that it may be spamassassin problem? The segmentation fault appears when running spamassassin on its own, so I would suspect that is your problem. Another way to confirm this would be to switch off spamassassin use in MailScanner. You could edit your MailScanner.conf file and set "Spam Checks" to no, ie Spam Checks = no Run MailScanner, if it doesn't seg fault, then the problem does not lie with MailScanner. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ Study Health Informatics - Modular Postgraduate Degree http://www.chime.ucl.ac.uk/study-health-informatics/ From 17.mehran at gmail.com Tue Jan 13 10:40:01 2009 From: 17.mehran at gmail.com (Mehra) Date: Tue Jan 13 10:40:10 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <496C6BD7.50800@chime.ucl.ac.uk> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> <496C6BD7.50800@chime.ucl.ac.uk> Message-ID: <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> Hi, that's right. I disabled Spam check as you told me the error is the same. As I reinstall MailScanner before, I think problem maybe related to OS or perl ver. do you have any idea? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090113/07c3d8b8/attachment.html From maillists at conactive.com Tue Jan 13 11:23:45 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 13 11:23:57 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> <496C6BD7.50800@chime.ucl.ac.uk> <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> Message-ID: Mehra wrote on Tue, 13 Jan 2009 14:10:01 +0330: > I disabled Spam check as you told me the error is the same. Your wording is confusing. Please confirm that - you get the segfault with MailScanner --lint *and* Spam Checks with SA *disabled* *and* - you get the segfault with spamassassin --lint Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From 17.mehran at gmail.com Tue Jan 13 11:33:26 2009 From: 17.mehran at gmail.com (Mehra) Date: Tue Jan 13 11:33:43 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> <496C6BD7.50800@chime.ucl.ac.uk> <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> Message-ID: <5d48dd510901130333o6495d837o96789dd276ce5069@mail.gmail.com> - Yes, I get the segfault with MailScanner --lint *and* Spam Checks with SA *disabled*- - Yes, I get the segfault with spamassassin --lint -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090113/6d63002c/attachment.html From MailScanner at ecs.soton.ac.uk Tue Jan 13 11:52:30 2009 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Tue Jan 13 11:53:15 2009 Subject: Health update Message-ID: <496C807E.9000404@ecs.soton.ac.uk> Folks, Well, I've just got back from the hospital, had another meeting with the transplant team. As of now, I'm suspended on the liver waiting list. They are going to do another endoscopy in the next 2 or 3 weeks, and we'll see the outcome of that to see if the varices have gone down at all which will imply better blood flow through my new portal vein replacement. I suspect this will most likely show an improvement. If it does, then the original reason for me being on the list will have gone (well enough). So it will be no longer worth doing what is, in my case, a very difficult and dangerous procedure. So I'm officially suspended from the list at the moment, but not removed. As I've spent the past 15 months or so mentally preparing for the procedure, this is going to take a bit of getting used to. It's going to take a few days to sink in properly. Jules -- Julian Field MEng CITP CEng www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Need help customising MailScanner? Contact me! Need help fixing or optimising your systems? Contact me! Need help getting you started solving new requirements from your boss? Contact me! PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From maillists at conactive.com Tue Jan 13 11:58:06 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 13 11:58:15 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130333o6495d837o96789dd276ce5069@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> <496C6BD7.50800@chime.ucl.ac.uk> <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> <5d48dd510901130333o6495d837o96789dd276ce5069@mail.gmail.com> Message-ID: Mehra wrote on Tue, 13 Jan 2009 15:03:26 +0330: > - Yes, I get the segfault with MailScanner --lint *and* Spam Checks with SA > *disabled*- > - Yes, I get the segfault with spamassassin --lint in that case you may have a bigger problem - RAM corruption or other hardware problem? - filesystem problem? - some i386 rpms installed that shouldn't? - some Perl or Perl module problem? Hard to tell, but I would certainly investigate in all these directions. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From steve.freegard at fsl.com Tue Jan 13 12:01:09 2009 From: steve.freegard at fsl.com (Steve Freegard) Date: Tue Jan 13 12:01:19 2009 Subject: Thumbs down MailScanner Segmentation fault In-Reply-To: <5d48dd510901130333o6495d837o96789dd276ce5069@mail.gmail.com> References: <5d48dd510901130046r3a9828d3ld676a5e9b5407488@mail.gmail.com> <72cf361e0901130054t40e16916g65456f76119c0155@mail.gmail.com> <5d48dd510901130113y6f7909bah6ce3536888ea6233@mail.gmail.com> <496C64D9.2000108@ecs.soton.ac.uk> <5d48dd510901130209h4a9752e7r45849ed9b8435dc5@mail.gmail.com> <496C6BD7.50800@chime.ucl.ac.uk> <5d48dd510901130240k549f1fd2o3b85c4429aafe07a@mail.gmail.com> <5d48dd510901130333o6495d837o96789dd276ce5069@mail.gmail.com> Message-ID: <496C8285.8010507@fsl.com> Mehra wrote: > - Yes, I get the segfault with MailScanner --lint *and* Spam Checks with > SA *disabled*- > - Yes, I get the segfault with spamassassin --lint > Ok - install 'strace' via 'yum install strace'; then run: strace MailScanner --lint 2>&1 | tee strace.out You'll got *lots* of output from this and hopefully you will still hit the segfault and it will exit. Look at the last 20-30 lines of the strace.out and you will most likely see that a compiled Perl module is being loaded that is causing the segfault. Once you have identified the module causing the fault - attempt to re-install it via RPM or build it manually (do not skip the 'make test' phase) and see if that fixes the problem. Kind regards, Steve. -- Steve Freegard Fort Systems Ltd. Tired of administering your spam filter and it's massive quarantines? Having scalability issues with your existing spam filter? Solve your spam filtering problems with BarricadeMX. http://www.fsl.com From maillists at conactive.com Tue Jan 13 12:01:19 2009 From: maillists at conactive.com (Kai Schaetzl) Date: Tue Jan 13 12:01:33 2009 Subject: Health update In-Reply-To: <496C807E.9000404@ecs.soton.ac.uk> References: <496C807E.9000404@ecs.soton.ac.uk> Message-ID: Julian Field wrote on Tue, 13 Jan 2009 11:52:30 +0000: > So I'm officially suspended from the list at the moment, but not removed. > > As I've spent the past 15 months or so mentally preparing for the > procedure, this is going to take a bit of getting used to. It's going to > take a few days to sink in properly. I hope that you don't have to "surface" it again. Relax, Jules! Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com From J.Ede at birchenallhowden.co.uk Tue Jan 13 12:10:41 2009 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Tue Jan 13 12:10:59 2009 Subject: Health update In-Reply-To: <496C807E.9000404@ecs.soton.ac.uk> References: <496C807E.9000404@ecs.soton.ac.uk> Message-ID: <1213490F1F316842A544A850422BFA96118E8BE2@BHLSBS.bhl.local> > -----Original Message----- > From: mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner- > bounces@lists.mailscanner.info] On Behalf Of Julian Field > Sent: 13 January 2009 11:53 > To: MailScanner discussion > Subject: Health update > > Folks, > > Well, I've just got back from the hospital, had another meeting with > the > transplant team. > > As of now, I'm suspended on the liver waiting list. > They are going to do another endoscopy in the next 2 or 3 weeks, and > we'll see the outcome of that to see if the varices have gone down at > all which will imply better blood flow through my new portal vein > replacement. > I suspect this will most likely show an improvement. > > If it does, then the original reason for me being on the list will have > gone (well enough). So it will be no longer worth doing what is, in my > case, a very difficult and dangerous procedure. > > So I'm officially suspended from the list at the moment, but not > removed. > > As I've spent the past 15 months or so mentally preparing for the > procedure, this is going to take a bit of getting used to. It's going > to > take a few days to sink in properly. > > Jules > Jules, If I read it correctly then that sounds like great news. :-) Jason From bpirie at rma.edu Tue Jan 13 13:21:12 2009 From: bpirie at rma.edu (Brendan Pirie) Date: Tue Jan 13 13:21:00 2009 Subject: Health update In-Reply-To: <496C807E.9000404@ecs.soton.ac.uk> References: <496C807E.9000404@ecs.soton.ac.uk> Message-ID: <496C9548.1070900@rma.edu> Best wishes for a positive outcome! Brendan Julian Field wrote: > Folks, > > Well, I've just got back from the hospital, had another meeting with > the transplant team. > > As of now, I'm suspended on the liver waiting list. > They are going to do another endoscopy in the next 2 or 3 weeks, and > we'll see the outcome of that to see if the varices have gone down at > all which will imply better blood flow through my new portal vein > replacement. > I suspect this will most likely show an improvement. > > If it does, then the original reason for me being on the list will > have gone (well enough). So it will be no longer worth doing what is, > in my case, a very difficult and dangerous procedure. > > So I'm officially suspended from the list at the moment, but not removed. > > As I've spent the past 15 months or so mentally preparing for the > procedure, this is going to take a bit of getting used to. It's going > to take a few days to sink in properly. > > Jules > From jonas at vrt.dk Tue Jan 13 13:21:49 2009 From: jonas at vrt.dk (Jonas Akrouh Larsen) Date: Tue Jan 13 13:21:59 2009 Subject: Health update In-Reply-To: <496C807E.9000404@ecs.soton.ac.uk> References: <496C807E.9000404@ecs.soton.ac.uk> Message-ID: <005c01c97581$e4cbc400$ae634c00$@dk> I hope the doctors are correct, and you will get better without needing the risky operation. Best wishes from Denmark Med venlig hilsen / Best regards Jonas Akrouh Larsen TechBiz ApS Laplandsgade 4, 2. sal 2300 K?benhavn S Office: 7020 0979 Direct: 3336 9974 Mobile: 5120 1096 Fax: 7020 0978 Web: www.techbiz.dk From gesbbb at yahoo.com Tue Jan 13 13:27:20 2009 From: gesbbb at yahoo.com (Jerry) Date: Tue Jan 13 13:27:33 2009 Subject: General Thankyou (still diagnosing fault) In-Reply-To: References: <60382.204.184.75.172.1231471379.squirrel@webmail.elsberry.k12.mo.us> <49679B36.9010202@senecac.on.ca> <4967A01A.1020805@senecac.on.ca> <4967D6F2.8090907@senecac.on.ca> <496A4264.6080303@senecac.on.ca> <496A470A.7070507@ecs.soton.ac.uk> <496A538C.60903@senecac.on.ca> <496A5BC8.4000908@ecs.soton.ac.uk> <496A6204.9070105@senecac.on.ca> <496A85DC.3060404@ecs.soton.ac.uk> <496AC6C4.10700 <496B7236.3060604@zuka.net> <496BA9A6.8080108@ecs.soton.ac.uk> Message-ID: <20090113082720.0aaa1306@scorpio> On Tue, 13 Jan 2009 09:09:17 -0000 "Anthony Cartmell" wrote: [snip] >It has amused me for many months how this mailing list, populated by >e-mail experts, manages to generate such huge >quote-everything-in-the-reply-to-the-reply-to-the-reply messages. I >sometimes find myself scrolling through pages and pages of >quoted-five-times content before I reach the actual message! Not just this list either. Many of t